Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-118148

keylime agent fails to create TPM quote with ECC keys [rhel-9]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • None
    • rhel-security-special-projects
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Setting one of `ecc521`, `ecc384`, `ecc256` or `ecc` in `tpm_encryption_alg` makes the agent to fail generating signed TPM quotes 

      What is the impact of this issue to you?

      The agent cannot generate TPM quote evidence to report to the verifier, making the whole Keylime solution to not work when TPM ECC keys are used 

      Please provide the package NVR for which the bug is seen:

      keylime-agent-rust-0.2.7-3.el10

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. Set any `ecc{521, 384, 256, }` to `tpm_encryption_alg`
      2. Start the verifier, registrar, agent
      3. Enroll the agent to be monitored by the verifier using the tenant

      Expected results

      The agent is successfully enrolled and the verifier successfully verify the provided attestation evidences (TPM quotes)

      Actual results

      The enrollment fails

              scorreia@redhat.com Sergio Correia
              ansasaki@redhat.com Anderson Sasaki
              Sergio Correia Sergio Correia
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: