Documentation
¶
Index ¶
Constants ¶
const (
PhysAddrBase = tpmeventlog.PhysAddrBase
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Issue ¶
type Issue error
Issue is a non-critical problem
func ReproduceEventLog ¶
func ReproduceEventLog( eventLog *tpmeventlog.TPMEventLog, hashAlgo tpmeventlog.TPMAlgorithm, inMeasurements pcr.Measurements, imageBytes []byte, settings SettingsReproduceEventLog, ) (bool, *registers.ACMPolicyStatus, []Issue, error)
ReproduceEventLog verifies measurements through TPM EventLog. If successful, the first returned variable is true; all mismatches are reported via `[]Issue`; and if ACM_POLICY_STATUS should be amended, then the updated value is returned as the second variable.
Current algorithm already supports disabling measurements, may be in future we will return the rest amended measurements as well.
Currently we focus only on SHA1 measurements to simplify the code.
type ReproducePCR0Result ¶
type ReproducePCR0Result struct {
Locality uint8
CorrectACMPolicyStatus *registers.ACMPolicyStatus
DisabledMeasurements pcr.Measurements
}
ReproducePCR0Result represents the applied PCR bruteforce methods: check different localities, ACM_POLICY_STATUS, disabling measurements
func ReproduceExpectedPCR0 ¶
func ReproduceExpectedPCR0( ctx context.Context, expectedPCR0 []byte, flow pcr.Flow, measurements pcr.Measurements, imageBytes []byte, settings SettingsReproducePCR0, ) (*ReproducePCR0Result, error)
ReproduceExpectedPCR0 brute-forces measurements to achieve the expected PCR0 SHA1 or SHA256 value.
If succeeded to reproduce, then `isSuccess` is true.
The updated ACM_POLICY_STATUS value is returned as `updatedACMPolicyStatus`.
All the problems are returned through `returnErr`.
Current algorithm already supports disabling measurements, may be in future we will return the rest amended measurements as well.
type SettingsBruteforceACMPolicyStatus ¶
type SettingsBruteforceACMPolicyStatus struct {
// EnableACMPolicyCombinatorialStrategy enables a strategy to brute-force ACM Policy
// Status register by finding a combination of bits to flip. This was the
// initial approach before the nature of the corruptions was investaged,
// and it became clear that a more effective strategy is just linear decrement.
EnableACMPolicyCombinatorialStrategy bool
// the limit for the combinatorial bruteforcer (expensive)
MaxACMPolicyCombinatorialDistance int
// MaxACMPolicyLinearDistance specifies a range of linear bruteforcer to try:
// [initial value of ACM_POLICY_STATUS - MaxACMPolicyLinearDistance : initial value of ACM_POLICY_STATUS + MaxACMPolicyLinearDistance]
MaxACMPolicyLinearDistance int
}
SettingsBruteforceACMPolicyStatus defines settings of how to reproduce Intel ACM Policy Status.
func DefaultSettingsBruteforceACMPolicyStatus ¶
func DefaultSettingsBruteforceACMPolicyStatus() SettingsBruteforceACMPolicyStatus
DefaultSettingsBruteforceACMPolicyStatus returns recommended default settings to reproduce ACM Policy Status (given its digest and a close value).
type SettingsReproduceEventLog ¶
type SettingsReproduceEventLog struct {
SettingsBruteforceACMPolicyStatus
DisabledEventsMaxDistance uint64
}
SettingsReproduceEventLog defines settings for internal bruteforce algorithms used in ReproduceEventLog
func DefaultSettingsReproduceEventLog ¶
func DefaultSettingsReproduceEventLog() SettingsReproduceEventLog
DefaultSettingsReproduceEventLog returns recommended default PCR0 settings
type SettingsReproducePCR0 ¶
type SettingsReproducePCR0 struct {
MaxDisabledMeasurements int
SettingsBruteforceACMPolicyStatus
}
SettingsReproducePCR0 defines settings for internal bruteforce algorithms used in ReproduceExpectedPCR0
func DefaultSettingsReproducePCR0 ¶
func DefaultSettingsReproducePCR0() SettingsReproducePCR0
DefaultSettingsReproducePCR0 returns recommeneded default PCR0 settings
Source Files