Documentation ¶
Index ¶
- Constants
- Variables
- func ComputeEFIGPTDataDigest(alg crypto.Hash, data *EFIGPTData) ([]byte, error)
- func ComputeEFIVariableDataDigest(alg crypto.Hash, name string, guid efi.GUID, data []byte) []byte
- func ComputeEventDigest(alg crypto.Hash, data []byte) []byte
- func ComputeSeparatorEventDigest(alg crypto.Hash, value uint32) []byte
- func ComputeStringEventDigest(alg crypto.Hash, str string) []byte
- func ComputeSystemdEFIStubCommandlineDigest(alg crypto.Hash, commandline string) []byte
- func WriteLog(w io.Writer, events []*Event) error
- type AlgorithmIdList
- type Digest
- type DigestMap
- type EFIGPTData
- type EFIImageLoadEvent
- type EFISpecIdEventAlgorithmSize
- type EFIVariableData
- type Event
- type EventData
- type EventType
- type GrubStringEventData
- type GrubStringEventType
- type Log
- type LogOptions
- type OpaqueEventData
- type PCRIndex
- type PlatformType
- type SP800_155_PlatformIdEventData
- type SeparatorEventData
- type Spec
- type SpecIdEvent00
- type SpecIdEvent02
- type SpecIdEvent03
- type StartupLocalityEventData
- type StringEventData
- type SystemdEFIStubCommandline
Constants ¶
Variables ¶
var ( EFICallingEFIApplicationEvent = StringEventData("Calling EFI Application from Boot Option") EFIReturningFromEFIApplicationEvent = StringEventData("Returning from EFI Application from Boot Option") EFIExitBootServicesInvocationEvent = StringEventData("Exit Boot Services Invocation") EFIExitBootServicesFailedEvent = StringEventData("Exit Boot Services Returned with Failure") EFIExitBootServicesSucceededEvent = StringEventData("Exit Boot Services Returned with Success") FirmwareDebuggerEvent = StringEventData("UEFI Debug Mode") )
Functions ¶
func ComputeEFIGPTDataDigest ¶
func ComputeEFIGPTDataDigest(alg crypto.Hash, data *EFIGPTData) ([]byte, error)
ComputeEFIGPTDataDigest computes a UEFI_GPT_DATA digest from the supplied data.
func ComputeEFIVariableDataDigest ¶
ComputeEFIVariableDataDigest computes the EFI_VARIABLE_DATA digest associated with the supplied parameters
func ComputeEventDigest ¶
ComputeEventDigest computes the digest associated with the supplied event data bytes, for events where the digest is a tagged hash of the event data.
func ComputeSeparatorEventDigest ¶
ComputeSeparatorEventDigest computes the digest associated with the separator event. The value argument should be one of SeparatorEventNormalValue, SeparatorEventAltNormalValue or SeparatorEventErrorValue.
func ComputeStringEventDigest ¶
ComputeStringEventDigest computes the digest associated with the supplied string, for events where the digest is a tagged hash of the string. The function assumes that the string is ASCII encoded and measured without a terminating NULL byte.
func ComputeSystemdEFIStubCommandlineDigest ¶
ComputeSystemdEFIStubCommandlineDigest computes the digest measured by the systemd EFI stub linux loader for the specified kernel commandline. The commandline is supplied to the stub via the LoadOptions as a UTF-16 or UCS-2 string and is measured as such before being converted to ASCII and passed to the kernel. Note that it assumes that the calling bootloader includes a UTF-16 NULL terminator at the end of LoadOptions and sets LoadOptionsSize to StrLen(LoadOptions)+1.
func WriteLog ¶ added in v0.0.3
WriteLog writes an event log to w from the supplied events, in a format that can be read again by ReadLog. The first event must be a Specification ID event. If the Specification ID event specifies a crypto-agile log, the digest algorithms must all be supported by go and the specified sizes must all be correct. Each of the supplied events must contain a digest for each algorithm. For a non crypto-agile log, each of the supplied events must contain a SHA-1 digest.
This function is only useful for generating reproducible data for use in tests.
