-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reproduce PCR0: Lenovo X1 Carbon Gen9 test data #324
Comments
@xaionaro @rihter007 the firmware.bin is just the first 16 MB which includes FIT, BPM and KM |
Started the investigation in this branch: https://github.com/9elements/converged-security-suite/tree/support/lenovo_x1_carbon_gen9 Added some tooling there. But got stuck on the very first measurement. PCR0_DATA does not match what it should. |
Just for myself:
|
EventLog replays into the final PCR0 value dumped from TPM itself, so let's just analyze EventLog:
Standard initialization with locality 3.
We expect it to be PCR0_DATA, but I cannot reproduce it using provided TXT Public Space. I also tried to bruteforce possible bitflips in the register, but it also didn't help
We expect it to be "PCD Vendor Version". Should be extractible pretty easy, but will check later.
It looks like it measures 0xFFF00000-0xFFF10000. To be validated. But even if will be validated, then it is unclear where these pointers get from. FIT and BPM does not contain some of the pointers of this type of measurements (from this log). Though I see for example module
It looks like it measures 0xFFC00000-0xFFC80000. Same issues as above.
It looks like it measures 0xFF340000-0xFF770000. Same issues as above.
It looks like it measures 0xFFA40000-0xFFB80000. Same issues as above.
It looks like it measures 0xFF960000-0xFFA00000. Same issues as above.
It looks like it measures 0xFF770000-0xFF960000. Same issues as above.
"ACPI DATA". It looks like this is ACPI static tables, but for some unknown reason they have EventType 0x1 (EV_POST_CODE) instead of 0x80000009 (EV_EFI_HANDOFF_TABLES). To be investigated how to extract ACPI static tables, and if this is indeed them.
Same here.
I have no idea what is this. Since the
And I have no idea what is this. But if we just hash
Standard and well-known separator. Total
|
OK, found some explanation for |
Started a new branch: https://github.com/9elements/converged-security-suite/tree/feature/lenovo_x1_carbon_gen9 |
test-data.zip
The text was updated successfully, but these errors were encountered: