Re: Is tpm2-measure-pcr really an additional security?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



10.03.2025 19:27, Adrian Vovk wrote:

Basically, the bug is: an attacker does a DOS on the TPM in such a way that
systemd boots to the rootfs without measuring the `leave-initrd` pcrphase,

pcrphase works only with UKI and OP started with mentioning separate kernel and initrd which excludes UKI.

This really needs the complete description of the setup and ideally of the attack, otherwise everyone will be discussing something different.

or the fake rootfs's pcr15. Once in the rootfs, the TPM doesn't know that
it has left the initrd. And that's game over: the attacker stops DOSing the
TPM, and extracts the encryption keys for the real rootfs from the TPM.

Best,
Adrian





[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux