Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

efi: Add profiles for PCRs 0 and 2 #299

Merged
merged 1 commit into from
May 30, 2024
Merged

efi: Add profiles for PCRs 0 and 2 #299

merged 1 commit into from
May 30, 2024

Conversation

chrisccoulson
Copy link
Collaborator

@chrisccoulson chrisccoulson commented Apr 29, 2024
edited
Loading

This adds profiles for PCR0 (platform firmware) and PCR2 (host firmware that
runs from adapter cards or firmware that runs on embedded controllers)

@chrisccoulson chrisccoulson marked this pull request as ready for review April 29, 2024 20:58
@chrisccoulson
efi: Add profiles for PCRs 0 and 2
14e0082 
This adds profiles for PCR0 (platform firmware) and PCR2 (host
firmware that runs from adapter cards or firmware that runs on
embedded controllers)
@chrisccoulson chrisccoulson mentioned this pull request May 22, 2024
Closed
pedronis
pedronis reviewed May 27, 2024
View reviewed changes
Copy link
Collaborator

@pedronis pedronis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks good, Is the plan that we should start including these in profiles going forward? a bit more motivation in the summary would be useful

@chrisccoulson
Copy link
Collaborator Author

this looks good, Is the plan that we should start including these in profiles going forward? a bit more motivation in the summary would be useful

The goal is that an eventual PR that implements the pre-install checks will return an options that contains the optimal set of TCG defined PCRs, which may or many not include these new profiles depending on the device configuration. There will be some additional options to control this, such as selecting "optimal" configuration or "most secure".

pedronis
pedronis approved these changes May 30, 2024
View reviewed changes
Copy link
Collaborator

@pedronis pedronis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 but please add some of

The goal is that an eventual PR that implements the pre-install checks will return an options that contains the optimal set of TCG defined PCRs, which may or many not include these new profiles depending on the device configuration. There will be some additional options to control this, such as selecting "optimal" configuration or "most secure".

to the description

@chrisccoulson chrisccoulson merged commit 121a1da into canonical:master May 30, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pedronis pedronis pedronis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chrisccoulson @pedronis