Hi,
can someone please tell me from experience whether PCR-18 can be treated as
non-changing between different servers or platforms when pcr_map=da is used and
I use the same signing key?
Can I safely assume that PCR-18 will be the same on different servers or
different brands of servers even? Docs say the following and I'm not sure -
especially the last point would be troubling but I don't think it changes when
I use a different tboot binary (that should produce a different hash, right?).
The following hashes are extended to PCR18 in the order given:
• DIGEST of public key modulus used to verify SINIT signature.
• DIGEST of Processor S-CRTM status coded as DWORD – same value as
extended to PCR17.
• DIGEST of Capability field of OsSinitData table, coded as DWORD –
same value as extended to PCR17.
• DIGEST of PolicyControl field of used policy (platform supplier
(PS) or platform owner (PO)) coded as DWORD – same value as extended to PCR17.
• DIGEST of LCP – DIGEST of concatenation of hashes of lists
containing matching elements. If no policy, for 1.2 family, this digest is
zero; for 2.0 family, it is DIGEST(0x0)
Thanks
Jan
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
