[edk2-devel] Bug: Incorrect Attestation going into the event log for MeasureHandoffTables()
James Bottomley
James.Bottomley at HansenPartnership.com
Thu Nov 5 21:24:45 UTC 2020
The TCG Spec says the contents of this event are up to the platform
manufacturer (i.e. they could contain anything) but that the hash
extended into PCR 1 for EV_TABLE_OF_DEVICES *must* be that of the event
body.
The current code:
https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c#L1880-L1923
Is extending the PCR with the hash of the entire CPU Location buffer,
but what it's recording in the event body is a count of 1, a guid and
the 64 bit pointer to this table. That's a complete violation of the
spec requirements.
It looks like what it should be recording in the event body is what
it's currently hashing, although, as I said, the spec makes no
requirement on what the body contains.
It looks like the bug has been there since the initial commit adding
this event:
https://github.com/tianocore/edk2/commit/1abfa4ce4835639c66ae82cc0d72cffcf3f28b6b
James
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67052): https://edk2.groups.io/g/devel/message/67052
Mute This Topic: https://groups.io/mt/78061330/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list