-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting PCR properties with tpm2_getcap #3330
Comments
I believe a Startup(clear) or TPM2_CC_Clear would return PCRs to empty auth. Are you setting the auth and trying to validate that? |
I mostly want to have a quick glance on what the TPM/simulator supports, while my use case is mostly related to auth policy/value there are other properties as well. |
@whooo, @stefanberger it appears that PCR index 20, 21, 22 are in the authorization set for swtpm. Is that right? |
That's what it is now. Per the commit description:
I wasn't sure whether this was a bugfix or introduced a bug. If there's a TPM 2 PC profile that says what these PCRs are supposed to be I will match it to the profile. References to documents welcome... |
@stefanberger thanks for confirming. Yeah the architecture-doc section 17.7 only mentions one set for the reference implementation but doesn't specify which one. @AndreasFuchsTPM @williamcroberts do you know? |
When I look at the below document Table 6 then my interpretation is that the patch I applied was a bugfix... which breaks backwards compatibility. |
It sure likes like it. Perhaps add a command line option to swtpm to retain the old behavior. |
I won't support this with a command line option but may change the table so the function behaves as before... |
It would be useful to display the different PCR properties, such as which PCRs can have an auth value set.
The text was updated successfully, but these errors were encountered: