Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bugfix(eventlog): Assume TPM1.2 events if NO_ACTION is too short #208

Merged
merged 2 commits into from
Apr 13, 2021

Conversation

xaionaro
Copy link
Contributor

@xaionaro xaionaro commented Apr 7, 2021

Problem

I'm writing a tool to diagnose PCR0-related problems. And I reused EventLog parser from this repository. But it is unable to parse /sys/kernel/security/tpm0/binary_bios_measurements from our production machine:

# /tmp/fwtool display_eventlog -pcr-index 0 -hash-algo 4
not recovered error: unable to parse EventLog '/sys/kernel/security/tpm0/binary_bios_measurements': unable to parse the EventLog: failed to parse spec ID event: reading event header: unexpected EOF. Exit.

Looking at the code I see that the EventLog parser expects the NO_ACTION event to contain some SpecID header, while our machine does not have one. Instead if has this event:

Num PCR EV_type                         PCR_value                                Size Valid Data
0   0   no_action                       0000000000000000000000000000000000000000 17   0     b'StartupLocality\x00\x03'

And I took a look into the specification: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=110

It says:

For EV_NO_ACTION events other than the EFI Specification ID event (Section 9.4.5.1) the log will ...

Thus I assume it is valid to have other NO_ACTION events than the EFI Specification ID event.

Solution

As a hotfix I just added a simple size check.

Test plan

Before

# /tmp/fwtool display_eventlog -pcr-index 0 -hash-algo 4
not recovered error: unable to parse EventLog '/sys/kernel/security/tpm0/binary_bios_measurements': unable to parse the EventLog: failed to parse spec ID event: reading event header: unexpected EOF. Exit.

After

# /tmp/fwtool display_eventlog -pcr-index 0 -hash-algo 4
  #	idx	      type	hash	digest	data
  0	 0	         3	  4	0000000000000000000000000000000000000000	537461727475704C6F63616C6974790003
  1	 0	         7	  4	0D0C883653E59CF20DCD323892B7B8A398775F97	1B00426F6F74204775617264204D6561737572656420532D4352544D00818610000200000003001400000126D6FDA800F6984BB3B448BA83D8F8656EDF4E69B6677BE6FA447D430C3C88285A47FBF646BC8FD7F9CB4F783AB1F94A322AABC623DBFE6AFA9ADA6EE271A253E654EEE1E48B81B09864DF2E9CE40449E6F54DCCF6AC1DB9D6336449F3B585181F0524FA581BB457769E65CEC8E8BBE7C07BB98F2D2FBDE601064E6DFCC985166861537D805685D991EEFBA33AFEA6A71F07EF006E223413EA216E3A175B86DCE77AA1081C736A0BFC65984FF6D8553592B3FCD204B544BF23C748DB9F2217602B819DE94C1E052AC9900F4D4F592CCE79FCA3F0AD92751603B404A97E7A617FA85D0033D7519E0FE894F147144011BDD17E8B1B33AF12EB375E4D833968EC391400000184981C911D87B67F136C6D05C115D8F27BBD4426185D8A26ADA821F12D7698519FC2BAF34B1262B064A613FAD08180ED17CA0D9E05D9ECCB3F4DD522DBC763E03F4621C1CBD9E6A58C3427175AE207767DD0A2C0E6445C0C8D05C2B4750AD5F8A2B5FCDEAB4C277EEB1FF3D4435E22E83C55C76C8BA63444B6A49B9E2D1572F294169B41397F7D5405B464D3EF55E2E8C7B80A7FB1BB2AB61D861546AF1CD3ABA27540F37E058A5F4AC90E2FC2B822D539E53291D73BB5C768829E5539B3774A9B11A842B896465698238AB6A4339048DD87F1DA0678976A8279199D0F59DEEA7F00640B881D1709EA3C18E62A6C072D64061FB5A6A45C99E61E597984A7F0EF1400000116C36B53AE6B6F72534D0AD195A97EC959099E2512AE1B26980A487A41C791BC0489741FF1D8ED24C875A730B83A2052C49E48D6ED0FC53B53AA12634EEAF00550A5CE6D5687E574C47926F4F960B1332B62630C04B2331CAEF92C5DEA54C151C007EAC124D5F6341F6EE1F4F3FAD3799E29666A5FA4AB148A59F791CEAB807970E97C33777F13D4C620994FF92B18B49A22D12177C6E1B30A5919D64DF1F3B34920B4C87DA718A14D0FD868C63E58083547307F27C29C0291C021ECA9FFEE842775695BEF5D3ADC50F30E93A2E52F4968AE3BAF36C1F290E084723C88912C5C90284E1D1C82458EFCCA076282F7F84FFC4BBAE8B45C823FC85ECAAC26B020E4020000000B00041CBB8673C96D040CA786F5916B2E65764A5DDCB6CA3EE722B27BB9DBC59BEA00000000000000000000000000000000000000000000000000000000000000000400596DB0D098EDBA059B1932FCF788F39A1D1F70080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000B003B98499BC25B00A0819731B0D99C5E8ED35E6D338AED525E1E87A6FD2506987400000000000000000000000000000000000000000000000000000000000000000400DF36B8AB82DAC77F4F7E5C8789C88F1567C8453F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  3	 0	         8	  4	C42FEDAD268200CB1D15F97841C344E79DAE3320	1EFB6B540C1D5540A4AD4EF4BF17B83A
  4	 0	         1	  4	D37DA3707640BDB92F7FD2544511CDA95E157822	000011FF0000000000F0AA0000000000
 13	 0	         4	  4	9069CA78E7450A285173431B3E52C5C25299E473	00000000

@brandonweeks
Copy link
Member

LGTM, @ericchiang to approve.

Copy link
Member

@ericchiang ericchiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one nit

attest/eventlog.go Show resolved Hide resolved
attest/eventlog.go Show resolved Hide resolved
@xaionaro
Copy link
Contributor Author

@ericchiang , @brandonweeks : Hello. I'm just humbly wondering if I can do something to make this code merged :)

@ericchiang
Copy link
Member

@twitchy-jsonp can you figure out what's going on with the Linux CI?

@brandonweeks brandonweeks merged commit b89180c into google:master Apr 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants