search

9elements / converged-security-suite

Converged Security Suite for Intel & AMD platform security features
https://www.9esec.io
BSD 3-Clause "New" or "Revised" License
59 stars 15 forks source link

feat(pcr): Report about corruptions in KM, BPM and IBB #281

Closed xaionaro closed 3 years ago

xaionaro commented 3 years ago

In CBnT there's no direct measurement of IBB, so if corruption happens in IBB we see signature validation error, but do not see what exactly causes it. Fixing this.

Before

xaionaro@void:~/go/src/github.com/9elements/converged-security-suite$ go run ./cmd/pcr0tool/ diff ~/firmware/F0E_3A10.bin ~/firmware/F0E_3A10.bin-c.bin 2>/dev/null | grep -A 1000 Total
Total:
    changed bytes: 0 (in 0 ranges)
    hamming distance: 0
    hamming distance for non-(0x00|0xff) bytes: 0
The earliest offset of a different measured bytes: 0xffffffffffffffff

After

xaionaro@void:~/go/src/github.com/9elements/converged-security-suite$ go run ./cmd/pcr0tool/ diff ~/firmware/F0E_3A10.bin ~/firmware/F0E_3A10.bin-c.bin 2>/dev/null | grep -A 1000 Total
Total:
    changed bytes: 1 (in 1 ranges)
    hamming distance: 8
    hamming distance for non-(0x00|0xff) bytes: 0
The earliest offset of a different measured bytes: 0x3e4cc67