From 97ef83938335ddefbd81de68476f79a8c13960c2 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Fri, 10 May 2024 20:26:58 -0400 Subject: [PATCH 01/17] temp code to find out how to tell if json reference to vendor-table.json object is empty --- .../src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java | 4 ++++ .../java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java | 3 +++ 2 files changed, 7 insertions(+) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 188f4327..5eacf3dd 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -45,6 +45,10 @@ public class UefiGuid { System.arraycopy(guidBytes, 0, guid, 0, UefiConstants.SIZE_16); uuid = processGuid(guidBytes); uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_PATH, "VendorTable"); + + if(uefiVendorRef.isEmpty()) { + System.out.println("XXXX IS EMPTY"); + } } /** diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index c5c14a11..c5f574b3 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -114,6 +114,9 @@ public class UefiSignatureList { byte[] guid = new byte[UefiConstants.SIZE_16]; lists.read(guid); signatureType = new UefiGuid(guid); +// if(signatureType.getVendorTableReference().isEmpty()) { +// System.out.println("XXXX IS EMPTY"); +// } // if signatureType is invalid, don't even process any of the data // however, if signatureTYpe is valid, but some of the data later on is invalid, that will From 667b9c0392d8762e22c164d3cf665605a5d8b5e9 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Fri, 10 May 2024 20:40:40 -0400 Subject: [PATCH 02/17] added function to check emptiness of file handle --- .../java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 5eacf3dd..d4d97370 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -101,6 +101,17 @@ public class UefiGuid { return UefiConstants.SIZE_16; } + /** + * + * Checks whether the handle to the file needed to look up the UUID is valid. If empty, + * this likely means the file was not accessible to due to existence or permissions. + * + * @return true if the reference to the file handle needed to look up the UUID is empty + */ + public boolean isUefiVendorRefEmpty() { + return uefiVendorRef.isEmpty(); + } + /** * Returns a String that represents a specification name referenced by the * EFI_CONFIGURATION_TABLE VendorGUID field. For structure of From 93c3109b297d99e95b052529d115af320711067d Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Tue, 14 May 2024 13:22:03 -0400 Subject: [PATCH 03/17] propogated the error where vendor-table is not accessible through the classes, so that it can be printed out at the beginning of the list of event printouts --- .../hirs/utils/tpm/eventlog/TCGEventLog.java | 8 +++++++ .../hirs/utils/tpm/eventlog/TpmPcrEvent.java | 21 +++++++++++++++++-- .../utils/tpm/eventlog/uefi/UefiGuid.java | 7 +------ .../tpm/eventlog/uefi/UefiSignatureList.java | 11 +++++++--- .../utils/tpm/eventlog/uefi/UefiVariable.java | 10 +++++++++ .../src/main/java/hirs/tcg_eventlog/Main.java | 4 ++++ 6 files changed, 50 insertions(+), 11 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java index 44123f3b..da86554f 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java @@ -77,6 +77,11 @@ public final class TCGEventLog { /** Event Output Flag use. */ @Getter private boolean bCryptoAgile = false; + /** Track if vendor-table file is inaccessible. + * If vendor-table file is not used, this remains false. + * */ + @Getter + private boolean bVendorTableFileInaccessbile = false; /** * Default blank object constructor. @@ -147,6 +152,9 @@ public final class TCGEventLog { } else { eventList.put(eventNumber, new TpmPcrEvent1(is, eventNumber++)); } + if(eventList.get(eventNumber-1).isBVendorTableFileInaccessbile()) { + bVendorTableFileInaccessbile = true; + } } calculatePcrValues(); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java index 128e7853..407b681a 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java @@ -117,6 +117,12 @@ public class TpmPcrEvent { @Setter @Getter private boolean error = false; + /** Track if vendor-table file is inaccessible. + * If vendor-table file is not used, this remains false. + * */ + @Getter + private boolean bVendorTableFileInaccessbile = false; + /** * Constructor. * @@ -508,9 +514,16 @@ public class TpmPcrEvent { String efiVarDescription = efiVar.toString().replace("\n", "\n "); description += "Event Content:\n " + efiVarDescription.substring(0, efiVarDescription.length() - INDENT_3); + if(efiVar.isBVendorTableFileInaccessbile()) { + bVendorTableFileInaccessbile = true; + } break; case EvConstants.EV_EFI_VARIABLE_BOOT: - description += "Event Content:\n" + new UefiVariable(content).toString(); + UefiVariable efiVarBoot = new UefiVariable(content); + description += "Event Content:\n" + efiVarBoot.toString(); + if(efiVarBoot.isBVendorTableFileInaccessbile()) { + bVendorTableFileInaccessbile = true; + } break; case EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION: EvEfiBootServicesApp bootServices = new EvEfiBootServicesApp(content); @@ -539,7 +552,11 @@ public class TpmPcrEvent { case EvConstants.EV_EFI_HCRTM_EVENT: break; case EvConstants.EV_EFI_VARIABLE_AUTHORITY: - description += "Event Content:\n" + new UefiVariable(content).toString(); + UefiVariable efiVarAuth = new UefiVariable(content); + description += "Event Content:\n" + efiVarAuth.toString(); + if(efiVarAuth.isBVendorTableFileInaccessbile()) { + bVendorTableFileInaccessbile = true; + } break; case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB: description += "Event Content:\n" + new EvEfiSpdmFirmwareBlob(content).toString(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index d4d97370..e0feae84 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -45,10 +45,6 @@ public class UefiGuid { System.arraycopy(guidBytes, 0, guid, 0, UefiConstants.SIZE_16); uuid = processGuid(guidBytes); uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_PATH, "VendorTable"); - - if(uefiVendorRef.isEmpty()) { - System.out.println("XXXX IS EMPTY"); - } } /** @@ -102,13 +98,12 @@ public class UefiGuid { } /** - * * Checks whether the handle to the file needed to look up the UUID is valid. If empty, * this likely means the file was not accessible to due to existence or permissions. * * @return true if the reference to the file handle needed to look up the UUID is empty */ - public boolean isUefiVendorRefEmpty() { + public boolean isVendorTableReferenceHandleEmpty() { return uefiVendorRef.isEmpty(); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index c5f574b3..ebc8f63d 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -69,6 +69,11 @@ public class UefiSignatureList { * Type of signature. */ private UefiGuid signatureType = null; + /** Track if vendor-table file is inaccessible. + * If vendor-table file is not used, this remains false. + * */ + @Getter + private boolean bVendorTableFileInaccessbile = false; /** * UefiSignatureList constructor. @@ -114,9 +119,9 @@ public class UefiSignatureList { byte[] guid = new byte[UefiConstants.SIZE_16]; lists.read(guid); signatureType = new UefiGuid(guid); -// if(signatureType.getVendorTableReference().isEmpty()) { -// System.out.println("XXXX IS EMPTY"); -// } + if(signatureType.isVendorTableReferenceHandleEmpty()) { + bVendorTableFileInaccessbile = true; + } // if signatureType is invalid, don't even process any of the data // however, if signatureTYpe is valid, but some of the data later on is invalid, that will diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java index f57e418e..ca159cdc 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java @@ -63,6 +63,12 @@ public class UefiVariable { */ private byte[] uefiVariableData = null; + /** Track if vendor-table file is inaccessible. + * If vendor-table file is not used, this remains false. + * */ + @Getter + private boolean bVendorTableFileInaccessbile = false; + /** * EFIVariable constructor. * The UEFI_VARIABLE_DATA contains a "VariableName" field which is used to determine @@ -147,6 +153,9 @@ public class UefiVariable { UefiSignatureList list; list = new UefiSignatureList(certData); // efiVariableSigListContents += list.toString(); + if(list.isBVendorTableFileInaccessbile()) { + bVendorTableFileInaccessbile = true; + } if(!list.isSignatureTypeValid()) { invalidSignatureListEncountered = true; invalidSignatureListStatus = list.toString(); @@ -163,6 +172,7 @@ public class UefiVariable { */ public String toString() { StringBuilder efiVariable = new StringBuilder(); + efiVariable.append("UEFI Variable Name: " + efiVarName + "\n"); efiVariable.append("UEFI Variable GUID: " + uefiVarGuid.toString() + "\n"); if (efiVarName != "") { diff --git a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java index 6d41143a..ce49ccf6 100644 --- a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java +++ b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java @@ -127,6 +127,10 @@ final class Main { writeOut("\nEvent Log follows the \"SHA1\" format and has " + evLog.getEventList().size() + " events:\n\n"); } + if (evLog.isBVendorTableFileInaccessbile()) { + writeOut("*** WARNING: The file vendor-table.json file was not accessible so data " + + "in some Secure Boot PCR 7 events cannot be processed.\n\n"); + } } int eventCount = 0; for (TpmPcrEvent event : evLog.getEventList()) { From 89369aaa27b478733759164783fd2bec14e7cc69 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Tue, 14 May 2024 15:06:20 -0400 Subject: [PATCH 04/17] added variable to track file status through the object calls, specifically vendor-table.json file --- .../java/hirs/utils/tpm/eventlog/TCGEventLog.java | 9 +++++++++ .../java/hirs/utils/tpm/eventlog/TpmPcrEvent.java | 15 +++++++++++++++ .../utils/tpm/eventlog/uefi/UefiConstants.java | 15 +++++++++++++++ .../tpm/eventlog/uefi/UefiSignatureList.java | 7 +++++++ .../utils/tpm/eventlog/uefi/UefiVariable.java | 9 +++++++++ .../src/main/java/hirs/tcg_eventlog/Main.java | 5 +++++ 6 files changed, 60 insertions(+) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java index da86554f..2b788c7c 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java @@ -20,6 +20,9 @@ import java.security.cert.CertificateException; import java.util.Collection; import java.util.LinkedHashMap; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NORMAL; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; + /** * Class for handling different formats of TCG Event logs. */ @@ -82,6 +85,9 @@ public final class TCGEventLog { * */ @Getter private boolean bVendorTableFileInaccessbile = false; + /** Track status of vendor-table.json */ + @Getter + private String bVendorTableFileStatus = FILE_NORMAL; /** * Default blank object constructor. @@ -155,6 +161,9 @@ public final class TCGEventLog { if(eventList.get(eventNumber-1).isBVendorTableFileInaccessbile()) { bVendorTableFileInaccessbile = true; } + if(eventList.get(eventNumber-1).getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { + bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; + } } calculatePcrValues(); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java index 407b681a..89d4a12f 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java @@ -33,6 +33,9 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.Arrays; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NORMAL; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; + /** * Class to process a TCG_PCR_EVENT. * TCG_PCR_EVENT is used when the Event log uses the SHA1 Format as described in the @@ -122,6 +125,9 @@ public class TpmPcrEvent { * */ @Getter private boolean bVendorTableFileInaccessbile = false; + /** Track status of vendor-table.json */ + @Getter + private String bVendorTableFileStatus = FILE_NORMAL; /** * Constructor. @@ -517,6 +523,9 @@ public class TpmPcrEvent { if(efiVar.isBVendorTableFileInaccessbile()) { bVendorTableFileInaccessbile = true; } + if(efiVar.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { + bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; + } break; case EvConstants.EV_EFI_VARIABLE_BOOT: UefiVariable efiVarBoot = new UefiVariable(content); @@ -524,6 +533,9 @@ public class TpmPcrEvent { if(efiVarBoot.isBVendorTableFileInaccessbile()) { bVendorTableFileInaccessbile = true; } + if(efiVarBoot.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { + bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; + } break; case EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION: EvEfiBootServicesApp bootServices = new EvEfiBootServicesApp(content); @@ -557,6 +569,9 @@ public class TpmPcrEvent { if(efiVarAuth.isBVendorTableFileInaccessbile()) { bVendorTableFileInaccessbile = true; } + if(efiVarAuth.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { + bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; + } break; case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB: description += "Event Content:\n" + new EvEfiSpdmFirmwareBlob(content).toString(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiConstants.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiConstants.java index 8e1f9dc7..a30dc00a 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiConstants.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiConstants.java @@ -271,4 +271,19 @@ public final class UefiConstants { * standard UEFI partition table lengh. */ public static final int UEFI_PT_LENGTH = 72; + /** + * file status, where file was successfully found on local machine + */ + public static final String FILE_NORMAL = "fileNormal"; + /** + * file status, where file is not accessible + */ + public static final String FILE_NOT_ACCESSIBLE = "fileNotAccessible"; + /** + * file status, where file was not found on the local machine, + * and so file from the code was used. + * For instance, if vendor-table.json is not found in /etc/hirs/aca/default-properties/, + * it will be grabbed from code at HIRS_AttestationCA/src/main/resources/. + */ + public static final String FILE_FROM_CODE_USED = "fileFromCodeUsed"; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index ebc8f63d..64fdf62d 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -9,6 +9,9 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NORMAL; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; + /** * Class for processing the contents of a Secure Boot DB or DBX contents. * used for EFIVariables associated with Secure Boot @@ -74,6 +77,9 @@ public class UefiSignatureList { * */ @Getter private boolean bVendorTableFileInaccessbile = false; + /** Track status of vendor-table.json */ + @Getter + private String bVendorTableFileStatus = FILE_NORMAL; /** * UefiSignatureList constructor. @@ -121,6 +127,7 @@ public class UefiSignatureList { signatureType = new UefiGuid(guid); if(signatureType.isVendorTableReferenceHandleEmpty()) { bVendorTableFileInaccessbile = true; + bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; } // if signatureType is invalid, don't even process any of the data diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java index ca159cdc..05b4dd17 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java @@ -12,6 +12,9 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NORMAL; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; + /** * Class to process a UEFI variable within a TPM Event. * typedef struct tdUEFI_VARIABLE_DATA{ @@ -68,6 +71,9 @@ public class UefiVariable { * */ @Getter private boolean bVendorTableFileInaccessbile = false; + /** Track status of vendor-table.json */ + @Getter + private String bVendorTableFileStatus = FILE_NORMAL; /** * EFIVariable constructor. @@ -156,6 +162,9 @@ public class UefiVariable { if(list.isBVendorTableFileInaccessbile()) { bVendorTableFileInaccessbile = true; } + if(list.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { + bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; + } if(!list.isSignatureTypeValid()) { invalidSignatureListEncountered = true; invalidSignatureListStatus = list.toString(); diff --git a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java index ce49ccf6..9b2f2fa7 100644 --- a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java +++ b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java @@ -16,6 +16,8 @@ import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; import hirs.utils.HexUtils; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; + /** * Command-line application for processing TCG Event Logs. * Input arg: path to *.tcglp file @@ -128,6 +130,9 @@ final class Main { + evLog.getEventList().size() + " events:\n\n"); } if (evLog.isBVendorTableFileInaccessbile()) { + writeOut("*** remove this.\n\n"); + } + if (evLog.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { writeOut("*** WARNING: The file vendor-table.json file was not accessible so data " + "in some Secure Boot PCR 7 events cannot be processed.\n\n"); } From e36f792f743bf643ff1c7484899b448929faff65 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Tue, 14 May 2024 18:08:47 -0400 Subject: [PATCH 05/17] trying to get code file to open --- .../utils/tpm/eventlog/uefi/UefiGuid.java | 37 ++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index e0feae84..83adcc27 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -4,9 +4,13 @@ import com.eclipsesource.json.JsonObject; import hirs.utils.HexUtils; import hirs.utils.JsonUtils; +import java.io.IOException; import java.math.BigInteger; +import java.net.URISyntaxException; +import java.net.URL; import java.nio.file.FileSystems; import java.nio.file.Path; +import java.nio.file.Paths; import java.util.UUID; /** @@ -25,6 +29,8 @@ public class UefiGuid { private static final Path JSON_PATH = FileSystems.getDefault().getPath("/etc", "hirs", "aca", "default-properties", "vendor-table.json"); + +// Path fPath = Paths.get(this.getClass().getResource(filename).toURI()); private JsonObject uefiVendorRef; /** * guid byte array. @@ -44,7 +50,36 @@ public class UefiGuid { guid = new byte[UefiConstants.SIZE_16]; System.arraycopy(guidBytes, 0, guid, 0, UefiConstants.SIZE_16); uuid = processGuid(guidBytes); - uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_PATH, "VendorTable"); +// uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_PATH, "VendorTable"); + + + Path bad = FileSystems.getDefault().getPath("/etc", + "hirs", "aca", "default-properties", "vendor-tableBAD.json"); + uefiVendorRef = JsonUtils.getSpecificJsonObject(bad, + "VendorTable"); + + if(isVendorTableReferenceHandleEmpty()) { + System.out.println("XXXX EMPTYYYYYYY, before trying to grab file from code"); + try { + + URL url = ClassLoader.getSystemResources("vendor-table.json").nextElement(); +// URL url = ClassLoader.getSystemResources("vendor-table.json"); + Path codePath = Paths.get(url.toURI()); + uefiVendorRef = JsonUtils.getSpecificJsonObject(codePath, + "VendorTable"); + + } catch (IOException e) { + System.out.print("XXXX IOException"); + throw new RuntimeException(e); + } catch (URISyntaxException e) { + System.out.print("XXXX URISyntaxException"); + throw new RuntimeException(e); + } + } + + if(isVendorTableReferenceHandleEmpty()) { + System.out.println("YYYY EMPTY STILL, after trying to grab file from code"); + } } /** From 1644777f4269e3615c49d5c796a41f48430e8f37 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Wed, 15 May 2024 08:52:11 -0400 Subject: [PATCH 06/17] testing ways to access file --- .../utils/tpm/eventlog/uefi/UefiGuid.java | 22 +- .../src/main/resources/vendor-table.json | 233 ++++++++++++++++++ 2 files changed, 247 insertions(+), 8 deletions(-) create mode 100644 HIRS_Utils/src/main/resources/vendor-table.json diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 83adcc27..10579908 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -30,7 +30,8 @@ public class UefiGuid { private static final Path JSON_PATH = FileSystems.getDefault().getPath("/etc", "hirs", "aca", "default-properties", "vendor-table.json"); -// Path fPath = Paths.get(this.getClass().getResource(filename).toURI()); + private static final String vendorTableFilename = "vendor-table.json"; + private JsonObject uefiVendorRef; /** * guid byte array. @@ -60,18 +61,23 @@ public class UefiGuid { if(isVendorTableReferenceHandleEmpty()) { System.out.println("XXXX EMPTYYYYYYY, before trying to grab file from code"); + + try { - URL url = ClassLoader.getSystemResources("vendor-table.json").nextElement(); + Path fPath = Paths.get(this.getClass().getResource("vendor-table.json").toURI()); +// URL url = ClassLoader.getSystemResources("vendor-table.json").nextElement(); // URL url = ClassLoader.getSystemResources("vendor-table.json"); - Path codePath = Paths.get(url.toURI()); - uefiVendorRef = JsonUtils.getSpecificJsonObject(codePath, +// Path fPath = Paths.get(url.toURI()); + uefiVendorRef = JsonUtils.getSpecificJsonObject(fPath, "VendorTable"); - } catch (IOException e) { - System.out.print("XXXX IOException"); - throw new RuntimeException(e); - } catch (URISyntaxException e) { + } +// catch (IOException e) { +// System.out.print("XXXX IOException"); +// throw new RuntimeException(e); +// } + catch (URISyntaxException e) { System.out.print("XXXX URISyntaxException"); throw new RuntimeException(e); } diff --git a/HIRS_Utils/src/main/resources/vendor-table.json b/HIRS_Utils/src/main/resources/vendor-table.json new file mode 100644 index 00000000..d411dd50 --- /dev/null +++ b/HIRS_Utils/src/main/resources/vendor-table.json @@ -0,0 +1,233 @@ +{ + "VendorTable": { + "_comment_1": "UUIDS listed in the UEFI Specification", + "eb9d2d30-2d88-11d3-9a16-0090273fc14d": "ACPI_TABLE_GUID", + "eb9d2d32-2d88-11d3-9a16-0090273fc14d": "SAL_SYSTEM_TABLE_GUID", + "eb9d2d31-2d88-11d3-9a16-0090273fc14d": "SMBIOS_TABLE_GUID", + "f2fd1544-9794-4a2c-992e-e5bbcf20e394": "SMBIOS3_TABLE_GUID", + "eb9d2d2f-2d88-11d3-9a16-0090273fc14d": "MPS_TABLE_GUID", + "8868e871-e4f1-11d3-bc22-0080c73c8881": "EFI_ACPI_TABLE_GUID", + "87367f87-1119-41ce-aaec-8be01101f558": "EFI_JSON_CONFIG_DATA_TABLE_GUID", + "35e7a725-8dd2-4cac-8011-33cda8109056": "EFI_JSON_CAPSULE_DATA_TABLE_GUID", + "dbc461c3-b3de-422a-b9b4-9886fd49a1e5": "EFI_JSON_CAPSULE_RESULT_TABLE_GUID", + "77ab535a-45fc-624b-5560-f7b281d1f96e": "EFI_VIRTUAL_DISK_GUID", + "3d5abd30-4175-87Ce-6d64-d2ADe523C4bb": "EFI_VIRTUAL_CD_GUID", + "5Cea02c9-4d07-69d3-269f-4496Fbe096f9": "EFI_PERSISTENT_VIRTUAL_DISK_GUID", + "08018188-42cd-bb48-100f-5387D53ded3d": "EFI_PERSISTENT_VIRTUAL_CD_GUID", + "_comment_2": "DXE GUIds from https://github.com/linuxboot/linuxboot/blob/master/boards/qemu/image-files.txt", + "fc510ee7-ffdc-11d4-bd41-0080c73c8881": "DXE Apriori-FVRECOVERY", + "1b45cc0a-156a-428a-62af-49864da0e6e6": "PEI Apriori file name", + "80cf7257-87ab-47f9-a3fe-d50b76d89541": "PcdDxe", + "b601f8c4-43b7-4784-95b1-f4226cb40cee": "RuntimeDxe", + "f80697e9-7fd6-4665-8646-88e33ef71dfc": "SecurityStubDxe", + "1a1e4886-9517-440e-9fde-3be44cee2136": "CpuDxe", + "11a6edf6-a9be-426d-a6cc-b22fe51d9224": "PciHotPlugInitDxe", + "128fb770-5e79-4176-9e51-9bb268a17dd1": "PciHostBridgeDxe", + "93b80004-9fb3-11d4-9a3a-0090273fc14d": "PCI Bus Driver - PciBusDxe", + "9b680fce-ad6b-4f3a-b60b-f59899003443": "DevicePathDxe", + "f9d88642-0737-49bc-81b5-6889cd57d9ea": "SmbiosDxe", + "4110465d-5ff3-4f4b-b580-24ed0d06747a": "SmbiosPlatformDxe", + "9622e42c-8e38-4a08-9e8f-54f784652f6b": "AcpiTableDxe", + "49970331-e3fa-4637-9abc-3b7868676970": "AcpiPlatform", + "7e374e25-8e01-4fee-87f2-390c23c606cd": "ACPI data", + "bdce85bb-fbaa-4f4e-9264-501a2c249581": "S3SaveStateDxe", + "d9dcc5df-4007-435e-9098-8970935504b2": "PlatformDxe", + "8657015b-ea43-440d-949a-af3be365c0fc": "IoMmuDxe", + "cbd2e4d5-7068-4ff5-b462-9822b4ad8d60": "VariableRuntimeDxe", + "_comment_3": "PIWG Dxe driver Files (FvFile)from https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1272444", + "70d57d67-7f05-494d-a014-b75d7345b700": "Storage Security Command Driver", + "3acc966d-8e33-45c6-b4fe-62724bcd15a9": "AHCI Bus Driver", + "67bbc344-84bc-4e5c-b4df-f5e4a00e1f3a": "Host Controller Driver", + "86edaae5-073c-4c89-b949-8984ac8a55f3": "MMC/SD Media Device Driver", + "9e863906-a40f-4875-977F-5b93ff237fc6": "Serial Terminal Driver", + "a6cc6bc8-2ada-46C3-bba4-e99672CC9530": "PCI Serial Driver", + "69fd8e47-a161-4550-b01a-5594ceb2b2b2": "PCI IDE/ATAPI Bus Driver", + "51ccf399-4fdf-4e55-a45b-e123f84d456a": "Platform Console Management Driver", + "6b38f7b4-ad98-40e9-9093-aca2b5a253c4": "Generic Disk I/O Driver", + "2d2e62cf-9ecf-43b7-8219-94e7fC713dfe": "Usb Keyboard Driver", + "9fb4b4a7-42C0-4bcd-8540-9bcc6711f83e": "Usb Mass Storage Driver", + "e3752948-b9a1-4770-90c4-df41c38986be": "QEMU Video Driver", + "240612B7-a063-11d4-9a3a-0090273fc14d": "Usb Bus Driver", + "bdfe430e-8F2a-4db0-9991-6f856594777e": "Usb Ehci Driver", + "2fb92efa-2ee0-4bae-9eB6-7464125E1EF7": "Usb Ehci Driver", + "a92cdb4b-82f1-4e0b-a516-8a655d371524": "Virtio Network Driver", + "4579b72d-7ec4-4dd4-8486-083c86b182a7": "iSCSI Driver", + "3b1deaB5-c75d-442e-9238-8e2ffb62b0bb": "UEFI PXE Base Code Driver", + "6b6963ab-906d-4a65-a7ca-bd40e5d6af2b": "UDP Network Service Driver", + "6d6963ab-906d-4a65-a7ca-bd40e5d6af4d": "Tcp Network Service Driver", + "dc3641b8-2fa8-4ed3-bc1f-f9962a03454b": "MTFTP4 Network Service Driver", + "9fb1a1f3-3b71-4324-b39a-745cbb015fff": "IP4 Network Service