Hi Jason, Did you try the S3 resume with VLP policy "continue"? Is the result same with VLP policy "nonfatal"?
Generally "nonfatal" and "continue " are not completed same, just like addressed in tboot README file. -ning -----Original Message----- From: Jason Zaman [mailto:ja...@perfinion.com] Sent: Thursday, June 23, 2016 8:57 AM To: Sun, Ning <ning....@intel.com> Cc: tboot-devel@lists.sourceforge.net Subject: Re: [tboot-devel] Questions about LCP x VLP On Mon, Jun 20, 2016 at 04:08:14PM +0000, Sun, Ning wrote: > > This is what I got from the Readme, not sure if you already take into > consideration of it within your patch: > > tboot will attempt to seal the module measurements using the TPM so that if > it is put into S3 it can restore the correct PCR values on resume. In order > for this to work, the TPM must be owned and the SRK auth must be set to all > 0s. This can be done using the '-z' flag to tpm_takeownership. If the tboot > policy being used is 'nonfatal' and the seal operation fails, tboot will > continue the boot. However, for 'continue' or 'halt' policy types, tboot > will halt the boot. Hey Ning, I believe that should not be an issue. My patch just adds the hash of 0x12, 34, 56 into VL_ENTRIES(NUM_VL_ENTRIES) which is the same place all the other hashes are added and during the verification time. Sealing into the TPM happens after that verification so should not have any issues. My patch does not touch the TPM directly at all, it only adds to that hash list which tboot later extends into the actual TPM. I tried using g_tpm->cap_pcrs(.... , 18) before but that did not work which must be for the reason you stated. Also, the 0x123456 is completely arbitrary and can be changed if another value makes more sense. -- Jason > Thanks, > -ning > > -----Original Message----- > From: Jason Zaman [mailto:ja...@perfinion.com] > Sent: Saturday, June 18, 2016 9:10 PM > To: Jan Schermer <j...@schermer.cz> > Cc: tboot-devel@lists.sourceforge.net > Subject: Re: [tboot-devel] Questions about LCP x VLP > > On Mon, May 09, 2016 at 12:58:48PM +0200, Jan Schermer wrote: > > > On 09 May 2016, at 12:50, martin.wi...@ts.fujitsu.com wrote: > > >> I sort_of_assumed that PCR-18 would only be present if the policy > > >> verification passed, and would be different different (or all 0s) when > > >> the verification failed. > > >> This is a bit dangerous if anyone uses it. > > > > > > You need to use "halt" policy. > > > > > >> I think something simple like hashing "1" into it when it fails > > >> verification would make it useful > > > > > > If your system is compromised, how do you ensure that this > > > actually happens? If you use "halt" policy, the system won't boot > > > with a tampered kernel/initrd unless TXT is off. If TXT is off, PCR 18 > > > will be invalid. > > > > > > So my recommendation is: "halt" policy, pcr_map=da, and protect > > > sensitive data by sealing it against PCR 18. Unless I am > > > overlooking something, that should be reasonably safe. > > Yes, I get it and for me this is fine. > > > > But if anyone wants to use it with "nonfatal" policy (which could be a > > valid scenario) then this would make it useful - the system will still boot > > but any secrets won't unseal because of invalid PCR. One can then possibly > > fix whatever went wrong (like not generating a new policy on kernel upgrade > > by mistake) without having to powercycle the server, revert the policy etc. > > In other words, sysadmins usually prefer a booting system they can > > fix to one that just halts :-) > > > > Jan > > > Martin > > Hi All, > > First off, I wanted to thank you guys, this thread helped me a ton finally > understanding and getting it fully working on my laptop. It'd been on the > backburner for ages. > > I agree with the preference for a system that actually boots. I made a proof > of concept that caps PCR18 on a verification failure. I dont really see why > we would need both nonfatal(for testing) and continue(not that useful) so I > repurposed continue. Making a brand new policy type too would also be easy > from the looks of it. Is continue used for something else that I am not aware > of that a patch like this would break? > > What do you think of an approach like this? Can you give it a whirl? I have > only tested it on my laptop so more testing is needed. It only extends the > value once so calculating the good and failed values is easy. > > -- Jason > ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
