-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
attestation: validate GCP machine state instead of PCR 0 #1343
Conversation
✅ Deploy Preview for constellation-docs canceled.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PCR[10] is used by Linux IMA, which writes a hash hash over TPM registers 0-7 to it.
I'm not 100% certain if this still happens in out images, but we might want to remove this value from our config as well.
The default config also needs to be updated (?). I think this should be removed. |
Yes, I saw a warning for PCR 10. Removed it. |
Done. Not sure if I have to do anything with measurements_enterprise.go. |
I don't think so. Seems to me like those are always updated based on the build-os-image.yaml measurements. |
PCR 0 changed on GCP. The new value can be calculated as follows:
If you replace
v2
withv1
in the first event, you get the old PCR value.This means that PCR 0 will change if the GCE firmware version number is increased. We should stop comparing PCR 0 against a fixed value. Instead, we can replay the event log to validate the PCR and then validate the events. Fortunately, VerifyAttestation of go-tpm-tools already does most of this for us. This PR checks the result of the func and drops the fixed value for PCR 0.
I'm not sure if I catched all places that need to be changed to drop PCR 0. Please check.
For now I only tested the change using
constellation verify
against a cluster created with the released CLI v2.5.3 (with PCR 0 set to warnOnly).