Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-9.6
Affects Version/s: rhel-9.5
Component/s: clevis
Labels:
- CY24Q4
- CY24Q4_commit

Fixed in Build:
clevis-21-206.el9
Regression:
Yes
Severity:
Moderate
Epic Link:
SECENGSP-6169
Keywords:

Patch
sprint_count:
1

Pool Team:

rhel-sst-security-special-projects
Sub-System Group:

ssg_security

Dev Target Milestone:
12
Internal Target Milestone:
14
Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Products:

Red Hat Enterprise Linux
Sprint:
SECENGSP Cycle 10

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/139484
Test Coverage:

Manual

Release Note Type:
Unspecified Release Note Type - Unknown

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

The default PCR bank is sha1, which is not always supported (it is legacy and optional for implementation). Make this more future-proof and use the first bank with non-empty set of PCRs, which is returned from TPM by tpm2_getcap pcrs.
The swtpm by default does not create sha1 bank, so this fixes usage with swtpm

is cloned by

RHEL-65469 [RHEL10] tpm2: use first PCR algorithm bank supported by TPM as default

Release Pending

links to

RHBA-2024:139484 clevis bug fix and enhancement update

Assignee:: Patrik Končitý

Reporter:: Sergio Arroutbi

Developer:: Sergio Correia

QA Contact:: Patrik Končitý

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/10/31 6:54 PM

Updated:: 2025/01/31 10:57 AM

Dev Target end:: 2024/11/11

Target end:: 2024/11/25

Next Planned Release Date:: 2025/05/13

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates