-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tpm2_eventlog: error Cannot allocate memory when using --eventlog-version=2 #3050
Comments
@GastoonMeghi can you share the binary_bios_measurements file? |
@idesai Yes! sure. You can find it attached. |
Events 7 and 8 are a bit peculiar. Do you have any specifications on this so I can improve my parser. Here's the best I can do: Variable GUID: 605dab50-e046-4300-abb6-3dd810dd8b23 |
Update: The issue below is not tpm2-tools one, most likely the root cause is in shim package. I am observing similar issue
|
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean encoded as an integer similar to SecureBoot variable. Fixes tpm2-software#3050 Signed-off-by: Thore Sommer <mail@thson.de>
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean encoded as an integer similar to SecureBoot variable. Fixes tpm2-software#3050 Signed-off-by: Thore Sommer <mail@thson.de>
@idesai What is the release schedule looking like? This is impacting us due to another project depending on the parsing of the eventlog. I'm also wondering if the solution should be more general, because there is at least one more variable, SbatLevel, which I don't think follows the uefi_variable_data is uefi_signature_data pattern. It has a length longer than 16 so it doesn't hit the calloc failure. |
I just noticed this too #3145. |
@snits we made a release very recently. We can create a bug fix release for this in a couple of weeks. Does that work? |
I think once a final fix is accepted into some branch that is good enough, and we can apply it as a patch. So a bug fix release would work, or as long as it is queued up in a branch to go into a release should work as well. |
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean encoded as an integer similar to SecureBoot variable. Fixes tpm2-software#3050 Signed-off-by: Thore Sommer <mail@thson.de>
It would probably also be worthwhile to put a check before the calloc() call to verify that variableDataLength is greater than sizeof(EFI_GUID), or check that a little further up when it is decided that it should be a EFI_SIGNATURE_DATA struct, and bail out if the check fails. |
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean encoded as an integer similar to SecureBoot variable. Fixes #3050 Signed-off-by: Thore Sommer <mail@thson.de>
I'm having this issue while running it on a docker container with fedora's latest version.
docker pull fedora
inside the container installed tpm2-tools as follows: sudo dnf install tpm2-tools.x86_64
I copied a binary_bios_measurements file from another machine to the container to perform the test, since it already failed in RHEL8, and run the following command:
tpm2_eventlog --eventlog-version=2 ./binary_bios_measurements
The first part of the output seems to be okay but at the end I see:
ERROR: Failled to allocate data: Cannot allocate memory
ERROR: failed to parse tpm2 eventlog
ERROR: Unable to run tpm2_eventlog
I have the complete output if need, I executed it on a VM so I think it shouldn't be security sensitive. Let me know if it's useful and I can include it in the issue.
tpm2_eventlog -v
tool="tpm2_eventlog" version="5.2" tctis="libtss2-tctildr" tcti-default=tcti-device
The text was updated successfully, but these errors were encountered: