LibremKey/Nitrokey Pro without tpm: PoC extended to extract from cbfs…

… and measure modules containing the following keywords: fallback|heads|microcode|cmos|data|config|bootblock
tlaurion · Dec 29, 2018 · 100751d · 100751d
1 parent 4f90888
commit 100751d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh
@@ -43,7 +43,7 @@ flash_rom() {
     #flashrom $FLASHROM_OPTIONS -r "${ROM}" 1&>2 >/dev/null \
     #|| die "$ROM: Read failed"
     #sha256sum ${ROM} | cut -f1 -d ' '
-    cbfs --list | grep -E 'fallback|heads|microcode|bootblock' | while read CBFS_FILES; do cbfs -r $CBFS_FILES; done | sha256sum | cut -f1 -d ' '
+    cbfs --list | grep -E 'fallback|heads|microcode|cmos|data|config|bootblock' | while read CBFS_FILES; do cbfs -r $CBFS_FILES; done | sha256sum | cut -f1 -d ' '
   else
     cp "$ROM" /tmp/${CONFIG_BOARD}.rom
     sha256sum /tmp/${CONFIG_BOARD}.rom

diff --git a/initrd/bin/unseal-hotp b/initrd/bin/unseal-hotp
@@ -39,7 +39,7 @@ else
   #  sha256sum ${ROM_IMAGE} | cut -f1 -d ' ' | cut -c 1-20 | tr -d '\n' > $HOTP_SECRET
   #else
     #flash.sh -s ${ROM_IMAGE} | cut -c 1-20 | tr -d '\n' > $HOTP_SECRET
-  cbfs --list | grep -E 'fallback|heads|microcode|bootblock' | while read CBFS_FILES; do cbfs -r $CBFS_FILES; done | sha256sum | cut -f1 -d ' ' | cut -c 1-20 | tr -d '\n' > $HOTP_SECRET 
+  cbfs --list | grep -E 'fallback|heads|microcode|cmos|data|config|bootblock' | while read CBFS_FILES; do cbfs -r $CBFS_FILES; done | sha256sum | cut -f1 -d ' ' | cut -c 1-20 | tr -d '\n' > $HOTP_SECRET 
   #fi
 fi