| Age | Commit message (Collapse) | Author |
|---|
|
Commit 092c2b2bbed950727e41cf450b61c794881c33e7 switched to using
MokListRT instead of MokList during PCR7 measurement. Updating the
README to reflect the correct behaviour.
Signed-off-by: Thien Trung Vuong <tvuong@microsoft.com>
|
|
README.tpm incorrectly stated that vendor_db is logged as "db"
when in fact it logs as "vendor_db". This caused confusion like
https://github.com/keylime/keylime/issues/1725
Fixing the code risks breaking existing logs, so we're updating
the doc instead. vendor_dbx is in fact logged as "dbx", so that
remains unchanged.
Thanks to Morten Linderud <morten@linderud.pw> for raising this.
Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com>
|
|
This adds SBAT to our table of variables to mirror with our MoK state.
Currently it mirrors "SBAT" to a variable named "SbatRT", both using the
SHIM GUID.
Currently we enforce the current policy WRT these variables:
- we always delete SbatRT if it's present, for a couple of reasons:
- If we got here either something created it before us during boot,
which isn't a thing we believe anything should be doing, or it's an
NV variable, which it shouldn't be.
- we want to raise the error if it's NV+Authenticated
- we always delete SBAT (and do not mirror it) if it either
- doesn't have BS|NV set or
- does have RT set
- we're requiring !RT because we can't actually tell if it's an
authenticated variable or not, and we want to get the error if RT
is set and it is authenticated, because that means we've lost the
race between us and an attacker to create it.
- we always measure SBAT into PCR7 and add a log extension with the
measured hash
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
v2 - updated for conflicts and to include documentation (pjones)
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Potential new signing strategies ( for example signing grub, fwupdate
and vmlinuz with separate certificates ) require shim to support a
vendor provided bundle of trusted certificates and hashes, which allows
shim to trust EFI binaries matching either certificate by signature or
hash in the vendor_db. Functionality is similar to vendor_dbx.
This also improves the mirroring quite a bit.
Upstream: pr#206
|
|
typo
Upstream-commit-id: bc24c9eb1d4
|
|
This didn't seem to get documented anywhere, and this is as good a place as any.
Upstream-commit-id: 4fab7281a8c
|
|
Currently the only measurement the shim logs in the TPM is that of the EFI
application it directly loads. However, there are no measurements being taken
of application that are being verified through the shim_lock protocol. In this
patch we extend PCR4 for any binary for which Verify is being called through
the shim_lock protocol.
Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
