Don't tpm_hash_alg for PCR bank selection and key options

[THS-on]

Currently the tpm_hash_alg option is used in the following places:

• Hash algorithm used for the AK
• Hash algorithm used for signature scheme
• PCR selection for quotes

The first two are loosely tied together, but the selection of which type of PCRs should be included in the quote should be independent.

My proposed split would be:

• pcr_hash_alg: selection of the PCR hash algorithm
• tpm_hash_alg: by default set to auto or default which just uses the same as the EK. For the signing we should be able to use the option set in the AK and not needing to specify it separately for singing.

[ansasaki]

The first two are loosely tied together, but the selection of which type of PCRs should be included in the quote should be independent.

What do you mean by "type of PCR"? Do you mean PCR bank? If so, I would suggest pcr_bank instead of pcr_hash_alg

[THS-on]

Yes I mean the bank hashing algorithm, so agree pcr_bank is probably a better name.

[ansasaki]

Currently the tpm_hash_alg option is used in the following places:

Hash algorithm used for the AK
Hash algorithm used for signature scheme
PCR selection for quotes

The first two are loosely tied together, but the selection of which type of PCRs should be included in the quote should be independent.

After checking the spec, the first two are strongly tied, as the AK can only be used to sign with the signing scheme and hash algorithm set during its creation. They won't be tied together only if we created the AK with TPM_ALG_NULL as the signing scheme. But in general it is by design that each AK should be used for a single purpose, and using a single signing scheme.