Hi!
This is just a minor issue, but I want to share it with you ;-)
file mlehash.c, line 311:
size is a size_t (typedefed unsigned long), so if "size%sizeof(uuid_t)
!= 0", size will _always_ be >0, the loop won't exit and you'll get a
segfault.
I've got a question too: How do you ensure that t
Hi!
I tried to calculate the final value of PCR 18 by paper and pen, it
seems that tboot README is wrong about that. In section "PCR Usage" it
says that tboot policy will also be extended to PCR 18, that's wrong.
PCR 18 is calculated only by:
1) extend hash of tboot (as measured by lcp_mlehash)
greetz Michael
diff --git a/lcptools/lcptools.c b/lcptools/lcptools.c
--- a/lcptools/lcptools.c
+++ b/lcptools/lcptools.c
@@ -105,7 +105,7 @@
* if the nv object need authentication
*/
if ( auth != NULL ) {
-set_nv_secret(hcontext, hnvstore, &hpolobj, auth, auth_length);
I'm sorry, my Patch of lcptools.c wasn't proper. I found more missing checks,
here's my next try.
greetz Michael
diff --git a/lcptools/lcptools.c b/lcptools/lcptools.c
--- a/lcptools/lcptools.c
+++ b/lcptools/lcptools.c
@@ -90,7 +90,7 @@
CHECK_TSS_RETURN_VALUE("init_tss_context", result,
Hi!
Now I'm trying to calculate PCR 17 by hand. I'm making only little progress on
that issue. Here's
what I'm doing, there are some Questions in there, what I haven't understood.
The informations below
are based on "Measured Launched Environment Developer's Guide - June 2008".
1) Set PCR to
ing, by looking at some of the
> debug values. I hope that you find it useful.
>
> -Jon
>
>
> Michael Gissing wrote:
>> Hi!
>>
>> Now I'm trying to calculate PCR 17 by hand. I'm making only little
>> progress on that issue. Here's wh
hi list,
one of my question ended in smoke. I was confused ;-)
Michael Gissing wrote:
> 4) tboot seems to extend SinitMleData.PolicyControl |
> SinitMleData.LcpPolicyHash after ML to PCR 17
> too. Why extend a second time?
tboot doesn't extend as above, it extends its h
Hi all!
I just found a new version of Intel's MLE Developer’s Guide at
http://www.intel.com/technology/security/
Version December 2009
An official release announcement on this list of such updates would be great.
btw: there are some annoying unresolved references in the text...
Michael
--
Hi!
GRUB2 changed its behavior on how to deal with command lines[1] starting with
version 1.97. There's
also a debian bug[2] filed.
GRUB2 now discards the first element (the filename) before storing the command
line in mbi->cmdline.
Since TBoot always calls skip_filename(), g_cmdline loses firs
Hi!
Find 3 patches attached.
*) fix_missing_defines.patch
The freshly cloned repo doesn't compile without these defines.
*) fix_strncat_usage.patch
Resolves the issue pointed out by Martin Pirker (26 Apr 2010 14:36).
*) fix_off_by_one.patch
Assignment is always out of bounds.
Michael
diff --
igned-off manually
when committing to your repo.
Signed-off-by: Michael Gissing
It would be helpful if you would provide information about how you want patches
to be sent. I don't
know how to create a proper patch file using mercurial.
Hi!
I forgot to mention that the initialization of g_log_targets in printk.c is pointless. g_log_targets
is always overwritten by get_tboot_log_targets() because get_option_val() will return "serial" if
logging isn't specified via command line.
I suggest to remove "serial" from g_tboot_cmdlin
Hello!
Joseph Cihula wrote:
> changeset 57ea1beb3bc8 in /var/www/tboot.hg
> details: tboot.hg?cmd=changeset;node=57ea1beb3bc8
> description:
> Fixed bug in creation of LCP_PCONF_ELEMENT
That fix doesn't compile on debian lenny since it uses glibc 2.7, and the
macros htobe32() and
friends
It's me again
Joseph Cihula wrote:
> changeset ccc9e78f30fa in /var/www/tboot.hg
> details: tboot.hg?cmd=changeset;node=ccc9e78f30fa
> description:
> Added additional compiler warnings and cleaned up code to build cleanly
This causes build errors on ubuntu systems:
lcptools.c: In function
Hi list!
On August 12th Shane committed a changeset which introduces storing TBoot's VLP
as an
LCP_CUSTOM_ELEMENT. What is the desired storage of VLPs in the long run? An own
TPM NV RAM index or
as a custom element in LCP_POLICY_DATA?
Either way: as TBoot now supports this feature it would be
Michael Gissing wrote:
> *) What is the desired storage of VLPs in the long run? An own TPM NV RAM
> index or
> as a custom element in LCP_POLICY_DATA?
> *) As TBoot now supports this feature it would be good to define an UUID
> which identifies
> an LCP_CUSTOM_ELEMENT
On 2012-08-09 20:40, Joanna Rutkowska wrote:
> Is there any command line tool (perhaps one of the tboot tools) that
> could let me read it and save it in a nice format, e.g. x509, so I can
> later analyze it using e.g. openssl?
You can use jTpmTools with jTSS[1] to view, decode, dump and play with
On 08/09/2012 09:57 PM, Michael Gissing wrote:
> You can use jTpmTools with jTSS[1] to view, decode, dump and play with a
> TPM's NV memory. The nv_decode command is your friend.
I totally forgot about the read_ekcert command.
$ jtt read_ekcert -o $OWNER_PW
The extracted file is
18 matches
Mail list logo
