-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0
-
clevis-21-6.el10
-
No
-
Moderate
-
Patch
-
2
-
rhel-sst-security-special-projects
-
ssg_security
-
16
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
SECENGSP Cycle 10, SECENGSP Cycle 11
-
None
The default is PCR bank is sha1, which is not always supported (it is legacy and optional for implementation). Make this more future-proof and use the first bank with non-empty set of PCRs, which is returned from TPM by tpm2_getcap pcrs.
The swtpm by default does not create sha1 bank, so this fixes usage with swtpm
- clones
-
RHEL-65468 [RHEL9] tpm2: use first PCR algorithm bank supported by TPM as default
- Release Pending
- is cloned by
-
RHEL-67179 [Fedora Rawhide] tpm2: use first PCR algorithm bank supported by TPM as default
- Closed
- links to
-
RHBA-2024:139485 clevis bug fix and enhancement update