Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding allowlist with incorrect checksum leads to a traceback #923

Open
kkaarreell opened this issue Mar 16, 2022 · 0 comments
Open

Adding allowlist with incorrect checksum leads to a traceback #923

kkaarreell opened this issue Mar 16, 2022 · 0 comments

Comments

@kkaarreell
Copy link
Contributor

Is your an issue a feature request? If so, please raise it as an enhancement

Environment

  • OS / version: F35
  • Processor architecture: x86_64
  • TPM Manufacturer:
  • Keylime version: current latest upstream ffe2b77

Description

# keylime_tenant -c addallowlist -v 127.0.0.1 --allowlist allowlist.txt --allowlist-name list2 --allowlist-checksum e5b85f
Reading configuration from ['/etc/keylime.conf']
2022-03-16 08:02:56.967 - keylime.tpm - INFO - TPM2-TOOLS Version: 5.2
2022-03-16 08:02:56.969 - keylime.tenant - INFO - Setting up client TLS in /var/lib/keylime/cv_ca
2022-03-16 08:02:56.970 - keylime.tenant - WARNING - Using default UUID d432fbb3-d2f1-4a97-9ef7-75bd81c00000
2022-03-16 08:02:56.970 - keylime.tenant - INFO - TPM PCR Mask from policy is 0x408000
2022-03-16 08:02:56.970 - keylime.tenant - INFO - TPM PCR Mask from policy is 0x808000
Traceback (most recent call last):
  File "/usr/local/bin/keylime_tenant", line 33, in <module>
    sys.exit(load_entry_point('keylime==6.3.1', 'console_scripts', 'keylime_tenant')())
  File "/usr/local/lib/python3.10/site-packages/keylime-6.3.1-py3.10.egg/keylime/cmd/tenant.py", line 15, in main
    tenant.main()
  File "/usr/local/lib/python3.10/site-packages/keylime-6.3.1-py3.10.egg/keylime/tenant.py", line 1452, in main
    mytenant.do_add_allowlist(vars(args))
  File "/usr/local/lib/python3.10/site-packages/keylime-6.3.1-py3.10.egg/keylime/tenant.py", line 1177, in do_add_allowlist
    self.process_allowlist(args)
  File "/usr/local/lib/python3.10/site-packages/keylime-6.3.1-py3.10.egg/keylime/tenant.py", line 209, in process_allowlist
    al_data = ima.read_allowlist(args["allowlist"], args["allowlist_checksum"], args["allowlist_sig"], args["allowlist_sig_key"])
  File "/usr/local/lib/python3.10/site-packages/keylime-6.3.1-py3.10.egg/keylime/ima.py", line 425, in read_allowlist
    raise Exception(f"Checksum of allowlist does not match! Expected {checksum}, Calculated {calculated_checksum}")
Exception: Checksum of allowlist does not match! Expected e5b85f, Calculated 12780f8dc7d77156367756683e5b85f9ac600d94f3412057546f3e48e610496b

Expected behavior vs. actual behavior

The tenant command should end with error without a traceback.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kkaarreell