mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-21 13:57:56 +00:00
Merge pull request #330 from nsacyber/firmware-summary
[#329] Firmware Tests summary
This commit is contained in:
commit
49f8fd3ed4
@ -24,7 +24,6 @@ import java.util.HashMap;
|
|||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
@ -324,6 +323,20 @@ public class ReferenceManifestDetailsPageController
|
|||||||
data.put("associatedRim", support.getAssociatedRim());
|
data.put("associatedRim", support.getAssociatedRim());
|
||||||
data.put("rimType", support.getRimType());
|
data.put("rimType", support.getRimType());
|
||||||
data.put("tagId", support.getTagId());
|
data.put("tagId", support.getTagId());
|
||||||
|
boolean crtm = false;
|
||||||
|
boolean bootManager = false;
|
||||||
|
boolean osLoader = false;
|
||||||
|
boolean osKernel = false;
|
||||||
|
boolean acpiTables = false;
|
||||||
|
boolean smbiosTables = false;
|
||||||
|
boolean gptTable = false;
|
||||||
|
boolean bootOrder = false;
|
||||||
|
boolean defaultBootDevice = false;
|
||||||
|
boolean secureBoot = false;
|
||||||
|
boolean pk = false;
|
||||||
|
boolean kek = false;
|
||||||
|
boolean sigDb = false;
|
||||||
|
boolean forbiddenDbx = false;
|
||||||
|
|
||||||
TCGEventLog logProcessor = new TCGEventLog(support.getRimBytes());
|
TCGEventLog logProcessor = new TCGEventLog(support.getRimBytes());
|
||||||
LinkedList<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
|
LinkedList<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
|
||||||
@ -343,6 +356,61 @@ public class ReferenceManifestDetailsPageController
|
|||||||
data.put("events", logProcessor.getEventList());
|
data.put("events", logProcessor.getEventList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String contentStr;
|
||||||
|
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
|
||||||
|
contentStr = tpe.getEventContentStr();
|
||||||
|
// check for specific events
|
||||||
|
if (contentStr.contains("CRTM")) {
|
||||||
|
crtm = true;
|
||||||
|
} else if (contentStr.contains("shimx64.efi")
|
||||||
|
|| contentStr.contains("bootmgfw.efi")) {
|
||||||
|
bootManager = true;
|
||||||
|
} else if (contentStr.contains("grubx64.efi")
|
||||||
|
|| contentStr.contains("winload.efi")) {
|
||||||
|
osLoader = true;
|
||||||
|
} else if (contentStr.contains("vmlinuz")
|
||||||
|
|| contentStr.contains("ntoskrnl.exe")) {
|
||||||
|
osKernel = true;
|
||||||
|
} else if (contentStr.contains("ACPI")) {
|
||||||
|
acpiTables = true;
|
||||||
|
} else if (contentStr.contains("SMBIOS")) {
|
||||||
|
smbiosTables = true;
|
||||||
|
} else if (contentStr.contains("GPT")) {
|
||||||
|
gptTable = true;
|
||||||
|
} else if (contentStr.contains("BootOrder")) {
|
||||||
|
bootOrder = true;
|
||||||
|
} else if (contentStr.contains("Boot0000")) {
|
||||||
|
defaultBootDevice = true;
|
||||||
|
} else if (contentStr.contains("variable named PK")) {
|
||||||
|
pk = true;
|
||||||
|
} else if (contentStr.contains("variable named KEK")) {
|
||||||
|
kek = true;
|
||||||
|
} else if (contentStr.contains("variable named db")) {
|
||||||
|
if (contentStr.contains("dbx")) {
|
||||||
|
forbiddenDbx = true;
|
||||||
|
} else {
|
||||||
|
sigDb = true;
|
||||||
|
}
|
||||||
|
} else if (contentStr.contains("Secure Boot is enabled")) {
|
||||||
|
secureBoot = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data.put("crtm", crtm);
|
||||||
|
data.put("bootManager", bootManager);
|
||||||
|
data.put("osLoader", osLoader);
|
||||||
|
data.put("osKernel", osKernel);
|
||||||
|
data.put("acpiTables", acpiTables);
|
||||||
|
data.put("smbiosTables", smbiosTables);
|
||||||
|
data.put("gptTable", gptTable);
|
||||||
|
data.put("bootOrder", bootOrder);
|
||||||
|
data.put("defaultBootDevice", defaultBootDevice);
|
||||||
|
data.put("secureBoot", secureBoot);
|
||||||
|
data.put("pk", pk);
|
