On Sat, 2024-09-14 at 11:36 -0500, Xing, Cedric wrote:I’m not sure if I understand this correctly. Are you suggesting we continue using the event definitions from the existing TCG specs with just a simple RTMR-to-PCR map? That’s exactly the issue we’re trying to address. The current specs don’t cover new applications. For example, how to describe the event of launching a container measured to a specific SHA-256 digest in CoCo? Defining new event types would require revising the specs, which is a high barrier for most applications. While TPM has been widely adopted, its use has been mostly limited to pre-boot scenarios. The lack of OS applications leveraging TPM is partly due to this limitation IMHO.
I have considered this before. But I'm not sure how to
(define/describe criteria to) match an MR with its log format.
This is already defined for every existing log format ... why would you
have to define it again?
Also, MRs are arch dependent and may also vary from gen to gen. I'm
afraid this might bring in more chaos than order.
I think I understand this. All measurement registers are simply
equivalent to PCRs in terms of the mathematical definition of how they
extend. Exactly what measurements go into a PCR and how they are
logged is defined in various standards. The TCG ones are fairly fixed
now, but if Intel wants to keep redefining the way its measurements
work, the logical thing to do is tie this to a version number and make
measuring the version the first log entry so the tools know how to
differentiate.