CVE-2023-43636 (edge_virtualization_engine)

In EVE OS, the “measured boot� mechanism prevents a compromised device from accessing
the encrypted data located in the vault.

As per the “measured boot� design, the PCR values calculated at different stages of the boot
process will change if any of their respective parts are changed.

This includes, among other things, the configuration of the bios, grub, the kernel cmdline,
initrd, and more.

However, this mechanism does not validate the entire rootfs, so an attacker can edit the
filesystem …

bios boot change compromised configuration cve data design device encrypted encrypted data eve mechanism parts process things vault