Re: [tpmdd-devel] [PATCH v6 2/2] tpm: enhance TPM 2.0 PCR extend to, support multiple banks

[Nayna]

On 01/26/2017 03:41 AM, Ken Goldman wrote:
> > The current TPM 2.0 device driver extends only the SHA1 PCR bank
> > but the TCG Specification[1] recommends extending all active PCR
> > banks, to prevent malicious users from setting unused PCR banks with
> > fake measurements and quoting them.
> >
> > The existing in-kernel interface(tpm_pcr_extend()) expects only a
> > SHA1 digest.  To extend all active PCR banks with differing
> > digest sizes, the SHA1 digest is padded with trailing 0's as needed.
> >
> > This patch reuses the defined digest sizes from the crypto subsystem,
> > adding a dependency on CRYPTO_HASH_INFO module.
> >
> > [1] TPM 2.0 Specification referred here is "TCG PC Client Specific
> > Platform Firmware Profile for TPM 2.0"
>
> Tested-by: Kenneth Goldman <kgold@xxxxxxxxxxxxxxxxxx>
>
> I obtained an IMA event log from a Power platform, along with the PCR 10
> value from both the SHA-1 and SHA-256 banks of its Nuvoton TPM 2.0.  I
> independently validated that the event log matches the TPM PCR values.

Thank You Ken !!

Thanks & Regards,
   - Nayna

> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel