On Wed, 2020-08-19 at 09:02 -0300, Jason Gunthorpe wrote:
> On Tue, Aug 18, 2020 at 02:55:50PM -0400, Mimi Zohar wrote:
>
> > The problem is that there isn't just one single userspace library
> > or application for reading PCRs. So now not only is there the
> > kernel "boot_aggregate" regression testing, but regression testing
> > of the tool itself to support multiple methods of reading the PCRs.
>
> I was thinking just open code
> open("/dev/tpm")
> write(read_pcrs_cmd)
That's rather an over simplification. The command takes a
TPML_PCR_SELECTION structure which is, in turn, a packed array of
TPMS_PCR_SELECTION which is a hash type and big endian packed bitmap.
> read(read_pcrs_cmd)
And the return is a TPML_PCR_SELECTION, in case the system couldn't
provide something you asked for followed by TPML_DIGEST structure which
is a counted array of TPM2B packed digests.
This is a marshal/unmarshal nightmare for the uninitiated. It is *not*
simple or even straightforward.
> It isn't particularly hard to retrive the PCRs, don't really need to
> depend on a library.
Well, having a PhD in Theoretical Physics, I find quantum field theory
remarkably easy to understand. My friends tell me this is just me and
they'd rather I not talk about it at parties ...
James
