Merge branch 'master' into aca-test-validation

2025-04-08 11:54:27 +00:00 · 2020-07-29 09:47:41 -04:00 · 2020-07-29 09:47:41 -04:00 · 6ae95da3a0
commit 6ae95da3a0
parent c46b416504 32fcecd48a
7 changed files with 162 additions and 27 deletions
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
@ -30,6 +30,8 @@ import java.util.UUID;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.logging.log4j.LogManager;
@ -59,6 +61,7 @@ public class ReferenceManifestPageController
        extends PageController<NoPageParams> {

    private static final String BIOS_RELEASE_DATE_FORMAT = "yyyy-MM-dd";
+    private static final String LOG_FILE_PATTERN = "([^\\s]+(\\.(?i)(rim|rimel|bin|log))$)";

    private final BiosDateValidator biosValidator;
    private final ReferenceManifestManager referenceManifestManager;
@ -193,9 +196,9 @@ public class ReferenceManifestPageController
        // loop through the files
        for (MultipartFile file : files) {
            fileName = file.getOriginalFilename();
-            if (fileName.toLowerCase().endsWith("swidtag")) {
-                rims.add(file);
-            } else {
+            Pattern pattern = Pattern.compile(LOG_FILE_PATTERN);
+            Matcher matcher = pattern.matcher(fileName);
+            if (matcher.matches()) {
                filePath = Paths.get(String.format("%s/%s",
                            SwidResource.RESOURCE_UPLOAD_FOLDER,
                            file.getOriginalFilename()));
@ -212,6 +215,10 @@ public class ReferenceManifestPageController
                        "%s successfully uploaded", file.getOriginalFilename());
                messages.addSuccess(uploadCompletedMessage);
                LOGGER.info(uploadCompletedMessage);
+            } else {
+                // assume it is a swid tag, processing below will throw and error
+                // if it is not.
+                rims.add(file);
            }
        }

@ -225,10 +232,6 @@ public class ReferenceManifestPageController
                        messages,
                        rim,
                        referenceManifestManager);
-
-                for (SwidResource swidRes : rim.parseResource()) {
-                    System.out.println("testing this section!");
-                }
            }
        }

--- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
@ -469,7 +469,7 @@ public class ReferenceManifest extends ArchivableEntity {
        if (jaxbe != null) {
            return jaxbe;
        } else {
-            throw new IOException("Invalid swidtag file!");
+            throw new IOException("Invalid Base RIM, swidtag format expected.");
        }
    }

--- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/events/EvEfiBootServicesApp.java
+++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/events/EvEfiBootServicesApp.java
@ -27,12 +27,12 @@ import hirs.utils.HexUtils;
 *    } EFI_DEVICE_PATH_PROTOCOL;    // ref page of the UEFI spec
 *
 *    Where Type and Subtype are defined the UEFI spec section 10.3.1
- *    Type 0x01 – Hardware Device Path
- *    Type 0x02 – ACPI Device Path
- *    Type 0x03 – Messaging Device Path
- *    Type 0x04 – Media Device Path
- *    Type 0x05 – BIOS Boot Specification Device Path
- *    Type 0x7F – End of Hardware Device Path
+ *    Type 0x01  Hardware Device Path
+ *    Type 0x02  ACPI Device Path
+ *    Type 0x03  Messaging Device Path
+ *    Type 0x04  Media Device Path
+ *    Type 0x05  BIOS Boot Specification Device Path
+ *    Type 0x7F  End of Hardware Device Path
 */
 public class EvEfiBootServicesApp {
   /** UEFI Address. */
--- a/build.gradle
+++ b/build.gradle
@ -1,6 +1,3 @@
-task wrapper(type: Wrapper) {
-    gradleVersion = '2.10'
-}

