Closed trynity closed 2 years ago
trynity
commented
2 years ago My initial pass sadly was just comparing simple struct values on the PSP/BIOS entries, I just realized. Will need to actually extract those entries to record those measurements.
trynity
commented
2 years ago Now with a mangled PSP Directory Table 2 Entry in one of the firmware dumps:
offset: 0x1d2400; bytes differs: 7; hamming distance is: 24, for non-(0x00|0xff): 0.
related measurements: entries of PSP directory table level 2
related nodes: [bios_region]
0x00000000001D23F8: FF FF FF FF FF FF FF FF
0x00000000001D2400: 8A|00 6B|00 BC|00 C2|00 3B|00 08|00 24|00 CF
0x00000000001D2408: 9F 16 AF 08 07 65 E7 08
Total:
changed bytes: 7 (in 1 ranges)
hamming distance: 24
hamming distance for non-(0x00|0xff) bytes: 0
The earliest offset of a different measured bytes: 0x1d2400@marcoguerri @xaionaro I believe I addressed the comments now
xaionaro
commented
2 years ago Now with a mangled PSP Directory Table 2 Entry in one of the firmware dumps:
offset: 0x1d2400; bytes differs: 7; hamming distance is: 24, for non-(0x00|0xff): 0. related measurements: entries of PSP directory table level 2 related nodes: [bios_region] 0x00000000001D23F8: FF FF FF FF FF FF FF FF 0x00000000001D2400: 8A|00 6B|00 BC|00 C2|00 3B|00 08|00 24|00 CF 0x00000000001D2408: 9F 16 AF 08 07 65 E7 08 Total: changed bytes: 7 (in 1 ranges) hamming distance: 24 hamming distance for non-(0x00|0xff) bytes: 0 The earliest offset of a different measured bytes: 0x1d2400
Looks great :)
trynity
commented
2 years ago Adjusted nits, apparently a re-stamp is necessary, alas!
These are more fake measurements, that while it won't directly affected PCR0, it can affect SecureBoot
It would be good to have less code duplication, however some of the struct names are not generic enough, such as PSP Cookie or BIOS cookie. We could have more complex switch statements, but for now it seems cleaner just to have two different functions to aid in readability