Driver", + "26841bde-920a-4e7a-9Fbe-637f477143a6": "IP4 CONFIG Network Service Driver", + "94734718-0bbc-47fb-96a5-ee7a5ae6a2ad": "DHCP Protocol Driver", + "529d3f93-e8e9-4e73-b1e1-bdf6a9d50113": "ARP Network Service Driver", + "e4f61863-fe2c-4b56-a8d4-08519bc439df": "VLAN Configuration Driver", + "a2f436ea-a127-4ef8-957c-8048606ff670": "Simple Network Protocol Driver", + "961578fe-b6b7-44c3-af35-6bc705cd2b1f": "FAT File System Driver", + "0abd8284-6da3-4616-971a-83a5148067ba": "ISA Floppy Driver", + "3dc82376-637b-40a6-a8fc-a565417f2c38": "PS/2 Keyboard Driver", + "93b80003-9fb3-11d4-9a3a-0090273fc14d": "ISA Serial Driver", + "240612b5-a063-11d4-9a3a-0090273fc14a": "ISA Bus Driver", + "99549f44-49bb-4820-b9d2-901329412d67": "IDE Controller Init Driver", + "0a66e322-3740-4cce-ad62-bd172cecca35": "Scsi Disk Driver", + "1fa1f39e-feff-4aae-bd7b-38a070a3b609": "Partition Driver", + "9e863906-a40f-4875-977f-5b93ff237fc6": "Serial Terminal Driver", + "cccb0c28-4b24-11d5-9a5a-0090273fc14d": "Graphics Console Driver", + "408edcec-cf6d-477c-a5a8-b4844e3de281": "Console Splitter Driver", + "fab5d4f4-83c0-4aaf-8480-442d11df6cea": "Virtio SCSI Host Driver", + "11d92dfb-3Ca9-4f93-ba2e-4780ed3e03b5": "Virtio Block Driver", + "33cb97af-6c33-4c42-986b-07581fa366d4": "Block MMIO to Block IO Driver", + "_comment_4": "PIWG Volumes (Fv)", + "a881d567-6cb0-4eee-8435-2e72d33e45B5": "PIWG Default Volume", + "_comment_5": "UEFI UUIDS for Certificates", + "3c5766e8-269c-4e34-aa14-ed776e85b3b6": "EFI_CERT_RSA2048_GUID", + "e2b36190-879b-4a3d-ad8d-f2e7bba32784": "EFI_CERT_RSA2048_SHA256_GUID", + "c1c41626-504c-4092-aca9-41f936934328": "EFI_CERT_SHA256_GUID", + "826ca512-cf10-4ac9-b187-be01496631bd": "EFI_CERT_SHA1_GUID", + "67f8444f-8743-48f1-a328-1eaab8736080": "EFI_CERT_RSA2048_SHA1_GUID", + "a5c059a1-94e4-4aa7-87b5-ab155c2bf072": "EFI_CERT_X509_GUID", + "0b6e5233-a65c-44c9-9407-d9ab83bfc8bd": "EFI_CERT_SHA224_GUID", + "ff3e5307-9fd0-48c9-85f1-8ad56c701e01": "EFI_CERT_SHA384_GUID", + "093e0fae-a6c4-4f50-9f1b-d41e2b89c19a": "EFI_CERT_SHA512_GUID", + "3bd2a492-96c0-4079-b420-fcf98ef103ed": "EFI_CERT_X509_SHA256_GUID", + "7076876e-80c2-4ee6-aad2-28b349a6865b": "EFI_CERT_X509_SHA384_GUID", + "446dbf63-2502-4cda-bcfa-2465d2b0fe9d": "EFI_CERT_X509_SHA512_GUID", + "a7717414-c616-4977-9420-844712a735bf": "EFI_CERT_TYPE_RSA2048_SHA256_GUID", + "_comment_6": "UEFI defined variables", + "452e8ced-dfff-4b8c-ae01-5118862e682c": "EFI_CERT_EXTERNAL_MANAGEMENT_GUID", + "d719b2cb-3d3a-4596-a3bc-dad00e67656f": "EFI_IMAGE_SECURITY_DATABASE_GUID", + "4aafd29d-68df-49ee-8aa9-347d375665a7": "EFI_CERT_TYPE_PKCS7_GUID", + "c12a7328-f81f-11d2-ba4b-00a0c93ec93b": "EFI System Partition", + "024DEE41-33E7-11D3-9D69-0008C781F39F": "Partition containing a legacy MBR", + "_comment_7": "RHBoot UEFI Application UUIDs From listed in RHBoot (RHShim) https://github.com/rhboot/efivar/blob/master/src/guids.txt", + "0abba7dc-e516-4167-bbf5-4d9d1c739416": "fwupdate:", + "3b8c8162-188c-46a4-aec9-be43f1d65697": "ux_capsule", + "605dab50-e046-4300-abb6-3dd810dd8b23": "RH_Shim", + "8be4df61-93ca-11d2-aa0d-00e098032b8c": "EFI_Global_Variable", + "91376aff-cba6-42be-949d-06fde81128e8": "GRUB", + "_comment_8": "Partition Table GUIDs", + "0fc63daf-8483-4772-8e79-3d69d8477de4": "Linux filesystem data", + "e6d6d379-f507-44c2-a23c-238f2a3df928": "Logical Volume Manager (LVM) partition", + "4f68bce3-e8cd-4db1-96e7-fbcaf984b709": "Root partition (x86-64)", + "a19d880f-05fc-4d3b-a006-743f0f84911e": "RAID partition", + "933ac7e1-2eb4-4f13-b844-0e14e2aef915": "/home partition[ (x86-64)", + "ebd0a0a2-b9e5-4433-87c0-68b6b72699c7": "GPT Basic data partition", + "_comment_9": "RHBoot Lenovo specific UUIDS", + "3cc24e96-22c7-41d8-8863-8e39dcdcc2cf": "lenovo", + "82988420-7467-4490-9059-feb448dd1963": "lenovo_me_config", + "f7e615b-0d45-4f80-88dc-26b234958560": "lenovo_diag", + "665d3f60-ad3e-4cad-8e26-db46eee9f1b5": "lenovo_rescue", + "721c8b66-426c-4e86-8e99-3457c46ab0b9": "lenovo_setup", + "f46ee6f4-4785-43a3-923d-7f786c3c8479": "lenovo_startup_interrupt", + "126a762d-5758-4fca-8531-201a7f57f850": "lenovo_boot_menu", + "a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380": "lenovo_diag_splash", + "_comment_10": "Company UUIDs (From Internet searches)", + "77fa9abd-0359-4d32-bd60-28f4e78f784b": "Microsoft Inc.", + "f5a96b31-dba0-4faa-a42a-7a0c9832768e": "HPE Inc.", + "2879c886-57ee-45cc-b126-f92f24f906b9": "SUSE Certificate", + "70564dce-9afc-4ee3-85fc-949649d7e45c": "Dell Inc.", + "_comment_11": "Intel GUIDS", + "bfcc0833-2125-42d1-8c6d-13821e23c078": "Intel(R) Desktop Boards", + "80b3ad5b-9880-4af9-a645-e56a68be89de": "Intel(R) CISD FW Update", + "_comment_12": "Microsoft GUIDS", + "e3c9e316-0b5c-4db8-817d-f92df00215ae": "Microsoft Reserved Partition (MSR)", + "5808c8aa-7e8f-42e0-85d2-e1e90434cfb3": "Logical Disk Manager (LDM) metadata partition ", + "af9b60a0-1431-4f62-bc68-3311714a69ad": "Logical Disk Manager data partition", + "de94bba4-06d1-4d40-a16a-bfd50179d6ac": "Windows Recovery Environment", + "9f25ee7a-e7b7-11db-94b5-f7e662935912": "Windows Boot Loader", + "_comment_13": "Linux specific GUIDS", + "0fc63daf-8483-4772-8e79-3d69d8477de": "Linux filesystem data", + "44479540-f297-41b2-9af7-d131d5f0458a4": "Root partition (x86)", + "69dad710-2ce4-4e3c-b16c-21a1d49abed3": "Root partition (32-bit ARM)", + "b921b045-1df0-41c3-af44-4c6f280d3fae": "Root partition (64-bit ARM/AArch64)", + "0657fd6d-a4ab-43c4-84e5-0933c84b4f4f": "Swap partition", + "3b8f8425-20e0-4f3b-907f-1a25a76f98e8": "/srv (server data) partition", + "7ffec5c9-2d00-49b7-8941-3ea10a5586b7": "Plain dm-crypt partitiont", + "ca7d7ccb-63ed-4c53-861c-1742536059cc": "LUKS partition", + "_comment_14": "Linux Boot GUIDS https://github.com/linuxboot/linuxboot/blob/master/boards/s2600wf/vendor-files.txt", + "9cfd802c-09a1-43d6-8217-aa49c1f90d2c": "Intel Management Engine BIOS Extension (Mebx)", + "b62efbbb-3923-4cb9-a6e8-db818e828a80": "Intel Management Engine BIOS Extension (Mebx) Setup Browser", + "9ce4325e-003e-11e3-b582-b8ac6f199a57": "Non-Volatile Dual In-line Memory Module (NVDIMM) Driver", + "ea9de6d5-7839-46f7-9e63-4de8b00e2e5d": "NVM DIMM Human Interface Infrastructure (HII)", + "56a1b86f-0d4a-485d-87de-ad0eba1c8c2a": "IBM C Video Gop", + "a1f436ea-a127-4ef8-957c-8048606ff670": "SnpDxe", + "a210f973-229d-4f4d-aa37-9895e6c9eaba": "DpcDxe", + "025bbfc7-e6a9-4b8b-82ad-6815a1aeaf4a": "MNP Network Service Driver - MnpDxe", + "b44b2005-42bc-41c9-80af-abd7dc7d6923": "RSTesSATAEFI", + "15e1e31a-9f9d-4c84-82fb-1a707fc0f63b": "RSTeSATAEFI", + "2cc25173-bd9f-4c89-89cc-29256a3fd9c3": "RSTesSATALegacy", + "bd5d4ca5-674f-4584-8cf9-ce4ea1f54dd1": "RSTeSATALegacy", + "_comment_15": "WinNt GUIDs, add if they are still found in use https://sourceforge.net/p/uefinotes/wiki/FV%20Sources/?version=3", + "fc5c7020-1a48-4198-9be2-ead5abc8cf2f": "BdsDxe", + "d0893f05-b06d-4161-b947-9be9b85ac3a1": "SnpNt32Dxe", + "9b3ada4f-ae56-4c24-8Dea-f03b7558ae50": "PcdPeim", + "34c8c28F-b61c-45a2-8f2e-89e46becc63b": "PeiVariable", + "fe5cea76-4f72-49e8-986f-2cd899dffe5d": "FaultTolerantWriteDxe", + "_comment_16": "Linux Boot Image files UEFI Platform Initialization (PI) specifications Driver Execution Environment (DXE) Architectural protocols and platform modules https://github.com/linuxboot/linuxboot/blob/master/boards/winterfell/image-files.txt", + "5ae3f37e-4eae-41ae-8240-35465b5e81eb": "CORE_DXE", + "cbc59c4a-383a-41eb-a8ee-4498aea567e4": "DXE Runtime", + "3c1de39f-d207-408a-aacc-731cfb7f1dd7": "DXE PciBus", + "80e66e0a-ccd1-43fa-a7b1-2d5ee0f13910": "DXE PciRootBridge", + "9f3a0016-ae55-4288-829d-d22fd344c347": "DXE AmiBoardInfo", + "13ac6dd0-73d0-11d4-b06b-00aa00bd6de7": "DXE EBC", + "e03abadf-e536-4e88-b3a0-b77f78eb34fe": "CPU DXE", + "b7d19491-e55a-470d-8508-85a5dfa41974": "SBDXE", + "e23f86e1-056e-4888-b685-cfcd67c179d4": "DXE SBRun", + "e4ecd0b2-e277-4f2b-becb-e4d75c9a812e": "NBDXE", + "5ad34ba6-f024-2149-52e4-da0398e2bb9": "DXE Services Table", + "_comment_17": "ACPI configuration and tables", + "750890a6-7acf-4f4f-81bd-b400c2bea95a": "AcpiModeEnable", + "d4c05cd1-5eae-431d-a095-13a9e5822045": "MPST", + "db93cb2c-bf1c-431a-abc8-8737bc2afc1f": "PRAD-ACPI-table", + "3bc5b795-a4e0-4d56-9321-316d18a7aefe": "PRAD", + "16d0a23e-c09c-407d-a14a-ad058fdd0ca1": "ACPI", + "26a2481e-4424-46a2-9943-cc4039ead8f8": "S3Save", + "efd652cc-0e99-40f0-96c0-e08c089070fc": "S3Restore", + "8c783970-f02a-4a4d-af09-8797a51eec8d": "PowerManagement", + "299141bb-211a-48a5-92c0-6f9a0a3a006e0": "PowerManagement-ACPI-table", + "2df10014-cf21-4280-8c3f-e539b8ee5150": "PpmPolicyInitDxe", + "4b680e2d-0d63-4f62-b930-7ae995b9b3a3": "SmBusDxe", + "_comment_18": "SMM handlers", + "4a37320b-3fb3-4365-9730-9e89c600395d": "SmmDispatcher", + "753630c9-fae5-47a9-bbbf-88d621cd7282": "SmmChildDispatcher", + "be216ba8-38c4-4535-a6ca-5dca5b43addf": "SmiVariable", + "a56897a1-a77f-4600-84db-22b0a801fa9a": "SmmRuntime", + "d2596f82-f0e1-49fa-95bc-62012c795728": "SmmBase Data", + "69009842-63f2-43db-964b-efad1c39ec85": "SmmBase Data", + "d0632c90-afd7-4492-b186-257c63143c61": "SmmBase", + "7e2d983f-f703-4a29-9761-77b51f5354ed": "SmmCommunicate", + "_comment_19": "CMOS and NVRAM handlers", + "6869c5b3-ac8d-4973-8b37-e354dbf34add": "CmosManagerSmm", + "842a454a-75e5-408b-8b1c-36420e4e3f21": "NvramSmi", + "5446c293-339b-47cd-b719-585de39408cc": "PostReport", + "71ca9ca1-325d-4bfe-afa3-2ec5c94a8680": "DmAcpi", + "cef68c66-06ab-4fb3-a3ed-5ffa885b5725": "SMBiosBoard", + "b13edd38-684c-41ed-a305-d7b7e32497df": "SMBios64", + "ded7956d-7e20-4f20-91a1-190439b04d5b": "SmbiosGetFlashData64", + "daf4bf89-ce71-4917-b522-c89d32fbc59f": "SmbiosStaticData", + "_comment_20": "Apple GUIDS", + "48465300-0000-11aa-aa11-00306543ecac": "Apple Hierarchical File System Plus (HFS+) partition ", + "7c3457ef-0000-11aa-aa11-00306543ecac": "Apple APFS container", + "55465300-0000-11aa-aa11-00306543ecac": "Apple UFS container", + "52414944-0000-11aa-aa11-00306543ecac": "Apple RAID partition", + "4c616265-6c00-11aa-aa11-00306543ecac": "Apple Label", + "53746f72-6167-11aa-aa11-00306543ecac": "Apple Core Storage Container", + "6a898cc3-1dd2-11b2-99a6-080020736631": "ZFS Partition", + "_comment_21": "Chrome OS GUIDS", + "2568845d-2332-4675-bc39-8fa5a4748d15": "Chrome OS kernel ", + "3cb8e202-3b7e-47dd-8a3c-7ff2a13cfcec": "Chrome OS rootfs ", + "2e0a753d-9e48-43b0-8337-b15192cb1b5e": "Chrome OS future use ", + "_comment_22": "Android GUIDS", + "fe3a2a5d-4f32-41a7-b725-accc3285a309": "Android Bootloader", + "114eaffe-1552-4022-b26e-9b053604cf84": "Android Bootloader 2", + "49a4d17f-93a3-45c1-a0de-f50b2ebe2599": "Android Boot", + "4177c722-9e92-4aab-8644-43502bfd5506": "Android Recovery", + "38f428e6-d326-425d-9140-6e0ea133647c": "Android System", + "bd59408b-4514-490d-bf12-9878d963f378": "Android Config", + "8f68cc74-c5e5-48da-be91-a0c8c15e9c80": "Android Factory", + "ac6d7924-eb71-4df8-b48d-e267b27148ff": "Android OEM", + "_comment_23": "MISC GUIDs", + "5023b95c-db26-429b-a648-bd47664c8012": "Built-in EFI Shell", + "610a0202-d308-00c4-0000-000004300d06": "Mystery UUID", + "00000000-0000-0000-0000-000000000000": "Empty UUID" + } +} From c31d50d52d7c10a9ca0723174ae7666cebc7b353 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Thu, 30 May 2024 13:46:41 -0400 Subject: [PATCH 07/17] testing stuff --- .../hirs/utils/tpm/eventlog/uefi/UefiGuid.java | 15 +++++++++++++-- .../{vendor-table.json => vendor-table2.json} | 0 2 files changed, 13 insertions(+), 2 deletions(-) rename HIRS_Utils/src/main/resources/{vendor-table.json => vendor-table2.json} (100%) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 10579908..f77f75bc 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -4,6 +4,8 @@ import com.eclipsesource.json.JsonObject; import hirs.utils.HexUtils; import hirs.utils.JsonUtils; +import javax.xml.transform.Source; +import javax.xml.transform.stream.StreamSource; import java.io.IOException; import java.math.BigInteger; import java.net.URISyntaxException; @@ -63,9 +65,18 @@ public class UefiGuid { System.out.println("XXXX EMPTYYYYYYY, before trying to grab file from code"); - try { + System.out.println("XXXX getClass: " + getClass()); + System.out.println("XXXX getClassResource: " + getClass().getResource("/vendor-table2.json")); - Path fPath = Paths.get(this.getClass().getResource("vendor-table.json").toURI()); + + try { +// private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub"; + +// Source source = new StreamSource( +// getClass().getClassLoader().getResourceAsStream("identity_transform.xslt")); + + + Path fPath = Paths.get(getClass().getResource("/vendor-table2.json").toURI()); // URL url = ClassLoader.getSystemResources("vendor-table.json").nextElement(); // URL url = ClassLoader.getSystemResources("vendor-table.json"); // Path fPath = Paths.get(url.toURI()); diff --git a/HIRS_Utils/src/main/resources/vendor-table.json b/HIRS_Utils/src/main/resources/vendor-table2.json similarity index 100% rename from HIRS_Utils/src/main/resources/vendor-table.json rename to HIRS_Utils/src/main/resources/vendor-table2.json From a03c18d88edc447e5524d5a85b789fe2cbd33775 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Fri, 31 May 2024 14:47:52 -0400 Subject: [PATCH 08/17] accessing vendor-table.json from code --- .../src/main/java/hirs/utils/JsonUtils.java | 31 ++++++ .../utils/tpm/eventlog/uefi/UefiGuid.java | 97 ++++++++++++++----- 2 files changed, 106 insertions(+), 22 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java index bca2e51b..78dfb0d4 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java +++ b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java @@ -2,14 +2,17 @@ package hirs.utils; import com.eclipsesource.json.Json; import com.eclipsesource.json.JsonObject; +import hirs.utils.tpm.eventlog.uefi.UefiGuid; import lombok.AccessLevel; import lombok.NoArgsConstructor; import lombok.extern.log4j.Log4j2; +import java.io.BufferedReader; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.UnsupportedEncodingException; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.nio.file.Files; @@ -97,4 +100,32 @@ public final class JsonUtils { return jsonObject; } + + public static JsonObject getJsonObject(final String jsonFilename, final Charset charset) { + // find the file and load it + JsonObject jsonObject = new JsonObject(); + + try { + InputStream jsonIs = UefiGuid.class + .getClassLoader().getResourceAsStream("vendor-table2.json"); + jsonObject = Json.parse(new InputStreamReader(jsonIs, + charset)).asObject(); + } catch (IOException e) { + throw new RuntimeException(e); + } + // if (Files.notExists(jsonPath)) { +// log.warn(String.format("No file found at %s.", jsonPath.toString())); +// } else { +// try { +// InputStream inputStream = new FileInputStream(jsonPath.toString()); +// jsonObject = Json.parse(new InputStreamReader(inputStream, +// charset)).asObject(); +// } catch (IOException ex) { +// // add log file thing here indication issue with JSON File +// jsonObject = new JsonObject(); +// } +// } + + return jsonObject; + } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index f77f75bc..c0357e49 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -3,13 +3,20 @@ package hirs.utils.tpm.eventlog.uefi; import com.eclipsesource.json.JsonObject; import hirs.utils.HexUtils; import hirs.utils.JsonUtils; +import hirs.utils.rim.ReferenceManifestValidator; +import org.apache.commons.io.IOUtils; import javax.xml.transform.Source; import javax.xml.transform.stream.StreamSource; +import java.io.BufferedReader; import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.net.URISyntaxException; import java.net.URL; +import java.nio.charset.StandardCharsets; import java.nio.file.FileSystems; import java.nio.file.Path; import java.nio.file.Paths; @@ -65,33 +72,79 @@ public class UefiGuid { System.out.println("XXXX EMPTYYYYYYY, before trying to grab file from code"); - System.out.println("XXXX getClass: " + getClass()); - System.out.println("XXXX getClassResource: " + getClass().getResource("/vendor-table2.json")); + uefiVendorRef = JsonUtils.getJsonObject("vendor-table2.json", + StandardCharsets.UTF_8); + +// System.out.println("XXXX getClass: " + getClass()); +// System.out.println("XXXX getClassResource: " + getClass().getResource("/vendor-table2.json")); +// +// +// InputStream inpStr = UefiGuid.class +// .getClassLoader().getResourceAsStream("vendor-table2.json"); +// System.out.println("XXXX InputStream: " + inpStr); +// +// Source inpSource = new StreamSource( +// ReferenceManifestValidator.class.getClassLoader() +// .getResourceAsStream("vendor-table2.json")); +// System.out.println("XXXX Source: " + inpSource); +// +// String path = this.getClass().getClassLoader().getResource("vendor-table2.json").toExternalForm(); +// System.out.println("XXXX External Form: " + path); - try { -// private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub"; +// JsonReader reader = new JsonReader(new InputStreamReader(inpStr, "UTF-8")); -// Source source = new StreamSource( -// getClass().getClassLoader().getResourceAsStream("identity_transform.xslt")); - - - Path fPath = Paths.get(getClass().getResource("/vendor-table2.json").toURI()); -// URL url = ClassLoader.getSystemResources("vendor-table.json").nextElement(); -// URL url = ClassLoader.getSystemResources("vendor-table.json"); -// Path fPath = Paths.get(url.toURI()); - uefiVendorRef = JsonUtils.getSpecificJsonObject(fPath, - "VendorTable"); - - } -// catch (IOException e) { -// System.out.print("XXXX IOException"); +// try { +// BufferedReader streamReader = new BufferedReader(new InputStreamReader(inpStr, "UTF-8")); +// StringBuilder responseStrBuilder = new StringBuilder(); +// +// String inputStr; +// while ((inputStr = streamReader.readLine()) != null) +// responseStrBuilder.append(inputStr); +// +// String test = responseStrBuilder.toString(); +//// Gson gson = new Gson(); +// +// JsonObject testjj = parser. +// +// String temp = "hello"; +// +//// JsonObject jsonObject = new JsonObject(responseStrBuilder.toString()); +// +// } catch (UnsupportedEncodingException e) { +// throw new RuntimeException(e); +// } catch (IOException e) { +// throw new RuntimeException(e); +// } + +// byte[] rawLogBytes = IOUtils.toByteArray(inpStr); + + +// Path fPath2 = Paths.get(inpStr.toURI()); + +// try { +//// private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub"; +// +//// Source source = new StreamSource( +//// getClass().getClassLoader().getResourceAsStream("identity_transform.xslt")); +// +// +// Path fPath = Paths.get(getClass().getResource("/vendor-table2.json").toURI()); +//// URL url = ClassLoader.getSystemResources("vendor-table.json").nextElement(); +//// URL url = ClassLoader.getSystemResources("vendor-table.json"); +//// Path fPath = Paths.get(url.toURI()); +// uefiVendorRef = JsonUtils.getSpecificJsonObject(fPath, +// "VendorTable"); +// +// } +//// catch (IOException e) { +//// System.out.print("XXXX IOException"); +//// throw new RuntimeException(e); +//// } +// catch (URISyntaxException e) { +// System.out.print("XXXX URISyntaxException"); // throw new RuntimeException(e); // } - catch (URISyntaxException e) { - System.out.print("XXXX URISyntaxException"); - throw new RuntimeException(e); - } } if(isVendorTableReferenceHandleEmpty()) { From 56db55cf25fb790d281c6556a0000c9322c99e6b Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Fri, 31 May 2024 14:57:35 -0400 Subject: [PATCH 09/17] accessing vendor-table.json from code --- .../src/main/java/hirs/utils/JsonUtils.java | 24 +++++++++++++++++++ .../utils/tpm/eventlog/uefi/UefiGuid.java | 6 ++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java index 78dfb0d4..63140cf3 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java +++ b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java @@ -101,6 +101,30 @@ public final class JsonUtils { return jsonObject; } + + + + public static JsonObject getSpecificJsonObject(final String jsonFilename, final String elementName) { + // find the file and load it + return getSpecificJsonObject(jsonFilename, elementName, StandardCharsets.UTF_8); + } + + public static JsonObject getSpecificJsonObject(final String jsonFilename, + final String elementName, + final Charset charset) { + // find the file and load it + JsonObject jsonObject = getJsonObject(jsonFilename, charset); + + if (jsonObject != null && jsonObject.get(elementName) != null) { + return jsonObject.get(elementName).asObject(); + } + + return new JsonObject(); + } + public static JsonObject getJsonObject(final String jsonFilename) { + return getJsonObject(jsonFilename, StandardCharsets.UTF_8); + } + public static JsonObject getJsonObject(final String jsonFilename, final Charset charset) { // find the file and load it JsonObject jsonObject = new JsonObject(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index c0357e49..00c22ce1 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -72,9 +72,13 @@ public class UefiGuid { System.out.println("XXXX EMPTYYYYYYY, before trying to grab file from code"); - uefiVendorRef = JsonUtils.getJsonObject("vendor-table2.json", +// uefiVendorRef = JsonUtils.getJsonObject("vendor-table2.json", +// StandardCharsets.UTF_8); + + uefiVendorRef = JsonUtils.getSpecificJsonObject("vendor-table2.json", "VendorTable", StandardCharsets.UTF_8); + // System.out.println("XXXX getClass: " + getClass()); // System.out.println("XXXX getClassResource: " + getClass().getResource("/vendor-table2.json")); // From 2423b157bbc759f193e90c10556a7d670675e327 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Mon, 3 Jun 2024 15:42:44 -0400 Subject: [PATCH 10/17] propogating error dealing with file access through the sequence of code --- .../src/main/java/hirs/utils/JsonUtils.java | 3 +- .../hirs/utils/tpm/eventlog/TCGEventLog.java | 35 +++-- .../hirs/utils/tpm/eventlog/TpmPcrEvent.java | 38 ++---- .../tpm/eventlog/uefi/UefiConstants.java | 18 +-- .../utils/tpm/eventlog/uefi/UefiGuid.java | 122 ++++-------------- .../tpm/eventlog/uefi/UefiSignatureList.java | 20 ++- .../utils/tpm/eventlog/uefi/UefiVariable.java | 39 ++++-- .../src/main/java/hirs/tcg_eventlog/Main.java | 17 ++- 8 files changed, 114 insertions(+), 178 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java index 63140cf3..0bbbd9ee 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java +++ b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java @@ -121,6 +121,7 @@ public final class JsonUtils { return new JsonObject(); } + public static JsonObject getJsonObject(final String jsonFilename) { return getJsonObject(jsonFilename, StandardCharsets.UTF_8); } @@ -131,7 +132,7 @@ public final class JsonUtils { try { InputStream jsonIs = UefiGuid.class - .getClassLoader().getResourceAsStream("vendor-table2.json"); + .getClassLoader().getResourceAsStream(jsonFilename); jsonObject = Json.parse(new InputStreamReader(jsonIs, charset)).asObject(); } catch (IOException e) { diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java index 2b788c7c..e380bf4a 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java @@ -20,8 +20,8 @@ import java.security.cert.CertificateException; import java.util.Collection; import java.util.LinkedHashMap; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NORMAL; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE; /** * Class for handling different formats of TCG Event logs. @@ -80,14 +80,15 @@ public final class TCGEventLog { /** Event Output Flag use. */ @Getter private boolean bCryptoAgile = false; - /** Track if vendor-table file is inaccessible. - * If vendor-table file is not used, this remains false. + /** + * Track status of vendor-table.json + * This is only used if there is an event that uses a UefiVariable data structure. + * Default is normal status (normal status is from-filesystem). + * Status will only change IF there is a UefiVariable event in this log, + * and if that event causes a different status. * */ @Getter - private boolean bVendorTableFileInaccessbile = false; - /** Track status of vendor-table.json */ - @Getter - private String bVendorTableFileStatus = FILE_NORMAL; + private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM; /** * Default blank object constructor. @@ -158,11 +159,19 @@ public final class TCGEventLog { } else { eventList.put(eventNumber, new TpmPcrEvent1(is, eventNumber++)); } - if(eventList.get(eventNumber-1).isBVendorTableFileInaccessbile()) { - bVendorTableFileInaccessbile = true; - } - if(eventList.get(eventNumber-1).getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { - bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; + // first check if any previous event has not been able to access vendor-table.json, + // and if that is the case, the first comparison in the if returns false and + // the if statement is not executed + // [previous event file status = vendorTableFileStatus] + // (ie. keep the file status to reflect that file was not accessible at some point) + // next, check if the new event has any status other than the default 'filesystem', + // and if that is the case, the 2nd comparison in the if returns true and + // the if statement is executed + // [new event file status = eventList.get(eventNumber-1).getVendorTableFileStatus()] + // (ie. if the new file status is not-accessible or from-code, then want to update) + if((vendorTableFileStatus != FILESTATUS_NOT_ACCESSIBLE) && + (eventList.get(eventNumber-1).getVendorTableFileStatus() != FILESTATUS_FROM_FILESYSTEM)) { + vendorTableFileStatus = eventList.get(eventNumber-1).getVendorTableFileStatus(); } } calculatePcrValues(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java index 89d4a12f..0b62726c 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java @@ -33,8 +33,8 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.Arrays; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NORMAL; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE; /** * Class to process a TCG_PCR_EVENT. @@ -120,14 +120,15 @@ public class TpmPcrEvent { @Setter @Getter private boolean error = false; - /** Track if vendor-table file is inaccessible. - * If vendor-table file is not used, this remains false. + /** + * Track status of vendor-table.json + * This is only used for events that use a UefiVariable data structure. + * Default is normal status (normal status is from-filesystem). + * Status will only change IF this is an event that has a UefiVariable, + * and if that event causes a different status. * */ @Getter - private boolean bVendorTableFileInaccessbile = false; - /** Track status of vendor-table.json */ - @Getter - private String bVendorTableFileStatus = FILE_NORMAL; + private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM; /** * Constructor. @@ -520,22 +521,12 @@ public class TpmPcrEvent { String efiVarDescription = efiVar.toString().replace("\n", "\n "); description += "Event Content:\n " + efiVarDescription.substring(0, efiVarDescription.length() - INDENT_3); - if(efiVar.isBVendorTableFileInaccessbile()) { - bVendorTableFileInaccessbile = true; - } - if(efiVar.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { - bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; - } + vendorTableFileStatus = efiVar.getVendorTableFileStatus(); break; case EvConstants.EV_EFI_VARIABLE_BOOT: UefiVariable efiVarBoot = new UefiVariable(content); description += "Event Content:\n" + efiVarBoot.toString(); - if(efiVarBoot.isBVendorTableFileInaccessbile()) { - bVendorTableFileInaccessbile = true; - } - if(efiVarBoot.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { - bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; - } + vendorTableFileStatus = efiVarBoot.getVendorTableFileStatus(); break; case EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION: EvEfiBootServicesApp bootServices = new EvEfiBootServicesApp(content); @@ -566,12 +557,7 @@ public class TpmPcrEvent { case EvConstants.EV_EFI_VARIABLE_AUTHORITY: UefiVariable efiVarAuth = new UefiVariable(content); description += "Event Content:\n" + efiVarAuth.toString(); - if(efiVarAuth.isBVendorTableFileInaccessbile()) { - bVendorTableFileInaccessbile = true; - } - if(efiVarAuth.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { - bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; - } + vendorTableFileStatus = efiVarAuth.getVendorTableFileStatus(); break; case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB: description += "Event Content:\n" + new EvEfiSpdmFirmwareBlob(content).toString(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiConstants.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiConstants.java index a30dc00a..d60bf67d 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiConstants.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiConstants.java @@ -272,18 +272,18 @@ public final class UefiConstants { */ public static final int UEFI_PT_LENGTH = 72; /** - * file status, where file was successfully found on local machine + * file status, where file was successfully found on local machine. */ - public static final String FILE_NORMAL = "fileNormal"; + public static final String FILESTATUS_FROM_FILESYSTEM = "fileFromFilesystem"; /** - * file status, where file is not accessible + * file status, where file was not found on local machine, so file from code was used. + * For instance, if vendor-table.json is not found in filesystem at location + * /etc/hirs/aca/default-properties/, it will be grabbed from code at + * HIRS_AttestationCA/src/main/resources/. */ - public static final String FILE_NOT_ACCESSIBLE = "fileNotAccessible"; + public static final String FILESTATUS_FROM_CODE = "fileFromCode"; /** - * file status, where file was not found on the local machine, - * and so file from the code was used. - * For instance, if vendor-table.json is not found in /etc/hirs/aca/default-properties/, - * it will be grabbed from code at HIRS_AttestationCA/src/main/resources/. + * file status, where file is not accessible (either not found, or no access permission). */ - public static final String FILE_FROM_CODE_USED = "fileFromCodeUsed"; + public static final String FILESTATUS_NOT_ACCESSIBLE = "fileNotAccessible"; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 00c22ce1..4e8fb969 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -1,9 +1,11 @@ package hirs.utils.tpm.eventlog.uefi; +import com.eclipsesource.json.Json; import com.eclipsesource.json.JsonObject; import hirs.utils.HexUtils; import hirs.utils.JsonUtils; import hirs.utils.rim.ReferenceManifestValidator; +import lombok.Getter; import org.apache.commons.io.IOUtils; import javax.xml.transform.Source; @@ -22,6 +24,10 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.util.UUID; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_CODE; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE; + /** * Class to process GUID per the UEFI specification * GUIDs are essentially UUID as defined by RFC-1422, however Microsoft refers to GUIDS. @@ -39,9 +45,13 @@ public class UefiGuid { private static final Path JSON_PATH = FileSystems.getDefault().getPath("/etc", "hirs", "aca", "default-properties", "vendor-table.json"); - private static final String vendorTableFilename = "vendor-table.json"; + private static final String JSON_FILENAME = "vendor-table3.json"; private JsonObject uefiVendorRef; + /** Track status of vendor-table.json */ + @Getter + private String vendorTableFileStatus = FILESTATUS_NOT_ACCESSIBLE; + /** * guid byte array. */ @@ -57,103 +67,7 @@ public class UefiGuid { * @param guidBytes byte array holding a valid guid. */ public UefiGuid(final byte[] guidBytes) { - guid = new byte[UefiConstants.SIZE_16]; - System.arraycopy(guidBytes, 0, guid, 0, UefiConstants.SIZE_16); - uuid = processGuid(guidBytes); -// uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_PATH, "VendorTable"); - - - Path bad = FileSystems.getDefault().getPath("/etc", - "hirs", "aca", "default-properties", "vendor-tableBAD.json"); - uefiVendorRef = JsonUtils.getSpecificJsonObject(bad, - "VendorTable"); - - if(isVendorTableReferenceHandleEmpty()) { - System.out.println("XXXX EMPTYYYYYYY, before trying to grab file from code"); - - -// uefiVendorRef = JsonUtils.getJsonObject("vendor-table2.json", -// StandardCharsets.UTF_8); - - uefiVendorRef = JsonUtils.getSpecificJsonObject("vendor-table2.json", "VendorTable", - StandardCharsets.UTF_8); - - -// System.out.println("XXXX getClass: " + getClass()); -// System.out.println("XXXX getClassResource: " + getClass().getResource("/vendor-table2.json")); -// -// -// InputStream inpStr = UefiGuid.class -// .getClassLoader().getResourceAsStream("vendor-table2.json"); -// System.out.println("XXXX InputStream: " + inpStr); -// -// Source inpSource = new StreamSource( -// ReferenceManifestValidator.class.getClassLoader() -// .getResourceAsStream("vendor-table2.json")); -// System.out.println("XXXX Source: " + inpSource); -// -// String path = this.getClass().getClassLoader().getResource("vendor-table2.json").toExternalForm(); -// System.out.println("XXXX External Form: " + path); - - -// JsonReader reader = new JsonReader(new InputStreamReader(inpStr, "UTF-8")); - -// try { -// BufferedReader streamReader = new BufferedReader(new InputStreamReader(inpStr, "UTF-8")); -// StringBuilder responseStrBuilder = new StringBuilder(); -// -// String inputStr; -// while ((inputStr = streamReader.readLine()) != null) -// responseStrBuilder.append(inputStr); -// -// String test = responseStrBuilder.toString(); -//// Gson gson = new Gson(); -// -// JsonObject testjj = parser. -// -// String temp = "hello"; -// -//// JsonObject jsonObject = new JsonObject(responseStrBuilder.toString()); -// -// } catch (UnsupportedEncodingException e) { -// throw new RuntimeException(e); -// } catch (IOException e) { -// throw new RuntimeException(e); -// } - -// byte[] rawLogBytes = IOUtils.toByteArray(inpStr); - - -// Path fPath2 = Paths.get(inpStr.toURI()); - -// try { -//// private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub"; -// -//// Source source = new StreamSource( -//// getClass().getClassLoader().getResourceAsStream("identity_transform.xslt")); -// -// -// Path fPath = Paths.get(getClass().getResource("/vendor-table2.json").toURI()); -//// URL url = ClassLoader.getSystemResources("vendor-table.json").nextElement(); -//// URL url = ClassLoader.getSystemResources("vendor-table.json"); -//// Path fPath = Paths.get(url.toURI()); -// uefiVendorRef = JsonUtils.getSpecificJsonObject(fPath, -// "VendorTable"); -// -// } -//// catch (IOException e) { -//// System.out.print("XXXX IOException"); -//// throw new RuntimeException(e); -//// } -// catch (URISyntaxException e) { -// System.out.print("XXXX URISyntaxException"); -// throw new RuntimeException(e); -// } - } - - if(isVendorTableReferenceHandleEmpty()) { - System.out.println("YYYY EMPTY STILL, after trying to grab file from code"); - } + this(guidBytes, JSON_PATH); } /** @@ -168,6 +82,18 @@ public class UefiGuid { uuid = processGuid(guidBytes); uefiVendorRef = JsonUtils.getSpecificJsonObject(vendorPathString, "VendorTable"); + + if(!isVendorTableReferenceHandleEmpty()) { + vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM; + } + else { + // could not access vendor-table.json from filesystem, so attempt to access from code + uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_FILENAME, "VendorTable", + StandardCharsets.UTF_8); + if(!isVendorTableReferenceHandleEmpty()) { + vendorTableFileStatus = FILESTATUS_FROM_CODE; + } + } } /** diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index 64fdf62d..bca52b15 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -9,8 +9,7 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NORMAL; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE; /** * Class for processing the contents of a Secure Boot DB or DBX contents. @@ -72,14 +71,9 @@ public class UefiSignatureList { * Type of signature. */ private UefiGuid signatureType = null; - /** Track if vendor-table file is inaccessible. - * If vendor-table file is not used, this remains false. - * */ - @Getter - private boolean bVendorTableFileInaccessbile = false; /** Track status of vendor-table.json */ @Getter - private String bVendorTableFileStatus = FILE_NORMAL; + private String vendorTableFileStatus = FILESTATUS_NOT_ACCESSIBLE; /** * UefiSignatureList constructor. @@ -95,6 +89,7 @@ public class UefiSignatureList { byte[] guid = new byte[UefiConstants.SIZE_16]; System.arraycopy(list, 0, guid, 0, UefiConstants.SIZE_16); signatureType = new UefiGuid(guid); + vendorTableFileStatus = signatureType.getVendorTableFileStatus(); byte[] lSize = new byte[UefiConstants.SIZE_4]; System.arraycopy(list, UefiConstants.OFFSET_16, lSize, 0, UefiConstants.SIZE_4); @@ -125,10 +120,11 @@ public class UefiSignatureList { byte[] guid = new byte[UefiConstants.SIZE_16]; lists.read(guid); signatureType = new UefiGuid(guid); - if(signatureType.isVendorTableReferenceHandleEmpty()) { - bVendorTableFileInaccessbile = true; - bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; - } + vendorTableFileStatus = signatureType.getVendorTableFileStatus(); +// if(signatureType.isVendorTableReferenceHandleEmpty()) { +// bVendorTableFileInaccessbile = true; +// vendorTableFileStatus = FILE_NOT_ACCESSIBLE; +// } // if signatureType is invalid, don't even process any of the data // however, if signatureTYpe is valid, but some of the data later on is invalid, that will diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java index 05b4dd17..7aeeefc3 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java @@ -12,8 +12,9 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NORMAL; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_CODE; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE; /** * Class to process a UEFI variable within a TPM Event. @@ -66,14 +67,14 @@ public class UefiVariable { */ private byte[] uefiVariableData = null; - /** Track if vendor-table file is inaccessible. - * If vendor-table file is not used, this remains false. + /** + * Track status of vendor-table.json. + * The default here is that each list correctly grabbed the file from file system. + * If any one list has issues, this overall status will change to reflect the + * problematic list's status. * */ @Getter - private boolean bVendorTableFileInaccessbile = false; - /** Track status of vendor-table.json */ - @Getter - private String bVendorTableFileStatus = FILE_NORMAL; + private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM; /** * EFIVariable constructor. @@ -158,13 +159,23 @@ public class UefiVariable { while (certData.available() > 0) { UefiSignatureList list; list = new UefiSignatureList(certData); + + // first check if any previous list has not been able to access vendor-table.json, + // and if that is the case, the first comparison in the if returns false and + // the if statement is not executed + // [previous event file status = vendorTableFileStatus] + // (ie. keep the file status to reflect that file was not accessible at some point) + // next, check if the new list has any status other than the default 'filesystem', + // and if that is the case, the 2nd comparison in the if returns true and + // the if statement is executed + // [new event file status = list.getVendorTableFileStatus()] + // (ie. if the new file status is not-accessible or from-code, then want to update) + if((vendorTableFileStatus != FILESTATUS_NOT_ACCESSIBLE) && + (list.getVendorTableFileStatus() != FILESTATUS_FROM_FILESYSTEM)) { + vendorTableFileStatus = list.getVendorTableFileStatus(); + } + // efiVariableSigListContents += list.toString(); - if(list.isBVendorTableFileInaccessbile()) { - bVendorTableFileInaccessbile = true; - } - if(list.