When sealing a key to PCR values, it should be possible to combine measured pcr values with preset.
For instance one could use something like '"tpm2": {"pcr_bank":"sha256", "pcr_ids": "0,1,7,11", "pcr_digest": {"11": "'${pcr11}'"}}
in order to designate a value for pcr11 while using measured values for 0,1 and 7. As of writing, it seems that it isn't possible to
provide a dictionary for the pcr_digest value. Only a string value is processed (and an object value is silently ignored), this string needs to contain values for all the pcrs.
From a usability standpoint, it may be interesting to support a dictionary value for pcr_digest and use those values as
overrides on the output of tpm2_pcrread.
When sealing a key to PCR values, it should be possible to combine measured pcr values with preset.
For instance one could use something like
'"tpm2": {"pcr_bank":"sha256", "pcr_ids": "0,1,7,11", "pcr_digest": {"11": "'${pcr11}'"}}in order to designate a value for pcr11 while using measured values for 0,1 and 7. As of writing, it seems that it isn't possible to provide a dictionary for thepcr_digestvalue. Only a string value is processed (and an object value is silently ignored), this string needs to contain values for all the pcrs.From a usability standpoint, it may be interesting to support a dictionary value for
pcr_digestand use those values as overrides on the output of tpm2_pcrread.