tcglog

package module
v0.0.0-...-16b3d8d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 29, 2023 License: LGPL-3.0 Imports: 16 Imported by: 15

README

TCG Log Parser

This repository contains a go library for parsing TCG event logs. Also included is a simple command line tool that prints details of log entries to the console.

Relevant specifications

Documentation

Index

Constants

View Source 
const (
	SeparatorEventNormalValue    uint32 = 0
	SeparatorEventErrorValue     uint32 = 1
	SeparatorEventAltNormalValue uint32 = math.MaxUint32
)

Variables

View Source 
var (
	EFICallingEFIApplicationEvent       = StringEventData("Calling EFI Application from Boot Option")
	EFIReturningFromEFIApplicationEvent = StringEventData("Returning from EFI Application from Boot Option")
	EFIExitBootServicesInvocationEvent  = StringEventData("Exit Boot Services Invocation")
	EFIExitBootServicesFailedEvent      = StringEventData("Exit Boot Services Returned with Failure")
	EFIExitBootServicesSucceededEvent   = StringEventData("Exit Boot Services Returned with Success")
	FirmwareDebuggerEvent               = StringEventData("UEFI Debug Mode")
)

Functions

func ComputeEFIGPTDataDigest 

func ComputeEFIGPTDataDigest(alg crypto.Hash, data *EFIGPTData) ([]byte, error)

ComputeEFIGPTDataDigest computes a UEFI_GPT_DATA digest from the supplied data.

func ComputeEFIVariableDataDigest 

func ComputeEFIVariableDataDigest(alg crypto.Hash, name string, guid efi.GUID, data []byte) []byte

ComputeEFIVariableDataDigest computes the EFI_VARIABLE_DATA digest associated with the supplied parameters

func ComputeEventDigest 

func ComputeEventDigest(alg crypto.Hash, data []byte) []byte

ComputeEventDigest computes the digest associated with the supplied event data bytes, for events where the digest is a tagged hash of the event data.

func ComputeSeparatorEventDigest 

func ComputeSeparatorEventDigest(alg crypto.Hash, value uint32) []byte

ComputeSeparatorEventDigest computes the digest associated with the separator event. The value argument should be one of SeparatorEventNormalValue, SeparatorEventAltNormalValue or SeparatorEventErrorValue.

func ComputeStringEventDigest 

func ComputeStringEventDigest(alg crypto.Hash, str string) []byte

ComputeStringEventDigest computes the digest associated with the supplied string, for events where the digest is a tagged hash of the string. The function assumes that the string is ASCII encoded and measured without a terminating NULL byte.

func ComputeSystemdEFIStubCommandlineDigest 

func ComputeSystemdEFIStubCommandlineDigest(alg crypto.Hash, commandline string) []byte

ComputeSystemdEFIStubCommandlineDigest computes the digest measured by the systemd EFI stub linux loader for the specified kernel commandline. The commandline is supplied to the stub via the LoadOptions as a UTF-16 or UCS-2 string and is measured as such before being converted to ASCII and passed to the kernel. Note that it assumes that the calling bootloader includes a UTF-16 NULL terminator at the end of LoadOptions and sets LoadOptionsSize to StrLen(LoadOptions)+1.

Types

type AlgorithmIdList 

type AlgorithmIdList []tpm2.HashAlgorithmId

AlgorithmListId is a slice of tpm2.HashAlgorithmId values,

func (AlgorithmIdList) Contains 

func (l AlgorithmIdList) Contains(a tpm2.HashAlgorithmId) bool

type Digest 

type Digest []byte

Digest is the result of hashing some data.

type DigestMap 

type DigestMap map[tpm2.HashAlgorithmId]Digest

DigestMap is a map of algorithms to digests.

type EFIGPTData 

type EFIGPTData struct {
	Hdr        efi.PartitionTableHeader
	Partitions []*efi.PartitionEntry
	// contains filtered or unexported fields
}

EFIGPTData corresponds to UEFI_GPT_DATA and is the event data for EV_EFI_GPT_EVENT events.

