Missing compatibility for sha384 #366
Comments
|
Probably possible, but we need a way to test it and reproduce it in our CI, and it's a maintenance churn. Can you provide precise information on your hardware so we know what type of machine does this sort of stuff? |
|
Its a reconfigured framework 16, it, may not be worth the effort, for a slight security gain. |
|
It is surprising to me that Framework 16" has no support for SHA256… I will look into that, thanks. |
|
No it has but you can disable it. |
|
Ah, I see, so you disabled SHA256 on purpose. Then, I recommend you to stick to SHA256 and not disable it, very few end implementations will be crypto-agile enough for SHA384 which doesn't bring that much to the play. And you earn currently no security by using SHA384 over SHA256. We can keep it open and see what does it cost to support it, but I am inclined to say this is very low priority as a result. |
I have enabled that my bios only supports sha384 but i get following error:
measurement log didn't use sha1 or sha256 digests.Is it possible to use sha384 with lanzaboot?
The text was updated successfully, but these errors were encountered: