74a0fad8a1
The PCR algorithms used for vboot are frequently causing confusion (e.g. see CB:35645) because depending on the circumstances sometimes a (zero-extended) SHA1 value is interpreted as a SHA256, and sometimes a SHA256 is interpreted as a SHA1. We can't really "fix" anything here because the resulting digests are hardcoded in many generations of Chromebooks, but we can document and isolate it better to reduce confusion. This patch adds an explanatory comment and fixes both algorithms and size passed into the lower-level TPM APIs to their actual values (whereas it previously still relied on the TPM 1.2 TSS not checking the algorithm type, and the TPM 2.0 TSS only using the size value for the TCPA log and not the actual TPM operation). Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: Ib0b6ecb8c7e9a405ae966f1049158f1d3820f7e2 Reviewed-on: https://review.coreboot.org/c/coreboot/+/51720 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Angel Pons <th3fanbus@gmail.com> Reviewed-by: Aaron Durbin <adurbin@chromium.org> |
||
|---|---|---|
| .. | ||
| intel | ||
| lockdown | ||
| memory | ||
| tpm | ||
| vboot | ||
| Kconfig | ||
| Makefile.inc | ||