On Fri, 2017-03-10 at 17:28 +0100, Roberto Sassu wrote: > On 3/10/2017 4:36 PM, Ken Goldman wrote: > > It's not a TCG standard, just a way of making sure the unused PCR bank > > doesn't remain at zero, permitting forged measurements. > > > > As for the verifier, I ignore the bank I'm not interested in. I don't > > verify the truncated/padded bank. > > Truncated/padded digests are needed, if after kexec different banks > can be selected.
Right. In our use case scenario, the initial Linux is Petitboot, a boot loader, while the kexec'ed kernel image can be a distro or custom image. Mimi > This issue does not arise if all banks are extended only once, > during IMA initialization. All digests should be passed to a new > function defined in the TPM driver. > > Roberto ------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
