On Sat, Feb 20, 2021 at 05:09:07 +0200, Jarkko Sakkinen wrote: > Something popped into mind: could we make PCR 23 reservation dynamic > instead of a config option. > > E.g. if the user space uses it, then it's dirty and hibernate will > fail. I really dislike the static compilation time firewall on it. I don't know the threat model here, but couldn't hibernation then be blocked by userspace using PCR 23 in some way (thus becoming a Denial of Service)? Are elevated permissions required to use PCR values? --Ben
