On Tue, Sep 02, 2025 at 09:47:15AM +0800, Gary Lin via Grub-devel wrote: > For users who require a sealed key to be unsealable only once per boot > process, a straightforward technique involves "capping" the key by > extending the associated PCRs. This patch set introduces PCR capping > support for the TPM2 key protector, allowing users to select specific > PCRs to extend immediately after the key is unsealed. > > v3: > - Amending the conditional check for the event buffer in efi/tcg2.c > v2: > - Fixing typos > - Moving the error message to grub_ieee1275_ibmvtpm_2hash_ext_log() > - Replacing 'SEPARATOR' with 'EV_SEPARATOR'
This should be GRUB_EV_SEPARATOR... > - Amending the conditional check for grub_tpm2_buffer.error > - Removing the unnecessary 'extern' from grub_tpm2_pcr_event() > > Gary Lin (7): > tss2: Add TPM2_PCR_Event command > tss2: Introduce grub_tcg2_cap_pcr() > tss2: Implement grub_tcg2_cap_pcr() for EFI > tss2: Implement grub_tcg2_cap_pcr() for ieee1275 > tss2: Implement grub_tcg2_cap_pcr() for EMU > tpm2_key_protector: Support PCR capping > tests/tpm2_key_protector_test: Add a test for PCR Capping Except a nitpick mentioned above for all patches Reviewed-by: Daniel Kiper <[email protected]>... Daniel _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
