In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with @@species accessor property allowing attackers to escape the sandbox and run arbitrary code.
Simon Schürg schuerg
leesh3288
/ vm2_3.9.19_sandbox_escape_1.md
Last active
May 20, 2024 01:14
Sandbox Escape in vm2@3.9.19 via `Promise[@@species]`
katrinafyi
/ luks-tpm2-dracut-systemd-cryptenroll.md
Last active
April 7, 2024 20:37
Setting up TPM2-backed encryption on LUKS with systemd-cryptenroll and dracut.
This documents how to add a TPM2-backed key to an existing LUKS root partition, first done with EndeavourOS in June 2023. In particular, it covers the dracut (instead of mkinitcpio) and systemd-cryptenroll (instead of clevis). Previously, we used clevis but this was slow to act while booting.
- Have a LUKS partition using LUKS2. If you're using LUKS1, this can be upgraded with
sudo cryptsetup convert --type luks2 /dev/nvme. If you've previously used clevis, this may leave metadata which breaks the upgrade. This can be removed withsudo luksmeta nuke -d /dev/nvme. - Add the tpm2-tss module to dracut by creating
/etc/drcaut.conf.d/tpm.confwith the following content:
OlderNewer