Hi list, I'm having a tough time recomputing the values that I find in PCR 17 following SENTER. I'm using i5_i7_DUAL_SINIT_18.BIN (I believe this to be the latest available), which produces a version 7 sinit_to_mle_data.
Looking at Section 1.9.1 in the spec, it's quite unclear to me exactly what it's trying to tell me will be in PCR 17. >From the spec: If SinitMleData.Version = 7, PCR 17’s final value will be: SHA-1 ( SinitMleData.SinitHash | SHA-1 ( SinitMleData.BiosAcm.ID | SinitMleData.MsegValid | SinitMleData.StmHash | SinitMleData.PolicyControl | SinitMleData.LcpPolicyHash | (OsSinitData.Capabilities, 0) ) ) There are at least three problems with this. (1) There is no mention of a PCR Extend (contrast with the clear explanation for version 6 sinit_to_mle_data which I have used successfully in the past), and (2) This expression is inconsistent with the paragraph at the start of Section 1.9.1 which mentions the use of SHA-256 to hash the "SINIT ACM". I don't see SHA-256 in that expression anywhere. (3) It is not mentioned whether the 4-byte EdxSenterFlags is also input to SHA-256 or not. I'd rather not try to map out all the different possibilities and figure this out experimentally. Things don't look much better for version 8 but I don't have the hardware to test that. Thanks! -Jon ------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel