Hi Heinrich,
On Wed, Jan 19, 2022 at 03:22:53PM +0100, Heinrich Schuchardt wrote:
> On 1/18/22 19:12, Ilias Apalodimas wrote:
> > Hi Heinrich,
> >
> > On Tue, 18 Jan 2022 at 18:22, Heinrich Schuchardt
> > wrote:
> > >
> > > On 1/18/22 15:03, Ilias Apalodimas wrote:
> > > > Hi Heinrich,
> > >
On 1/18/22 19:12, Ilias Apalodimas wrote:
Hi Heinrich,
On Tue, 18 Jan 2022 at 18:22, Heinrich Schuchardt wrote:
On 1/18/22 15:03, Ilias Apalodimas wrote:
Hi Heinrich,
- info.checksum = image_get_checksum_algo("sha256,rsa2048");
[...]
- info.name = "sha256,rsa2048";
- }
\> >
> > No that's not doable. Things like EFI_TCG2 protocol needs that since
> > we use a sha1 in the tcg eventlog.
>
> I simply wonder why you can trust SHA1 in PCR/event log while you don't
> trust it in secure boot.
You don't trust the PCRs in the eventlog. The eventlog is a human
readable f
On Wed, Jan 19, 2022 at 09:07:04AM +0200, Ilias Apalodimas wrote:
> Hi Akashi-san,
>
>
> On Wed, 19 Jan 2022 at 06:47, AKASHI Takahiro
> wrote:
> >
> > On Tue, Jan 18, 2022 at 08:12:22PM +0200, Ilias Apalodimas wrote:
> > > Hi Heinrich,
> > >
> > > On Tue, 18 Jan 2022 at 18:22, Heinrich Schuchar
Hi Akashi-san,
On Wed, 19 Jan 2022 at 06:47, AKASHI Takahiro
wrote:
>
> On Tue, Jan 18, 2022 at 08:12:22PM +0200, Ilias Apalodimas wrote:
> > Hi Heinrich,
> >
> > On Tue, 18 Jan 2022 at 18:22, Heinrich Schuchardt
> > wrote:
> > >
> > > On 1/18/22 15:03, Ilias Apalodimas wrote:
> > > > Hi Heinr
On Tue, Jan 18, 2022 at 08:12:22PM +0200, Ilias Apalodimas wrote:
> Hi Heinrich,
>
> On Tue, 18 Jan 2022 at 18:22, Heinrich Schuchardt wrote:
> >
> > On 1/18/22 15:03, Ilias Apalodimas wrote:
> > > Hi Heinrich,
> > >
> > > - info.checksum = image_get_checksum_algo("sha256,rsa2048");
>
Hi Heinrich,
On Tue, 18 Jan 2022 at 18:22, Heinrich Schuchardt wrote:
>
> On 1/18/22 15:03, Ilias Apalodimas wrote:
> > Hi Heinrich,
> >
> > - info.checksum = image_get_checksum_algo("sha256,rsa2048");
> >
> > [...]
> >
> > - info.name = "sha256,rsa2048";
> > - } else
On 1/18/22 15:03, Ilias Apalodimas wrote:
Hi Heinrich,
- info.checksum = image_get_checksum_algo("sha256,rsa2048");
[...]
- info.name = "sha256,rsa2048";
- } else {
- pr_warn("unknown msg digest algo: %s\n", sig->hash_algo);
+ if (strcmp
Hi Heinrich,
> > > > - info.checksum =
> > > > image_get_checksum_algo("sha256,rsa2048");
[...]
> > > > - info.name = "sha256,rsa2048";
> > > > - } else {
> > > > - pr_warn("unknown msg digest algo: %s\n",
> > > > sig->hash_algo);
> > > > +
On 1/18/22 13:50, Ilias Apalodimas wrote:
Akashi-san,
On Tue, Jan 18, 2022 at 09:38:22PM +0900, AKASHI Takahiro wrote:
Hi Ilias,
On Tue, Jan 18, 2022 at 01:12:37PM +0200, Ilias Apalodimas wrote:
Right now the code explicitly limits us to sha1,256 hashes with RSA2048
encryption. But the limit
Akashi-san,
On Tue, Jan 18, 2022 at 09:38:22PM +0900, AKASHI Takahiro wrote:
> Hi Ilias,
>
> On Tue, Jan 18, 2022 at 01:12:37PM +0200, Ilias Apalodimas wrote:
> > Right now the code explicitly limits us to sha1,256 hashes with RSA2048
> > encryption. But the limitation is artificial since U-Boot
Hi Ilias,
On Tue, Jan 18, 2022 at 01:12:37PM +0200, Ilias Apalodimas wrote:
> Right now the code explicitly limits us to sha1,256 hashes with RSA2048
> encryption. But the limitation is artificial since U-Boot supports
> a wider range of algorithms.
>
> The internal image_get_[checksum|crypto]_a
Right now the code explicitly limits us to sha1,256 hashes with RSA2048
encryption. But the limitation is artificial since U-Boot supports
a wider range of algorithms.
The internal image_get_[checksum|crypto]_algo() functions expect an
argument in the format of ,. So let's remove the size
checki
13 matches
Mail list logo
