Tags: aplanas/keylime
Tags
Update python cryptography lib to v3.3.2 Fixes issue keylime#581 Signed-off-by: Michael Peters <mpeters@redhat.com>
Remove TPM1.2 specifics from README (keylime#561) Signed-off-by: Luke Hinds <lhinds@redhat.com>
Fix CVE-2021-3406 This ensures we verify the EK and AIK we get from the agent before trusting signatures by it. Advisory: GHSA-78f8-6c68-375m For details, see https://patrick.uiterwijk.org/blog/tpm2-attestation-keylime-vulnerability Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> Signed-off-by: Michael Peters <mpeters@redhat.com>
ima: Count for bad file signatures in separate error field Extend the err array with another field and account for bad file signatures in err[3]. We move prior usage of err[3] to err[4] where the good entries are counted and now sum over 4 error fields rather than 3. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
ima: Count for bad file signatures in separate error field Extend the err array with another field and account for bad file signatures in err[3]. We move prior usage of err[3] to err[4] where the good entries are counted and now sum over 4 error fields rather than 3. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
ima: Return None in case there was no keyring in the DB
This patch fixes the following issue on the verifier side when no
string representation of an IMA keyring is found in the DB.
2021-01-20 15:58:55.083 - keylime.tpm2 - INFO - TPM2-TOOLS Version: 5.0
2021-01-20 15:58:55.084 - keylime.cloudverifier - ERROR - list indices must be integers or slices, not str
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/keylime-0.0.0-py3.8.egg/keylime/cloud_verifier_tornado.py", line 437, in invoke_get_quote
if cloud_verifier_common.process_quote_response(agent, json_response['results']):
File "/usr/local/lib/python3.8/site-packages/keylime-0.0.0-py3.8.egg/keylime/cloud_verifier_common.py", line 202, in process_quote_response
ima_keyring = ima_file_signatures.ImaKeyring.from_string(agent['ima_sign_verification_keys'])
File "/usr/local/lib/python3.8/site-packages/keylime-0.0.0-py3.8.egg/keylime/ima_file_signatures.py", line 200, in from_string
for der_key in ImaKeyring._base64_to_der_keylist(obj['pubkeys']):
TypeError: list indices must be integers or slices, not str
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Update verifier REST API to return error for invalid exclude list (ke… …ylime#319) This updates the verifier REST API to return a 400 error code immediately i.e. instead of adding the agent, if the verifier receives a POST request e.g. from keylime_tenant, with agent data that contains an invalid exclude list regular expression.
Revert "Remove PBR (keylime#335)" (keylime#336) This reverts commit cb42ba3.
PreviousNext