||||||
|
data.put("kek", kek);
|
||||||
|
data.put("sigDb", sigDb);
|
||||||
|
data.put("forbiddenDbx", forbiddenDbx);
|
||||||
|
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -407,10 +475,6 @@ public class ReferenceManifestDetailsPageController
|
|||||||
data.put("supportEvents", supportEvents);
|
data.put("supportEvents", supportEvents);
|
||||||
data.put("livelogEvents", livelogEvents);
|
data.put("livelogEvents", livelogEvents);
|
||||||
|
|
||||||
for (Map.Entry<String, Object> entry : data.entrySet()) {
|
|
||||||
LOGGER.error(String.format("%s -> %s", entry.getKey(),
|
|
||||||
String.valueOf(entry.getValue())));
|
|
||||||
}
|
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -41,8 +41,148 @@
|
|||||||
</c:choose>
|
</c:choose>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-md-1 col-md-offset-1">
|
||||||
|
<span class="colRimHeader">
|
||||||
|
<a role="button" data-toggle="collapse" class="collapsed" href="#eventOptions"
|
||||||
|
aria-expanded="true" data-placement="top" aria-controls="eventOptions">
|
||||||
|
Event Summary
|
||||||
|
</a>
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
<div id="eventsCol" class="col col-md-8">
|
||||||
|
<div id="eventOptions" class="collapse" class="collapsed" aria-expanded="false">
|
||||||
|
<ul>
|
||||||
|
<li>This Support RIM file covers the following critical items:</li>
|
||||||
|
<ul>
|
||||||
|
<c:if test="${initialData.crtm || initialData.bootManager || initialData.osLoader || initialData.osKernel}">
|
||||||
|
<li>PC Client Boot path</li>
|
||||||
|
</c:if>
|
||||||
|
<ul>
|
||||||
|
<c:if test="${initialData.crtm}">
|
||||||
|
<li>Software Core Root of Trust for Measurement (SRTM)</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.bootManager}">
|
||||||
|
<li>Boot Manager</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.osLoader}">
|
||||||
|
<li>OS Loader</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.osKernel}">
|
||||||
|
<li>OS Kernel</li>
|
||||||
|
</c:if>
|
||||||
|
</ul>
|
||||||
|
<c:if test="${initialData.acpiTables || initialData.smbiosTables || initialData.gptTable || initialData.defaultBootDevice}">
|
||||||
|
<li>Device Configuration</li>
|
||||||
|
</c:if>
|
||||||
|
<ul>
|
||||||
|
<c:if test="${initialData.acpiTables}">
|
||||||
|
<li>ACPI Tables</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.smbiosTables}">
|
||||||
|
<li>SMBIOS Tables</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.gptTable}">
|
||||||
|
<li>GPT Table</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.bootOrder}">
|
||||||
|
<li>Boot Order</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.defaultBootDevice}">
|
||||||
|
<li>Default boot device</li>
|
||||||
|
</c:if>
|
||||||
|
</ul>
|
||||||
|
<c:if test="${initialData.secureBoot || initialData.pk || initialData.kek || initialData.sigDb || initialData.forbiddenDbx}">
|
||||||
|
<li>Secure Boot Variables</li>
|
||||||
|
</c:if>
|
||||||
|
<ul>
|
||||||
|
<c:if test="${initialData.secureBoot}">
|
||||||
|
<li>Secure Boot Enabled</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.pk}">
|
||||||
|
<li>Platform Key (PK)</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.kek}">
|
||||||
|
<li>Key Exchange Key (KEK)</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.sigDb}">
|
||||||
|
<li>Signature Database (db)</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${initialData.forbiddenDbx}">
|
||||||
|
<li>Forbidden Signatures Database (dbx)</li>
|
||||||
|
</c:if>
|
||||||
|
</ul>
|
||||||
|
</ul>
|
||||||
|
</ul>
|
||||||
|
<ul>
|
||||||
|
<li>The Support RIM file does NOT covers the following critical items:</li>
|
||||||
|
<ul>
|
||||||
|
<c:if test="${not initialData.crtm || not initialData.bootManager || not initialData.osLoader || not initialData.osKernel}">
|
||||||
|
<li>PC Client Boot path</li>
|
||||||
