On Tue, Jun 30, 2020 at 02:23:22PM -0500, Tyler Hicks wrote:
> > > I am all for stringent checks, but this could potentially break
> > > measured boot on systems that are working fine today, right?
> >
> > Seems like in that case our measurement is unreliable and can't really
> > be trusted. That said, having things that were using the measurements
> > before this suddenly stop being able to access sealed secrets is not a
> > great experience for the user who unwittingly bought the junk hardware.
>
> I haven't seen where anyone has suggested that such junk hardware
> exists. Do you know of or expect any firmware that has mismatched
> TCG_PCR_EVENT2.digests.count and TCG_EfiSpecIdEvent.numberOfAlgorithms
> values?
If nobody has seen any hardware that actually produces the values you're
excluding, then I don't have a strong objection.
> I would think that the userspace code that's parsing
> /sys/kernel/security/tpm0/binary_bios_measurements would also have
> issues with such an event log.
>
> > Same with the zero-supported-hashes case.
>
> Small but important correction: it is a zero-hashes case, not a
> zero-supported-hashes case
>
> There's no handshake involved or anything like that. This would only
> cause problems if the firmware provided no hashes, which means the
> firmware event log is unusable, anyways.
Indeed.
--
Peter
