profile
viewpoint
Joseph Richey josephlr @google Seattle, Washington Google Engineer working on Cloud Security. University of Michigan 2016 Grad Mathematics/CS

google/fscrypt 623

Go tool for managing Linux filesystem encryption

google/fscryptctl 72

Small C tool for Linux filesystem encryption

google/ms-tpm-20-ref 1

Reference implementation of the TCG Trusted Platform Module 2.0 specification.

josephlr/argon2rs 0

The pure-Rust password hashing library running on Argon2.

josephlr/bootloader 0

An experimental pure-Rust x86 bootloader

josephlr/cargo-web 0

A Cargo subcommand for the client-side Web

josephlr/cli 0

A simple, fast, and fun package for building command line apps in Go

josephlr/cms 0

CMS (PKCS#7) library for Go

josephlr/cobra 0

A Commander for modern Go CLI interactions

issue commentrust-osdev/x86_64

Provide means to test external_asm code path

Maybe I'm just confused at the context, but why can't you just do:

cargo build --no-default-features --features external_asm,instructions

That's what we currently do in the CI.

jarkkojs

comment created time in 40 minutes

issue commentgoogle/go-tpm-tools

server.VerifyAttestation fails on gce debian10+secureboot

We either need to get that patch series backported to Debian 10 (which sounds annoying), or just tell users of this library "Don't use Debian 10, it's insecure w.r.t. the TPM anyway due to depending on SHA1).

salrashid123

comment created time in an hour

issue commentgoogle/go-tpm-tools

server.VerifyAttestation fails on gce debian10+secureboot

I confirmed that using the exact same setting but going from Debian 10 to Debian 11, the issue is fixed. So I'm guessing this is a bug in Debian 10's kernel version.

Looking at the events, this does seem to be a kernel or bootloader configuration bug in Debian 10. There are three events missing from the Debian 10 log that a present in the Debian 11 log:

  • An EV_EFI_BOOT_SERVICES_APPLICATION measurement into PCR 4 of the kernel itself (i.e. vmlinuz)
  • Two EV_EFI_ACTION measurements into PCR 5 indicating that Exit Boot Services Returned with Success

I know the PCR 5 bug is the same issue tracked in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796 The PCR 4 issues are probably also related to the same problem (judging by the comments there). Essentially, this patch which was added in kernel 5.3 fixed the problem.

Per Tyler Hick's comments, it seems like Ubuntu had a special backport to their older kernel (4.15), but the maintainer didn't "target these patches for linux-stable", so Debian 10 never got them.

Debian 10 version: 4.19.0-18-cloud-amd64 (from October 2018) Debian 11 version: 5.10.0-10-cloud-amd64 (from December 2020)

Here are the relevant files for a first boot of Debian 11

debian11_parsed_log.txt debian11_pcr_log.txt debian11_binary_bios_measurements.log

salrashid123

comment created time in an hour

issue commentgoogle/go-tpm-tools

server.VerifyAttestation fails on gce debian10+secureboot

I was able to reproduce this issue specifically on Debian 10, maybe it's a kernel bug?

I confirmed that tpm2-tools also encountered issues replaying PCRs 4 and 5. I also confirmed that this issue is not fixed by either updating the guest VM or restarting the image.

I've uploaded the relevent files for a first boot of Debian 10

debian10_parsed_log.txt debian10_pcr_log.txt debian10_binary_bios_measurements.log

salrashid123

comment created time in 2 hours

push eventgoogle/go-tpm

Jiankun Lü

commit sha 77d0de8718a8638d94d2e9b6ae2a8b6122b38d47

Add PCRReset command for tpm2 (#268)

view details

push time in 2 hours

PR merged google/go-tpm

Add PCRReset command for tpm2

Add a command to reset a PCR

This will allow us to reset the debug pcr 16 and pcr 23 in a test that requires a clean pcr.

+57 -0

0 comment

3 changed files

jkl73

pr closed time in 2 hours

issue commentgoogle/go-tpm-tools

Build noise from deprecated features when compiling against OpenSSL 3

We could manually patch the simulator code, the problem is that the TCG spec explicitly uses this function:

This means the the C libraries (which conform to the spec) also use this deprecated function:

I think it would be reasonable to just add a -Wno-deprecated-declarations flag to internal_cgo.go.

