| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Jun 2020 02:09:58 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Tyler Hicks <tyhicks@...ux.microsoft.com>,
Matthew Garrett <mjg59@...gle.com>,
Peter Jones <pjones@...hat.com>,
Peter Huewe <peterhuewe@....de>,
Jason Gunthorpe <jgg@...pe.ca>,
Petr Vandrovec <petr@...are.com>,
Nayna Jain <nayna@...ux.ibm.com>,
Thirupathaiah Annapureddy <thiruan@...rosoft.com>,
linux-integrity <linux-integrity@...r.kernel.org>,
linux-efi <linux-efi@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] tpm: Require that all digests are present in
TCG_PCR_EVENT2 structures
On Tue, Jun 16, 2020 at 11:08:38AM +0200, Ard Biesheuvel wrote:
> (cc Matthew and Peter)
>
> On Tue, 16 Jun 2020 at 01:28, Tyler Hicks <tyhicks@...ux.microsoft.com> wrote:
> >
> > Require that the TCG_PCR_EVENT2.digests.count value strictly matches the
> > value of TCG_EfiSpecIdEvent.numberOfAlgorithms in the event field of the
> > TCG_PCClientPCREvent event log header. Also require that
> > TCG_EfiSpecIdEvent.numberOfAlgorithms is non-zero.
> >
> > The TCG PC Client Platform Firmware Profile Specification section 9.1
> > (Family "2.0", Level 00 Revision 1.04) states:
> >
> > For each Hash algorithm enumerated in the TCG_PCClientPCREvent entry,
> > there SHALL be a corresponding digest in all TCG_PCR_EVENT2 structures.
> > Note: This includes EV_NO_ACTION events which do not extend the PCR.
> >
> > Section 9.4.5.1 provides this description of
> > TCG_EfiSpecIdEvent.numberOfAlgorithms:
> >
> > The number of Hash algorithms in the digestSizes field. This field MUST
> > be set to a value of 0x01 or greater.
> >
> > Enforce these restrictions, as required by the above specification, in
> > order to better identify and ignore invalid sequences of bytes at the
> > end of an otherwise valid TPM2 event log. Firmware doesn't always have
> > the means necessary to inform the kernel of the actual event log size so
> > the kernel's event log parsing code should be stringent when parsing the
> > event log for resiliency against firmware bugs. This is true, for
> > example, when firmware passes the event log to the kernel via a reserved
> > memory region described in device tree.
> >
>
> When does this happen? Do we have code in mainline that does this?
>
> > Prior to this patch, a single bit set in the offset corresponding to
> > either the TCG_PCR_EVENT2.eventType or TCG_PCR_EVENT2.eventSize fields,
> > after the last valid event log entry, could confuse the parser into
> > thinking that an additional entry is present in the event log. This
> > patch raises the bar on how difficult it is for stale memory to confuse
> > the kernel's event log parser but there's still a reliance on firmware
> > to properly initialize the remainder of the memory region reserved for
> > the event log as the parser cannot be expected to detect a stale but
> > otherwise properly formatted firmware event log entry.
> >
> > Fixes: fd5c78694f3f ("tpm: fix handling of the TPM 2.0 event logs")
> > Signed-off-by: Tyler Hicks <tyhicks@...ux.microsoft.com>
> > ---
>
> I am all for stringent checks, but this could potentially break
> measured boot on systems that are working fine today, right?
There would not be any sane reason to implement a TPM chip like that.
/Jarkko
Powered by blists - more mailing lists