On 10/24/2018 5:35 AM, Monty Wiseman wrote:
Option C:
This is a viable option and may actully be what the caller wants. There actually
is no rule the all banks must be extended. In fact when "sealing", the
caller lists
Doesn't not extending a bank open the platform to attack? Even
if one caller is sealing to one bank, other applications may use a
different bank. If that bank was no extended, the caller could extend
counterfeit measurements and subvert an application.
IMHO, for PCRs that are doing software measurements, the rule should be
that all allocated banks should be extended.
the pcr banks they want to seal to. (While is it technically possible
to provide the
TPM2_PolicyPCR a mix of banks I don't believe this practical as only
one expected hash
is provided as input. We should consider this option.
I'm nearly sure that one can run TPM2_PolicyPCR with multiple banks.
1 - The input parameter pcrDigest is optional. It permits the caller
to check for correct PCRs early in the policy process. For example,
it could avoid an unnecessary digital signature or password prompt.
That's why policies should be constructed with policypcr before terms
that require external input.
2 - The spec Part 1 describes the pcrDigest calculation, and I
don't see anything that mandates only one bank.
