CVE-2023-43635 (edge_virtualization_engine)

Vault Key Sealed With SHA1 PCRs






The measured boot solution implemented in EVE OS leans on a PCR locking mechanism.

Different parts of the system update different PCR values in the TPM, resulting in a unique
value for each PCR entry.

These PCRs are then used in order to seal/unseal a key from the TPM which is used to
encrypt/decrypt the “vault� directory.

This “vaultâ€� directory is the most sensitive point in the system and as such, its content should …

boot cve entry eve key mechanism order parts sha1 solution system tpm update value vault