Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

write_nv_index size issue #61

Open
ssolit opened this issue Oct 23, 2024 · 0 comments · May be fixed by #62
Open

write_nv_index size issue #61

ssolit opened this issue Oct 23, 2024 · 0 comments · May be fixed by #62

Comments

@ssolit
Copy link

ssolit commented Oct 23, 2024

Description

It appears there is some issue with write_nv_index. It seems like for the None case it uses owner_nv_public, which will check the data length. However, for the Some case the data length doesn't seemed to be checked.

Impact

In the downstream guest-components repo, this is causing issues with passing in runtime data / report data. See confidential-containers/guest-components#765

Environment and steps to reproduce

See confidential-containers/guest-components#765 for test cases that reproduce the bug in the downstream repo.

One thing to note is this bug seems to involve TPM state. I believe you need to first give some report data of a short length (e.g. 11 bytes) and then try to run the code again with runtime data that is longer (e.g. 12 bytes). Running sudo tpm2_nvundefine -C o 0x01400002 seemed to reset the state for me so I could use a longer input.

Expected behavior

You can pass in runtime data of different lengths without having to reset each time
@ssolit ssolit mentioned this issue Oct 23, 2024
Closed
mkulke added a commit to mkulke/azure-cvm-tooling that referenced this issue Oct 25, 2024
@mkulke
Handle variable report_data index sizes
61f9df0 
fixes kinvolk#61

A caller of `get_report_with_report_data()` might provide report_data of
varying sizes. We need to verify the size of the allocated nv index that
holds the report data and recreate it if necessary.

Integration tests have been added to test this on CVM hardware.

Signed-off-by: Magnus Kulke <[email protected]>
@mkulke mkulke linked a pull request Oct 25, 2024 that will close this issue
Open
mkulke added a commit to mkulke/azure-cvm-tooling that referenced this issue Oct 25, 2024
@mkulke
Handle variable report_data index sizes
b6ac01e 
fixes kinvolk#61

A caller of `get_report_with_report_data()` might provide report_data of
varying sizes. We need to verify the size of the allocated nv index that
holds the report data and recreate it if necessary.

Integration tests have been added to test this on CVM hardware.

Signed-off-by: Magnus Kulke <[email protected]>
mkulke added a commit to mkulke/azure-cvm-tooling that referenced this issue Oct 25, 2024
@mkulke
Handle variable report_data index sizes
cede6b9 
fixes kinvolk#61

A caller of `get_report_with_report_data()` might provide report_data of
varying sizes. We need to verify the size of the allocated nv index that
holds the report data and recreate it if necessary.

Integration tests have been added to test this on CVM hardware.

Signed-off-by: Magnus Kulke <[email protected]>
mkulke added a commit to mkulke/azure-cvm-tooling that referenced this issue Oct 25, 2024
@mkulke
Handle variable report_data index sizes
e5adc5b 
fixes kinvolk#61

A caller of `get_report_with_report_data()` might provide report_data of
varying sizes. We need to verify the size of the allocated nv index that
holds the report data and recreate it if necessary.

Integration tests have been added to test this on CVM hardware.

Signed-off-by: Magnus Kulke <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle variable report_data index sizes mkulke/azure-cvm-tooling
1 participant
@ssolit