On 4/5/2017 2:12 PM, Jarkko Sakkinen wrote: > On Wed, Mar 29, 2017 at 12:24:50PM +0200, Roberto Sassu wrote: >> Introduce these functions to convert between TPM and crypto algorithm IDs. > > Why is this needed?
I'm sorry for the short explanation. I will provide a detailed description in the reply of your emails and add the text in the next version of the patch set. Currently, tpm_pcr_extend(), for extending a PCR, accepts as input the SHA1 of an event data. Extending PCRs is needed in order to protect the integrity of an event log (e.g. the IMA measurements list). With TPM 2.0, it is necessary to expose new functions because the event data digest can be calculated with multiple algorithms. TPM 2.0 introduced new challenges that were not present before. How users of the TPM: - know which algorithms the TPM supports? - can provide multiple digests to the TPM driver interface? - can calculate the digest of event data, since the TPM driver stores TPM algorithm IDs, which are different from IDs defined by the crypto subsystem? The patch set I published tries to address these challenges. Regarding the type of data that should be returned to TPM users, the choice I made was to return to TPM users the TPM algorithms IDs (instead of IDs defined by the crypto subsystem). This way, I give to TPM users the flexibility to decide what information they provide to consumers of the event log (TPM or crypto IDs) and the possibility to calculate the event data digest with the crypto subsystem. Roberto ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
