On Thu, Oct 02, 2025 at 07:02:55PM +0200, Daniel Kiper wrote: > On Tue, Sep 02, 2025 at 09:47:15AM +0800, Gary Lin via Grub-devel wrote: > > For users who require a sealed key to be unsealable only once per boot > > process, a straightforward technique involves "capping" the key by > > extending the associated PCRs. This patch set introduces PCR capping > > support for the TPM2 key protector, allowing users to select specific > > PCRs to extend immediately after the key is unsealed. > > > > v3: > > - Amending the conditional check for the event buffer in efi/tcg2.c > > v2: > > - Fixing typos > > - Moving the error message to grub_ieee1275_ibmvtpm_2hash_ext_log() > > - Replacing 'SEPARATOR' with 'EV_SEPARATOR' > > This should be GRUB_EV_SEPARATOR... > > > - Amending the conditional check for grub_tpm2_buffer.error > > - Removing the unnecessary 'extern' from grub_tpm2_pcr_event() > > > > Gary Lin (7): > > tss2: Add TPM2_PCR_Event command > > tss2: Introduce grub_tcg2_cap_pcr() > > tss2: Implement grub_tcg2_cap_pcr() for EFI > > tss2: Implement grub_tcg2_cap_pcr() for ieee1275 > > tss2: Implement grub_tcg2_cap_pcr() for EMU > > tpm2_key_protector: Support PCR capping > > tests/tpm2_key_protector_test: Add a test for PCR Capping > > Except a nitpick mentioned above for all patches Reviewed-by: Daniel Kiper > <[email protected]>... > Thanks for reviewing the patches. I'll replace EV_SEPARATOR with GRUB_EV_SEPARATOR in v4.
Gary Lin _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
