[PATCH v4 1/6] tpm: dynamically allocate active_banks array
Ken Goldman
kgold at linux.ibm.com
Thu Dec 13 20:21:01 UTC 2018
On 11/7/2018 4:41 AM, Roberto Sassu wrote:
> On 11/7/2018 7:14 AM, Nayna Jain wrote:
>
> In the TPM Commands specification (section 30.2.1), I found:
>
> TPM_CAP_PCRS – Returns the current allocation of PCR in a
> TPML_PCR_SELECTION.
>
> You mentioned:
>
> #TPM_RC_SIZE response code when count is greater
> than the possible number of banks
>
> but TPML_PCR_SELECTION is provided by the TPM.
>
> Roberto
>
>
[snip]
>>
>>
>> As per my understanding, the count in the TPML_PCR_SELECTION represent
>> the number of possible banks and not the number of active banks.
>> TCG Structures Spec for TPM 2.0 - Table 102 mentions this as
>> explanation of #TPM_RC_SIZE.
FYI: This was clarified in the TCG's TPM work group today. TPM_CAP_PCRS
returns:
The TPML_PCR_SELECTION must include a TPMS_PCR_SELECTION for each PCR
bank in which there is at least one allocated PCR. The
TPML_PCR_SELECTION may return a TPMS_PCR_SELECTION for each implemented
PCR bank. The TPML_PCR_SELECTION may return a TPMS_PCR_SELECTION for
each implemented hash algorithm.
Also:
The TPM doesn't use the term "active banks"
Allocated = a bank that has at least one PCR bit set in the selection
bitmap.
Supported or implemented banks = the number of PCR banks that can be
allocated, based on the TPM hardware.
Hash algorithms = The hash algorithms supported by the TPM
For example, the TPM may support 3 hash algorithms and 2 PCR banks, and
have 1 bank allocated.
More information about the Linux-security-module-archive
mailing list