eventparse

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package eventparse has tools for extracting boot and runtime information from measurements.

Index

Constants

This section is empty.

Variables

View Source 
var RTMRRegisterConfig = RegisterConfig{
	Name: "RTMR",

	FirmwareDriverIdx: 2,

	SecureBootIdx: 1,

	EFIAppIdx: 2,

	ExitBootServicesIdx: 2,

	GRUBCmdIdx: 3,

	GRUBFileIdx: 3,

	AdditionalSecureBootIdxEvents: map[tcg.EventType]bool{
		tcg.CPUMicrocode:            true,
		tcg.PlatformConfigFlags:     true,
		tcg.TableOfDevices:          true,
		tcg.NonhostConfig:           true,
		tcg.EFIVariableDriverConfig: true,
		tcg.EFIVariableBoot:         true,
		tcg.EFIAction:               true,
		tcg.EFIHandoffTables2:       true,
		tcg.EFIVariableBoot2:        true,

		tcg.EFIPlatformFirmwareBlob2: true,
	},
}

RTMRRegisterConfig configures the expected indexes and event types for RTMR-based event logs.

View Source 
var TPMRegisterConfig = RegisterConfig{
	Name:                "PCR",
	FirmwareDriverIdx:   2,
	SecureBootIdx:       7,
	EFIAppIdx:           4,
	ExitBootServicesIdx: 5,
	GRUBCmdIdx:          8,
	GRUBFileIdx:         9,
}

TPMRegisterConfig configures the expected indexes and event types for TPM-based event logs.

Functions

func DigestEquals 

func DigestEquals(e tcg.Event, b []byte) error

DigestEquals returns an error if the Event digest does not match the slice.

func GetEfiState 

func GetEfiState(hash crypto.Hash, events []tcg.Event, registerCfg RegisterConfig) (*pb.EfiState, error)

GetEfiState extracts EFI app information from a UEFI TCG2 firmware event log.

func GetGrubStateForRTMRLog 

func GetGrubStateForRTMRLog(hash crypto.Hash, events []tcg.Event, _ RegisterConfig) (*pb.GrubState, error)

GetGrubStateForRTMRLog extracts GRUB commands from RTMR2.

func GetGrubStateForTPMLog 

func GetGrubStateForTPMLog(hash crypto.Hash, events []tcg.Event) (*pb.GrubState, error)

GetGrubStateForTPMLog extracts GRUB commands from PCR8 and GRUB files from 9.

func GetLinuxKernelStateFromGRUB 

func GetLinuxKernelStateFromGRUB(grub *pb.GrubState) (*pb.LinuxKernelState, error)

GetLinuxKernelStateFromGRUB extracts the kernel command line from GrubState.

func GetPlatformState 

func GetPlatformState(hash crypto.Hash, events []tcg.Event) (*pb.PlatformState, error)

GetPlatformState extracts platform information from a UEFI TCG2 firmware event log.

func GetSecureBootState 

func GetSecureBootState(replayEvents []tcg.Event, registerCfg RegisterConfig) (*pb.SecureBootState, error)

GetSecureBootState extracts Secure Boot information from a UEFI TCG2 firmware event log.

func GetSecureBootStateInsecure 

func GetSecureBootStateInsecure(replayEvents []tcg.Event, registerCfg RegisterConfig) (*pb.SecureBootState, error)

GetSecureBootStateInsecure extracts Secure Boot information from a UEFI TCG2 firmware event log in an insecure manner. TODO: we should remove this before cutting a release. We MUST remove before v0.1.0

Types

type DriverLoadSource 

type DriverLoadSource uint8

DriverLoadSource describes the logical origin of a boot services driver. 

const (
	UnknownSource DriverLoadSource = iota
	PciMmioSource
)

Known sources for loaded drivers.

type RegisterConfig 

type RegisterConfig struct {
	Name                          string
	FirmwareDriverIdx             uint32
	SecureBootIdx                 uint32
	EFIAppIdx                     uint32
	ExitBootServicesIdx           uint32
	GRUBCmdIdx                    uint32
	GRUBFileIdx                   uint32
	AdditionalSecureBootIdxEvents map[tcg.EventType]bool
}

RegisterConfig contains the measurement register technology-specific indexes expected to contain the events corresponding to various states, like EFI and Secure Boot states. This uses the event log-encoded index, e.g., PCR or CC MR (not RTMR).

type SecurebootState 

type SecurebootState struct {
	Enabled bool

	// PlatformKeys enumerates keys which can sign a key exchange key.
	PlatformKeys []x509.Certificate
	// PlatformKeys enumerates key hashes which can sign a key exchange key.
	PlatformKeyHashes [][]byte

	// ExchangeKeys enumerates keys which can sign a database of permitted or
	// forbidden keys.
	ExchangeKeys []x509.Certificate
	// ExchangeKeyHashes enumerates key hashes which can sign a database or
	// permitted or forbidden keys.
	ExchangeKeyHashes [][]byte

	// PermittedKeys enumerates keys which may sign binaries to run.
	PermittedKeys []x509.Certificate
	// PermittedHashes enumerates hashes which permit binaries to run.
	PermittedHashes [][]byte

	// ForbiddenKeys enumerates keys which must not permit a binary to run.
	ForbiddenKeys []x509.Certificate
	// ForbiddenKeys enumerates hashes which must not permit a binary to run.
	ForbiddenHashes [][]byte

	// PreSeparatorAuthority describes the use of a secure-boot key to authorize
	// the execution of a binary before the separator.
	PreSeparatorAuthority []x509.Certificate
	// PostSeparatorAuthority describes the use of a secure-boot key to authorize
	// the execution of a binary after the separator.
	PostSeparatorAuthority []x509.Certificate

	// DriverLoadSourceHints describes the origin of boot services drivers.
	// This data is not tamper-proof and must only be used as a hint.
	DriverLoadSourceHints []DriverLoadSource

	// DMAProtectionDisabled is true if the platform reports during boot that
	// DMA protection is supported but disabled.
	//
	// See: https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-kernel-dma-protection
	DMAProtectionDisabled bool
}

SecurebootState describes the secure boot status of a machine, as determined by processing its event log.

func ParseSecurebootState 

func ParseSecurebootState(events []tcg.Event, registerCfg RegisterConfig) (*SecurebootState, error)

ParseSecurebootState parses a series of events to determine the configuration of secure boot on a device. An error is returned if the state cannot be determined, or if the event log is structured in such a way that it may have been tampered post-execution of platform firmware.

func ParseSecurebootStateInsecure 

func ParseSecurebootStateInsecure(events []tcg.Event, registerCfg RegisterConfig) (*SecurebootState, error)

ParseSecurebootStateInsecure is a fork of ParseSecurebootState that relaxes checks for duplicate separators.

func ParseSecurebootStateLegacy 

func ParseSecurebootStateLegacy(events []tcg.Event) (*SecurebootState, error)

ParseSecurebootStateLegacy parses a series of events to determine the configuration of secure boot on a device. An error is returned if the state cannot be determined, or if the event log is structured in such a way that it may have been tampered post-execution of platform firmware. ParseSecurebootStateLegacy assumes events are sourced from a TPM event log. It is meant for use with go-attestation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.