 allprojects {
    task addPlugins << {
--- a/tools/tcg_eventlog_tool/README.md
+++ b/tools/tcg_eventlog_tool/README.md
@ -1,28 +1,73 @@
-To support the [PC Client RIM Specification](https://trustedcomputinggroup.org/wp-content/uploads/TCG_PC_Client_RIM_r0p15_15june2020.pdf) which utilizes the TPM Event Log as a Support RIM type , it was useful to 
-have a tool for inspecting the contents of the [TPM event log](https://github.com/nsacyber/HIRS/wiki/TPM-Event-Logs). A Linux command line tool named "elt" (event log tool) has been 
-created to parse and print human readable output, provide hedicimal evnts which can be used as test patterns, and to 
-compare event logs for providing details on what events miscompared. 
+To support the [PC Client RIM Specification](https://trustedcomputinggroup.org/wp-content/uploads/TCG_PC_Client_RIM_r0p15_15june2020.pdf) which utilizes the TPM Event Log as a Support RIM type , it was useful to have a tool for inspecting the contents of the [TPM event log](https://github.com/nsacyber/HIRS/wiki/TPM-Event-Logs). A Linux command line tool named "elt" (event log tool) has been created to parse and print human readable output, provide hexidecimal events which can be used as test patterns, and to compare event logs for providing details on what events miscompared. 
+
+Note that a TCG Event Log will only be populated on a given device if the device:
+1. Utilizes TCG compliant UEFI Firmware.
+2. Has a TPM 1.2 or 2.0 that has been activated prior to the current boot.
+3. Has a TCG aware OS (Most flavors of Linux and Windows 10).
+
+The defualt locations for the TCG Event Log are:
+* Windows:  C:\Windows\Logs\MeasuredBoot\  
+* Linux:    /sys/kernel/security/tpm0/    with a default name of "binary_bios_measurements"

 # Building
-To build this tool navigate to the tcg_eventlog-tool directory and use the following commmand: 
+
+## Linux
+To build this tool navigate to the tcg_eventlog-tool directory and use the following command: 
 > ./gradlew clean build

+## Windows 10
+Several options exist for building on Windows 10:
+
+1. Windows command shell (CMD.exe):
+   *  Navigate to the tcg_eventlog_tool folder and run the widows gradle wrapper:
+   >  gradlew.bat clean build
+2. Windows powershell with Windows Subsystem for Linux enabled. 
+   *  Navigate to the tcg_eventlog_tool folder and run the Linux gradle wrapper:
+   > ./gradlew clean build
+
+In both cases the tcg_eventlog_tool-X.X.jar file should have been placed in the build\libs\tools\ (Windows) or build/libs/tools/ (Linux) folder.
+
+# Packaging
+Currenty only a install file for Linux RPM is supported.
+
 To create an RPM on a linux device use the following command in the dame directory:
 > ./gradlew builRPM

+# Installing
+Currenty only a install package for Linux is supported. 
+
 To install this tool use the following commmand from the same directory:
 > sudo yum localinstall build/distrobutions/tgc_rim_tool.*.rpm

 # Usage
-The tcg_eventlog_tool can be invoked using the elt command has various command line options to view all, specific events,
-or specific PCRs. 
+## Linux
+
+The tcg_eventlog_tool installation package provides an elt command. The elt command has various command line options to view all event , specific events,
+or to display expected PCRs. 
+
 Current options for the tool can be found using the -h option:

 > elt -h

-With No FILE the default event log path (e.g. /sys/kernel/security/tpm0/binary_bios_measurements o  Linux) is used.
- Note admin privileges are required for accessing the default path in Linux.
+With No FILE the default event log path (e.g. /sys/kernel/security/tpm0/binary_bios_measurements on Linux) is used.
+Note admin privileges are required for accessing the default path in Linux.
+
 All OPTIONS must be separated by a space delimiter, no concatenation of OPTIONS is currently supported.

 An example output for the tcg_eventlog_tool filtering on event 1 would be:
 > elt -f ~/TpmLog.bin -e 1
+
+## Windows
+Currently there is not a install package for the tcg_eventlog_tool for windows. it can be invoked usinng java:
+
+To run the tcg_eventlog_tool from the a command shell:
+
+navigate to the tcg_eventlog_tool folder
+invoke using java -jar option to the tcg_eventlog_tool jar file with options:
+
+> java -jar build\libs\tools\tcg_eventlog_tool-1.0.jar -h
+
+another example:
+
+> java -jar build\libs\tools\tcg_eventlog_tool-1.0.jar -f C:\Windows\Logs\MeasuredBoot\0000000059-0000000000.log -e
+
--- a/tools/tcg_eventlog_tool/gradlew.bat
+++ b/tools/tcg_eventlog_tool/gradlew.bat
@ -0,0 +1,90 @@
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS=
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windowz variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+if "%@eval[2+2]" == "4" goto 4NT_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+goto execute
+
+:4NT_args
+@rem Get arguments from the 4NT Shell from JP Software
+set CMD_LINE_ARGS=%$
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
--- a/tools/tcg_rim_tool/README.md
+++ b/tools/tcg_rim_tool/README.md
@ -19,6 +19,6 @@ The tcg_rim_tool rpm will create a rim commandline shortcut. This can be invoked

 The tcg_eventlog_tool also can be invoked using java:

-> java -jar build/lib.tools/tcg_rim_tool-1.0.jar -h
+> java -jar build/libs/tools/tcg_rim_tool-1.0.jar -h

 Current options for the tool can be found using the -h option.