I sort_of_assumed that PCR-18 would only be present if the policy verification passed, and would be different different (or all 0s) when the verification failed. This is a bit dangerous if anyone uses it. I think something simple like hashing "1" into it when it fails verification would make it useful (that should be simple to compute if anyone is using it on purpose).
Jan > On 09 May 2016, at 11:59, martin.wi...@ts.fujitsu.com wrote: > > On Mo, 2016-05-09 at 11:56 +0200, Jan Schermer wrote: > >> I don't know what actual use a policy of type "nonfatal" is outside of >> testing > > Neither do I. It's kind of unfortunate that most docs are using this > policy. > > Martin > ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