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { - bVendorTableFileStatus = FILE_NOT_ACCESSIBLE; - } if(!list.isSignatureTypeValid()) { invalidSignatureListEncountered = true; invalidSignatureListStatus = list.toString(); diff --git a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java index 9b2f2fa7..e0c909a7 100644 --- a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java +++ b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java @@ -16,7 +16,8 @@ import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; import hirs.utils.HexUtils; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILE_NOT_ACCESSIBLE; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_CODE; +import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE; /** * Command-line application for processing TCG Event Logs. @@ -129,13 +130,19 @@ final class Main { writeOut("\nEvent Log follows the \"SHA1\" format and has " + evLog.getEventList().size() + " events:\n\n"); } - if (evLog.isBVendorTableFileInaccessbile()) { - writeOut("*** remove this.\n\n"); - } - if (evLog.getBVendorTableFileStatus() == FILE_NOT_ACCESSIBLE) { + if (evLog.getVendorTableFileStatus() == FILESTATUS_NOT_ACCESSIBLE) { writeOut("*** WARNING: The file vendor-table.json file was not accessible so data " + "in some Secure Boot PCR 7 events cannot be processed.\n\n"); } + else if (evLog.getVendorTableFileStatus() == FILESTATUS_FROM_CODE) { + writeOut("*** NOTE: " + + "The file vendor-table.json file was not accessible from the filesystem,\n" + + " so the vendor-table.json from code was " + + "used. If updates were made in the\n" + + " filesystem file, they will not be reflected. " + + "This affects parsing in some\n" + + " Secure Boot PCR 7 events.\n\n"); + } } int eventCount = 0; for (TpmPcrEvent event : evLog.getEventList()) { From c7e9e987762b502dabeccf5d6ac0a94af3925df5 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Mon, 3 Jun 2024 17:37:18 -0400 Subject: [PATCH 11/17] fixed file not found try/catch --- .../src/main/java/hirs/utils/JsonUtils.java | 28 ++++++------------- .../utils/tpm/eventlog/uefi/UefiGuid.java | 2 +- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java index 0bbbd9ee..7340a976 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java +++ b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java @@ -3,6 +3,7 @@ package hirs.utils; import com.eclipsesource.json.Json; import com.eclipsesource.json.JsonObject; import hirs.utils.tpm.eventlog.uefi.UefiGuid; +import hirs.utils.xjc.Resource; import lombok.AccessLevel; import lombok.NoArgsConstructor; import lombok.extern.log4j.Log4j2; @@ -127,29 +128,18 @@ public final class JsonUtils { } public static JsonObject getJsonObject(final String jsonFilename, final Charset charset) { - // find the file and load it JsonObject jsonObject = new JsonObject(); - try { - InputStream jsonIs = UefiGuid.class + InputStream jsonIs = UefiGuid.class .getClassLoader().getResourceAsStream(jsonFilename); - jsonObject = Json.parse(new InputStreamReader(jsonIs, - charset)).asObject(); - } catch (IOException e) { - throw new RuntimeException(e); + if (jsonIs != null) { + try { + jsonObject = Json.parse(new InputStreamReader(jsonIs, + charset)).asObject(); + } catch (IOException ex) { + jsonObject = new JsonObject(); + } } - // if (Files.notExists(jsonPath)) { -// log.warn(String.format("No file found at %s.", jsonPath.toString())); -// } else { -// try { -// InputStream inputStream = new FileInputStream(jsonPath.toString()); -// jsonObject = Json.parse(new InputStreamReader(inputStream, -// charset)).asObject(); -// } catch (IOException ex) { -// // add log file thing here indication issue with JSON File -// jsonObject = new JsonObject(); -// } -// } return jsonObject; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 4e8fb969..e5d00236 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -45,7 +45,7 @@ public class UefiGuid { private static final Path JSON_PATH = FileSystems.getDefault().getPath("/etc", "hirs", "aca", "default-properties", "vendor-table.json"); - private static final String JSON_FILENAME = "vendor-table3.json"; + private static final String JSON_FILENAME = "vendor-table2.json"; private JsonObject uefiVendorRef; /** Track status of vendor-table.json */ From 6c44868ba52a2e2a66c906ae7f0c865d6800cf46 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Mon, 3 Jun 2024 18:07:04 -0400 Subject: [PATCH 12/17] cleaning up comments --- .../src/main/java/hirs/utils/JsonUtils.java | 38 +++++++++++++++++-- .../utils/tpm/eventlog/uefi/UefiGuid.java | 3 +- 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java index 7340a976..ada0e133 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java +++ b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java @@ -101,15 +101,31 @@ public final class JsonUtils { return jsonObject; } - - - - + + /** + * Getter for the JSON Object that is associated with the elementName value + * mapped in the associated JSON file. + * Default {@link java.nio.charset.Charset} is UTF 8 + * + * @param jsonFilename the object holding the name of the file in classpath to parse. + * @param elementName the specific object to pull from the file + * @return a JSON object + */ public static JsonObject getSpecificJsonObject(final String jsonFilename, final String elementName) { // find the file and load it return getSpecificJsonObject(jsonFilename, elementName, StandardCharsets.UTF_8); } + /** + * Getter for the JSON Object that is associated with the elementName value + * mapped in the associated JSON file. + * Default {@link java.nio.charset.Charset} is UTF 8 + * + * @param jsonFilename the object holding the name of the file in classpath to parse. + * @param elementName the specific object to pull from the file + * @param charset the character set to use + * @return a JSON object + */ public static JsonObject getSpecificJsonObject(final String jsonFilename, final String elementName, final Charset charset) { @@ -123,10 +139,24 @@ public final class JsonUtils { return new JsonObject(); } + /** + * Getter for the JSON Object that is mapped in the associated JSON file. + * Default {@link java.nio.charset.Charset} is UTF 8 + * + * @param jsonFilename the object holding the name of the file in classpath to parse. + * @return a JSON object + */ public static JsonObject getJsonObject(final String jsonFilename) { return getJsonObject(jsonFilename, StandardCharsets.UTF_8); } + /** + * Getter for the JSON Object that is mapped in the associated JSON file. + * + * @param jsonFilename the object holding the name of the file in classpath to parse. + * @param charset the character set to use + * @return a JSON object + */ public static JsonObject getJsonObject(final String jsonFilename, final Charset charset) { JsonObject jsonObject = new JsonObject(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index e5d00236..e34c0384 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -88,8 +88,7 @@ public class UefiGuid { } else { // could not access vendor-table.json from filesystem, so attempt to access from code - uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_FILENAME, "VendorTable", - StandardCharsets.UTF_8); + uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_FILENAME, "VendorTable"); if(!isVendorTableReferenceHandleEmpty()) { vendorTableFileStatus = FILESTATUS_FROM_CODE; } From 61044ba3c9b889cf415457150710dad537d7a9cc Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Mon, 3 Jun 2024 18:19:57 -0400 Subject: [PATCH 13/17] cleaning up comments --- HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java | 5 +---- .../java/hirs/utils/tpm/eventlog/TpmPcrEvent.java | 1 - .../hirs/utils/tpm/eventlog/uefi/UefiGuid.java | 14 -------------- .../utils/tpm/eventlog/uefi/UefiSignatureList.java | 4 ---- .../hirs/utils/tpm/eventlog/uefi/UefiVariable.java | 1 - 5 files changed, 1 insertion(+), 24 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java index ada0e133..f2874162 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java +++ b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java @@ -3,17 +3,14 @@ package hirs.utils; import com.eclipsesource.json.Json; import com.eclipsesource.json.JsonObject; import hirs.utils.tpm.eventlog.uefi.UefiGuid; -import hirs.utils.xjc.Resource; import lombok.AccessLevel; import lombok.NoArgsConstructor; import lombok.extern.log4j.Log4j2; -import java.io.BufferedReader; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.UnsupportedEncodingException; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.nio.file.Files; @@ -101,7 +98,7 @@ public final class JsonUtils { return jsonObject; } - + /** * Getter for the JSON Object that is associated with the elementName value * mapped in the associated JSON file. diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java index 0b62726c..aac18480 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java @@ -34,7 +34,6 @@ import java.security.cert.CertificateException; import java.util.Arrays; import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE; /** * Class to process a TCG_PCR_EVENT. diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index e34c0384..464b5a85 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -1,27 +1,13 @@ package hirs.utils.tpm.eventlog.uefi; -import com.eclipsesource.json.Json; import com.eclipsesource.json.JsonObject; import hirs.utils.HexUtils; import hirs.utils.JsonUtils; -import hirs.utils.rim.ReferenceManifestValidator; import lombok.Getter; -import org.apache.commons.io.IOUtils; -import javax.xml.transform.Source; -import javax.xml.transform.stream.StreamSource; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.UnsupportedEncodingException; import java.math.BigInteger; -import java.net.URISyntaxException; -import java.net.URL; -import java.nio.charset.StandardCharsets; import java.nio.file.FileSystems; import java.nio.file.Path; -import java.nio.file.Paths; import java.util.UUID; import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_CODE; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index bca52b15..e1a00c57 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -121,10 +121,6 @@ public class UefiSignatureList { lists.read(guid); signatureType = new UefiGuid(guid); vendorTableFileStatus = signatureType.getVendorTableFileStatus(); -// if(signatureType.isVendorTableReferenceHandleEmpty()) { -// bVendorTableFileInaccessbile = true; -// vendorTableFileStatus = FILE_NOT_ACCESSIBLE; -// } // if signatureType is invalid, don't even process any of the data // however, if signatureTYpe is valid, but some of the data later on is invalid, that will diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java index 7aeeefc3..ea01c189 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java @@ -12,7 +12,6 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; -import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_CODE; import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM; import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE; From 5fec15135e75741fe8085bf9806d409828419916 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Tue, 4 Jun 2024 08:41:52 -0400 Subject: [PATCH 14/17] cleaning up comments --- .../hirs/utils/tpm/eventlog/TCGEventLog.java | 2 +- .../hirs/utils/tpm/eventlog/TpmPcrEvent.java | 2 +- .../hirs/utils/tpm/eventlog/uefi/UefiGuid.java | 16 ++++++++++++---- .../tpm/eventlog/uefi/UefiSignatureList.java | 4 +++- .../utils/tpm/eventlog/uefi/UefiVariable.java | 2 +- 5 files changed, 18 insertions(+), 8 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java index e380bf4a..7c0142f4 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java @@ -86,7 +86,7 @@ public final class TCGEventLog { * Default is normal status (normal status is from-filesystem). * Status will only change IF there is a UefiVariable event in this log, * and if that event causes a different status. - * */ + */ @Getter private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java index aac18480..1df953f1 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java @@ -125,7 +125,7 @@ public class TpmPcrEvent { * Default is normal status (normal status is from-filesystem). * Status will only change IF this is an event that has a UefiVariable, * and if that event causes a different status. - * */ + */ @Getter private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 464b5a85..5d37abf9 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -27,14 +27,22 @@ public class UefiGuid { * used for conversion to uuid time. */ private static final int UUID_EPOCH_DIVISOR = 10000; - + /** + * Filesystem path of vendor-table.json + */ private static final Path JSON_PATH = FileSystems.getDefault().getPath("/etc", "hirs", "aca", "default-properties", "vendor-table.json"); - + /** + * Name of vendor-table file in code + */ private static final String JSON_FILENAME = "vendor-table2.json"; - + /** + * Reference to the vendor-table json object + */ private JsonObject uefiVendorRef; - /** Track status of vendor-table.json */ + /** + * Track status of vendor-table.json + */ @Getter private String vendorTableFileStatus = FILESTATUS_NOT_ACCESSIBLE; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index e1a00c57..e98e0990 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -71,7 +71,9 @@ public class UefiSignatureList { * Type of signature. */ private UefiGuid signatureType = null; - /** Track status of vendor-table.json */ + /** + * Track status of vendor-table.json + */ @Getter private String vendorTableFileStatus = FILESTATUS_NOT_ACCESSIBLE; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java index ea01c189..ba6607b2 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java @@ -71,7 +71,7 @@ public class UefiVariable { * The default here is that each list correctly grabbed the file from file system. * If any one list has issues, this overall status will change to reflect the * problematic list's status. - * */ + */ @Getter private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM; From ad4277617970b03c80cc58bbdb75f589bfc7c5ed Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Tue, 4 Jun 2024 16:39:00 -0400 Subject: [PATCH 15/17] minor change --- .../main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 5d37abf9..9ea03d23 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -31,11 +31,14 @@ public class UefiGuid { * Filesystem path of vendor-table.json */ private static final Path JSON_PATH = FileSystems.getDefault().getPath("/etc", - "hirs", "aca", "default-properties", "vendor-table.json"); + "hirs", "aca", "default-properties", "vendor-table3.json"); /** * Name of vendor-table file in code */ - private static final String JSON_FILENAME = "vendor-table2.json"; + private static final String JSON_FILENAME = "vendor-table.json"; +// private static final String JSON_FILENAME = "vendor-table2.json"; +// private static final String JSON_FILENAME = "../../../HIRS_AttestationCA/src/main/resources/vendor-table.json"; +// private static final String JSON_FILENAME = "/src/main/resources/vendor-table2.json"; /** * Reference to the vendor-table json object */ From ece30d420ca71e64ad6adddfb59da076cde13dd0 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Wed, 5 Jun 2024 12:30:01 -0400 Subject: [PATCH 16/17] did final move of the vendor-table.json file after testing; fixed json-accepted quotes in spdm file --- HIRS_AttestationCAPortal/build.gradle | 2 +- .../events/EvEfiSpdmFirmwareBlob.java | 2 +- .../utils/tpm/eventlog/uefi/UefiGuid.java | 5 +- .../src/main/resources/vendor-table.json | 0 .../src/main/resources/vendor-table2.json | 233 ------------------ package/linux/aca/aca_setup.sh | 2 +- package/win/aca/aca_setup.ps1 | 2 +- 7 files changed, 5 insertions(+), 241 deletions(-) rename {HIRS_AttestationCA => HIRS_Utils}/src/main/resources/vendor-table.json (100%) delete mode 100644 HIRS_Utils/src/main/resources/vendor-table2.json diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 21dab209..f18edb21 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -124,7 +124,7 @@ ospackage { // copy json tables into ('/etc/hirs/aca/default-properties') { from '../HIRS_AttestationCA/src/main/resources/component-class.json' - from '../HIRS_AttestationCA/src/main/resources/vendor-table.json' + from '../HIRS_Utils/src/main/resources/vendor-table.json' } // copy springboot property file into ('/etc/hirs/aca/') { diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java index da83c51f..f371d213 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java @@ -23,7 +23,7 @@ import java.nio.charset.StandardCharsets; * NUL-terminated, per PFP. The only currently defined Signature is "SPDM Device Sec", * which implies the data is a DEVICE_SECURITY_EVENT_DATA or ..DATA2. * The EV_EFI_SPDM_FIRMWARE_BLOB event is used to record an extended digest for the firmware of - * an embedded component or an add-in device that supports SPDM “GET_MEASUREMENTS” functionality. + * an embedded component or an add-in device that supports SPDM "GET_MEASUREMENTS" functionality. * This event records extended digests of SPDM GET_MEASUREMENT responses that correspond to * firmware, such as immutable ROM, mutable firmware, firmware version, firmware secure version * number, etc. diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index 9ea03d23..f15f49c1 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -31,14 +31,11 @@ public class UefiGuid { * Filesystem path of vendor-table.json */ private static final Path JSON_PATH = FileSystems.getDefault().getPath("/etc", - "hirs", "aca", "default-properties", "vendor-table3.json"); + "hirs", "aca", "default-properties", "vendor-table.json"); /** * Name of vendor-table file in code */ private static final String JSON_FILENAME = "vendor-table.json"; -// private static final String JSON_FILENAME = "vendor-table2.json"; -// private static final String JSON_FILENAME = "../../../HIRS_AttestationCA/src/main/resources/vendor-table.json"; -// private static final String JSON_FILENAME = "/src/main/resources/vendor-table2.json"; /** * Reference to the vendor-table json object */ diff --git a/HIRS_AttestationCA/src/main/resources/vendor-table.json b/HIRS_Utils/src/main/resources/vendor-table.json similarity index 100% rename from HIRS_AttestationCA/src/main/resources/vendor-table.json rename to HIRS_Utils/src/main/resources/vendor-table.json diff --git a/HIRS_Utils/src/main/resources/vendor-table2.json b/HIRS_Utils/src/main/resources/vendor-table2.json deleted file mode 100644 index d411dd50..00000000 --- a/HIRS_Utils/src/main/resources/vendor-table2.json +++ /dev/null @@ -1,233 +0,0 @@ -{ - "VendorTable": { - "_comment_1": "UUIDS listed in the UEFI Specification", - "eb9d2d30-2d88-11d3-9a16-0090273fc14d": "ACPI_TABLE_GUID", - "eb9d2d32-2d88-11d3-9a16-0090273fc14d": "SAL_SYSTEM_TABLE_GUID", - "eb9d2d31-2d88-11d3-9a16-0090273fc14d": "SMBIOS_TABLE_GUID", - "f2fd1544-9794-4a2c-992e-e5bbcf20e394": "SMBIOS3_TABLE_GUID", - "eb9d2d2f-2d88-11d3-9a16-0090273fc14d": "MPS_TABLE_GUID", - "8868e871-e4f1-11d3-bc22-0080c73c8881": "EFI_ACPI_TABLE_GUID", - "87367f87-1119-41ce-aaec-8be01101f558": "EFI_JSON_CONFIG_DATA_TABLE_GUID", - "35e7a725-8dd2-4cac-8011-33cda8109056": "EFI_JSON_CAPSULE_DATA_TABLE_GUID", - "dbc461c3-b3de-422a-b9b4-9886fd49a1e5": "EFI_JSON_CAPSULE_RESULT_TABLE_GUID", - "77ab535a-45fc-624b-5560-f7b281d1f96e": "EFI_VIRTUAL_DISK_GUID", - "3d5abd30-4175-87Ce-6d64-d2ADe523C4bb": "EFI_VIRTUAL_CD_GUID", - "5Cea02c9-4d07-69d3-269f-4496Fbe096f9": "EFI_PERSISTENT_VIRTUAL_DISK_GUID", - "08018188-42cd-bb48-100f-5387D53ded3d": "EFI_PERSISTENT_VIRTUAL_CD_GUID", - "_comment_2": "DXE GUIds from https://github.com/linuxboot/linuxboot/blob/master/boards/qemu/image-files.txt", - "fc510ee7-ffdc-11d4-bd41-0080c73c8881": "DXE Apriori-FVRECOVERY", - "1b45cc0a-156a-428a-62af-49864da0e6e6": "PEI Apriori file name", - "80cf7257-87ab-47f9-a3fe-d50b76d89541": "PcdDxe", - "b601f8c4-43b7-4784-95b1-f4226cb40cee": "RuntimeDxe", - "f80697e9-7fd6-4665-8646-88e33ef71dfc": "SecurityStubDxe", - "1a1e4886-9517-440e-9fde-3be44cee2136": "CpuDxe", - "11a6edf6-a9be-426d-a6cc-b22fe51d9224": "PciHotPlugInitDxe", - "128fb770-5e79-4176-9e51-9bb268a17dd1": "PciHostBridgeDxe", - "93b80004-9fb3-11d4-9a3a-0090273fc14d": "PCI Bus Driver - PciBusDxe", - "9b680fce-ad6b-4f3a-b60b-f59899003443": "DevicePathDxe", - "f9d88642-0737-49bc-81b5-6889cd57d9ea": "SmbiosDxe", - "4110465d-5ff3-4f4b-b580-24ed0d06747a": "SmbiosPlatformDxe", - "9622e42c-8e38-4a08-9e8f-54f784652f6b": "AcpiTableDxe", - "49970331-e3fa-4637-9abc-3b7868676970": "AcpiPlatform", - "7e374e25-8e01-4fee-87f2-390c23c606cd": "ACPI data", - "bdce85bb-fbaa-4f4e-9264-501a2c249581": "S3SaveStateDxe", - "d9dcc5df-4007-435e-9098-8970935504b2": "PlatformDxe", - "8657015b-ea43-440d-949a-af3be365c0fc": "IoMmuDxe", - "cbd2e4d5-7068-4ff5-b462-9822b4ad8d60": "VariableRuntimeDxe", - "_comment_3": "PIWG Dxe driver Files (FvFile)from https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1272444", - "70d57d67-7f05-494d-a014-b75d7345b700": "Storage Security Command Driver", - "3acc966d-8e33-45c6-b4fe-62724bcd15a9": "AHCI Bus Driver", - "67bbc344-84bc-4e5c-b4df-f5e4a00e1f3a": "Host Controller Driver", - "86edaae5-073c-4c89-b949-8984ac8a55f3": "MMC/SD Media Device Driver", - "9e863906-a40f-4875-977F-5b93ff237fc6": "Serial Terminal Driver", - "a6cc6bc8-2ada-46C3-bba4-e99672CC9530": "PCI Serial Driver", - "69fd8e47-a161-4550-b01a-5594ceb2b2b2": "PCI IDE/ATAPI Bus Driver", - "51ccf399-4fdf-4e55-a45b-e123f84d456a": "Platform Console Management Driver", - "6b38f7b4-ad98-40e9-9093-aca2b5a253c4": "Generic Disk I/O Driver", - "2d2e62cf-9ecf-43b7-8219-94e7fC713dfe": "Usb Keyboard Driver", - "9fb4b4a7-42C0-4bcd-8540-9bcc6711f83e": "Usb Mass Storage Driver", - "e3752948-b9a1-4770-90c4-df41c38986be": "QEMU Video Driver", - "240612B7-a063-11d4-9a3a-0090273fc14d": "Usb Bus Driver", - "bdfe430e-8F2a-4db0-9991-6f856594777e": "Usb Ehci Driver", - "2fb92efa-2ee0-4bae-9eB6-7464125E1EF7": "Usb Ehci Driver", - "a92cdb4b-82f1-4e0b-a516-8a655d371524": "Virtio Network Driver", - "4579b72d-7ec4-4dd4-8486-083c86b182a7": "iSCSI Driver", - "3b1deaB5-c75d-442e-9238-8e2ffb62b0bb": "UEFI PXE Base Code Driver", - "6b6963ab-906d-4a65-a7ca-bd40e5d6af2b": "UDP Network Service Driver", - "6d6963ab-906d-4a65-a7ca-bd40e5d6af4d": "Tcp Network Service Driver", - "dc3641b8-2fa8-4ed3-bc1f-f9962a03454b": "MTFTP4 Network Service Driver", - "9fb1a1f3-3b71-4324-b39a-745cbb015fff": "IP4 Network Service Driver", - "26841bde-920a-4e7a-9Fbe-637f477143a6": "IP4 CONFIG Network Service Driver", - "94734718-0bbc-47fb-96a5-ee7a5ae6a2ad": "DHCP Protocol Driver", - "529d3f93-e8e9-4e73-b1e1-bdf6a9d50113": "ARP Network Service Driver", - "e4f61863-fe2c-4b56-a8d4-08519bc439df": "VLAN Configuration Driver", - "a2f436ea-a127-4ef8-957c-8048606ff670": "Simple Network Protocol Driver", - "961578fe-b6b7-44c3-af35-6bc705cd2b1f": "FAT File System Driver", - "0abd8284-6da3-4616-971a-83a5148067ba": "ISA Floppy Driver", - "3dc82376-637b-40a6-a8fc-a565417f2c38": "PS/2 Keyboard Driver", - "93b80003-9fb3-11d4-9a3a-0090273fc14d": "ISA Serial Driver", - "240612b5-a063-11d4-9a3a-0090273fc14a": "ISA Bus Driver", - "99549f44-49bb-4820-b9d2-901329412d67": "IDE Controller Init Driver", - "0a66e322-3740-4cce-ad62-bd172cecca35": "Scsi Disk Driver", - "1fa1f39e-feff-4aae-bd7b-38a070a3b609": "Partition Driver", - "9e863906-a40f-4875-977f-5b93ff237fc6": "Serial Terminal