-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jose unable to parse setting containing an array #68
Comments
{"pcr_bank":"sha1","pcr_ids":["16"]}
setting
I am not sure this is an actual bug in However we are now trying to use this option against an array.
We can also use
|
Agreed, I now think that clevis-encrypt-tpm should be validating that the configuration passed to "pcr_ids" is a string configuration instead of blindly accepting what jose returns in stdout. As you said, Thanks! closing |
Discovered in latchset/clevis#102
Clevis is failing to create a TPM PCR Policy to enforce platform integrity state through Jose when the number of selected
pcrs_ids
is more than one, and an array is passed to the configuration.From @martinezjavier comment:
Apparently, Jose is not happy with the array notation in
pcrs_ids
.Due to this, on Clevis, when using more than one PCR to declare the policy, it silently fails to parse the config, and create the LUKS key slot without any PCR policy silently
Jose Version:
jose-10-3.fc29.x86_64
The text was updated successfully, but these errors were encountered: