Adding the main entities of a new design of PCR values calculations process. New package is called "bootflow" (instead of "pcr"), since it is not longer focused on PCR values only. It also supports other roots of trust for storage and measurements.
New design (in contrast to the old one) is:
Extensible from external packages.
TPM terms "Event", "Extend" and "Measurement" are clarified.
Flow now consists of steps. Each step may contain multiple measurements. It solves the problem with dynamic amount of measurements on some platforms.
New design also aware of DICE and other chains of trust.
UML is generated by command:
goplantuml -recursive pkg/bootflow/ | sed -e 's/\#\.\./\*--/g' | sed -re 's/\[\]([^b])/\1/g'
Re-opening PR https://github.com/9elements/converged-security-suite/pull/330 (it was closed accidentally).
Old description:
Adding the main entities of a new design of PCR values calculations process. New package is called "bootflow" (instead of "pcr"), since it is not longer focused on PCR values only. It also supports other roots of trust for storage and measurements.
New design (in contrast to the old one) is:
UML is generated by command:
An example of a flow description: https://github.com/9elements/converged-security-suite/pull/330/files#diff-27af1a8ff010eb439ee11da802024b19fbf9bf11ea6580efcbfed47f54135c89R9-R15