Releases: Rohde-Schwarz/TrustedGRUB2
Releases · Rohde-Schwarz/TrustedGRUB2
1.4.0
1.3.0
- Fix measurement of compressed files. Previously the uncompressed version of the file was measured and not the one that is stored on the disk. GH #28
- Command measurement: in addition to not measuring
menuentryalsosubmenuand[ ... ]are not measured to simplify precomputation. GH #25 - Update to latest GRUB2 master (23.12.2015) that also includes a fix for CVE-2015-8370
- Prevent possible buffer overlow in case the command to measure is greater than 1024 byte in length
- Disable HP workaround in default mode, i.e. HP workaround has to be enabled explicitly by defining
TGRUB_HP_WORKAROUND. Therefore there is no need to append--no-rs-codestogrub-installanymore in case you don't need the workaround. GH #18 - Measure buffer that is used. Before this fix everything that was measured from disk was read a second time. This enabled following attack: A sufficiently malicious storage device might provide a backdoored file on the first read attempt, followed by the correct file on the second read attempt. The measurement would then appear correct. GH #9
- Measurements of parts of TrustedGRUB2 that are loaded at runtime like grub2-modules are now seperated from the loader measurements like kernel and initrd. Additionally renamed
TPM_LOADED_FILES_PCRtoTPM_LOADER_MEASUREMENT_PCRand introduced a new defineTPM_GRUB2_LOADED_FILES_MEASUREMENT_PCRfor the GRUB2 measurements. GH #34 - Add multiboot measurements for
multibootandmodulecommands. For now themultibootmeasurement does not follow the new convention of measuring the same buffer that is loaded into memory. If someone needs this extra security feel free to send a pull request. GH #35
1.2.1
- Implemented a workaround for buggy HP desktop/laptop BIOS.
- Measurement of PCR 8 / PCR 9 should be correct now on these devices.The way the core.img is created / measured has changed a bit. So resealing is necessary.
- For the moment it is necessary to call
grub-installwith--no-rs-codes