Menu
▾
▴
Re: [tboot-devel] [ANNOUNCEMENT] PCR Extended Policy - planned DEFEATURING
|
From: Gilbert, T. <Tra...@de...> - 2021-12-02 15:02:48
|
Internal Use - Confidential > -----Original Message----- > From: Dr. G.W. Wettstein <gr...@wi...> > Sent: Wednesday, December 1, 2021 08:53 > To: Randzio, Pawel; tbo...@li...; tboot- > de...@li... > Subject: Re: [tboot-devel] [ANNOUNCEMENT] PCR Extended Policy - planned > DEFEATURING > > > [EXTERNAL EMAIL] > > On Dec 1, 9:04am, "Randzio, Pawel" wrote: > } Subject: [tboot-devel] [ANNOUNCEMENT] PCR Extended Policy - planned > DEFEAT > > > Hello, > > Good morning, I hope this note finds the day, or evening, going well for > everyone. > > > I would like to inform you that there are plans to defeature TBOOT > > extpol option and fix it to current default. > > > > The change affects TPM2.0 PCR Extended Policy Support. It has two options: > > > > * "Maximum Agility" - hashes computed using TPM2.0 > > * "Maximum Performance" - hashes computed using software, no TPM > usage > > > > We want to defeature the "Maximum Agility" option and leave only > "Maximum Performance" (current default). Why would you not just switch the default and leave the Agility as an option? > > > > If you have any objections, please inform me. > > No objections but we would be interested in understanding the root rationale > for the change. I'm also interested in the rationale. The change of default I can understand. I think that most people using tboot use the "extpol" option. I don't understand completely removing agility as an option. |
