From: Benjamin B. <be...@ma...> - 2014-08-14 16:43:57
Attachments:
signature.asc
|
Hej, just a short question because I'm a little confused about this: which lcptools are you supposed to use? In docs/ the policy-readme for modern systems is policy_v2.txt and then, in this file, lcptools and not lcptools_v2 is referenced. I also don't find any other statement in the docs about what the difference is between the two (I'd rather not read the whole source to find out ;)). Also, how can you get the sbios-hashes that are mentioned in the docs for both lcptool-version? Isn't the bios supposed to be hashed into PCR 0 anyway? -- >Ever heard of .cshrc? That's a city in Bosnia. Right? -- Discussion in comp.os.linux.misc on the intuitiveness of commands -- best regards, - Benjamin Block |
From: Wei, G. <gan...@in...> - 2014-08-20 01:41:44
|
On Aug 15, 2014 00:43, Benjamin Block wrote: > Hej, > > just a short question because I'm a little confused about this: which > lcptools are you supposed to use? In docs/ the policy-readme for > modern systems is policy_v2.txt and then, in this file, lcptools and > not > lcptools_v2 is referenced. I also don't find any other statement in > the docs about what the difference is between the two (I'd rather not > read the whole source to find out ;)). lcptools_v2 is for LCP policy v3 to support tpm2.0. > Also, how can you get the sbios-hashes that are mentioned in the docs > for both lcptool-version? Isn't the bios supposed to be hashed into > PCR 0 anyway? You can get sbios-hashes from platform vendors. Yes, it will be hashed into PCR0. It is a little bit overlap with PCONF element, but with SBIOS element you can just apply policy on sbios. Thanks Jimmy |
From: Benjamin B. <be...@ma...> - 2014-08-20 08:10:16
Attachments:
signature.asc
|
On 01:41 Wed 20 Aug , Wei, Gang wrote: > On Aug 15, 2014 00:43, Benjamin Block wrote: > > Hej, > > > > just a short question because I'm a little confused about this: which > > lcptools are you supposed to use? In docs/ the policy-readme for > > modern systems is policy_v2.txt and then, in this file, lcptools and > > not > > lcptools_v2 is referenced. I also don't find any other statement in > > the docs about what the difference is between the two (I'd rather not > > read the whole source to find out ;)). > > lcptools_v2 is for LCP policy v3 to support tpm2.0. > Ah, ok. Then that explains why that wouldn't work. Had figured it out in the meantime with some trial-and-error. Would maybe be good to add a note about this in the readme of the tools-directory, just in case. > > > Also, how can you get the sbios-hashes that are mentioned in the docs > > for both lcptool-version? Isn't the bios supposed to be hashed into > > PCR 0 anyway? > > You can get sbios-hashes from platform vendors. Yes, it will be hashed > into PCR0. It is a little bit overlap with PCONF element, but with SBIOS > element you can just apply policy on sbios. > Alright, so I guess this is more for suppliers/OEMS with closer relations to the bios-vendors and not any user. Thx for the info. -- The church saves sinners, but science seeks to stop their manufacture. -- Elbert Hubbard -- best regards, - Benjamin Block |