Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-65468

[RHEL9] tpm2: use first PCR algorithm bank supported by TPM as default

    • No
    • None
    • Patch
    • 1
    • sst_security_special_projects
    • ssg_security
    • 11
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • SECENGSP Cycle 10
    • None
    • None
    • None

      The default is PCR bank is sha1, which is not always supported (it is legacy and optional for implementation). Make this more future-proof and use the first bank with non-empty set of PCRs, which is returned from TPM by tpm2_getcap pcrs.
      The swtpm by default does not create sha1 bank, so this fixes usage with swtpm

            sarroutb@redhat.com Sergio Arroutbi
            sarroutb@redhat.com Sergio Arroutbi
            Sergio Correia Sergio Correia
            Patrik Končitý Patrik Končitý
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: