CVE-2023-43635

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a uniquevalue for each PCR entry. These PCRs are then used in order to seal/unseal a key from the TPM...

CVE-2023-43636

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessingthe encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the bootprocess will change if any of their respective parts are changed. This includes, ...

CVE-2023-43632

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients.VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded options”The communication with this server is done using proto...

CVE-2023-43631

On boot, the Pillar eve container checks for the existence and content of“/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to openport 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could easil...

CVE-2023-43630

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, butdue to the change that was implemented in commit“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve theproblem of the config partition not being measured correctly. Also, the “vault” key is sealed/...