[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-integrity
Subject:    Re: [PATCH] tpm: Require that all digests are present in TCG_PCR_EVENT2 structures
From:       Peter Jones <pjones () redhat ! com>
Date:       2020-06-30 19:48:56
Message-ID: 20200630194855.mfctxgveltvphgnc () redhat ! com
[Download RAW message or body]

On Tue, Jun 30, 2020 at 02:23:22PM -0500, Tyler Hicks wrote:
> > > I am all for stringent checks, but this could potentially break
> > > measured boot on systems that are working fine today, right?
> > 
> > Seems like in that case our measurement is unreliable and can't really
> > be trusted.  That said, having things that were using the measurements
> > before this suddenly stop being able to access sealed secrets is not a
> > great experience for the user who unwittingly bought the junk hardware.
> 
> I haven't seen where anyone has suggested that such junk hardware
> exists. Do you know of or expect any firmware that has mismatched
> TCG_PCR_EVENT2.digests.count and TCG_EfiSpecIdEvent.numberOfAlgorithms
> values?

If nobody has seen any hardware that actually produces the values you're
excluding, then I don't have a strong objection.
 
> I would think that the userspace code that's parsing
> /sys/kernel/security/tpm0/binary_bios_measurements would also have
> issues with such an event log.
> 
> > Same with the zero-supported-hashes case.
> 
> Small but important correction: it is a zero-hashes case, not a
> zero-supported-hashes case
> 
> There's no handshake involved or anything like that. This would only
> cause problems if the firmware provided no hashes, which means the
> firmware event log is unusable, anyways.

Indeed.

-- 
        Peter

[prev in list] [next in list] [prev in thread] [next in thread]