diff --git a/HIRS_Utils/src/main/java/hirs/utils/PciIds.java b/HIRS_Utils/src/main/java/hirs/utils/PciIds.java index bab597c4..7fdf5dd7 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/PciIds.java +++ b/HIRS_Utils/src/main/java/hirs/utils/PciIds.java @@ -66,7 +66,7 @@ public final class PciIds { static { if (!DB.isReady()) { - // if pciids file is found on the system, then process using this + // if pciids file is found on the system, then process using this file String dbFile = null; for (final String path : PCI_IDS_PATH) { if ((new File(path)).exists()) { @@ -79,7 +79,7 @@ public final class PciIds { if(dbFile != null) { InputStream is = null; try { - is = new FileInputStream(new File(dbFile)); + is = new FileInputStream(dbFile); DB.loadStream(is); pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM; } catch (IOException e) { @@ -98,17 +98,19 @@ public final class PciIds { // if pciids file is not found on the system or not accessible, then attempt to grab it from code if(pciidsFileStatus == UefiConstants.FILESTATUS_NOT_ACCESSIBLE) { - InputStream istemp = PciIds.class.getResourceAsStream(PCIIDS_FILENAME); - try { - DB.loadStream(istemp); - pciidsFileStatus = UefiConstants.FILESTATUS_FROM_CODE; - } catch (IOException e) { - // DB will not be ready, hardware IDs will not be translated - } finally { - if (istemp != null) { - try { - istemp.close(); - } catch (IOException e) { + InputStream isFromCode = PciIds.class.getResourceAsStream(PCIIDS_FILENAME); + if(isFromCode != null) { + try { + DB.loadStream(isFromCode); + pciidsFileStatus = UefiConstants.FILESTATUS_FROM_CODE; + } catch (IOException e) { + // DB will not be ready, hardware IDs will not be translated + } finally { + if (isFromCode != null) { + try { + isFromCode.close(); + } catch (IOException e) { + } } } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java index a7acffbd..5cee1b93 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java @@ -180,13 +180,12 @@ public final class TCGEventLog { != UefiConstants.FILESTATUS_FROM_FILESYSTEM)) { vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus(); } - if ((vendorTableFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE) - && (eventList.get(eventNumber - 1).getVendorTableFileStatus() + //similar to above with vendor-table.json file, but here with pci.ids file + if ((pciidsFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE) + && (eventList.get(eventNumber - 1).getPciidsFileStatus() != UefiConstants.FILESTATUS_FROM_FILESYSTEM)) { - vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus(); + pciidsFileStatus = eventList.get(eventNumber - 1).getPciidsFileStatus(); } - - //add pci here } calculatePcrValues(); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java index 53451dd5..5f686ba6 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java @@ -448,6 +448,7 @@ public class TpmPcrEvent { specVersion = noAction.getSpecVersion(); specErrataVersion = noAction.getSpecErrataVersion(); } + pciidsFileStatus = noAction.getPciidsFileStatus(); break; case EvConstants.EV_SEPARATOR: if (EvPostCode.isAscii(content)) { diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java index c73654c0..e45f17a2 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java @@ -62,8 +62,12 @@ public abstract class DeviceSecurityEvent { private String deviceContextInfo = ""; /** - * Track status of pci.ids file. - * This is only needed if DeviceSecurityEvent includes a DeviceSecurityEventDataPciContext + * Track status of pci.ids + * This is only used for events that access the pci.ids file. + * (In this class, this is only needed if DeviceSecurityEvent includes a DeviceSecurityEventDataPciContext) + * Default is normal status (normal status is from-filesystem). + * Status will only change IF this is an event that uses this file, + * and if that event causes a different status. */ @Getter private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM; @@ -92,6 +96,8 @@ public abstract class DeviceSecurityEvent { } else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_PCI) { dsedPciContext = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes); deviceContextInfo = dsedPciContext.toString(); + // getPciidsFileStatus() must be called after DeviceSecurityEventDataPciContext.toString(), + // because the toString function is where the pciids db gets set up and used pciidsFileStatus = dsedPciContext.getPciidsFileStatus(); } else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_USB) { deviceContextInfo = " Device Type: USB - To be implemented"; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java index e3877e77..df757c38 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java @@ -6,8 +6,6 @@ import lombok.Getter; import java.nio.charset.StandardCharsets; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM; - /** * Abstract class to process any SPDM event that is solely a DEVICE_SECURITY_EVENT_DATA or * DEVICE_SECURITY_EVENT_DATA2. The event field MUST be a @@ -56,7 +54,7 @@ public class EvEfiSpdmDeviceSecurityEvent { * and if that event causes a different status. */ @Getter - private String pciidsFileStatus = FILESTATUS_FROM_FILESYSTEM; + private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM; /** * EvEfiSpdmFirmwareBlob constructor. diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java index 5e38264d..19bd913c 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java @@ -53,6 +53,16 @@ public class EvNoAction { @Getter private String noActionInfo = ""; + /** + * Track status of pci.ids + * This is only used for events that access the pci.ids file. + * Default is normal status (normal status is from-filesystem). + * Status will only change IF this is an event that uses this file, + * and if that event causes a different status. + */ + @Getter + private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM; + /** * EvNoAction constructor. * @@ -78,9 +88,11 @@ public class EvNoAction { } else if (signature.contains("NvIndexInstance")) { NvIndexInstanceEventLogData nvIndexInstanceEvent = new NvIndexInstanceEventLogData(eventData); noActionInfo += nvIndexInstanceEvent.toString(); + pciidsFileStatus = nvIndexInstanceEvent.getPciidsFileStatus(); } else if (signature.contains("NvIndexDynamic")) { NvIndexDynamicEventLogData nvIndexDynamicEvent = new NvIndexDynamicEventLogData(eventData); noActionInfo += nvIndexDynamicEvent.toString(); + pciidsFileStatus = nvIndexDynamicEvent.getPciidsFileStatus(); } else { noActionInfo = " EV_NO_ACTION event named \"" + signature + "\" encountered but support for processing it has not been" diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java index f4318959..8c3a60b3 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java @@ -1,6 +1,8 @@ package hirs.utils.tpm.eventlog.events; import hirs.utils.HexUtils; +import hirs.utils.tpm.eventlog.uefi.UefiConstants; +import lombok.Getter; import java.nio.charset.StandardCharsets; @@ -36,6 +38,16 @@ public class NvIndexDynamicEventLogData { */ private String nvIndexDynamicInfo = ""; + /** + * Track status of pci.ids + * This is only used for events that access the pci.ids file. + * Default is normal status (normal status is from-filesystem). + * Status will only change IF this is an event that uses this file, + * and if that event causes a different status. + */ + @Getter + private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM; + /** * NvIndexInstanceEventLogData constructor. * diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java index 1e6e9134..534925ab 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java @@ -1,6 +1,8 @@ package hirs.utils.tpm.eventlog.events; import hirs.utils.HexUtils; +import hirs.utils.tpm.eventlog.uefi.UefiConstants; +import lombok.Getter; import java.nio.charset.StandardCharsets; @@ -38,6 +40,16 @@ public class NvIndexInstanceEventLogData { */ private String nvIndexInstanceInfo = ""; + /** + * Track status of pci.ids + * This is only used for events that access the pci.ids file. + * Default is normal status (normal status is from-filesystem). + * Status will only change IF this is an event that uses this file, + * and if that event causes a different status. + */ + @Getter + private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM; + /** * NvIndexInstanceEventLogData constructor. * @@ -84,6 +96,7 @@ public class NvIndexInstanceEventLogData { if (dsedVersion.equals("0200")) { dsed = new DeviceSecurityEventData2(dsedEventData); nvIndexInstanceInfo += dsed.toString(); + pciidsFileStatus = dsed.getPciidsFileStatus(); } else { nvIndexInstanceInfo += " Incompatible version for DeviceSecurityEventData2: " + dsedVersion + "\n"; diff --git a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java index c87bb5c6..e09733da 100644 --- a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java +++ b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java @@ -136,13 +136,24 @@ final class Main { + evLog.getEventList().size() + " events:\n\n"); } if (evLog.getVendorTableFileStatus() == FILESTATUS_NOT_ACCESSIBLE) { - writeOut("*** WARNING: The file vendor-table.json was not accessible from the " - + "filesystem or the code, so some event data shown in the output of this " - + "tool may be outdated or omitted.\n\n"); + writeOut("*** WARNING: " + + "The file vendor-table.json was not accessible from the filesystem or the code,\n" + + " so some event data shown in the output of this tool may be outdated\n" + + " or omitted.\n\n"); } else if (evLog.getVendorTableFileStatus() == FILESTATUS_FROM_CODE) { - writeOut("*** NOTE: " + writeOut("*** NOTE: " + "The file vendor-table.json file was not accessible from the filesystem,\n" - + " so the vendor-table.json from code was used.\n\n"); + + " so the vendor-table.json from code was used.\n\n"); + } + if (evLog.getPciidsFileStatus() == FILESTATUS_NOT_ACCESSIBLE) { + writeOut("*** WARNING: " + + "The file pci.ids was not accessible from the filesystem or the code,\n" + + " so some pci device info lookups in the output of this tool\n" + + " may be omitted or the hex code may be used instead.\n\n"); + } else if (evLog.getPciidsFileStatus() == FILESTATUS_FROM_CODE) { + writeOut("*** NOTE: " + + "The file pci.ids file was not accessible from the filesystem,\n" + + " so the pci.ids from code was used.\n\n"); } } int eventCount = 0;