func (EFIGPTData) Bytes 

func (b EFIGPTData) Bytes() []byte

func (*EFIGPTData) String 

func (e *EFIGPTData) String() string

func (*EFIGPTData) Write 

func (e *EFIGPTData) Write(w io.Writer) error

type EFIImageLoadEvent 

type EFIImageLoadEvent struct {
	LocationInMemory efi.PhysicalAddress
	LengthInMemory   uint64
	LinkTimeAddress  uint64
	DevicePath       efi.DevicePath
	// contains filtered or unexported fields
}

func (EFIImageLoadEvent) Bytes 

func (b EFIImageLoadEvent) Bytes() []byte

func (*EFIImageLoadEvent) String 

func (e *EFIImageLoadEvent) String() string

func (*EFIImageLoadEvent) Write 

func (e *EFIImageLoadEvent) Write(w io.Writer) error

type EFISpecIdEventAlgorithmSize 

type EFISpecIdEventAlgorithmSize struct {
	AlgorithmId tpm2.HashAlgorithmId
	DigestSize  uint16
}

EFISpecIdEventAlgorithmSize represents a digest algorithm and its length and corresponds to the TCG_EfiSpecIdEventAlgorithmSize type.

type EFIVariableData 

type EFIVariableData struct {
	VariableName efi.GUID
	UnicodeName  string
	VariableData []byte
	// contains filtered or unexported fields
}

EFIVariableData corresponds to the EFI_VARIABLE_DATA type and is the event data associated with the measurement of an EFI variable.

func (EFIVariableData) Bytes 

func (b EFIVariableData) Bytes() []byte

func (*EFIVariableData) String 

func (e *EFIVariableData) String() string

func (*EFIVariableData) Write 

func (e *EFIVariableData) Write(w io.Writer) error

type Event 

type Event struct {
	PCRIndex  PCRIndex  // PCR index to which this event was measured
	EventType EventType // The type of this event
	Digests   DigestMap // The digests corresponding to this event for the supported algorithms
	Data      EventData // The data recorded with this event
}

Event corresponds to a single event in an event log.

func ReadEvent 

func ReadEvent(r io.Reader, options *LogOptions) (*Event, error)

func ReadEventCryptoAgile 

func ReadEventCryptoAgile(r io.Reader, digestSizes []EFISpecIdEventAlgorithmSize, options *LogOptions) (*Event, error)

func (*Event) Write 

func (e *Event) Write(w io.Writer) error

Write serializes this event in non crypto-agile form to w. If the event does not contain a SHA-1 digest of the correct size, or it contains more than one digest, an error will be returned.

func (*Event) WriteCryptoAgile 

func (e *Event) WriteCryptoAgile(w io.Writer, digestSizes []EFISpecIdEventAlgorithmSize) error

WriteCryptoAgile serializes this even in crypto-agile form to w. If the event does not contain a digest of the correct size for each entry in digestSizes, or it contains more digests, an error will be returned.

type EventData 

type EventData interface {
	fmt.Stringer

	// Bytes is the raw event data bytes as they appear in the event log.
	Bytes() []byte

	// Write will serialize this event data to the supplied io.Writer.
	Write(w io.Writer) error
}

EventData represents all event data types that appear in a log. Some implementations of this are exported so that event data contents can be inspected programatically.

If an error is encountered when decoding the data associated with an event, the event data will implement the error interface which can be used for obtaining information about the decoding error.

type EventType 

type EventType uint32

EventType corresponds to the type of an event in an event log. 

