unsupported hash algorithm: 18 #7810
Comments
|
it seems the tpm doesn;t support sha256? Could you provide the dmesg? |
|
It's a modern motherboard with a 13600K, the TPM definitely supports SHA256. I am not sure I can get the full dmesg output as there doesn't seem to be an ❯ talosctl -e 192.168.1.78 -n 192.168.1.78 dmesg
error getting dmesg: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial tcp 192.168.1.78:50000: connect: connection refused"
|
|
18 seems to be |
|
it seems the tpm supports |
|
i'll think of a fix for next week |
|
@frezbo I am confused as to where the value is coming from, as the TPM package does not seem to even recognise blake2b-384 at all and should have returned an error, which should have been handled correctly. talos/internal/pkg/secureboot/tpm2/pcr.go Line 169 in 0bd1bdd |
yes, we reutrn the error as is since we don;t support BLAKE at all |
|
You're right, I misread the error. Thank you, it looks like that is the issue. Any suggestions for how to work around this? I guess I may be able to disable blake in the bios. Let me check. |
I hate parsing error messages, since it's flaky, probably can maybe the code in pcr to be a little different |
|
I don't see an obvious way to disable that - it's telling me there are only sha256 banks.
|
|
Also apologies @frezbo, the value of 18 (0x0012) is actually TPMAlgSM3256. |
The conversion from TPM 2 hash algorithm to Go crypto algorithm will fail for uncommon algorithms like SM3256. This can be avoided by checking the constants directly, rather than converting them. It should also be fine to allow some non SHA-256 PCRs. Fixes: siderolabs#7810
The conversion from TPM 2 hash algorithm to Go crypto algorithm will fail for uncommon algorithms like SM3256. This can be avoided by checking the constants directly, rather than converting them. It should also be fine to allow some non SHA-256 PCRs. Fixes: siderolabs#7810 Signed-off-by: Thomas Way <thomas@6f.io>
|
that looks good, thank you 👍 |
The conversion from TPM 2 hash algorithm to Go crypto algorithm will fail for uncommon algorithms like SM3256. This can be avoided by checking the constants directly, rather than converting them. It should also be fine to allow some non SHA-256 PCRs. Fixes: siderolabs#7810 Signed-off-by: Thomas Way <thomas@6f.io> Signed-off-by: Noel Georgi <git@frezbo.dev>
The conversion from TPM 2 hash algorithm to Go crypto algorithm will fail for uncommon algorithms like SM3256. This can be avoided by checking the constants directly, rather than converting them. It should also be fine to allow some non SHA-256 PCRs. Fixes: siderolabs#7810 Signed-off-by: Thomas Way <thomas@6f.io> Signed-off-by: Noel Georgi <git@frezbo.dev>
The conversion from TPM 2 hash algorithm to Go crypto algorithm will fail for uncommon algorithms like SM3256. This can be avoided by checking the constants directly, rather than converting them. It should also be fine to allow some non SHA-256 PCRs. Fixes: siderolabs#7810 Signed-off-by: Thomas Way <thomas@6f.io> Signed-off-by: Noel Georgi <git@frezbo.dev> (cherry picked from commit 336aee0)
Bug Report
Description
I'm trying to install Talos fresh with system disk encryption and seeing the error
unsupported hash algorithm: 18.Logs
Environment
The text was updated successfully, but these errors were encountered: