On 4/7/2017 9:31 PM, Jarkko Sakkinen wrote: >> would you have any objection if the new functions work >> regardless of the TPM version? > > Yes, you should not add multiple functions that do the same thing > essentially. Please rework tpm_pcr_extend instead.
This means that callers of tpm_pcr_extend() (pcrlock() in security/keys/trusted.c) should be modified too, as the parameters will change. Also, tpm2_algorithms and tpm2_digest, the new arguments of tpm_pcr_extend(), should be renamed to tpm_*, since that function will be used regardless of the TPM version. Another problem is how to handle the general case when not all digests for PCR banks are provided. tpm_pcr_extend() pads the provided SHA1 digest to extend remaining banks. If multiple digests can be passed to this function, the digest to be used to extend remaining banks would depend on the input passed by the caller. The general rule could be that the first digest is used in all cases. To avoid confusion, I wanted to introduce a new function for providing multiple digests. If the caller does not provide a digest for each bank, the function returns an error. > And while you are doing it, please also rework it to use tpm_buf > for everything. tpm_buf_init() should be modified, to be used for TPM 1.2 commands. tag and ordinal should be written to the buffer in little endian. Roberto ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
