Open makuru-dd opened 4 months ago
RaitoBezarius
commented
4 months ago Probably possible, but we need a way to test it and reproduce it in our CI, and it's a maintenance churn. Can you provide precise information on your hardware so we know what type of machine does this sort of stuff?
makuru-dd
commented
4 months ago Its a reconfigured framework 16, it, may not be worth the effort, for a slight security gain.
RaitoBezarius
commented
4 months ago It is surprising to me that Framework 16" has no support for SHA256… I will look into that, thanks.
makuru-dd
commented
4 months ago No it has but you can disable it.
RaitoBezarius
commented
4 months ago Ah, I see, so you disabled SHA256 on purpose. Then, I recommend you to stick to SHA256 and not disable it, very few end implementations will be crypto-agile enough for SHA384 which doesn't bring that much to the play. And you earn currently no security by using SHA384 over SHA256.
We can keep it open and see what does it cost to support it, but I am inclined to say this is very low priority as a result.
I have enabled that my bios only supports sha384 but i get following error:
measurement log didn't use sha1 or sha256 digests.Is it possible to use sha384 with lanzaboot?