[S] Change in coreboot[master]: vboot: Allow for comparison of hash without zero-padding - coreboot-gerrit

23 Nov 2022


      Attention is currently required from: Caveh Jalali, Julius Werner, Yu-Ping Wu, Boris Mittelberg.
Jakub Czapiga has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/69762 )
Change subject: vboot: Allow for comparison of hash without zero-padding
......................................................................
Patch Set 6:
(1 comment)
File src/security/vboot/vboot_logic.c:
https://review.coreboot.org/c/coreboot/+/69762/comment/716ed1e8_ae35b0a9 
PS5, Line 99: 		if (slot_hash_sz < saved_hash_sz) {
...
Not sure why we need to bother checking the extra zeroes?
Hmm. I was thinking about some potential attack strategy which could be used in case when we did not perform full comparison, but after talking to my colleagues about this I think it's pointless and would not make any difference at all.
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/69762
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If6d46e0b58dbca86af56221b7ff2606ab2d1799a
Gerrit-Change-Number: 69762
Gerrit-PatchSet: 6
Gerrit-Owner: Jakub Czapiga jacz@semihalf.com
Gerrit-Reviewer: Boris Mittelberg bmbm@google.com
Gerrit-Reviewer: Caveh Jalali caveh@chromium.org
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Yu-Ping Wu yupingso@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-Attention: Caveh Jalali caveh@chromium.org
Gerrit-Attention: Julius Werner jwerner@chromium.org
Gerrit-Attention: Yu-Ping Wu yupingso@google.com
Gerrit-Attention: Boris Mittelberg bmbm@google.com
Gerrit-Comment-Date: Wed, 23 Nov 2022 15:22:27 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Julius Werner jwerner@chromium.org
Gerrit-MessageType: comment