On 10/22/21 7:49 AM, James Bottomley wrote:
On Fri, 2021-10-22 at 06:50 -0400, Stefan Berger wrote:
[...]
I see this also but when I get into Linux and run tpm2_pcrread I see
the SHA1 bank active but not having received any PCR extensions from
the firmware, which is not supposed to happen.
That's not entirely correct: the TCG firmware profile just requires us
to log through at least one bank; it doesn't require that all active
banks be logged. I've got several physical systems with three active
banks but only one or two measured through.
The problem with this is that you can then fake measured boot on that
system using it's unused SHA1 bank and extend into it whatever you want
and create a fake log along with it and the quote is going to look alright.
The knock on problem the
linux kernel is going to have is that we do tend to expect the sha1
bank to be extended into if any others are, so someone is going to have
to update expectations ... we should have this in hand already as sha1
is deprecated.
So I think you should drop this patch and I'll change the set of
active PCR banks on the swtpm_setup level.
Even if the firmware deactivated the sha1 bank, the kernel expectation
problem is still going to exist.
Is that older Linux kernels or which part still requires sha1? A pointer
would be good. I would have to revert the change to not activat ethe
SHA1 bank from swtpm_setup if that's going to create headaches. I
thought some hardware TPM 2's today are only providing a SHA256 bank and
so it shouldn't be a problem.
Stefan
James
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82519): https://edk2.groups.io/g/devel/message/82519
Mute This Topic: https://groups.io/mt/86487987/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