const (
	EventTypePrebootCert EventType = 0x00000000 // EV_PREBOOT_CERT
	EventTypePostCode    EventType = 0x00000001 // EV_POST_CODE
	// EventTypeUnused = 0x00000002
	EventTypeNoAction             EventType = 0x00000003 // EV_NO_ACTION
	EventTypeSeparator            EventType = 0x00000004 // EV_SEPARATOR
	EventTypeAction               EventType = 0x00000005 // EV_ACTION
	EventTypeEventTag             EventType = 0x00000006 // EV_EVENT_TAG
	EventTypeSCRTMContents        EventType = 0x00000007 // EV_S_CRTM_CONTENTS
	EventTypeSCRTMVersion         EventType = 0x00000008 // EV_S_CRTM_VERSION
	EventTypeCPUMicrocode         EventType = 0x00000009 // EV_CPU_MICROCODE
	EventTypePlatformConfigFlags  EventType = 0x0000000a // EV_PLATFORM_CONFIG_FLAGS
	EventTypeTableOfDevices       EventType = 0x0000000b // EV_TABLE_OF_DEVICES
	EventTypeCompactHash          EventType = 0x0000000c // EV_COMPACT_HASH
	EventTypeIPL                  EventType = 0x0000000d // EV_IPL
	EventTypeIPLPartitionData     EventType = 0x0000000e // EV_IPL_PARTITION_DATA
	EventTypeNonhostCode          EventType = 0x0000000f // EV_NONHOST_CODE
	EventTypeNonhostConfig        EventType = 0x00000010 // EV_NONHOST_CONFIG
	EventTypeNonhostInfo          EventType = 0x00000011 // EV_NONHOST_INFO
	EventTypeOmitBootDeviceEvents EventType = 0x00000012 // EV_OMIT_BOOT_DEVICE_EVENTS

	EventTypeEFIEventBase               EventType = 0x80000000 // EV_EFI_EVENT_BASE
	EventTypeEFIVariableDriverConfig    EventType = 0x80000001 // EV_EFI_VARIABLE_DRIVER_CONFIG
	EventTypeEFIVariableBoot            EventType = 0x80000002 // EV_EFI_VARIABLE_BOOT
	EventTypeEFIBootServicesApplication EventType = 0x80000003 // EV_EFI_BOOT_SERVICES_APPLICATION
	EventTypeEFIBootServicesDriver      EventType = 0x80000004 // EV_EFI_BOOT_SERVICES_DRIVER
	EventTypeEFIRuntimeServicesDriver   EventType = 0x80000005 // EV_EFI_RUNTIME_SERVICES_DRIVER
	EventTypeEFIGPTEvent                EventType = 0x80000006 // EV_EFI_GPT_EVENT
	EventTypeEFIAction                  EventType = 0x80000007 // EV_EFI_ACTION
	EventTypeEFIPlatformFirmwareBlob    EventType = 0x80000008 // EV_EFI_PLATFORM_FIRMWARE_BLOB
	EventTypeEFIHandoffTables           EventType = 0x80000009 // EV_EFI_HANDOFF_TABLES
	EventTypeEFIPlatformFirmwareBlob2   EventType = 0x8000000a // EV_EFI_PLATFORM_FIRMWARE_BLOB2
	EventTypeEFIHandoffTables2          EventType = 0x8000000b // EV_EFI_HANDOFF_TABLES2
	EventTypeEFIVariableBoot2           EventType = 0x8000000c // EV_EFI_VARIABLE_BOOT2
	EventTypeEFIHCRTMEvent              EventType = 0x80000010 // EV_EFI_HCRTM_EVENT
	EventTypeEFIVariableAuthority       EventType = 0x800000e0 // EV_EFI_VARIABLE_AUTHORITY
	EventTypeEFISPDMFirmwareBlob        EventType = 0x800000e1 // EV_EFI_SPDM_FIRMWARE_BLOB
	EventTypeEFISPDMFirmwareConfig      EventType = 0x800000e2 // EV_EFI_SPDM_FIRMWARE_CONFIG
)

func (EventType) Format 

func (e EventType) Format(s fmt.State, f rune)

func (EventType) String 

func (e EventType) String() string

type GrubStringEventData 

type GrubStringEventData struct {
	Type GrubStringEventType
	Str  string
	// contains filtered or unexported fields
}

GrubStringEventData represents the data associated with an event measured by GRUB.

func (GrubStringEventData) Bytes 

func (b GrubStringEventData) Bytes() []byte

func (*GrubStringEventData) String 

func (e *GrubStringEventData) String() string

func (*GrubStringEventData) Write 

func (e *GrubStringEventData) Write(w io.Writer) error

type GrubStringEventType 

type GrubStringEventType string

GrubStringEventType indicates the type of data measured by GRUB in to a log by GRUB. 

const (
	// GrubCmd indicates that the data measured by GRUB is associated with a GRUB command.
	GrubCmd GrubStringEventType = "grub_cmd"

	// KernelCmdline indicates that the data measured by GRUB is associated with a kernel commandline.
	KernelCmdline = "kernel_cmdline"
)

type Log 

type Log struct {
	Spec       Spec            // The specification to which this log conforms
	Algorithms AlgorithmIdList // The digest algorithms that appear in the log
	Events     []*Event        // The list of events in the log
}

Log corresponds to a parsed event log.

func NewLogForTesting 

func NewLogForTesting(events []*Event) *Log

NewLogForTesting creates a new log instance from the supplied list of events.

func ReadLog 

func ReadLog(r io.Reader, options *LogOptions) (*Log, error)

ReadLog reads an event log read from r using the supplied options. The log must be in the format defined in one of the PC Client Platform Firmware Profile specifications. If an error occurs during parsing, this may return an incomplete list of events with the error.

func (*Log) Write 

func (l *Log) Write(w io.Writer) error

Write writes the event log to w in a format that can be read again by ReadLog. If the log is a crypto-agile log, each of the supplied events must contain a digest for each algorithm. For a non crypto-agile log, each of the events must contain a SHA-1 digest.

type LogOptions 

type LogOptions struct {
	EnableGrub           bool     // Enable support for interpreting events recorded by GRUB
	EnableSystemdEFIStub bool     // Enable support for interpreting events recorded by systemd's EFI linux loader stub
	SystemdEFIStubPCR    PCRIndex // Specify the PCR that systemd's EFI linux loader stub measures to
}

LogOptions allows the behaviour of Log to be controlled.

type OpaqueEventData 

type OpaqueEventData []byte

OpaqueEventData is event data whose format is unknown or implementation defined.

func (OpaqueEventData) Bytes 

func (d OpaqueEventData) Bytes() []byte

func (OpaqueEventData) String 

func (d OpaqueEventData) String() string

func (OpaqueEventData) Write 

func (d OpaqueEventData) Write(w io.Writer) error

type PCRIndex 

type PCRIndex uint32

PCRIndex corresponds to the index of a PCR on the TPM.

type PlatformType 

type PlatformType int
const (
	PlatformTypeUnknown PlatformType = iota
	PlatformTypeBIOS
	PlatformTypeEFI
)

type SP800_155_PlatformIdEventData 

type SP800_155_PlatformIdEventData struct {
	VendorId              uint32
	ReferenceManifestGuid efi.GUID
	// contains filtered or unexported fields
}

SP800_155_PlatformIdEventData corresponds to the event data for a SP800-155-Event EV_NO_ACTION event

func (SP800_155_PlatformIdEventData) Bytes 

func (b SP800_155_PlatformIdEventData) Bytes() []byte

func (*SP800_155_PlatformIdEventData) String 

func (e *SP800_155_PlatformIdEventData) String() string

func (*SP800_155_PlatformIdEventData) Write 

func (e *SP800_155_PlatformIdEventData) Write(w io.Writer) error

type SeparatorEventData 

type SeparatorEventData struct {
	Value uint32 // The separator value measured to the TPM
	// contains filtered or unexported fields
}

SeparatorEventData is the event data associated with a EV_SEPARATOR event.

func NewErrorSeparatorEventData 

func NewErrorSeparatorEventData(err []byte) *SeparatorEventData

func (SeparatorEventData) Bytes 

func (b SeparatorEventData) Bytes() []byte

func (*SeparatorEventData) IsError 

func (e *SeparatorEventData) IsError() bool

IsError indicates that this event was associated with an error condition. The value returned from Bytes() contains an implementation defined indication of the actual error.

func (*SeparatorEventData) String 

func (e *SeparatorEventData) String() string

func (*SeparatorEventData) Write 

func (e *SeparatorEventData) Write(w io.Writer) error

type Spec 

type Spec struct {
	PlatformType PlatformType
	Major        uint8
	Minor        uint8
	Errata       uint8
}

Spec corresponds to the TCG specification that an event log conforms to.