|
</c:if>
|
||||||
|
<ul>
|
||||||
|
<c:if test="${not initialData.crtm}">
|
||||||
|
<li>Software Core Root of Trust for Measurement (SRTM)</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.bootManager}">
|
||||||
|
<li>Boot Manager</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.osLoader}">
|
||||||
|
<li>OS Loader</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.osKernel}">
|
||||||
|
<li>OS Kernel</li>
|
||||||
|
</c:if>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<c:if test="${not initialData.acpiTables || not initialData.smbiosTables || not initialData.gptTable || not initialData.bootOrder || not initialData.defaultBootDevice}">
|
||||||
|
<li>Device Configuration</li>
|
||||||
|
</c:if>
|
||||||
|
<ul>
|
||||||
|
<c:if test="${not initialData.acpiTables}">
|
||||||
|
<li>ACPI Tables</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.smbiosTables}">
|
||||||
|
<li>SMBIOS Tables</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.gptTable}">
|
||||||
|
<li>GPT Table</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.bootOrder}">
|
||||||
|
<li>Boot Order</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.defaultBootDevice}">
|
||||||
|
<li>Default boot device</li>
|
||||||
|
</c:if>
|
||||||
|
</ul>
|
||||||
|
<c:if test="${not initialData.secureBoot || not initialData.pk || not initialData.kek || not initialData.sigDb || not initialData.forbiddenDbx}">
|
||||||
|
<li>Secure Boot Variables</li>
|
||||||
|
</c:if>
|
||||||
|
<ul>
|
||||||
|
<c:if test="${not initialData.secureBoot}">
|
||||||
|
<li>Secure Boot Enabled</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.pk}">
|
||||||
|
<li>Platform Key (PK)</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.kek}">
|
||||||
|
<li>Key Exchange Key (KEK)</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.sigDb}">
|
||||||
|
<li>Signature Database (db)</li>
|
||||||
|
</c:if>
|
||||||
|
<c:if test="${not initialData.forbiddenDbx}">
|
||||||
|
<li>Forbidden Signatures Database (dbx)</li>
|
||||||
|
</c:if>
|
||||||
|
</ul>
|
||||||
|
</ul>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<div id="tableDivTag">
|
<div id="tableDivTag">
|
||||||
<input type="text" id="eventInput" onkeyup="eventSearch()" placeholder="Search for text..." /><br />
|
<input type="text" id="eventInput" onkeyup="eventSearch(null)" placeholder="Search for text..." /><br />
|
||||||
<table id="eventLog">
|
<table id="eventLog">
|
||||||
<thead>
|
<thead>
|
||||||
<tr class="header">
|
<tr class="header">
|
||||||
@ -364,11 +504,17 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<script>
|
<script>
|
||||||
function eventSearch() {
|
function eventSearch(txtInput) {
|
||||||
// Declare variables
|
// Declare variables
|
||||||
var input, filter, table, tr, td, i, txtValue, txtFound;
|
var input, filter, table, tr, td, i, txtValue, txtFound;
|
||||||
|
|
||||||
|
if (txtInput === null) {
|
||||||
input = document.getElementById("eventInput");
|
input = document.getElementById("eventInput");
|
||||||
filter = input.value.toUpperCase();
|
filter = input.value.toUpperCase();
|
||||||
|
} else {
|
||||||
|
filter = txtInput;
|
||||||
|
}
|
||||||
|
|
||||||
table = document.getElementById("eventLog");
|
table = document.getElementById("eventLog");
|
||||||
tr = table.getElementsByTagName("tr");
|
tr = table.getElementsByTagName("tr");
|
||||||
|
|
||||||
|
@ -14,6 +14,11 @@
|
|||||||
overflow-y: scroll;
|
overflow-y: scroll;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.colRimHeader{
|
||||||
|
font-weight: bold;
|
||||||
|
margin: auto 0;
|
||||||
|
}
|
||||||
|
|
||||||
#eventLog {
|
#eventLog {
|
||||||
border-collapse: collapse; /* Collapse borders */
|
border-collapse: collapse; /* Collapse borders */
|
||||||
width: 100%;
|
width: 100%;
|
||||||
|
Loading…
Reference in New Issue
Block a user