[PATCH v9 06/19] x86: Add early SHA-1 support for Secure Launch early measurements
Matthew Garrett
mjg59 at srcf.ucam.org
Wed Aug 28 20:25:26 PDT 2024
On Wed, Aug 28, 2024 at 08:17:05PM -0700, Andy Lutomirski wrote:
> Ross et al, can you confirm that your code actually, at least by
> default and with a monstrous warning to anyone who tries to change the
> default, caps SHA1 PCRs if SHA256 is available? And then can we maybe
> all stop hassling the people trying to develop this series about the
> fact that they're doing their best with the obnoxious system that the
> TPM designers gave them?
Presumably this would be dependent upon non-SHA1 banks being enabled?
More information about the kexec
mailing list