nvindex: introduce an nvindex registry #118
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The TCG would like to assign a NV index range to the Linux community. Let's hence create a registry of subranges and to which open source projects they are delegated. For now this is only systemd.
|
don't merge this yet The listed range is not officially delegated to Linux yet. Once I hear back from TCG and get confirmation that this registry looks good to them we can make this offical. |
bluca
reviewed
Sep 10, 2024
| Note that while TPM 2.0 NV indexes are not quite as scarce as PCRs they still aren't free. Hence, please | ||
| request only minimal ranges for your purposes. | ||
|
|
||
| We will not delegate subranges to projects that aren't under an Open Source license. For NV index delegations |
There was a problem hiding this comment.
Given recent drama around commercial licenses trying to pass as open source, let's be extra precise and specifically say license [approved by the Open Source Initiative](https://opensource.org/licenses)
behrmann
reviewed
Sep 10, 2024
|
|
||
| The Trusted Computing Group (TCG) maintains a [Registry of Reserved TPM 2.0 Handles and | ||
| Localities](https://trustedcomputinggroup.org/resource/registry/) which assigns TPM 2.0 NV index ranges | ||
| (among ther things, see section 2.2) to organizations (by convention only!). They have assigned the NV index |
There was a problem hiding this comment.
Suggested change
| (among ther things, see section 2.2) to organizations (by convention only!). They have assigned the NV index | |
| (among other things, see section 2.2) to organizations (by convention only!). They have assigned the NV index |
Foxboron
reviewed
Sep 10, 2024
| The Trusted Computing Group (TCG) maintains a [Registry of Reserved TPM 2.0 Handles and | ||
| Localities](https://trustedcomputinggroup.org/resource/registry/) which assigns TPM 2.0 NV index ranges | ||
| (among ther things, see section 2.2) to organizations (by convention only!). They have assigned the NV index | ||
| range **0x01D10200-0x01D105FF** to the Linux community. |
There was a problem hiding this comment.
Should we specify how many by number as well?
|
Missing a link to the README. |
|
and i guess there should be cross links from the nvindex registry to the pcr registry and back |
|
@poettering has there been any progress on getting the range assigned? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The TCG would like to assign a NV index range to the Linux community. Let's hence create a registry of subranges and to which open source projects they are delegated.
For now this is only systemd.