Stage 0 crashes if guest kernel command line is > 256 chars #4981
Comments
kevinloughlin
added a commit
to kevinloughlin/oak
that referenced
this issue
Apr 4, 2024
As a temporary workaround for project-oak#4981, limit the kernel command line included in the Stage0 DICE measurements to 256 chars (1024 bytes).
kevinloughlin
added a commit
to kevinloughlin/oak
that referenced
this issue
Apr 4, 2024
Since the temporary workaround for project-oak#4981 truncates length command lines to 256 characters, fail verification for any command lines >= 256 (characters since it may have been truncated), unless the reference value is set to Skip.
kevinloughlin
changed the title
kevinloughlin
added a commit
that referenced
this issue
Apr 5, 2024
…4983) * Temporarily limit kernel command line length in Stage0 measurements As a temporary workaround for #4981, limit the kernel command line included in the Stage0 DICE measurements to 256 chars (1024 bytes). * Fail command line validation for long cmdlines unless skipped Since the temporary workaround for #4981 truncates length command lines to 256 characters, fail verification for any command lines >= 256 (characters since it may have been truncated), unless the reference value is set to Skip. * FIXUP: update TODO format per reviewer feedback * FIXUP: fix formatting in updated TODOs * FIXUP: workaround linter issue (b/333067027)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
#4928 includes the raw kernel command line in Stage0 DICE measurements. However, command lines > 256 chars exceed the space allocated in the root layer certificate, resulting in a crash during Stage0 boot. Simply increasing the certificate size (#4946) resulted in a different breakage and was hence reverted, meaning command lines > 256 chars are not currently supported.
The text was updated successfully, but these errors were encountered: