From 7fd363d5a7a35daa2644dc1561de70779023cb06 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Fri, 5 Apr 2024 10:45:21 -0400 Subject: [PATCH] added files for EvEfiSpdmFirmwareBlob --- .../hirs/utils/tpm/eventlog/TpmPcrEvent.java | 4 + .../tpm/eventlog/events/EvConstants.java | 4 + .../events/EvEfiSpdmFirmwareBlob.java | 92 +++++++++++++++++++ .../evDeviceSecurityEventDataHeader.java | 4 + .../evDeviceSecurityEventDataPciContext.java | 4 + 5 files changed, 108 insertions(+) create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java index 0f2c9cc5..d2f685ba 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java @@ -374,6 +374,7 @@ public class TpmPcrEvent { break; case EvConstants.EV_EFI_HCRTM_EVENT: break; + case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB: default: sb.append("Unknown Event found\n"); } @@ -532,6 +533,7 @@ public class TpmPcrEvent { case EvConstants.EV_EFI_VARIABLE_AUTHORITY: description += "Event Content:\n" + new UefiVariable(content).toString(); break; + case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB: default: description += " Unknown Event found" + "\n"; } @@ -609,6 +611,8 @@ public class TpmPcrEvent { return "EV_EFI_HCRTM_EVENT"; } else if (event == EvConstants.EV_EFI_VARIABLE_AUTHORITY) { return "EV_EFI_VARIABLE_AUTHORITY"; + } else if (event == EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB) { + return "EV_EFI_SPDM_FIRMWARE_BLOB"; } else { return "Unknown Event ID " + event + " encountered"; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java index 07d01ea2..aaf69776 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java @@ -163,4 +163,8 @@ public final class EvConstants { * EFI Variable Authority Event ID. */ public static final int EV_EFI_VARIABLE_AUTHORITY = 0x800000E0; + /** + * EFI SPDM Firmware Blob Event ID. + */ + public static final int EV_EFI_SPDM_FIRMWARE_BLOB = 0x800000E1; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java new file mode 100644 index 00000000..e9755ad1 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java @@ -0,0 +1,92 @@ +package hirs.utils.tpm.eventlog.events; + +import hirs.utils.HexUtils; +import hirs.utils.tpm.eventlog.TcgTpmtHa; +import hirs.utils.tpm.eventlog.uefi.UefiConstants; +import lombok.Getter; + +import java.io.UnsupportedEncodingException; +import java.nio.charset.StandardCharsets; +import java.util.ArrayList; +import java.util.List; + +/** + * Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structures: + * 1) DEVICE_SECURITY_EVENT_DATA_HEADER [ delete: TCG_EfiSpecIDEvent] + * 2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT + * DEVICE_SECURITY_EVENT_DATA_HEADER + * The first 16 bytes of the event data MUST be a String based identifier (Signature), NUL-terminated. + * The only currently defined Signature is "SPDM Device Sec" + * which implies the data is a DEVICE_SECURITY_EVENT_DATA_HEADER. + * DEVICE_SECURITY_EVENT_DATA_HEADER contains the measurement(s) and hash algorithm + * (SpdmHashAlg) identifier returned by the SPDM "GET_MEASUREMENTS" function + * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT + * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT is a common SPDM structure which includes the + * identification of the device, device vendor, subsystem, etc for PCI connection devices + */ +public class EvEfiSpdmFirmwareBlob { + + /** + * Signature (text) data. + */ + private String signature = ""; + /** + * True if the event is a DEVICE_SECURITY_EVENT_DATA_HEADER. + */ + private boolean bDeviceSecurityEventDataHeader = false; + /** + * evDeviceSecurityEventDataHeader Object. + */ + @Getter + private evDeviceSecurityEventDataHeader deviceSecurityEventDataHeader = null; + + /** + * EvEfiSpdmFirmwareBlob constructor. + * + * @param eventData byte array holding the event to process. + * @throws java.io.UnsupportedEncodingException if input fails to parse. + */ + public EvEfiSpdmFirmwareBlob(final byte[] eventData) throws UnsupportedEncodingException { + byte[] signatureBytes = new byte[UefiConstants.SIZE_15]; +// System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_15); +// signature = new String(signatureBytes, StandardCharsets.UTF_8); +// signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters +// if (signature.contains("Spec ID Event03")) { // implies CryptAgileFormat +// specIDEvent = new EvEfiSpecIdEvent(eventData); +// bSpecIDEvent = true; +// } + } + + /** + * Determines if this event is a SpecIDEvent. + * + * @return true of the event is a SpecIDEvent. + */ + public boolean isDeviceSecurityEventDataHeader() { + return bDeviceSecurityEventDataHeader; + } + + /** + * Returns a description of this event. + * + * @return Human readable description of this event. + */ +// public String toString() { +// String specInfo = ""; +// if (bSpecIDEvent) { +// specInfo += " Signature = Spec ID Event03 : "; +// if (specIDEvent.isCryptoAgile()) { +// specInfo += "Log format is Crypto Agile\n"; +// } else { +// specInfo += "Log format is SHA 1 (NOT Crypto Agile)\n"; +// } +// specInfo += " Platform Profile Specification version = " +// + specIDEvent.getVersionMajor() + "." + specIDEvent.getVersionMinor() +// + " using errata version " + specIDEvent.getErrata(); +// } else { +// specInfo = "EV_NO_ACTION event named " + signature +// + " encountered but support for processing it has not been added to this application.\n"; +// } +// return specInfo; +// } +} diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java new file mode 100644 index 00000000..a0c319fa --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataHeader.java @@ -0,0 +1,4 @@ +package hirs.utils.tpm.eventlog.events; + +public class evDeviceSecurityEventDataHeader { +} diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java new file mode 100644 index 00000000..77a1368f --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/evDeviceSecurityEventDataPciContext.java @@ -0,0 +1,4 @@ +package hirs.utils.tpm.eventlog.events; + +public class evDeviceSecurityEventDataPciContext { +}