"FAPI PolicyPCR not instatiating correctly" https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1 https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3
Salah, can you explain the severity of the issue? Thanks!
Created attachment 663805 [details] Affected Policy Its an information disclosure. If a FAPI policy is created to lock against the "current" value of the PCR, it doesn't actually do so. So the above policy does not actually work as it should. See below: # assume the TPM is provisioned already (it can be provisioned though the tss2_provision command) tpm2_pcrreset 16 tss2_import -i pol_pcr16_read.json -p pol_pcr16_read tss2_createkey -p HS/SRK/myCryptKey -t decrypt,noda -a "" -P pol_pcr16_read echo "verysecret" | tss2_encrypt -p HS/SRK/myCryptKey -i - -o secret.out tpm2_pcrextend 16:sha256=0x0000000000000000000000000000000000000000000000000000000000000001 # this should fail tss2_decrypt -p HS/SRK/myCryptKey -i secret.out -o secret.txt However, due the above CVE, this is not the case, and it succeeds. FAPI policies create with explicit PCR values and non-FAPI policies created tpm2_createpolicy are not affected.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dafe3d1624affb9c284e9820a4dafaee48c92694 commit dafe3d1624affb9c284e9820a4dafaee48c92694 Author: Salah Coronya <salah.coronya@gmail.com> AuthorDate: 2020-09-23 21:02:54 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-10-11 09:29:56 +0000 app-crypt/tpm2-tss: Bump to 3.0.1, fix CVE-2020-24455 Bug: https://bugs.gentoo.org/746563 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Salah Coronya <salah.coronya@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-crypt/tpm2-tss/Manifest | 1 + app-crypt/tpm2-tss/tpm2-tss-3.0.1.ebuild | 75 ++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+)
Maintainer, please call for stabilization when ready.
Ok to stabilize just 2.4.3. The 3.0.X series has never been stable and isn't ready for stabilization yet (it has an ABI change and opentmpfiles doesn't like it)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6062e47baae7b29f8707d4324449188162ab95dd commit 6062e47baae7b29f8707d4324449188162ab95dd Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2020-10-12 05:51:06 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-10-12 05:51:36 +0000 app-crypt/tpm2-tss: stabilize 2.4.3 on x86 Bug: https://bugs.gentoo.org/746563 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-crypt/tpm2-tss/tpm2-tss-2.4.3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0cb593c0e7cd670a25bb305dccbd5c921214277 commit b0cb593c0e7cd670a25bb305dccbd5c921214277 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2020-10-12 05:50:21 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-10-12 05:51:36 +0000 app-crypt/tpm2-tss: stabilize 2.4.3 on amd64 Bug: https://bugs.gentoo.org/746563 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-crypt/tpm2-tss/tpm2-tss-2.4.3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
All CCd arches done.
Please cleanup. commit 6062e47baae7b29f8707d4324449188162ab95dd Author: Joonas Niilola <juippis@gentoo.org> Date: Mon Oct 12 08:51:06 2020 +0300 app-crypt/tpm2-tss: stabilize 2.4.3 on x86 Bug: https://bugs.gentoo.org/746563 Signed-off-by: Joonas Niilola <juippis@gentoo.org> commit b0cb593c0e7cd670a25bb305dccbd5c921214277 Author: Joonas Niilola <juippis@gentoo.org> Date: Mon Oct 12 08:50:21 2020 +0300 app-crypt/tpm2-tss: stabilize 2.4.3 on amd64 Bug: https://bugs.gentoo.org/746563 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Ah, looks like this was done some time ago. Needs vote. commit fb1e50caef0adf0552e96d7d13e356bee5b8430b Author: Salah Coronya <salah.coronya@gmail.com> Date: Wed Sep 23 16:04:37 2020 -0500 app-crypt/tpm2-tss: Remove old Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Salah Coronya <salah.coronya@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/17648 Signed-off-by: Joonas Niilola <juippis@gentoo.org> delete mode 100644 app-crypt/tpm2-tss/tpm2-tss-2.4.2.ebuild delete mode 100644 app-crypt/tpm2-tss/tpm2-tss-3.0.0.ebuild
New GLSA request filed.
This issue was resolved and addressed in GLSA 202107-10 at https://security.gentoo.org/glsa/202107-10 by GLSA coordinator Sam James (sam_c).