On Sat, Oct 08, 2016 at 10:15:55PM -0400, Nayna Jain wrote:
> The existing in-kernel interface for extending a TPM PCR extends
> the SHA1 PCR bank. For TPM 1.2, that is the one and only PCR bank
> defined. TPM 2.0 adds support for multiple PCR banks, to support
> different hash algorithms. The TPM 2.0 Specification[1]
> recommends extending all active PCR banks. This patch set enhances
> the existing TPM 2.0 extend function and corresponding in-kernel
> interface to support extending all active PCR banks.
> 
> The first patch implements the TPM 2.0 capability to retrieve
> the list of active PCR banks.
> 
> The second patch modifies the TPM 2.0 device driver extend function
> to support extending multiple PCR banks. The existing in-kernel
> interface expects only a SHA1 digest. Hence, to extend all active
> PCR banks with differing digest sizes for TPM 2.0, the SHA1 digest
> is padded with 0's as needed.
> 
> This approach is taken to maintain backwards compatibility for the
> existing users (i.e. IMA) in order to continue working with both
> TPM 1.2 and TPM 2.0 without any changes and still comply with the
> TPM 2.0 Specification[1] requirement of extending all active PCR
> banks.
> 
> This patch series has a prerequisite(header file tpm2.h) of TPM 2.0
> event log patch series.

This is an unacceptable requirement. I don't even like the idea
of having tpm2.h (rather would keep stuff in tpm2-cmd.c).

Also I seriously cannot accept patch sets that add code without
giving value.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Reply via email to