Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable hex values to be used for tpm_ownerpassword #769

Merged
merged 1 commit into from
Apr 26, 2024
Merged

Enable hex values to be used for tpm_ownerpassword #769

merged 1 commit into from
Apr 26, 2024

Conversation

Isaac-Matthews
Copy link
Contributor

@Isaac-Matthews Isaac-Matthews commented Mar 27, 2024
edited
Loading

This fixes #760.

If a TPM has been set up with a non-string auth value, for example by running:
tpm2_changeauth -c E "hex:0000DF0237BE41C0E0124CAAD0A619B29B8E3EE4173521656729C6F339DBC449"
the keylime agent is not currently compatible with the TPM as there is no way provide this value.

This fixes the issue, by checking for "hex:" at the start of the tpm password and using a hex password if it is found.

THS-on
THS-on requested changes Apr 9, 2024
View reviewed changes
keylime-agent/src/main.rs Outdated Show resolved Hide resolved
@Isaac-Matthews Isaac-Matthews force-pushed the hex_auth_values branch 2 times, most recently from d830deb to 79db4aa Compare April 9, 2024 15:42
ueno
ueno approved these changes Apr 10, 2024
View reviewed changes
Copy link
Contributor

@ueno ueno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of minor nits, but otherwise it looks good to me.

keylime-agent/src/main.rs Outdated Show resolved Hide resolved
keylime-agent/src/main.rs Outdated
let auth = if tpm_ownerpassword.starts_with("hex:") {
let (_, hex_ownerpassword) = tpm_ownerpassword.split_at(4);
let decoded_ownerpassword = hex::decode(hex_ownerpassword)
.map_err(|_| {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if this manual conversion is required, as FromHex error is already defined.

@Isaac-Matthews
Copy link
Contributor Author

A couple of minor nits, but otherwise it looks good to me.

Thanks for the feedback, I have made both changes and merged into one commit.

@codecov Codecov
Copy link

codecov bot commented Apr 10, 2024

Codecov Report

Attention: Patch coverage is 0% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 61.99%. Comparing base (2f7b3ad) to head (fb65f89).
Report is 7 commits behind head on master.

Additional details and impacted files
Flag Coverage Δ
e2e-testsuite 61.99% <0.00%> (+4.40%) ⬆️
upstream-unit-tests 61.99% <0.00%> (+10.98%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
keylime-agent/src/main.rs 27.51% <0.00%> (+1.49%) ⬆️

... and 15 files with indirect coverage changes

@ansasaki
Copy link
Contributor

@THS-on Hi, could you please mark your request as solved? Otherwise I cannot merge this.

THS-on
THS-on approved these changes Apr 26, 2024
View reviewed changes
Copy link
Member

@THS-on THS-on left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ansasaki done

@ansasaki ansasaki merged commit aca54b3 into keylime:master Apr 26, 2024
13 of 14 checks passed
@Isaac-Matthews Isaac-Matthews mentioned this pull request May 7, 2024
Merged
@Isaac-Matthews Isaac-Matthews mentioned this pull request Jul 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@THS-on THS-on THS-on approved these changes

@ueno ueno ueno approved these changes

@maugustosilva maugustosilva Awaiting requested review from maugustosilva

@ansasaki ansasaki Awaiting requested review from ansasaki

@lukehinds lukehinds Awaiting requested review from lukehinds

Assignees

@maugustosilva maugustosilva

@lukehinds lukehinds

@ansasaki ansasaki

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Non-string auth values are not compatible with the agent.
6 participants
@Isaac-Matthews @ansasaki @ueno @THS-on @maugustosilva @lukehinds