Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ERROR: FATAL ERROR: PCR values failed to match quote's digest!

See original GitHub issue

Environment

OS / version: Fedora 29
Processor architecture: x86_64
TPM Manufacturer: Infineon SLB9665VQ2.0 TPM v2.0
Keylime version: master

Description

I tried to run the IMA demo on Fedora 29, but this time doing so on bare metal with a hardware TPM chip.

After uploading the whitelist using the tenant, an exception occurs with tpm2_deluxequote

Exception: Command: tpm2_deluxequote -C 0x81000001 -L sha256:15,22+sha1:10 -q 4b6e52706777674b62454841644c46377376345a -m /tmp/tmpa6uTtL -s /tmp/tmpPx7Dq5 -p /tmp/tmpilmRPv -G sha256 -P eGxMQfmwxRkucGVl0czc returned 1, expected 0, output [“ERROR: FATAL ERROR: PCR values failed to match quote’s digest!\n”, ‘ERROR: Error validating calculated PCR composite with quote\n’, ‘ERROR: Unable to run tpm2_deluxequote\n’

Exception: Command: tpm2_deluxequote -C 0x81000001 -L sha256:15,22+sha1:10 -q 4b6e52706777674b62454841644c46377376345a -m /tmp/tmpa6uTtL -s /tmp/tmpPx7Dq5 -p /tmp/tmpilmRPv -G sha256 -P eGxMQfmwxRkucGVl0czc returned 1, expected 0, output ["ERROR: FATAL ERROR: PCR values failed to match quote's digest!\n", 'ERROR: Error validating calculated PCR composite with quote\n', 'ERROR: Unable to run tpm2_deluxequote\n', 'quoted: ff54434780180022000bb321b13de8e32f19e35055ffe7cfb706ac563360b5ce48820976e6941377080f00144b6e52706777674b62454841644c46377376345a000000000001717d0000000000000000010005003f000d190000000002000b030080400004030004000020217d8044568ff67449e1e340b1a413563557be4505e396e9d7586a4f06b0996a\n', 'signature:\n', '  alg: rsassa\n', '  sig: 86016fcc7b8d08f9ab1b048208790f67170e397e1e45ae832c06bdb6894db008f50027fb2fbeaf5eb5de294585d1fbef4b4ad4e4bef3cc4091fcaac52e80d299ec174290eb8d69e9dd541c6afdfe72d59d91adad2538d2c78d1e484e5576111fb54167fb03062b251ee75fa09b28cfaf173489174c7d1fcf71708bdd7ad4f36b519d90da5d31eef46371cc3ac3e8c0ba401391ebcadaa3c93862eb920e24cb444fbaa0105024574468001e6353b7d9df67d959a2ad9e24c4450a98a70c7ebb2b4e09f04ff3bedd037894c7aa02b42b6e1dee0af872ac96257c99146c8e157302fa6bdd7320af1e469349eb3eab02388d436f8c68c3bd70982d9ae396173e875c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\n', 'pcrs:\n', '  sha256:\n', '    15: 0x0000000000000000000000000000000000000000000000000000000000000000\n', '    22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\n', '  sha1:\n', '    10: 0x529567C1A8E5D8359711A8C928929D273C4AF811\n', 'calcDigest: fee347c3d458aacd462a8e14da5c91a4ab0a2e044c590fad0b7d25e96ea29710\n']

Issue Analytics

State:
Created 5 years ago
Comments:10 (10 by maintainers)

Top GitHub Comments

1reaction

jetwhizcommented, Mar 26, 2019

The thing that will make debugging this tricky is that we’re not getting consistent PCR values, so I’m not sure if the issue is:

Your TPM is calculating the aggregate PCR differently than the others we’ve tested (in a way that I can’t yet figure out), or
PCR10 changes its value in-between quote and pcrlist being called in tpm2_deluxequote

The way deluxequote works is that it makes two calls to the TPM: one for the quote (which contains a signed aggregate of the PCR values we asked to be included in the quote) and one for the PCR values themselves (so we can send them to Keylime to check individually). There is a possibility for a (what should be rare) race condition, where the PCR values might change between these two calls.

If you notice in your exception line, you get:

Exception: Command: tpm2_deluxequote 
 ... 
'  digestSize: 32\n', 
'  digest: 3de03ee857d60d296cbaa56cb8a9f0d530a95513c12a91e4abbdd0322f137ca5\n', 
'pcrs:\n', 
'  sha256:\n', 
'    15: 0x0000000000000000000000000000000000000000000000000000000000000000\n', 
'    22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\n', 
'  sha1:\n', 
'    10: 0x7E4A2CEC74575CB11F95494628B01C3F126080AC\n', 
'calcDigest: c64308587da12db4eb3f66a9e5f0628f6720c5f747cb6fd5e1fdf03d25a0c6b5\n']

Note that the PCR10 (sha1) value there (0x7E4A2CEC74575CB11F95494628B01C3F126080AC) doesn’t match either of your PCR10 values that you got when running tpm2_pcrlist manually (0x0FC6AB4C77CA0D07CDD2C421E4C498C17A2930D9 and 0xDAF721ED477F38F108DA6D1EE9C321FE1BCDBAD0). This means that I don’t know which PCR values your TPM is using to compute its aggregate hash for sure.

But by manually calculating the aggregate hash for those three PCR values, SHA256(0x0000000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7E4A2CEC74575CB11F95494628B01C3F126080AC), I get the value that tpm2_deluxequote expected (calcDigest: c64308587da12db4eb3f66a9e5f0628f6720c5f747cb6fd5e1fdf03d25a0c6b5).

For some reason, this differs from the value provided by your TPM in the quote (digest: 3de03ee857d60d296cbaa56cb8a9f0d530a95513c12a91e4abbdd0322f137ca5), which is why this failure is being returned.

The only things I can think of is that your PCR10 is changing so quickly that it triggers this rare race condition, or your TPM is calculating the aggregate hash in a non-standard way (which I can’t confirm, since I don’t know for sure which PCR values it is using to calculate its digest).

Can you try running tpm2_pcrlist immediately before bringing the node up and immediately after so that the PCR10 values before, during and after are all consistent? If PCR10 changes very quickly then it might take a few attempts.

Also, can you check your IMA ascii_runtime_measurements file to see if something is being rapidly extended into the TPM by IMA? Maybe something is misconfigured there?

1reaction

jetwhizcommented, Mar 14, 2019

Can you uncomment all of the debug output in the tpm2_util_get_digest_from_quote function and rebuild/install the tpm2-tools?

https://github.com/keylime/tpm2-tools/blob/master/lib/tpm2_util.c#L49