Closed dnoliver closed 4 years ago
@dnoliver this is a puzzler. Not sure what is going on here, I see the same.
Yes that special file behavior is weird. Maybe reading the entire file content, save that into a different memory place, and doing the parsing over that saved memory space could workaround this.
The problem is that the reported file size for most sysfs files is always 0 since they are generated on the fly by the kernel, see #1981 for a fix.
Getting into a similar issue on Ubuntu 20.04
sudo TPM2TOOLS_TCTI=device:/dev/tpmrm0 tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements
---
events:
ERROR: invalid eventDataSize in specid event
ERROR: failed to parse tpm2 eventlog
ERROR: Unable to run tpm2_eventlog`
Copying the file to a /tmp
location and running tpm2_eventlog
is also throwing the same error messages.
BTW, https://github.com/ValdikSS/binary_bios_measurements_parser program works pretty well
Appreciate your help to fix this.
@diabonas @idesai
@prbinu Please try the current tpm2-tools master branch, there are some fixes in https://github.com/tpm2-software/tpm2-tools/pull/2021 that have not made it to a released version yet.
@diabonas, Actually I'm using the master branch (git clone from master).
@prbinu could you try this one just to verify that it is a tpm2-tools problem:
tsseventextend -sim -if /sys/kernel/security/tpm0/binary_bios_measurements
I saw some devices that have the TPM Event Log malformed before.
This is also failing:
$ sudo tsseventextend -sim -if /sys/kernel/security/tpm0/binary_bios_measurements
eventextend: failed, rc 0000009a
TPM_RC_INSUFFICIENT - the TPM was unable to unmarshal a value because there were not enough octets in the input buffer Handle number unspecified`
I see somewhat related discussion here: https://www.spinics.net/lists/linux-integrity/msg11866.html (i'm also on a Dell hardware)
Maybe the python parser handles that error, or just don't try to read those structures (because the guy that made it was only interested on getting the measured digests :) )
It looks like a BIOS problem right?
I had the same problem in a device with Intel Bay Trail:
[test@automation-test ~]$ sudo tsseventextend -sim -if /sys/kernel/security/tpm0/binary_bios_measurements
eventextend: failed, rc 0000009a
TPM_RC_INSUFFICIENT - the TPM was unable to unmarshal a value because there were not enough octets in the input buffer Handle number unspecified
Several problems with the BIOS on that device.
It may be interesting to run fwupdmgr security --force
on that device and see if the PCR 0 reconstruction test also fails.
Some info here https://github.com/fwupd/fwupd/issues/2181
Here is the output: The TPM PCR0 reconstruction is "Not Found"
$ sudo fwupdmgr security --force
Host Security ID: HSI:0+! (v1.5.0)
HSI-1
✔ AMT manufacturing mode: Locked
✔ AMT override: Locked
✔ Intel DCI debugger: Disabled
✔ SPI BIOS region: Locked
✔ SPI lock: Enabled
✔ SPI write: Disabled
✔ TPM v2.0: Found
✘ UEFI dbx: Not found: https://github.com/fwupd/fwupd/wiki/Missingdbx
HSI-2
✔ Intel BootGuard: Enabled
✔ Intel BootGuard ACM protected: Valid
✔ Intel BootGuard OTP fuse: Valid
✔ Intel BootGuard verified boot: Valid
✘ IOMMU: Not found
✘ Intel DCI debugger: Unlocked
✘ TPM PCR0 reconstruction: Not found
HSI-3
✔ Intel BootGuard error policy: Valid
✔ Suspend-to-ram: Disabled
✘ Intel CET Enabled: Not supported
✘ Pre-boot DMA protection: Disabled
✘ Suspend-to-idle: Disabled
HSI-4
✔ Intel SMAP: Enabled
✘ Encrypted RAM: Not supported
This system has HSI runtime issues.
» https://github.com/fwupd/fwupd/wiki/Host-security-ID-runtime-issues
@dnoliver @diabonas So if the issue is related to BIOS firmware, what would be the way forward? Is it ok to discard PCR0 but focus on other PCR values (until it gets fixed)?
Sorry for the delay!
https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
I think this is a firmware issue. There are also Dell maintainers in there where may be able to help with this.
In order to conclude what type of failure this is, fwupd has the ability to demonstrate the construction of PCR0 using TPM event log in a tool called fwupdtpmevelog. Please file a bug report to https://github.com/fwupd/fwupd and include the output of this tool when run as root.
How to reproduce
Workaround
Copy the file to a regular location and execute the parser.
Notes
I run into this same problem when trying to implement a parser myself! Buffers seems to change in memory, and you get malformed events. I was doing it in Node.js at that time
For some reason, this python parser never run into that problem https://github.com/ValdikSS/binary_bios_measurements_parser.