Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-65469

[RHEL10] tpm2: use first PCR algorithm bank supported by TPM as default

    • clevis-21-6.el10
    • No
    • Moderate
    • Patch
    • 2
    • rhel-sst-security-special-projects
    • ssg_security
    • 16
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • SECENGSP Cycle 10, SECENGSP Cycle 11
    • None

      The default is PCR bank is sha1, which is not always supported (it is legacy and optional for implementation). Make this more future-proof and use the first bank with non-empty set of PCRs, which is returned from TPM by tpm2_getcap pcrs.
      The swtpm by default does not create sha1 bank, so this fixes usage with swtpm

              pkoncity2 Patrik Končitý
              sarroutb@redhat.com Sergio Arroutbi
              Sergio Correia Sergio Correia
              Patrik Končitý Patrik Končitý
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: