Attacks on pcr extension

[OmarAberkan]

Hi, I am wondering if the kernel and u-boot patches described in the paper will cover these kind of attacks?

[jeremyncc]

Yes, PCR Extension can be attacked by a bus interposer. Unless the kernel of U-Boot uses an authorization session (thereby appending an HMAC to the command), then a MITM on the serial bus can replace the measurement with any other hash. U-Boot does not use authorization sessions, so they're vulnerable. Similarly, the Linux kernel is in process of designing a solution but it has not yet landed (https://lwn.net/Articles/772559/).