hede5562
commented
2 years ago (now that I quickly opened this "issue" after having this idea, I think a better place would be the "discussions" area instead of an issue... sorry..)
Open hede5562 opened 2 years ago
hede5562
commented
2 years ago (now that I quickly opened this "issue" after having this idea, I think a better place would be the "discussions" area instead of an issue... sorry..)
noahbliss
commented
2 years ago No worries on the "issue" I check these more often anyways.
If you want to submit a PR with the proposed changes to the README, feel free! I may update this more as I find time, but that's somewhat rare these days. If you do provide more documentation on the PCRs, please include reference material from an RFC or other reputable source so users can learn more.
Thanks and good suggestion! I'll leave this open for now.
By default mortar uses PCRs 1 and 7, but there are some other important PCRs which should get used if handled properly by the BIOS/UEFI. There's just a short note in the mortar.env that the PCRs are configurable and an optional step in the installation example (README.md). The documentation could be extended to describe this topic more precise and to inform the user of the importance of some additional PCR values. For example as a more prominent step within the example or some additional topic in the SECURITY.md?