func (Spec) IsBIOS 

func (s Spec) IsBIOS() bool

IsBIOS indicates that a log conforms to "TCG PC Client Specific Implementation Specification for Conventional BIOS". See https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementation_1-21_1_00.pdf

func (Spec) IsEFI_1_2 

func (s Spec) IsEFI_1_2() bool

IsEFI_1_2 indicates that a log conforms to "TCG EFI Platform Specification For TPM Family 1.1 or 1.2". See https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf

func (Spec) IsEFI_2 

func (s Spec) IsEFI_2() bool

IsEFI_2 indicates that a log conforms to "TCG PC Client Platform Firmware Profile Specification" See https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf

type SpecIdEvent00 

type SpecIdEvent00 struct {
	PlatformClass    uint32
	SpecVersionMinor uint8
	SpecVersionMajor uint8
	SpecErrata       uint8
	VendorInfo       []byte
	// contains filtered or unexported fields
}

SpecIdEvent00 corresponds to the TCG_PCClientSpecIdEventStruct type and is the event data for a Specification ID Version EV_NO_ACTION event for BIOS platforms.

func (SpecIdEvent00) Bytes 

func (b SpecIdEvent00) Bytes() []byte

func (*SpecIdEvent00) String 

func (e *SpecIdEvent00) String() string

func (*SpecIdEvent00) Write 

func (e *SpecIdEvent00) Write(w io.Writer) error

type SpecIdEvent02 

type SpecIdEvent02 struct {
	PlatformClass    uint32
	SpecVersionMinor uint8
	SpecVersionMajor uint8
	SpecErrata       uint8
	UintnSize        uint8
	VendorInfo       []byte
	// contains filtered or unexported fields
}

SpecIdEvent02 corresponds to the TCG_EfiSpecIdEventStruct type and is the event data for a Specification ID Version EV_NO_ACTION event on EFI platforms for TPM family 1.2.

func (SpecIdEvent02) Bytes 

func (b SpecIdEvent02) Bytes() []byte

func (*SpecIdEvent02) String 

func (e *SpecIdEvent02) String() string

func (*SpecIdEvent02) Write 

func (e *SpecIdEvent02) Write(w io.Writer) error

type SpecIdEvent03 

type SpecIdEvent03 struct {
	PlatformClass    uint32
	SpecVersionMinor uint8
	SpecVersionMajor uint8
	SpecErrata       uint8
	UintnSize        uint8
	DigestSizes      []EFISpecIdEventAlgorithmSize // The digest algorithms contained within this log
	VendorInfo       []byte
	// contains filtered or unexported fields
}

SpecIdEvent03 corresponds to the TCG_EfiSpecIdEvent type and is the event data for a Specification ID Version EV_NO_ACTION event on EFI platforms for TPM family 2.0.

func (SpecIdEvent03) Bytes 

func (b SpecIdEvent03) Bytes() []byte

func (*SpecIdEvent03) String 

func (e *SpecIdEvent03) String() string

func (*SpecIdEvent03) Write 

func (e *SpecIdEvent03) Write(w io.Writer) error

type StartupLocalityEventData 

type StartupLocalityEventData struct {
	StartupLocality uint8
	// contains filtered or unexported fields
}

StartupLocalityEventData is the event data for a StartupLocality EV_NO_ACTION event.

func (StartupLocalityEventData) Bytes 

func (b StartupLocalityEventData) Bytes() []byte

func (*StartupLocalityEventData) String 

func (e *StartupLocalityEventData) String() string

func (*StartupLocalityEventData) Write 

func (e *StartupLocalityEventData) Write(w io.Writer) error

type StringEventData 

type StringEventData string

StringEventData corresponds to event data that is an non-NULL terminated ASCII string.

func (StringEventData) Bytes 

func (d StringEventData) Bytes() []byte

func (StringEventData) String 

func (d StringEventData) String() string

func (StringEventData) Write 

func (d StringEventData) Write(w io.Writer) error

type SystemdEFIStubCommandline 

type SystemdEFIStubCommandline struct {
	Str string
	// contains filtered or unexported fields
}

SystemdEFIStubCommandline represents a kernel commandline measured by the systemd EFI stub linux loader.

func (SystemdEFIStubCommandline) Bytes 

func (b SystemdEFIStubCommandline) Bytes() []byte

func (*SystemdEFIStubCommandline) String 

func (e *SystemdEFIStubCommandline) String() string

func (*SystemdEFIStubCommandline) Write 

func (e *SystemdEFIStubCommandline) Write(w io.Writer) error

Source Files

View all Source files

Directories

Path Synopsis
internal
flags
ioerr

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.