Also, see https://github.com/stefanberger/libtpms/issues/215 for OpenSSL 3.0 support progress in libtpms. We will likely also need to remove library use of deprecated functions if we ever want this to build w/ OpenSSL.

azdagron

comment created time in 2 hours

push eventjosephlr/go-tpm-tools

Joe Richey

commit sha 51ca9146e23718b8df2deeffca224d58db7fb8fa

simulator: Change flags to avoid cgo warnings Changing to -Wno-uninitialized avoids warnings on Clang Signed-off-by: Joe Richey <joerichey@google.com>

view details

push time in 3 hours

PR opened google/go-tpm-tools

ci: Add tests for CGO Warning

Signed-off-by: Joe Richey joerichey@google.com

+4 -0

0 comment

1 changed file

pr created time in 3 hours

create barnchjosephlr/go-tpm-tools

branch : cgo

created branch time in 3 hours

push eventjosephlr/go-tpm-tools

Joe Richey

commit sha cbf0b0df8e604f5abdb3f91cdbfd9b9b2c2030d9

server: Reorganize checkAK methods This makes the code flow much easier to understand Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joe Richey

commit sha 6d383cdb13c1f6ca80babbb7a55b6ab04c45a6ca

server: Only also one trust method with VerifyAttestation Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joe Richey

commit sha d29c13ab334754e82ff5de471d1b2a52b1b92932

server: Fix AK Cert checking bug Now the provided AK must match the AK cert's public key. Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joe Richey

commit sha 3f210f1ccaca529d126eb399c68a6031d933accd

server: Add regression test for Pub/Cert mismatch Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joseph Richey

commit sha 18ffb8c4c2d8036a1b8510f1b39d64586efb5f86

Merge pull request #153 from josephlr/pubkey server: Fix AK Cert checking bug

view details

Joe Richey

commit sha d216ba064647ea9470175e71611798be69f0b4c8

internal/test: add GetSimulatorWithLog This makes it possible for tests to depend on specific eventlogs when testing attestation-based functionality. Specifically, we also want to have this method inside of google3. Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joe Richey

commit sha 738cc8c1e5d03299f8fc5c505afd2249158381d6

server: Support all public key types in pubKeysEqual Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joseph Richey

commit sha 9eeeb9902f7e2765bcedddb7eb2faac527433d38

Merge pull request #156 from josephlr/testing internal/test: add GetSimulatorWithLog

view details

Joe Richey

commit sha 151a1ec76b15fc1d1e86a6def22c1f7bb52ef2e5

Update crypto.PublicKey documentation Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joseph Richey

commit sha 02925fadc0ffcf6de3bc0eb7c0886a38392a88e7

Merge pull request #157 from josephlr/pubkeyeq server: Support all public key types in pubKeysEqual

view details

push time in 3 hours

issue commentgoogle/go-tpm-tools

Build noise with Clang due to unknown flag

@azdagron thanks for the report, I don't know if Go supports conditional compilation flags for clang vs GCC. IIRC this flag was added to avoid compiler spew on GCC.

I can take a look at this though.

azdagron

comment created time in 3 hours

delete branch josephlr/go-tpm-tools

delete branch : pubkeyeq

delete time in 6 hours

push eventgoogle/go-tpm-tools

Joe Richey

commit sha 738cc8c1e5d03299f8fc5c505afd2249158381d6

server: Support all public key types in pubKeysEqual Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joe Richey

commit sha 151a1ec76b15fc1d1e86a6def22c1f7bb52ef2e5

Update crypto.PublicKey documentation Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joseph Richey

commit sha 02925fadc0ffcf6de3bc0eb7c0886a38392a88e7

Merge pull request #157 from josephlr/pubkeyeq server: Support all public key types in pubKeysEqual

view details

push time in 6 hours

PR merged google/go-tpm-tools

Reviewers
server: Support all public key types in pubKeysEqual

Mostly just a style nit

Instead of checking the concrete types for crypto.PublicKey, we try to cast the key to an interface containing the expected Equals method. This approach is explicitly mentioned in the crypto.PublicKey documentation.

Signed-off-by: Joe Richey joerichey@google.com

+7 -8

0 comment

1 changed file

josephlr

pr closed time in 6 hours

PullRequestReviewEvent

Pull request review commentgoogle/go-tpm-tools

server: Support all public key types in pubKeysEqual

 func VerifyAttestation(attestation *pb.Attestation, opts VerifyOpts) (*pb.Machin }  func pubKeysEqual(k1 crypto.PublicKey, k2 crypto.PublicKey) bool {-	switch key := k1.(type) {

Done, it's in the 1.18 beta docs

josephlr

comment created time in 6 hours

push eventjosephlr/go-tpm-tools

Joe Richey

commit sha 151a1ec76b15fc1d1e86a6def22c1f7bb52ef2e5

Update crypto.PublicKey documentation Signed-off-by: Joe Richey <joerichey@google.com>

view details

push time in 6 hours

Pull request review commentgoogle/go-tpm

Add PCRReset command for tpm2

 func TestReadPCR(t *testing.T) { 	} } +func TestPCRReset(t *testing.T) {+	rw := openTPM(t)+	defer rw.Close()+	allZeroBytes := make([]byte, 32)++	var fakeHashSum [32]byte+	err := PCRExtend(rw, 16, AlgSHA256, fakeHashSum[:], "")+	if err != nil {+		t.Fatal(err)+	}++	pcrVal, err := ReadPCR(rw, 16 /*pcr*/, AlgSHA256)+	if err != nil {+		t.Fatal(err)+	}+	if reflect.DeepEqual(allZeroBytes, pcrVal) {

