Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

preinstall: refinements to WithAutoPCRProfile #345

Closed
wants to merge 5 commits into from
Closed

preinstall: refinements to WithAutoPCRProfile #345

wants to merge 5 commits into from

Conversation

chrisccoulson
Copy link
Collaborator

(Draft until #340 has landed"

This makes some changes to WithAutoPCRProfile:

  • It renames it to WithAutoTCGPCRProfile to make it clear that it only
    selects secure combinations of TCG defined PCRs.
  • It introduces a new option -
    PCRProfileOptionPermitNoSecureBootPolicyProfile, so that
    configurations that don't use PCR7 aren't automatically selected.
    If PCR7 can't be used, this flag must be supplied to unlock a secure
    configuration that doesn't include PCR7.
  • It introduces the RequiredUnsupportedPCRsError error type, returned
    from methods of PCRProfileAutoEnablePCRsOption to make error
    classification a bit easier later on.

@chrisccoulson
preinstall: Add checks for PCR7
332bbc6
@chrisccoulson
preinstall: Add CheckResult and WithAutoPCRProfile APIs
27fef9d
@chrisccoulson
preinstall: Add public RunChecks API
35b77e6
@chrisccoulson
preinstall: move some extra TPM tests to only run during pre-install
0c2598b 
We were already skipping the lockout hierarchy auth value test during
post-install because this doesn't make sense, but also skip similar
tests for other hierarchies and also skip the lockout checkout and the
test for sufficient number of NV counters.
@chrisccoulson
preinstall: refinements to WithAutoPCRProfile
699d6ee 
This makes some changes to WithAutoPCRProfile:
- It renames it to WithAutoTCGPCRProfile to make it clear that it only
  selects secure combinations of TCG defined PCRs.
- It introduces a new option -
  PCRProfileOptionPermitNoSecureBootPolicyProfile, so that
  configurations that don't use PCR7 aren't automatically selected.
  If PCR7 can't be used, this flag must be supplied to unlock a secure
  configuration that doesn't include PCR7.
- It introduces the RequiredUnsupportedPCRsError error type, returned
  from methods of PCRProfileAutoEnablePCRsOption to make error
  classification a bit easier later on.
@chrisccoulson chrisccoulson mentioned this pull request Oct 15, 2024
Closed
@chrisccoulson
Copy link
Collaborator Author

This is obsolete now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chrisccoulson