-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0
-
No
-
None
-
Patch
-
1
-
sst_security_special_projects
-
ssg_security
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
SECENGSP Cycle 10
-
None
-
None
-
None
The default is PCR bank is sha1, which is not always supported (it is legacy and optional for implementation). Make this more future-proof and use the first bank with non-empty set of PCRs, which is returned from TPM by tpm2_getcap pcrs.
The swtpm by default does not create sha1 bank, so this fixes usage with swtpm
- clones
-
RHEL-65468 [RHEL9] tpm2: use first PCR algorithm bank supported by TPM as default
- Planning