From 866e76545a1186f23c9d338278e57a069d7567de Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Mon, 24 Jun 2024 15:08:23 -0400 Subject: [PATCH] spdm processing --- .../java/hirs/utils/tpm/eventlog/TpmPcrEvent.java | 4 ++++ .../hirs/utils/tpm/eventlog/events/EvConstants.java | 4 ++++ .../utils/tpm/eventlog/uefi/UefiSignatureList.java | 4 ++-- .../hirs/utils/tpm/eventlog/uefi/UefiVariable.java | 12 ++++++++---- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java index 4912d8d4..d98abe21 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java @@ -345,6 +345,7 @@ public class TpmPcrEvent { case EvConstants.EV_EFI_VARIABLE_BOOT: case EvConstants.EV_EFI_VARIABLE_AUTHORITY: case EvConstants.EV_EFI_SPDM_DEVICE_POLICY: + case EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY: try { sb.append(new UefiVariable(eventContent).toString()); } catch (CertificateException cEx) { @@ -568,6 +569,7 @@ public class TpmPcrEvent { description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString(); break; case EvConstants.EV_EFI_SPDM_DEVICE_POLICY: + case EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY: UefiVariable efiSpdmDevPol = new UefiVariable(content); description += "Event Content:\n" + efiSpdmDevPol.toString(); vendorTableFileStatus = efiSpdmDevPol.getVendorTableFileStatus(); @@ -655,6 +657,8 @@ public class TpmPcrEvent { return "EV_EFI_SPDM_FIRMWARE_CONFIG"; } else if (event == EvConstants.EV_EFI_SPDM_DEVICE_POLICY) { return "EV_EFI_SPDM_DEVICE_POLICY"; + } else if (event == EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY) { + return "EV_EFI_SPDM_DEVICE_AUTHORITY"; } else { return "Unknown Event ID " + event + " encountered"; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java index 180f02b9..f8fff263 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java @@ -175,4 +175,8 @@ public final class EvConstants { * EFI SPDM Device Policy Event ID. */ public static final int EV_EFI_SPDM_DEVICE_POLICY = 0x800000E3; + /** + * EFI SPDM Device Authority Event ID. + */ + public static final int EV_EFI_SPDM_DEVICE_AUTHORITY = 0x800000E4; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index e98e0990..b2a682d1 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -150,9 +150,9 @@ public class UefiSignatureList { } /** - * Method for processing a set of EFI SignatureList(s). + * Method for processing the data in an EFI SignatureList (ex. can be one or more X509 certs) * - * @param efiSigData Byte array holding one or more SignatureLists + * @param efiSigData Byte array holding the SignatureList data * @throws java.security.cert.CertificateException If there's a problem parsing the X509 certificate. * @throws java.security.NoSuchAlgorithmException if there's a problem hashing the certificate. * @throws java.io.IOException If there's a problem parsing the signature data. diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java index 57f4ec1c..73ee33a1 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java @@ -128,8 +128,8 @@ public class UefiVariable { case "dbx": processSigList(uefiVariableData); break; - case "devdb": - // if it's POLICY, process Sig List; if it's AUTHORITY, process Sig Data + case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY + break; // PFP v1.06 Rev 52, Sec 3.3.4.8 (update when test patterns exist) case "Boot00": bootv = new UefiBootVariable(uefiVariableData); break; @@ -146,8 +146,8 @@ public class UefiVariable { /** * Processes the data as a list of UEFI defined Signature Lists. * - * @param data the bye array holding the Signature List. - * @throws java.security.cert.CertificateException If there a problem + * @param data the bye array holding one or more Signature Lists. + * @throws java.security.cert.CertificateException If there's a problem * parsing the X509 certificate. * @throws java.security.NoSuchAlgorithmException if there's a problem * hashing the certificate. @@ -214,6 +214,10 @@ public class UefiVariable { case "KEK": case "db": case "dbx": + case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY + // (update when test patterns exist) + efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " + + "To be processed once more test patterns exist\n"); break; case "Boot00": efiVariable.append(bootv.toString());