Comments (4)
First of all thanks for this detailed bug report. Thanks to this i could very quickly reproduce this bug. I'll look into it.
from trustedgrub2.
I found the culprit. The grub_TPM_measureFile
function in tpm_kern.c
uses GRUB's grub_file_open
function (from file.c
) , which pre-processes compressed files (such as initramfs files) by decompressing them into memory before returning them. Therefore, grub_TPM_measureFile
(used by GRUB commands measure
, initrd
, etc.) does not measure the file on the disk (as would be expected), but the decompressed data in memory. This does not affect non-compressed files, since they are not modified by GRUB when they are loaded into memory.
The attached patch has one possible solution. It adds a grub_file_open_nofilter
function to file.c
, which is called by grub_TPM_measureFile
in tpm_kern.c
(instead of grub_file_open
). grub_file_open_nofilter
is a copy of grub_file_open
with the filter code removed. Therefore, it opens a file 'raw' into the memory. The result is as expected: the correct SHA-1 hash is now calculated over compresed (and other) files.
tgrub-1.2.1-nofilefilter.patch.zip
To apply the patch (assuming that TrustedGRUB2 is already installed):
First make sure that the debug option for TPM operations is enabled in tpm.h
, so the calculated SHA-1 hashes are visible during boot. Start from the TrustedGRUB2 source code directory.
Apply and install the patch:
patch -p1 < tgrub-1.2.1-nofilefilter.patch
make clean
make
make install
Install the patched TrustedGRUB2 to the MBR. Make sure that the device (/dev/sda
in the example below) is correct.
grub-install --recheck --target=i386-pc --directory=/usr/lib/grub/i386-pc --no-rs-codes /dev/sda
Reboot, and you will see that SHA-1 checksums for initramfs and other compressed files are now correctly calculated.
from trustedgrub2.
Thanks a lot for reporting and fixing this!
I would like to see more such well written issue reports on GitHub 👍
from trustedgrub2.
found a simpler solution to fix this
from trustedgrub2.
Related Issues (20)
- Problem with two raid HOT 2
- TCG_PassThroughFail: 0xc0000 while unsealing the key HOT 2
- Error build TrustedGrub2 HOT 3
- make: "/usr/bin/ld: -r and -pie may not be used together" HOT 1
- TPM2.0 Support? HOT 1
- cryptomount: unknown argument '-k' ; What am I missing? HOT 1
- How to
- Backporting old options HOT 2
- Tag release 1.5.0? HOT 1
- grub> prompt? HOT 1
- Can't compile TrustedGRUB2 with GCC 8 HOT 1
- Hi, HOT 1
- Should I change to ./configure --prefix=INSTALLDIR --target=x86_64 -with-platform=pc HOT 1
- show "TrustedGRUB2 TPM Error" when boot HOT 1
- Minimal BASH-like at boot, then what HOT 1
- Grub 2.04 HOT 1
- Grub Menu Edits still booting HOT 2
- make failed with error: recipe for target 'moddep.lst' failed
- Dev question about UEFI implmentation HOT 1
- TrustedGrub2 stuck on boot HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trustedgrub2.