Hi Bo,
Do you mean that your patch will allow a TPM 1.2 machine with Intel TXT turned
off to boot into Linux successfully with tboot but not into a trusted TXT
environment?
Was there any tboot logs for the “generic fatal error”?
Thanks,
-Ning
From: Bo Adler [mailto:thum...@fb.com]
Sent: Tuesday, February 06, 2018 3:18 PM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] null pointer dereference
I was trying to test more recent versions of tboot, and have run into a couple
of problems. Here’s the first one, which occurs if TXT is disabled in the
firmware. Is there any continuous testing plan for this project that could
catch errors like this?
--Bo
Test plan: found a machine running with tpm-1.2, turned off TXT. Verified that
my older 1.9.5 version would do a measured launch, and that the most recent
1.9.6 would report “generic fatal error”. A gazillion printk’s later, and I
discovered the problem was in the line below. Applying the patch allows the
machine to boot with a measured launch.
---
tboot/common/tb_error.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tboot/common/tb_error.c b/tboot/common/tb_error.c
index e9e8244..5880620 100644
--- a/tboot/common/tb_error.c
+++ b/tboot/common/tb_error.c
@@ -168,7 +168,7 @@ bool write_tb_error_code(tb_error_t error)
struct tpm_if *tpm = get_tpm();
const struct tpm_if_fp *tpm_fp = get_tpm_fp();
- if ( !tpm || no_err_idx )
+ if ( !tpm || !tpm_fp || no_err_idx )
return false;
if ( !tpm_fp->nv_write(tpm, tpm->cur_loc, tpm->tb_err_index, 0,
--
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