Here and elsewhere, I think this can just be bytes.Equal, they are just byte slices after all

jkl73

comment created time in 7 hours

Pull request review commentgoogle/go-tpm

Add PCRReset command for tpm2

 func TestReadPCR(t *testing.T) { 	} } +func TestPCRReset(t *testing.T) {+	rw := openTPM(t)+	defer rw.Close()+	allZeroBytes := make([]byte, 32)++	var fakeHashSum [32]byte+	err := PCRExtend(rw, 16, AlgSHA256, fakeHashSum[:], "")

We should have PCR 16 defined as a constant here, instead of repeating over and over.

jkl73

comment created time in 7 hours

PullRequestReviewEvent
PullRequestReviewEvent

delete branch josephlr/go-tpm-tools

delete branch : testing

delete time in 7 hours

push eventgoogle/go-tpm-tools

Joe Richey

commit sha d216ba064647ea9470175e71611798be69f0b4c8

internal/test: add GetSimulatorWithLog This makes it possible for tests to depend on specific eventlogs when testing attestation-based functionality. Specifically, we also want to have this method inside of google3. Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joseph Richey

commit sha 9eeeb9902f7e2765bcedddb7eb2faac527433d38

Merge pull request #156 from josephlr/testing internal/test: add GetSimulatorWithLog

view details

push time in 7 hours

PR merged google/go-tpm-tools

Reviewers
internal/test: add GetSimulatorWithLog

This makes it possible for tests to depend on specific eventlogs when testing attestation-based functionality. Specifically, we also want to have this method inside of google3.

Signed-off-by: Joe Richey joerichey@google.com

+15 -10

0 comment

1 changed file

josephlr

pr closed time in 7 hours

push eventjosephlr/go-tpm-tools

Joe Richey

commit sha 738cc8c1e5d03299f8fc5c505afd2249158381d6

server: Support all public key types in pubKeysEqual Signed-off-by: Joe Richey <joerichey@google.com>

view details

push time in 7 hours

PR opened google/go-tpm-tools

Reviewers
server: Support all public key types in pubKeysEqual

Mostly just a style nit

Instead of checking the concrete types for crypto.PublicKey, we try to cast the key to an interface containing the expected Equals method. This approach is explicitly mentioned in the crypto.PublicKey documentation.

Signed-off-by: Joe Richey joerichey@google.com

+6 -7

0 comment

1 changed file

pr created time in 7 hours

create barnchjosephlr/go-tpm-tools

branch : pubkeyeq

created branch time in 7 hours

PR opened google/go-tpm-tools

Reviewers
internal/test: add GetSimulatorWithLog

This makes it possible for tests to depend on specific eventlogs when testing attestation-based functionality. Specifically, we also want to have this method inside of google3.

Signed-off-by: Joe Richey joerichey@google.com

+15 -10

0 comment

1 changed file

pr created time in 7 hours

push eventjosephlr/go-tpm-tools

Joe Richey

commit sha cbf0b0df8e604f5abdb3f91cdbfd9b9b2c2030d9

server: Reorganize checkAK methods This makes the code flow much easier to understand Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joe Richey

commit sha 6d383cdb13c1f6ca80babbb7a55b6ab04c45a6ca

server: Only also one trust method with VerifyAttestation Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joe Richey

commit sha d29c13ab334754e82ff5de471d1b2a52b1b92932

server: Fix AK Cert checking bug Now the provided AK must match the AK cert's public key. Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joe Richey

commit sha 3f210f1ccaca529d126eb399c68a6031d933accd

server: Add regression test for Pub/Cert mismatch Signed-off-by: Joe Richey <joerichey@google.com>

view details

Joseph Richey

commit sha 18ffb8c4c2d8036a1b8510f1b39d64586efb5f86

Merge pull request #153 from josephlr/pubkey server: Fix AK Cert checking bug

view details

Joe Richey

commit sha d216ba064647ea9470175e71611798be69f0b4c8

internal/test: add GetSimulatorWithLog This makes it possible for tests to depend on specific eventlogs when testing attestation-based functionality. Specifically, we also want to have this method inside of google3. Signed-off-by: Joe Richey <joerichey@google.com>

view details

push time in 7 hours

more