Thanks, Andrei. (And apologies for the delay in being able to check this out.) This is very helpful. Do you know what the reasoning is behind re-extending PCR 4 with a kernel measurement here? Would it not have already been measured as part of the EFI blob and incorporated into PCR 4 by the firmware before the stub was launched? For context, the previous behavior was ideal for purposes of predicting future PCR measurements because all of the necessary information could be derived directly from the TPM event log; with the current behavior, predictions will have to replicate (and maintain parity with) the EFI stub's behavior for extending PCR 4 because that information is no longer all available within the TPM event log. Thanks, Kyle On Mon, Dec 19, 2022 at 1:36 PM Andrei Borzenkov <arvidjaar@xxxxxxxxx> wrote: > > On 14.12.2022 20:28, Kyle Rose wrote: > ... > > > > > However, in v252, the corresponding event occurs earlier in the log > > and (after some measurements extending PCR 11) is followed by another > > BSA event extending PCR 4 with a DevicePath I can't parse from a call > > I can't seem to find in the systemd source code: > > > > - EventNum: 34 > > PCRIndex: 4 > > EventType: EV_EFI_BOOT_SERVICES_APPLICATION > > DigestCount: 2 > > Digests: > > - AlgorithmId: sha1 > > Digest: "9a3c68bb105e4c4e70cbc3375bd45d616e220586" > > - AlgorithmId: sha256 > > Digest: "36e49f2a0c246db5836b85319e7b2ae04690aca40227895902870a54a054c78b" > > EventSize: 56 > > Event: > > ImageLocationInMemory: 0xb7c36000 > > ImageLengthInMemory: 7793888 > > ImageLinkTimeAddress: 0x1000000 > > LengthOfDevicePath: 24 > > DevicePath: '04031400f8d1c555cd04b5468a20e56cbb3052d07fff0400' > > > > Can someone help me decode this so I can figure out where this event > > originates, or (if this event is well-known to the folks working on > > the trusted computing portion of systemd) tell me where this extension > > is triggered in the source code? That will at least help me find and > > hopefully understand the relevant change. > > > > This is media device path type with vendor subtype, vendor GUID is > STUB_PAYLOAD_GUID defined and used in src/boot/efi/linux.c.
Re: Trying to understand change in PCR 4 extension behavior
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Trying to understand change in PCR 4 extension behavior
- From: Kyle Rose <krose@xxxxxxxxx>
- Date: Thu, 29 Dec 2022 15:35:44 -0500
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <0bb7910e-1ece-ec54-c381-c4568bc71ff8@gmail.com>
- References: <CAJU8_nU+-f95H7KFMnghuYdxbRBJo+dZQEmF8bDn7d=c8w_Pxw@mail.gmail.com> <0bb7910e-1ece-ec54-c381-c4568bc71ff8@gmail.com>
- Follow-Ups:
- Re: Trying to understand change in PCR 4 extension behavior
- From: Andrei Borzenkov
- Re: Trying to understand change in PCR 4 extension behavior
- References:
- Trying to understand change in PCR 4 extension behavior
- From: Kyle Rose
- Re: Trying to understand change in PCR 4 extension behavior
- From: Andrei Borzenkov
- Trying to understand change in PCR 4 extension behavior
- Prev by Date: Re: How can I view DHCP-PD information?
- Next by Date: Re: Trying to understand change in PCR 4 extension behavior
- Previous by thread: Re: Trying to understand change in PCR 4 extension behavior
- Next by thread: Re: Trying to understand change in PCR 4 extension behavior
- Index(es):
 |