bugfix(eventlog): Assume TPM1.2 events if NO_ACTION is too short #208
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
I'm writing a tool to diagnose PCR0-related problems. And I reused EventLog parser from this repository. But it is unable to parse
/sys/kernel/security/tpm0/binary_bios_measurements
from our production machine:Looking at the code I see that the EventLog parser expects the
NO_ACTION
event to contain some SpecID header, while our machine does not have one. Instead if has this event:And I took a look into the specification: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf#page=110
It says:
Thus I assume it is valid to have other
NO_ACTION
events than the EFI Specification ID event.Solution
As a hotfix I just added a simple size check.
Test plan
Before
After