You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If PCR7 isn't supported for some reason, eg, because secure boot is disabled or the device is not in deployed mode, then we should be able to fall back to a safe profile that includes PCRs 1, 2 and 4 and 5. PCR 2 and 4 are for binding to all code that's loaded outside of the platform firmware.
PCR1 is to bind to all of the platform firmware's configuration - currently, changes to security-sensitive settings such as enabling a debugger or disabling DMA remapping change the value of PCR7 by adding extra EVI_EFI_ACTION events.
PCR5 contains the GPT of the IBL and can be used for any bootloader configuration, and support for this will be tracked in a separate issue.
The text was updated successfully, but these errors were encountered:
If PCR7 isn't supported for some reason, eg, because secure boot is disabled or the device is not in deployed mode, then we should be able to fall back to a safe profile that includes PCRs 1, 2 and 4 and 5. PCR 2 and 4 are for binding to all code that's loaded outside of the platform firmware.
PCR1 is to bind to all of the platform firmware's configuration - currently, changes to security-sensitive settings such as enabling a debugger or disabling DMA remapping change the value of PCR7 by adding extra
EVI_EFI_ACTIONevents.PCR5 contains the GPT of the IBL and can be used for any bootloader configuration, and support for this will be tracked in a separate issue.
The text was updated successfully, but these errors were encountered: