[tboot-devel] Fix a bug in hash_module function

Mon, 26 Feb 2018 17:22:37 -0800 

Hi,

There is a bug in hash_module function.
My machine is tpm2.0. As I have no machine of tpm1.2, I don't know whether it 
has the same issue for the machine of tpm1.2.
When I set extpol=agile in the command line of tboot, module 1 can't be 
measured.
Below is the related section of the TBOOT output:

TBOOT: verifying policy 
TBOOT: all modules are verified
TBOOT: pre_k_s3_state:
TBOOT:   vtd_pmr_lo_base: 0x0
TBOOT:   vtd_pmr_lo_size: 0x79e00000
TBOOT:   vtd_pmr_hi_base: 0x100000000
TBOOT:   vtd_pmr_hi_size: 0xf80000000
TBOOT:   pol_hash: bc d9 65 82 9e 76 20 45 d6 96 bf eb 03 40 1f ba 66 ad d4 b1 
29 92 f6 30 11 3a 1f e2 d6 3a 0f 15 
TBOOT:   VL measurements:
TBOOT:     PCR 17 (alg count 3):
TBOOT:             alg 0004: ca 96 de 41 2b 4e 8c 06 2e 57 0d 30 13 d2 fc cb 4b 
20 25 0a 
TBOOT:             alg 000B: 27 80 8f 64 e6 38 39 82 cd 3b cc 10 cf cb 34 57 c0 
b6 5f 46 5f 77 9d 89 b6 68 83 9e af 26 3a 67 
TBOOT:             alg 0012: f6 3d d4 02 06 3f 6c 5b b2 69 91 df 68 e3 90 c5 2f 
0a 97 d6 8c b6 4b ff 4b 9e fb 72 fa ec 39 cd 
TBOOT:     PCR 18 (alg count 3):
TBOOT:             alg 0004: ca 96 de 41 2b 4e 8c 06 2e 57 0d 30 13 d2 fc cb 4b 
20 25 0a 
TBOOT:             alg 000B: 27 80 8f 64 e6 38 39 82 cd 3b cc 10 cf cb 34 57 c0 
b6 5f 46 5f 77 9d 89 b6 68 83 9e af 26 3a 67 
TBOOT:             alg 0012: f6 3d d4 02 06 3f 6c 5b b2 69 91 df 68 e3 90 c5 2f 
0a 97 d6 8c b6 4b ff 4b 9e fb 72 fa ec 39 cd 
TBOOT:     PCR 17 (alg count 3):
TBOOT:             alg 0004: f9 6a eb ea 73 09 90 1f 2a 29 ff 08 95 7d 55 c6 0a 
4a fc 40 
TBOOT:             alg 000B: f9 8e 31 73 54 36 76 28 76 63 2a 20 93 ab 9c 7a 92 
9d a9 8f 77 45 0b fc 2f d0 d7 ba 51 d3 50 08 
TBOOT:             alg 0012: 40 3a 7e fb ed 38 01 21 00 aa 08 f2 0d 1c 8e 8f fc 
52 7e 96 30 5f d0 e2 a2 78 4a a6 f2 1a d0 19 

But when I modify the size of buf in hash_module function, it works normally.
Below is the related section of the TBOOT output:

TBOOT: verifying policy 
TBOOT: verifying module "
root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv
=centos/swap rhgb quiet rd.shell=0 tpm_tis.force=1 tpm_tis.interrupts=0 intel_io
mmu=on"...
TBOOT: verifying module ""...
TBOOT: all modules are verified
TBOOT: pre_k_s3_state:
TBOOT:   vtd_pmr_lo_base: 0x0
TBOOT:   vtd_pmr_lo_size: 0x79e00000
TBOOT:   vtd_pmr_hi_base: 0x100000000
TBOOT:   vtd_pmr_hi_size: 0xf80000000
TBOOT:   pol_hash: bc d9 65 82 9e 76 20 45 d6 96 bf eb 03 40 1f ba 66 ad d4 b1 
29 92 f6 30 11 3a 1f e2 d6 3a 0f 15 
TBOOT:   VL measurements:
TBOOT:     PCR 17 (alg count 3):
TBOOT:             alg 0004: ca 96 de 41 2b 4e 8c 06 2e 57 0d 30 13 d2 fc cb 4b 
20 25 0a 
TBOOT:             alg 000B: 27 80 8f 64 e6 38 39 82 cd 3b cc 10 cf cb 34 57 c0 
b6 5f 46 5f 77 9d 89 b6 68 83 9e af 26 3a 67 
TBOOT:             alg 0012: f6 3d d4 02 06 3f 6c 5b b2 69 91 df 68 e3 90 c5 2f 
0a 97 d6 8c b6 4b ff 4b 9e fb 72 fa ec 39 cd 
TBOOT:     PCR 18 (alg count 3):
TBOOT:             alg 0004: ca 96 de 41 2b 4e 8c 06 2e 57 0d 30 13 d2 fc cb 4b 
20 25 0a 
TBOOT:             alg 000B: 27 80 8f 64 e6 38 39 82 cd 3b cc 10 cf cb 34 57 c0 
b6 5f 46 5f 77 9d 89 b6 68 83 9e af 26 3a 67 
TBOOT:             alg 0012: f6 3d d4 02 06 3f 6c 5b b2 69 91 df 68 e3 90 c5 2f 
0a 97 d6 8c b6 4b ff 4b 9e fb 72 fa ec 39 cd 
TBOOT:     PCR 17 (alg count 3):
TBOOT:             alg 0004: f9 6a eb ea 73 09 90 1f 2a 29 ff 08 95 7d 55 c6 0a 
4a fc 40 
TBOOT:             alg 000B: f9 8e 31 73 54 36 76 28 76 63 2a 20 93 ab 9c 7a 92 
9d a9 8f 77 45 0b fc 2f d0 d7 ba 51 d3 50 08 
TBOOT:             alg 0012: 40 3a 7e fb ed 38 01 21 00 aa 08 f2 0d 1c 8e 8f fc 
52 7e 96 30 5f d0 e2 a2 78 4a a6 f2 1a d0 19 
TBOOT:     PCR 17 (alg count 3):
TBOOT:             alg 0004: d4 ff a8 7f 7f 12 02 7f e8 67 73 89 17 ab 33 58 1e 
85 48 ea 
TBOOT:             alg 000B: 42 61 23 70 e1 ca 80 87 a6 7f 26 21 a2 c2 bf 61 d3 
73 63 65 aa 9d 35 4f a1 cd 73 64 ec cf cb 0f 
TBOOT:             alg 0012: 75 0f d0 fb 27 55 92 a5 36 b3 d8 eb 27 a6 43 98 c4 
08 22 59 c7 9a 88 f5 01 8e 80 ce 6a eb 90 9e 


Signed-off-by: Shi Wangyi<shiwan...@gohighsec.com>

diff -r 59086d17f60d -r 09d977294ceb tboot/common/policy.c
--- a/tboot/common/policy.c     Sun Feb 18 08:08:30 2018 -0800
+++ b/tboot/common/policy.c     Sun Feb 25 20:47:51 2018 -0500
@@ -461,7 +461,7 @@
             return true;
         }
 
-        uint8_t buf[128];
+        uint8_t buf[64];
 
         if ( !tpm_fp->hash(tpm, 2, base, size, &img_hl) )
             return false;


Thanks,
Wangyi

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to