Thread: [tboot-devel] rename parse_err?

Brought to you by: gwei3, hlukasz, mateuszmowka, mcamrom-intel, and 2 others

tboot-devel

[tboot-devel] rename parse_err?

From: Timo L. <tim...@ik...> - 2020-05-10 20:55:35

Hi,

tboot installs a binary called "parse_err". I realize tboot has been doing 
this for a long time but have you considered renaming the binary to 
something less generic? Maybe txt_parse_err?

-Timo

Re: [tboot-devel] rename parse_err?

From: Lukasz H. <luk...@li...> - 2020-05-14 13:20:40

On Sun, 2020-05-10 at 23:55 +0300, Timo Lindfors wrote:
> Hi,
> 
> tboot installs a binary called "parse_err". I realize tboot has been doing 
> this for a long time but have you considered renaming the binary to 
> something less generic? Maybe txt_parse_err?
> 
> -Timo
> 

Agree, this should be changed. I have also renamed acminfo to txt-
acminfo, now all these tools has 'txt-' prefix.

Thanks,
Lukasz

Re: [tboot-devel] rename parse_err?

From: Timo L. <tim...@ik...> - 2020-05-14 13:42:22

Hi,

On Thu, 14 May 2020, Lukasz Hawrylko wrote:
> Agree, this should be changed. I have also renamed acminfo to txt-
> acminfo, now all these tools has 'txt-' prefix.

Great. I guess you also updated the man pages to refer to these new names? 
Also docs/Makefile should list man pages for all commands that are 
installed.

-Timo

Re: [tboot-devel] rename parse_err?

From: Lukasz H. <luk...@li...> - 2020-05-15 08:07:48

On Thu, 2020-05-14 at 16:42 +0300, Timo Lindfors wrote:
> Hi,
> 
> On Thu, 14 May 2020, Lukasz Hawrylko wrote:
> > Agree, this should be changed. I have also renamed acminfo to txt-
> > acminfo, now all these tools has 'txt-' prefix.
> 
> Great. I guess you also updated the man pages to refer to these new names? 
> Also docs/Makefile should list man pages for all commands that are 
> installed.
> 
> -Timo
> 

Done.

Thanks,
Lukasz

Re: [tboot-devel] rename parse_err?

From: Timo L. <tim...@ik...> - 2020-05-15 15:14:20

Hi,

On Fri, 15 May 2020, Lukasz Hawrylko wrote:
> Done.

Thanks, I'll do some testing and ask for further feedback. Would it be 
possible to release a new version after some time with all these
changes so that they would be part of the eventual Debian upload?

Btw, can you recommend some tool for defining an NVRAM region that would 
allow me to specify the DRTM PCR values that need to match before it can 
be accessed? tpm_nvdefine -f works only with PCRs <= 15. I sent a patch
last summer to fix this but the project does not seem to be very active
and the patch appears to have been forgotten:

https://www.mail-archive.com/tro...@li.../msg00684.html

As far as I understand, the defindex tool in tboot does not let me specify 
PCR values either. I need this for forward-sealing of data across 
updates.

-Timo

Re: [tboot-devel] rename parse_err?

From: Lukasz H. <luk...@li...> - 2020-05-18 13:33:57

On Fri, 2020-05-15 at 18:13 +0300, Timo Lindfors wrote:
> Hi,
> 
> On Fri, 15 May 2020, Lukasz Hawrylko wrote:
> > Done.
> 
> Thanks, I'll do some testing and ask for further feedback. Would it be 
> possible to release a new version after some time with all these
> changes so that they would be part of the eventual Debian upload?

1.9.12 was released recently, so I don't have right now plans for new
release timeline. There are few more changes that I am working on right
now and I want to include them in next release.

> 
> Btw, can you recommend some tool for defining an NVRAM region that would 
> allow me to specify the DRTM PCR values that need to match before it can 
> be accessed? tpm_nvdefine -f works only with PCRs <= 15. I sent a patch
> last summer to fix this but the project does not seem to be very active
> and the patch appears to have been forgotten:
> 
> https://www.mail-archive.com/tro...@li.../msg00684.html
> 
> 
> As far as I understand, the defindex tool in tboot does not let me specify 
> PCR values either. I need this for forward-sealing of data across 
> updates.
> 

As you are using trousers I guess that you have TPM 1.2 am I right? It
is EOL now that's why nobody cares about trousers project, is it
possible in your platform to use TPM 2.0? I highly recommend to upgrade,
than you can use tpm2-tools.

Thanks,
Lukasz

Re: [tboot-devel] rename parse_err?

From: Timo L. <tim...@ik...> - 2020-05-19 16:14:33

On Mon, 18 May 2020, Lukasz Hawrylko wrote:
> 1.9.12 was released recently, so I don't have right now plans for new
> release timeline. There are few more changes that I am working on right
> now and I want to include them in next release.

Ok, I can upload a mercurial snapshot as well, no problem.

> As you are using trousers I guess that you have TPM 1.2 am I right? It
> is EOL now that's why nobody cares about trousers project, is it
> possible in your platform to use TPM 2.0? I highly recommend to upgrade,
> than you can use tpm2-tools.

Yes, there are quite a lot of existing TPM 1.2 systems. Some support 
upgrading to TPM 2.0 but many don't. I've been doing my testing mostly on 
Lenovo T430s laptop. I'd like to use a newer laptop for this but the ones 
that I have available don't support TXT (checked T460, T470 and T490).

The situation is bit better with servers but due to this COVID-19 
situation I cannot really do any of my testing on servers. Remotely 
upgrading to TPM 2.0 sounds very scary.

-Timo