Types ¶
type AlgorithmIdList ¶
type AlgorithmIdList []tpm2.HashAlgorithmId
AlgorithmListId is a slice of tpm2.HashAlgorithmId values,
func (AlgorithmIdList) Contains ¶
func (l AlgorithmIdList) Contains(a tpm2.HashAlgorithmId) bool
type DigestMap ¶
type DigestMap map[tpm2.HashAlgorithmId]Digest
DigestMap is a map of algorithms to digests.
type EFIGPTData ¶
type EFIGPTData struct { Hdr efi.PartitionTableHeader Partitions []*efi.PartitionEntry // contains filtered or unexported fields }
EFIGPTData corresponds to UEFI_GPT_DATA and is the event data for EV_EFI_GPT_EVENT events.
func (*EFIGPTData) String ¶
func (e *EFIGPTData) String() string
type EFIImageLoadEvent ¶
type EFIImageLoadEvent struct { LocationInMemory efi.PhysicalAddress LengthInMemory uint64 LinkTimeAddress uint64 DevicePath efi.DevicePath // contains filtered or unexported fields }
func (*EFIImageLoadEvent) String ¶
func (e *EFIImageLoadEvent) String() string
type EFISpecIdEventAlgorithmSize ¶
type EFISpecIdEventAlgorithmSize struct { AlgorithmId tpm2.HashAlgorithmId DigestSize uint16 }
EFISpecIdEventAlgorithmSize represents a digest algorithm and its length and corresponds to the TCG_EfiSpecIdEventAlgorithmSize type.
type EFIVariableData ¶
type EFIVariableData struct { VariableName efi.GUID UnicodeName string VariableData []byte // contains filtered or unexported fields }
EFIVariableData corresponds to the EFI_VARIABLE_DATA type and is the event data associated with the measurement of an EFI variable.
func (*EFIVariableData) String ¶
func (e *EFIVariableData) String() string
type Event ¶
type Event struct { PCRIndex PCRIndex // PCR index to which this event was measured EventType EventType // The type of this event Digests DigestMap // The digests corresponding to this event for the supported algorithms Data EventData // The data recorded with this event }
Event corresponds to a single event in an event log.
func ReadEventCryptoAgile ¶
func ReadEventCryptoAgile(r io.Reader, digestSizes []EFISpecIdEventAlgorithmSize, options *LogOptions) (*Event, error)
type EventData ¶
type EventData interface { fmt.Stringer // Bytes is the raw event data bytes as they appear in the event log. Bytes() []byte // Write will serialize this event data to the supplied io.Writer. Write(w io.Writer) error }
EventData represents all event data types that appear in a log. Some implementations of this are exported so that event data contents can be inspected programatically.
If an error is encountered when decoding the data associated with an event, the event data will implement the error interface which can be used for obtaining information about the decoding error.
type EventType ¶
type EventType uint32
EventType corresponds to the type of an event in an event log.
const ( EventTypePrebootCert EventType = 0x00000000 // EV_PREBOOT_CERT EventTypePostCode EventType = 0x00000001 // EV_POST_CODE // EventTypeUnused = 0x00000002 EventTypeNoAction EventType = 0x00000003 // EV_NO_ACTION EventTypeSeparator EventType = 0x00000004 // EV_SEPARATOR EventTypeAction EventType = 0x00000005 // EV_ACTION EventTypeEventTag EventType = 0x00000006 // EV_EVENT_TAG EventTypeSCRTMContents EventType = 0x00000007 // EV_S_CRTM_CONTENTS EventTypeSCRTMVersion EventType = 0x00000008 // EV_S_CRTM_VERSION EventTypeCPUMicrocode EventType = 0x00000009 // EV_CPU_MICROCODE EventTypePlatformConfigFlags EventType = 0x0000000a // EV_PLATFORM_CONFIG_FLAGS EventTypeTableOfDevices EventType = 0x0000000b // EV_TABLE_OF_DEVICES EventTypeCompactHash EventType = 0x0000000c // EV_COMPACT_HASH EventTypeIPL