You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When sealing a key to PCR values, it should be possible to combine measured pcr values with preset.
For instance one could use something like '"tpm2": {"pcr_bank":"sha256", "pcr_ids": "0,1,7,11", "pcr_digest": {"11": "'${pcr11}'"}}
in order to designate a value for pcr11 while using measured values for 0,1 and 7. As of writing, it seems that it isn't possible to
provide a dictionary for the pcr_digest value. Only a string value is processed (and an object value is silently ignored), this string needs to contain values for all the pcrs.
From a usability standpoint, it may be interesting to support a dictionary value for pcr_digest and use those values as
overrides on the output of tpm2_pcrread.
The text was updated successfully, but these errors were encountered:
When sealing a key to PCR values, it should be possible to combine measured pcr values with preset.
For instance one could use something like
'"tpm2": {"pcr_bank":"sha256", "pcr_ids": "0,1,7,11", "pcr_digest": {"11": "'${pcr11}'"}}in order to designate a value for pcr11 while using measured values for 0,1 and 7. As of writing, it seems that it isn't possible to
provide a dictionary for the
pcr_digestvalue. Only a string value is processed (and an object value is silently ignored), this string needs to contain values for all the pcrs.From a usability standpoint, it may be interesting to support a dictionary value for
pcr_digestand use those values asoverrides on the output of tpm2_pcrread.
The text was updated successfully, but these errors were encountered: