PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but
due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the
problem of the config partition not being measured correctly.
Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of
SHA256.
This issue was somewhat mitigated due to all of the PCR extend functions
updating both the values of SHA256 and SHA1 for a given PCR ID.
However, due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as
the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which
means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault”
key, changes to the config partition would still not be measured.
An attacker could modify the config partition without triggering the measured boot, this could
result in the attacker gaining full control over the device with full access to the contents of the
encrypted “vault”
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://asrg.io/security-advisories/cve-2023-43630/ |
History
Tue, 24 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: ASRG
Published: 2023-09-20T14:37:44.564Z
Updated: 2024-09-24T18:34:19.821Z
Reserved: 2023-09-20T14:34:14.873Z
Link: CVE-2023-43630
Vulnrichment
Updated: 2024-08-02T19:44:43.769Z
NVD
Status : Modified
Published: 2023-09-20T15:15:11.877
Modified: 2024-11-21T08:24:30.200
Link: CVE-2023-43630
Redhat
No data.