EventType = 0x0000000d // EV_IPL EventTypeIPLPartitionData EventType = 0x0000000e // EV_IPL_PARTITION_DATA EventTypeNonhostCode EventType = 0x0000000f // EV_NONHOST_CODE EventTypeNonhostConfig EventType = 0x00000010 // EV_NONHOST_CONFIG EventTypeNonhostInfo EventType = 0x00000011 // EV_NONHOST_INFO EventTypeOmitBootDeviceEvents EventType = 0x00000012 // EV_OMIT_BOOT_DEVICE_EVENTS EventTypeEFIEventBase EventType = 0x80000000 // EV_EFI_EVENT_BASE EventTypeEFIVariableDriverConfig EventType = 0x80000001 // EV_EFI_VARIABLE_DRIVER_CONFIG EventTypeEFIVariableBoot EventType = 0x80000002 // EV_EFI_VARIABLE_BOOT EventTypeEFIBootServicesApplication EventType = 0x80000003 // EV_EFI_BOOT_SERVICES_APPLICATION EventTypeEFIBootServicesDriver EventType = 0x80000004 // EV_EFI_BOOT_SERVICES_DRIVER EventTypeEFIRuntimeServicesDriver EventType = 0x80000005 // EV_EFI_RUNTIME_SERVICES_DRIVER EventTypeEFIGPTEvent EventType = 0x80000006 // EV_EFI_GPT_EVENT EventTypeEFIAction EventType = 0x80000007 // EV_EFI_ACTION EventTypeEFIPlatformFirmwareBlob EventType = 0x80000008 // EV_EFI_PLATFORM_FIRMWARE_BLOB EventTypeEFIHandoffTables EventType = 0x80000009 // EV_EFI_HANDOFF_TABLES EventTypeEFIPlatformFirmwareBlob2 EventType = 0x8000000a // EV_EFI_PLATFORM_FIRMWARE_BLOB2 EventTypeEFIHandoffTables2 EventType = 0x8000000b // EV_EFI_HANDOFF_TABLES2 EventTypeEFIVariableBoot2 EventType = 0x8000000c // EV_EFI_VARIABLE_BOOT2 EventTypeEFIHCRTMEvent EventType = 0x80000010 // EV_EFI_HCRTM_EVENT EventTypeEFIVariableAuthority EventType = 0x800000e0 // EV_EFI_VARIABLE_AUTHORITY EventTypeEFISPDMFirmwareBlob EventType = 0x800000e1 // EV_EFI_SPDM_FIRMWARE_BLOB EventTypeEFISPDMFirmwareConfig EventType = 0x800000e2 // EV_EFI_SPDM_FIRMWARE_CONFIG )
type GrubStringEventData ¶
type GrubStringEventData struct { Type GrubStringEventType Str string // contains filtered or unexported fields }
GrubStringEventData represents the data associated with an event measured by GRUB.
func (*GrubStringEventData) String ¶
func (e *GrubStringEventData) String() string
type GrubStringEventType ¶
type GrubStringEventType string
GrubStringEventType indicates the type of data measured by GRUB in to a log by GRUB.
const ( // GrubCmd indicates that the data measured by GRUB is associated with a GRUB command. GrubCmd GrubStringEventType = "grub_cmd" // KernelCmdline indicates that the data measured by GRUB is associated with a kernel commandline. KernelCmdline = "kernel_cmdline" )
type Log ¶
type Log struct { Spec Spec // The specification to which this log conforms Algorithms AlgorithmIdList // The digest algorithms that appear in the log Events []*Event // The list of events in the log }
Log corresponds to a parsed event log.
func ReadLog ¶
func ReadLog(r io.Reader, options *LogOptions) (*Log, error)
ReadLog reads an event log read from r using the supplied options. The log must be in the format defined in one of the PC Client Platform Firmware Profile specifications. If an error occurs during parsing, this may return an incomplete list of events with the error.
type LogOptions ¶
type LogOptions struct { EnableGrub bool // Enable support for interpreting events recorded by GRUB EnableSystemdEFIStub bool // Enable support for interpreting events recorded by systemd's EFI linux loader stub SystemdEFIStubPCR PCRIndex // Specify the PCR that systemd's EFI linux loader stub measures to }
LogOptions allows the behaviour of Log to be controlled.
type OpaqueEventData ¶
type OpaqueEventData []byte
OpaqueEventData is event data whose format is unknown or implementation defined.
