Issue #421 has been updated by Sergii Dmytruk.
Julius Werner wrote in #note-8: > are you planning to make a bunch of Kconfigs to select this vboot2 supports 4 matching hashes, so 4 corresponding options. > Basically, I understand that the log format *allows* multiple algorithms, and > that's fine. And I'm also not saying that we can never expand it to allow > logging multiple algorithms if a real need comes up in the future. I'm just > saying there's no need to make things any more complicated than they need to > be right now and implement support for a bunch of stuff in the lower level > APIs that the higher level APIs wouldn't actually be using yet. If your goal > for the time being is just to support the new log format, why don't you just > do that in a way where tpm_extend_pcr() always creates a log entry with > exactly one algorithm? If we ever get to the point where we actually need to > log multiple algorithms somewhere we can still expand that later. This approach will require returning to these changes, understanding them and spec again, changing, testing and reviewing changes again and only then adding a second/third algorithm. This can even prevent such development in the future by making the cost of change high enough. I think we might as well implement agile format properly (no fixed-size buffers in structures, any number of algorithms) right away. Lower level API is called in two places, both of which need to loop over an array of enabled algorithms, which doesn't complicate the code much, just generalizes it. ---------------------------------------- Cleanup #421: Change API of functions taking hash as an argument https://ticket.coreboot.org/issues/421#change-1201 * Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 ---------------------------------------- All existing functions that take a digest as an input assume that only one hashing algorithm is used at a time. Crypto agile format entry can (and should) log every used PCR bank in one entry for a given measurement. To make it work, some of the arguments must be changed, e.g.: - pass number of algorithms used; - instead of algorithm ID, pass a pointer to array of such IDs, with size equal to above; - instead of hash, pass a pointer to array of hashes, with size and order as above. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