Driver", - "cccb0c28-4b24-11d5-9a5a-0090273fc14d": "Graphics Console Driver", - "408edcec-cf6d-477c-a5a8-b4844e3de281": "Console Splitter Driver", - "fab5d4f4-83c0-4aaf-8480-442d11df6cea": "Virtio SCSI Host Driver", - "11d92dfb-3Ca9-4f93-ba2e-4780ed3e03b5": "Virtio Block Driver", - "33cb97af-6c33-4c42-986b-07581fa366d4": "Block MMIO to Block IO Driver", - "_comment_4": "PIWG Volumes (Fv)", - "a881d567-6cb0-4eee-8435-2e72d33e45B5": "PIWG Default Volume", - "_comment_5": "UEFI UUIDS for Certificates", - "3c5766e8-269c-4e34-aa14-ed776e85b3b6": "EFI_CERT_RSA2048_GUID", - "e2b36190-879b-4a3d-ad8d-f2e7bba32784": "EFI_CERT_RSA2048_SHA256_GUID", - "c1c41626-504c-4092-aca9-41f936934328": "EFI_CERT_SHA256_GUID", - "826ca512-cf10-4ac9-b187-be01496631bd": "EFI_CERT_SHA1_GUID", - "67f8444f-8743-48f1-a328-1eaab8736080": "EFI_CERT_RSA2048_SHA1_GUID", - "a5c059a1-94e4-4aa7-87b5-ab155c2bf072": "EFI_CERT_X509_GUID", - "0b6e5233-a65c-44c9-9407-d9ab83bfc8bd": "EFI_CERT_SHA224_GUID", - "ff3e5307-9fd0-48c9-85f1-8ad56c701e01": "EFI_CERT_SHA384_GUID", - "093e0fae-a6c4-4f50-9f1b-d41e2b89c19a": "EFI_CERT_SHA512_GUID", - "3bd2a492-96c0-4079-b420-fcf98ef103ed": "EFI_CERT_X509_SHA256_GUID", - "7076876e-80c2-4ee6-aad2-28b349a6865b": "EFI_CERT_X509_SHA384_GUID", - "446dbf63-2502-4cda-bcfa-2465d2b0fe9d": "EFI_CERT_X509_SHA512_GUID", - "a7717414-c616-4977-9420-844712a735bf": "EFI_CERT_TYPE_RSA2048_SHA256_GUID", - "_comment_6": "UEFI defined variables", - "452e8ced-dfff-4b8c-ae01-5118862e682c": "EFI_CERT_EXTERNAL_MANAGEMENT_GUID", - "d719b2cb-3d3a-4596-a3bc-dad00e67656f": "EFI_IMAGE_SECURITY_DATABASE_GUID", - "4aafd29d-68df-49ee-8aa9-347d375665a7": "EFI_CERT_TYPE_PKCS7_GUID", - "c12a7328-f81f-11d2-ba4b-00a0c93ec93b": "EFI System Partition", - "024DEE41-33E7-11D3-9D69-0008C781F39F": "Partition containing a legacy MBR", - "_comment_7": "RHBoot UEFI Application UUIDs From listed in RHBoot (RHShim) https://github.com/rhboot/efivar/blob/master/src/guids.txt", - "0abba7dc-e516-4167-bbf5-4d9d1c739416": "fwupdate:", - "3b8c8162-188c-46a4-aec9-be43f1d65697": "ux_capsule", - "605dab50-e046-4300-abb6-3dd810dd8b23": "RH_Shim", - "8be4df61-93ca-11d2-aa0d-00e098032b8c": "EFI_Global_Variable", - "91376aff-cba6-42be-949d-06fde81128e8": "GRUB", - "_comment_8": "Partition Table GUIDs", - "0fc63daf-8483-4772-8e79-3d69d8477de4": "Linux filesystem data", - "e6d6d379-f507-44c2-a23c-238f2a3df928": "Logical Volume Manager (LVM) partition", - "4f68bce3-e8cd-4db1-96e7-fbcaf984b709": "Root partition (x86-64)", - "a19d880f-05fc-4d3b-a006-743f0f84911e": "RAID partition", - "933ac7e1-2eb4-4f13-b844-0e14e2aef915": "/home partition[ (x86-64)", - "ebd0a0a2-b9e5-4433-87c0-68b6b72699c7": "GPT Basic data partition", - "_comment_9": "RHBoot Lenovo specific UUIDS", - "3cc24e96-22c7-41d8-8863-8e39dcdcc2cf": "lenovo", - "82988420-7467-4490-9059-feb448dd1963": "lenovo_me_config", - "f7e615b-0d45-4f80-88dc-26b234958560": "lenovo_diag", - "665d3f60-ad3e-4cad-8e26-db46eee9f1b5": "lenovo_rescue", - "721c8b66-426c-4e86-8e99-3457c46ab0b9": "lenovo_setup", - "f46ee6f4-4785-43a3-923d-7f786c3c8479": "lenovo_startup_interrupt", - "126a762d-5758-4fca-8531-201a7f57f850": "lenovo_boot_menu", - "a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380": "lenovo_diag_splash", - "_comment_10": "Company UUIDs (From Internet searches)", - "77fa9abd-0359-4d32-bd60-28f4e78f784b": "Microsoft Inc.", - "f5a96b31-dba0-4faa-a42a-7a0c9832768e": "HPE Inc.", - "2879c886-57ee-45cc-b126-f92f24f906b9": "SUSE Certificate", - "70564dce-9afc-4ee3-85fc-949649d7e45c": "Dell Inc.", - "_comment_11": "Intel GUIDS", - "bfcc0833-2125-42d1-8c6d-13821e23c078": "Intel(R) Desktop Boards", - "80b3ad5b-9880-4af9-a645-e56a68be89de": "Intel(R) CISD FW Update", - "_comment_12": "Microsoft GUIDS", - "e3c9e316-0b5c-4db8-817d-f92df00215ae": "Microsoft Reserved Partition (MSR)", - "5808c8aa-7e8f-42e0-85d2-e1e90434cfb3": "Logical Disk Manager (LDM) metadata partition ", - "af9b60a0-1431-4f62-bc68-3311714a69ad": "Logical Disk Manager data partition", - "de94bba4-06d1-4d40-a16a-bfd50179d6ac": "Windows Recovery Environment", - "9f25ee7a-e7b7-11db-94b5-f7e662935912": "Windows Boot Loader", - "_comment_13": "Linux specific GUIDS", - "0fc63daf-8483-4772-8e79-3d69d8477de": "Linux filesystem data", - "44479540-f297-41b2-9af7-d131d5f0458a4": "Root partition (x86)", - "69dad710-2ce4-4e3c-b16c-21a1d49abed3": "Root partition (32-bit ARM)", - "b921b045-1df0-41c3-af44-4c6f280d3fae": "Root partition (64-bit ARM/AArch64)", - "0657fd6d-a4ab-43c4-84e5-0933c84b4f4f": "Swap partition", - "3b8f8425-20e0-4f3b-907f-1a25a76f98e8": "/srv (server data) partition", - "7ffec5c9-2d00-49b7-8941-3ea10a5586b7": "Plain dm-crypt partitiont", - "ca7d7ccb-63ed-4c53-861c-1742536059cc": "LUKS partition", - "_comment_14": "Linux Boot GUIDS https://github.com/linuxboot/linuxboot/blob/master/boards/s2600wf/vendor-files.txt", - "9cfd802c-09a1-43d6-8217-aa49c1f90d2c": "Intel Management Engine BIOS Extension (Mebx)", - "b62efbbb-3923-4cb9-a6e8-db818e828a80": "Intel Management Engine BIOS Extension (Mebx) Setup Browser", - "9ce4325e-003e-11e3-b582-b8ac6f199a57": "Non-Volatile Dual In-line Memory Module (NVDIMM) Driver", - "ea9de6d5-7839-46f7-9e63-4de8b00e2e5d": "NVM DIMM Human Interface Infrastructure (HII)", - "56a1b86f-0d4a-485d-87de-ad0eba1c8c2a": "IBM C Video Gop", - "a1f436ea-a127-4ef8-957c-8048606ff670": "SnpDxe", - "a210f973-229d-4f4d-aa37-9895e6c9eaba": "DpcDxe", - "025bbfc7-e6a9-4b8b-82ad-6815a1aeaf4a": "MNP Network Service Driver - MnpDxe", - "b44b2005-42bc-41c9-80af-abd7dc7d6923": "RSTesSATAEFI", - "15e1e31a-9f9d-4c84-82fb-1a707fc0f63b": "RSTeSATAEFI", - "2cc25173-bd9f-4c89-89cc-29256a3fd9c3": "RSTesSATALegacy", - "bd5d4ca5-674f-4584-8cf9-ce4ea1f54dd1": "RSTeSATALegacy", - "_comment_15": "WinNt GUIDs, add if they are still found in use https://sourceforge.net/p/uefinotes/wiki/FV%20Sources/?version=3", - "fc5c7020-1a48-4198-9be2-ead5abc8cf2f": "BdsDxe", - "d0893f05-b06d-4161-b947-9be9b85ac3a1": "SnpNt32Dxe", - "9b3ada4f-ae56-4c24-8Dea-f03b7558ae50": "PcdPeim", - "34c8c28F-b61c-45a2-8f2e-89e46becc63b": "PeiVariable", - "fe5cea76-4f72-49e8-986f-2cd899dffe5d": "FaultTolerantWriteDxe", - "_comment_16": "Linux Boot Image files UEFI Platform Initialization (PI) specifications Driver Execution Environment (DXE) Architectural protocols and platform modules https://github.com/linuxboot/linuxboot/blob/master/boards/winterfell/image-files.txt", - "5ae3f37e-4eae-41ae-8240-35465b5e81eb": "CORE_DXE", - "cbc59c4a-383a-41eb-a8ee-4498aea567e4": "DXE Runtime", - "3c1de39f-d207-408a-aacc-731cfb7f1dd7": "DXE PciBus", - "80e66e0a-ccd1-43fa-a7b1-2d5ee0f13910": "DXE PciRootBridge", - "9f3a0016-ae55-4288-829d-d22fd344c347": "DXE AmiBoardInfo", - "13ac6dd0-73d0-11d4-b06b-00aa00bd6de7": "DXE EBC", - "e03abadf-e536-4e88-b3a0-b77f78eb34fe": "CPU DXE", - "b7d19491-e55a-470d-8508-85a5dfa41974": "SBDXE", - "e23f86e1-056e-4888-b685-cfcd67c179d4": "DXE SBRun", - "e4ecd0b2-e277-4f2b-becb-e4d75c9a812e": "NBDXE", - "5ad34ba6-f024-2149-52e4-da0398e2bb9": "DXE Services Table", - "_comment_17": "ACPI configuration and tables", - "750890a6-7acf-4f4f-81bd-b400c2bea95a": "AcpiModeEnable", - "d4c05cd1-5eae-431d-a095-13a9e5822045": "MPST", - "db93cb2c-bf1c-431a-abc8-8737bc2afc1f": "PRAD-ACPI-table", - "3bc5b795-a4e0-4d56-9321-316d18a7aefe": "PRAD", - "16d0a23e-c09c-407d-a14a-ad058fdd0ca1": "ACPI", - "26a2481e-4424-46a2-9943-cc4039ead8f8": "S3Save", - "efd652cc-0e99-40f0-96c0-e08c089070fc": "S3Restore", - "8c783970-f02a-4a4d-af09-8797a51eec8d": "PowerManagement", - "299141bb-211a-48a5-92c0-6f9a0a3a006e0": "PowerManagement-ACPI-table", - "2df10014-cf21-4280-8c3f-e539b8ee5150": "PpmPolicyInitDxe", - "4b680e2d-0d63-4f62-b930-7ae995b9b3a3": "SmBusDxe", - "_comment_18": "SMM handlers", - "4a37320b-3fb3-4365-9730-9e89c600395d": "SmmDispatcher", - "753630c9-fae5-47a9-bbbf-88d621cd7282": "SmmChildDispatcher", - "be216ba8-38c4-4535-a6ca-5dca5b43addf": "SmiVariable", - "a56897a1-a77f-4600-84db-22b0a801fa9a": "SmmRuntime", - "d2596f82-f0e1-49fa-95bc-62012c795728": "SmmBase Data", - "69009842-63f2-43db-964b-efad1c39ec85": "SmmBase Data", - "d0632c90-afd7-4492-b186-257c63143c61": "SmmBase", - "7e2d983f-f703-4a29-9761-77b51f5354ed": "SmmCommunicate", - "_comment_19": "CMOS and NVRAM handlers", - "6869c5b3-ac8d-4973-8b37-e354dbf34add": "CmosManagerSmm", - "842a454a-75e5-408b-8b1c-36420e4e3f21": "NvramSmi", - "5446c293-339b-47cd-b719-585de39408cc": "PostReport", - "71ca9ca1-325d-4bfe-afa3-2ec5c94a8680": "DmAcpi", - "cef68c66-06ab-4fb3-a3ed-5ffa885b5725": "SMBiosBoard", - "b13edd38-684c-41ed-a305-d7b7e32497df": "SMBios64", - "ded7956d-7e20-4f20-91a1-190439b04d5b": "SmbiosGetFlashData64", - "daf4bf89-ce71-4917-b522-c89d32fbc59f": "SmbiosStaticData", - "_comment_20": "Apple GUIDS", - "48465300-0000-11aa-aa11-00306543ecac": "Apple Hierarchical File System Plus (HFS+) partition ", - "7c3457ef-0000-11aa-aa11-00306543ecac": "Apple APFS container", - "55465300-0000-11aa-aa11-00306543ecac": "Apple UFS container", - "52414944-0000-11aa-aa11-00306543ecac": "Apple RAID partition", - "4c616265-6c00-11aa-aa11-00306543ecac": "Apple Label", - "53746f72-6167-11aa-aa11-00306543ecac": "Apple Core Storage Container", - "6a898cc3-1dd2-11b2-99a6-080020736631": "ZFS Partition", - "_comment_21": "Chrome OS GUIDS", - "2568845d-2332-4675-bc39-8fa5a4748d15": "Chrome OS kernel ", - "3cb8e202-3b7e-47dd-8a3c-7ff2a13cfcec": "Chrome OS rootfs ", - "2e0a753d-9e48-43b0-8337-b15192cb1b5e": "Chrome OS future use ", - "_comment_22": "Android GUIDS", - "fe3a2a5d-4f32-41a7-b725-accc3285a309": "Android Bootloader", - "114eaffe-1552-4022-b26e-9b053604cf84": "Android Bootloader 2", - "49a4d17f-93a3-45c1-a0de-f50b2ebe2599": "Android Boot", - "4177c722-9e92-4aab-8644-43502bfd5506": "Android Recovery", - "38f428e6-d326-425d-9140-6e0ea133647c": "Android System", - "bd59408b-4514-490d-bf12-9878d963f378": "Android Config", - "8f68cc74-c5e5-48da-be91-a0c8c15e9c80": "Android Factory", - "ac6d7924-eb71-4df8-b48d-e267b27148ff": "Android OEM", - "_comment_23": "MISC GUIDs", - "5023b95c-db26-429b-a648-bd47664c8012": "Built-in EFI Shell", - "610a0202-d308-00c4-0000-000004300d06": "Mystery UUID", - "00000000-0000-0000-0000-000000000000": "Empty UUID" - } -} diff --git a/package/linux/aca/aca_setup.sh b/package/linux/aca/aca_setup.sh index b36c3fa4..bfeeb938 100755 --- a/package/linux/aca/aca_setup.sh +++ b/package/linux/aca/aca_setup.sh @@ -17,7 +17,7 @@ ACA_VERSION_FILE="/opt/hirs/aca/VERSION" SPRING_PROP_FILE="/etc/hirs/aca/application.properties" PROP_FILE='../../../HIRS_AttestationCAPortal/src/main/resources/application.properties' COMP_JSON='../../../HIRS_AttestationCA/src/main/resources/component-class.json' -VENDOR_TABLE='../../../HIRS_AttestationCA/src/main/resources/vendor-table.json' +VENDOR_TABLE='../../../HIRS_Utils/src/main/resources/vendor-table.json' help () { echo " Setup script for the HIRS ACA" diff --git a/package/win/aca/aca_setup.ps1 b/package/win/aca/aca_setup.ps1 index 61822f41..06f69d33 100644 --- a/package/win/aca/aca_setup.ps1 +++ b/package/win/aca/aca_setup.ps1 @@ -8,7 +8,7 @@ param ( $APP_HOME=(Split-Path -parent $PSCommandPath) $ACA_COMMON_SCRIPT=(Join-Path $APP_HOME 'aca_common.ps1') $COMP_JSON=(Join-Path $APP_HOME '..' '..' '..' 'HIRS_AttestationCA' 'src' 'main' 'resources' 'component-class.json') -$VENDOR_TABLE=(Join-Path $APP_HOME '..' '..' '..' 'HIRS_AttestationCA' 'src' 'main' 'resources' 'vendor-table.json') +$VENDOR_TABLE=(Join-Path $APP_HOME '..' '..' '..' 'HIRS_Utils' 'src' 'main' 'resources' 'vendor-table.json') # Load other scripts . $ACA_COMMON_SCRIPT From 9ec4758df4ec23a0175f58f108b75dcd87747696 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Wed, 5 Jun 2024 12:57:05 -0400 Subject: [PATCH 17/17] minor change --- HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java index f2874162..6ca10ae7 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java +++ b/HIRS_Utils/src/main/java/hirs/utils/JsonUtils.java @@ -2,7 +2,6 @@ package hirs.utils; import com.eclipsesource.json.Json; import com.eclipsesource.json.JsonObject; -import hirs.utils.tpm.eventlog.uefi.UefiGuid; import lombok.AccessLevel; import lombok.NoArgsConstructor; import lombok.extern.log4j.Log4j2; @@ -157,8 +156,7 @@ public final class JsonUtils { public static JsonObject getJsonObject(final String jsonFilename, final Charset charset) { JsonObject jsonObject = new JsonObject(); - InputStream jsonIs = UefiGuid.class - .getClassLoader().getResourceAsStream(jsonFilename); + InputStream jsonIs = JsonUtils.class.getClassLoader().getResourceAsStream(jsonFilename); if (jsonIs != null) { try { jsonObject = Json.parse(new InputStreamReader(jsonIs,