nokia / AttestationEngine

An experimental (but fully functional) Remote Attestation Engine and Applications for TPM2.0 based systems (cloud, edge, IoT etc)
BSD 3-Clause Clear License
23 stars 17 forks source link

Add check for missing PCR banks in verify #121

Closed iolivergithub closed 2 years ago

iolivergithub commented 2 years ago
File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 2095, in __call__

return self.wsgi_app(environ, start_response) [Open an interactive python shell in this frame] 

File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 2080, in wsgi_app

response = self.handle_exception(e)

File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 2077, in wsgi_app

response = self.full_dispatch_request()

File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1525, in full_dispatch_request

rv = self.handle_user_exception(e)

File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1523, in full_dispatch_request

rv = self.dispatch_request()

File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1509, in dispatch_request

return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)

File "/home/att/AttestationEngine/u10/blueprints/attestation.py", line 98, in attestverify_post

v = attestation.verify(cres.msg(), rule, None)

File "/usr/local/lib/python3.9/dist-packages/a10server-2022.4.24-py3.9.egg/a10/asvr/attestation.py", line 168, in verify

application_result = handler_instance.apply()

File "/usr/local/lib/python3.9/dist-packages/a10server-2022.4.24-py3.9.egg/a10/asvr/rules/tpm2rules.py", line 70, in apply

pcrentry = str(pcrs[str(p)])

Needs a try/except around the last one to catch when the PCR bank does not exist, cf: T440 only support sha1 and the sha256 bank is present but unused and not reported in pcrread