Update the EKC gathering script to handle extra data in NVRAM index #6
Assignees
Labels
enhancement
New feature or request
Comments
iadgovuser29
added a commit
that referenced
this issue
Oct 9, 2018
iadgovuser29
changed the title
iadgovuser29
added a commit
that referenced
this issue
Oct 9, 2018
iadgovuser29
added a commit
that referenced
this issue
Oct 9, 2018
[#6] get_ek.sh removes extra bytes before and after first ASN1 sequence
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem:
get_ek.sh gathers the EK certificate with the assumption that the NVRAM index contains only the certificate. We recently encountered a case where the index contained pad bytes after the certificate. Querying the size of the NVRAM index area showed the EC was 1600 bytes. The EC itself was only 1169 bytes. An attempt to give the 1600 byte file as the EC to the paccor signer resulted in Bouncycastle returning an IOException due to the extra data in the stream.
The fix:
get_ek.sh can detect the ASN1 length sequence in the data returned from NVRAM. The script can then truncate anything after the specific number of bytes from the data.
The text was updated successfully, but these errors were encountered: