SUSE CVE-2023-43630

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is...

SUSE CVE-2023-43634

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. I...

GO-2026-4434 EVE Seals Vault Key With SHA1 PCRs in github.com/lf-edge/eve

EVE Seals Vault Key With SHA1 PCRs in github.com/lf-edge/eve...

EVE Seals Vault Key With SHA1 PCRs

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

GHSA-4JVR-VJ2C-8Q37 EVE Seals Vault Key With SHA1 PCRs

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information when sealing/unsealing the “vault” key. An attacker can gain unauthorized access to sensitive configuration data and modify system settings by physically removing the disk, altering files on...

PT-2026-6361

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

PT-2026-6461

Impact PCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256. Thus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk...

CVE-2023-43634

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. I...

GHSA-HX74-4WMC-FWVF Duplicate Advisory: EVE Has Partially Predetermined Vault Key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the...

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

Design/Logic Flaw

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. I...

CVE-2023-43634

CVE-2023-43634 relates to the EVE project: the config partition is measured for TPM PCRs used to seal/unseal the vault key. A change moved the config partition measurement from PCR 13 to PCR 14, but PCR 14 was not added to the sealing/unsealing list, making PCR 14’s measurement effectively redund...

EVE OS Trust Management Issue Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. A security vulnerability exists in EVE OS versions prior to 7.10, which stems from deriveVaultKey predetermining the last 16 bytes of a vault key as arfoobarfoobarfo, resulting i...

Duplicate Advisory: EVE Doesn't Measure Config Partition From 2 Fronts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in comm...

GHSA-5JVG-8J6F-VPMC Duplicate Advisory: EVE Doesn't Measure Config Partition From 2 Fronts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in comm...

GHSA-H929-FVVP-882C Duplicate Advisory: EVE Seals Vault Key With SHA1 PCRs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism...

CVE-2023-43635 Vault Key Sealed With SHA1 PCRs

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

CVE-2023-43630

CVE-2023-43630 documents a TPM/Measured Boot issue in the EVE project (lf-edge/eve) where PCR14 is not in the sealing/unsealing list for the vault key, and the vault key is sealed with SHA1 PCRs instead of SHA256. A code change (commit 7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4) meant that PCR14 up...

CVE-2023-43630 Config Partition Not Measured From 2 Fronts

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is...