Skip to content

Commit

Permalink
Improve key sealing code
Browse files Browse the repository at this point in the history 
 - fix incorrect algorithm used. SHA256 is now used
 - Add PCR 14 to the list

Signed-off-by: Mikhail Malyshev <mikem@zededa.com>
  • Loading branch information
@mikem-zed @eriknordmark
mikem-zed authored and eriknordmark committed Jan 26, 2023
1 parent c01abf6 commit 4b94a6e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/pillar/evetpm/tpm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ var (
pcrBank256Status = PCRBank256StatusUnknown

//DiskKeySealingPCRs represents PCRs that we use for sealing
DiskKeySealingPCRs = tpm2.PCRSelection{Hash: tpm2.AlgSHA1, PCRs: []int{0, 1, 2, 3, 4, 6, 7, 8, 9, 13}}
DiskKeySealingPCRs = tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 1, 2, 3, 4, 6, 7, 8, 9, 13, 14}}
)

//SealedKeyType holds different types of sealed key
Expand Down

0 comments on commit 4b94a6e

Please sign in to comment.