Kernel measurement does not measure the buffer that's used #9
Labels
Comments
|
@mjg59 Have you looked at other parts that read code from disk to see if this bug exists in other places? |
|
I'm afraid I haven't - I noticed this one because I made exactly the same mistake in the UEFI Secure Boot implementation. |
|
This bug also exists in other places. For example the GRUB2 modules measurement or ntldr / chainloader measurement. I'm at the moment on vacation. I'll try to fix this afterwards. |
neusdan
added a commit
that referenced
this issue
Jan 1, 2016
neusdan
added a commit
that referenced
this issue
Jan 2, 2016
neusdan
added a commit
that referenced
this issue
Jan 2, 2016
neusdan
added a commit
that referenced
this issue
Jan 2, 2016
neusdan
added a commit
that referenced
this issue
Jan 2, 2016
This was referenced Jan 7, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
grub-core/loader/i386/linux.c appears to read the kernel from disk into a series of buffers for later execution, and then reads the kernel again to perform a measurement. A sufficiently malicious storage device might provide a backdoored kernel on the first read attempt, followed by the correct kernel on the second read attempt. The measurement would then appear correct.
The text was updated successfully, but these errors were encountered: