Hi,
There is a null pointer dereference bug in the latest version of tboot-1.9.5.
The g_sinit of global variable is used in the function (tpm_detect()),but the
g_sinit is a null pointer at this time.
The detail of this prosess can be described as follows:
tpm_detect()
return g_tpm->init(g_tpm);
tpm_info_list_t *info_list = get_tpm_info_list(g_sinit);//g_sinit
is a null pointer
Here is a patch against 1.9.5 which corrects the problem:
---------------------------------------------------------------------------
diff -urNp a/tboot/common/tboot.c b/tboot/common/tboot.c
--- a/tboot/common/tboot.c 2017-01-12 22:24:08.000000000 -0500
+++ b/tboot/common/tboot.c 2017-01-14 12:06:35.816986990 -0500
@@ -384,10 +384,6 @@ void begin_launch(void *addr, uint32_t m
if ( !copy_e820_map(g_ldr_ctx) ) apply_policy(TB_ERR_FATAL);
}
- /* make TPM ready for measured launch */
- if (!tpm_detect())
- apply_policy(TB_ERR_TPM_NOT_READY);
-
/* we need to make sure this is a (TXT-) capable platform before using */
/* any of the features, incl. those required to check if the environment */
/* has already been launched */
@@ -401,6 +397,10 @@ void begin_launch(void *addr, uint32_t m
if (!verify_acmod(g_sinit))
apply_policy(TB_ERR_ACMOD_VERIFY_FAILED);
}
+
+ /* make TPM ready for measured launch */
+ if (!tpm_detect())
+ apply_policy(TB_ERR_TPM_NOT_READY);
Thanks
Wangyi
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
