search

tpm2-software / tpm2-tools

The source repository for the Trusted Platform Module (TPM2.0) tools
https://tpm2-software.github.io
718 stars 378 forks source link

`tpm2_checkquote` succeeds and gives error message #2886

Open safayetahmedatge opened 2 years ago

safayetahmedatge commented 2 years ago

Going through the attestation sequence of commands here: https://tpm2-software.github.io/2020/06/12/Remote-Attestation-With-tpm2-tools.html

tpm2_checkquote throws an error message and then succeeds anyway.

bash-5.0# tpm2_checkquote -V --public rsa_ak.pub --message pcr_quote.plain --signature pcr_quote.signature --qualification SERVICE_PROVIDER_NONCE --pcr pcr.bin
pcrs:
  sha256:
    0 : 0x0000000000000000000000000000000000000000000000000000000000000003
    1 : 0x0000000000000000000000000000000000000000000000000000000000000000
    2 : 0x0000000000000000000000000000000000000000000000000000000000000000
ERROR:marshal:src/tss2-mu/tpm2b-types.c:303:Tss2_MU_TPM2B_DIGEST_Unmarshal() The dest field size of 64 is too small to unmarshal 114 bytes 
sig: 1becafbb1e1c5b0df3f9fc16432a1c29f5bb1380ab4e3c8ed518b0ca00e22622f603203253cb7367a549b7972a87e135c225c9a29bf4f35b63e6d7c15c8b344a5f83f4e893a62c207be0e6e406e1f57c2c54245fbae346b848c5d65c65a5ded837d569ed993278e74fd46c269f1f1ad453a5c72b7b4ae0806c27a64b474f7368671ad1384c030e927856a75b9c10228b95d828a888b0845e57793bedc2bdcc945356c7baf59e283bb8550f2089a878a58dade26592fdcb4d71b8179bc1516dcb7b706c878e797015fa8b70cc5079bca1801e2ff3d737fbe70bd8a519d3abc2e21ad44a7e59393040f80d30bc33378ed0842385b235ceae4ce1b02b5c141fc973
bash-5.0# echo $?
0

Is this just an error being thrown for something benign or an error not being handled properly?

I'm using tpm2-tools branch 5.2 built against tpm2-tss-dev version 2.4.1-r0 in an Alpine v3.12.5 base image.

idesai commented 2 years ago

Does this also happen with tpm2-tools and tpm2-tss master?

safayetahmedatge commented 2 years ago

@idesai No, I don't see a problem with tpm2-tools and tpm2-tss master. Thanks for pointing that out.

I thought the tpm2-tools configure script would catch cases where the tpm2-tss version is not supported.

idesai commented 2 years ago

@idesai No, I don't see a problem with tpm2-tools and tpm2-tss master. Thanks for pointing that out.

I thought the tpm2-tools configure script would catch cases where the tpm2-tss version is not supported.

Right. I will have to git-bisect and see which commit fixed it.