Thore Sommer
Thore Sommer
We have seen some TPMs where the EK certificate for RSA2048 are padded with ones up to the length of 1600 bytes. This causes the agent to fail to register,...
Otherwise the agent will fail starting up on new systems without the keylime user.
It seems that this just silently not loads the certificate: https://github.com/keylime/rust-keylime/blob/2f7b3ada02382eef95d718eafa934ce753a51380/keylime/src/crypto.rs#L783-L790
Currently we output all the warnings and errors from the tss-esapi bindings, but when we read the EK certificate we get a bunch of errors, that are not really understandable...
I looked into packaging the rust agent for Debian and it makes it a lot easier if the agent is published on crates.io. @lkatalin @ansasaki @ueno does anyone of you...
Now with the Rust agent moving closer to a first release we should also create a package for Debian/Ubuntu. @utkarsh2102 have you packaged Rust programs before?
- Allow a rule to take multiple claims - An example would be a tpm2_quote and a list of PCR values to check if they are consistent - Expose in...
Further this removes padding found on some TPMs in the NV indices. If this is not valid, we still use it, but output a warning.