[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-bugs] [Bug 1488] New: vtpm_managerd NVM checksum error

http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1488

           Summary: vtpm_managerd NVM checksum error
           Product: Xen
           Version: unstable
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Tools
        AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx
        ReportedBy: fmatthew5876@xxxxxxxxx


tools/vtpm_manager/manager/securestorage.c
Function VTPM_Handle_Save_NVM

There is a bug in this function that causes a measurement check failed error
message to occur when loading vtpm non-volatile memory.

The problem is that when the NVM is saved to a file the file is not truncated.
The error occurs when the already existing file size is larger than the size of
the NVM in memory to be saved.
The checksum is computed using the in memory NVM data and then when loading the
file later on, the file's checksum will be invalid because of the extra bits on
the end.

For instance. Assume the vtpm_dm_%d.data file is 4k, and the NVM in memory to
be saved is 3k.
First, the NVM in memory is written to the first 3k bytes of the file. The last
1k remains untouched. Then a checksum is taken of the 3k NVM in memory and
stored.
Later when you try to reload the vTPM, it computes a checksum of the 4k file
and compares it with the saved checksum of the 3k memory which of course fails.

There are 2 workarounds for this, I am not sure which is the most correct.
(Does the vtpm implementation need those extra bits to remain in the file?)
1) Truncate the file when saving it using O_TRUNC
2) After saving to the file, reread it and take the checksum of the entire file
instead of the in memory NVM data.


-- 
Configure bugmail: 
http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
Xen-bugs mailing list
Xen-bugs@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-bugs

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.