Re: [tboot-devel] Problem with tb_polgen

Wed, 25 Apr 2012 17:29:44 -0700 

Please provide a Signed-off-by: for your patch, so that we may apply it.

Joe

From: Wei, Gang [mailto:gang....@intel.com]
Sent: Wednesday, April 25, 2012 5:12 PM
To: charles.fis...@gdc4s.com; tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] Problem with tb_polgen

Thanks for the finding and patch.

Jimmy

From: charles.fis...@gdc4s.com<mailto:charles.fis...@gdc4s.com> 
[mailto:charles.fis...@gdc4s.com]<mailto:[mailto:charles.fis...@gdc4s.com]>
Sent: Wednesday, April 25, 2012 3:24 AM
To: tboot-devel@lists.sourceforge.net<mailto:tboot-devel@lists.sourceforge.net>
Subject: [tboot-devel] Problem with tb_polgen

All,

There is a problem with tb_polgen. When it is parsing the kernel cmdline, it 
uses the first 256 characters of the cmdline, and discards the rest. Tboot 
itself, uses the first 1024 characters of the command line received from grub2. 
This means that the hash generated by tb_polgen will NOT match the hash 
generated by tboot/policy.c and verification will fail.

The following patch needs to be applied.

diff -up tboot-1.7.0/tb_polgen/tb_polgen.h.orig 
tboot-1.7.0/tb_polgen/tb_polgen.h
--- tboot-1.7.0/tb_polgen/tb_polgen.h.orig      2012-04-24 09:22:09.549172000 
-0700
+++ tboot-1.7.0/tb_polgen/tb_polgen.h     2012-04-24 09:22:29.716011000 -0700
@@ -56,7 +56,7 @@ typedef struct {
     int            pcr;
     int            hash_type;
     int            pos;
-    char           cmdline[256];
+    char           cmdline[1024];
     char           image_file[FILENAME_MAX];
     char           elt_file[FILENAME_MAX];
     char           policy_file[FILENAME_MAX];


I suppose that actually, the cmdline size should be defined in 
include/config.h, and the same value used by tb_polgen and tboot, but this 
worked on our system with a 284 character kernel cmdline.

Charles


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to