func (OpaqueEventData) Bytes ¶
func (d OpaqueEventData) Bytes() []byte
func (OpaqueEventData) String ¶
func (d OpaqueEventData) String() string
type PlatformType ¶
type PlatformType int
const ( PlatformTypeUnknown PlatformType = iota PlatformTypeBIOS PlatformTypeEFI )
type SP800_155_PlatformIdEventData ¶
type SP800_155_PlatformIdEventData struct { VendorId uint32 ReferenceManifestGuid efi.GUID // contains filtered or unexported fields }
SP800_155_PlatformIdEventData corresponds to the event data for a SP800-155-Event EV_NO_ACTION event
func (*SP800_155_PlatformIdEventData) String ¶
func (e *SP800_155_PlatformIdEventData) String() string
type SeparatorEventData ¶
type SeparatorEventData struct { Value uint32 // The separator value measured to the TPM // contains filtered or unexported fields }
SeparatorEventData is the event data associated with a EV_SEPARATOR event.
func NewErrorSeparatorEventData ¶
func NewErrorSeparatorEventData(err []byte) *SeparatorEventData
func (*SeparatorEventData) IsError ¶
func (e *SeparatorEventData) IsError() bool
IsError indicates that this event was associated with an error condition. The value returned from Bytes() contains an implementation defined indication of the actual error.
func (*SeparatorEventData) String ¶
func (e *SeparatorEventData) String() string
type Spec ¶
type Spec struct { PlatformType PlatformType Major uint8 Minor uint8 Errata uint8 }
Spec corresponds to the TCG specification that an event log conforms to.
func (Spec) IsBIOS ¶
IsBIOS indicates that a log conforms to "TCG PC Client Specific Implementation Specification for Conventional BIOS". See https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementation_1-21_1_00.pdf
func (Spec) IsEFI_1_2 ¶
IsEFI_1_2 indicates that a log conforms to "TCG EFI Platform Specification For TPM Family 1.1 or 1.2". See https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf
func (Spec) IsEFI_2 ¶
IsEFI_2 indicates that a log conforms to "TCG PC Client Platform Firmware Profile Specification" See https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf
type SpecIdEvent00 ¶
type SpecIdEvent00 struct { PlatformClass uint32 SpecVersionMinor uint8 SpecVersionMajor uint8 SpecErrata uint8 VendorInfo []byte // contains filtered or unexported fields }
SpecIdEvent00 corresponds to the TCG_PCClientSpecIdEventStruct type and is the event data for a Specification ID Version EV_NO_ACTION event for BIOS platforms.
func (*SpecIdEvent00) String ¶
func (e *SpecIdEvent00) String() string
type SpecIdEvent02 ¶
type SpecIdEvent02 struct { PlatformClass uint32 SpecVersionMinor uint8 SpecVersionMajor uint8 SpecErrata uint8 UintnSize uint8 VendorInfo []byte // contains filtered or unexported fields }
SpecIdEvent02 corresponds to the TCG_EfiSpecIdEventStruct type and is the event data for a Specification ID Version EV_NO_ACTION event on EFI platforms for TPM family 1.2.
func (*SpecIdEvent02) String ¶
func (e *SpecIdEvent02) String() string
type SpecIdEvent03 ¶
type SpecIdEvent03 struct { PlatformClass uint32 SpecVersionMinor uint8 SpecVersionMajor uint8 SpecErrata uint8 UintnSize uint8 DigestSizes []EFISpecIdEventAlgorithmSize // The digest algorithms contained within this log VendorInfo []byte // contains filtered or unexported fields }
SpecIdEvent03 corresponds to the TCG_EfiSpecIdEvent type and is the event data for a Specification ID Version EV_NO_ACTION event on EFI platforms for TPM family 2.0.
func (*SpecIdEvent03) String ¶
func (e *SpecIdEvent03) String() string
type StartupLocalityEventData ¶
type StartupLocalityEventData struct { StartupLocality uint8 // contains filtered or unexported fields }
StartupLocalityEventData is the event data for a StartupLocality EV_NO_ACTION event.
func (*StartupLocalityEventData) String ¶
func (e *StartupLocalityEventData) String() string
type StringEventData ¶
type StringEventData string
StringEventData corresponds to event data that is an non-NULL terminated ASCII string.
func (StringEventData) Bytes ¶
func (d StringEventData) Bytes() []byte
func (StringEventData) String ¶
func (d StringEventData) String() string
type SystemdEFIStubCommandline ¶
type SystemdEFIStubCommandline struct { Str string // contains filtered or unexported fields }
SystemdEFIStubCommandline represents a kernel commandline measured by the systemd EFI stub linux loader.
func (*SystemdEFIStubCommandline) String ¶
func (e *SystemdEFIStubCommandline) String() string