ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-28 00:38:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

spdm processing

Browse Source
This commit is contained in:
iadgovuser58 2024-06-24 15:08:23 -04:00 committed by chubtub
parent 39bdd26b58
commit 866e76545a
4 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
View File

@ -345,6 +345,7 @@ public class TpmPcrEvent {
case EvConstants.EV_EFI_VARIABLE_BOOT: case EvConstants.EV_EFI_VARIABLE_BOOT:
case EvConstants.EV_EFI_VARIABLE_AUTHORITY: case EvConstants.EV_EFI_VARIABLE_AUTHORITY:
case EvConstants.EV_EFI_SPDM_DEVICE_POLICY: case EvConstants.EV_EFI_SPDM_DEVICE_POLICY:
case EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY:
try { try {
sb.append(new UefiVariable(eventContent).toString()); sb.append(new UefiVariable(eventContent).toString());
} catch (CertificateException cEx) { } catch (CertificateException cEx) {
@ -568,6 +569,7 @@ public class TpmPcrEvent {
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString(); description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
break; break;
case EvConstants.EV_EFI_SPDM_DEVICE_POLICY: case EvConstants.EV_EFI_SPDM_DEVICE_POLICY:
case EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY:
UefiVariable efiSpdmDevPol = new UefiVariable(content); UefiVariable efiSpdmDevPol = new UefiVariable(content);
description += "Event Content:\n" + efiSpdmDevPol.toString(); description += "Event Content:\n" + efiSpdmDevPol.toString();
vendorTableFileStatus = efiSpdmDevPol.getVendorTableFileStatus(); vendorTableFileStatus = efiSpdmDevPol.getVendorTableFileStatus();
@ -655,6 +657,8 @@ public class TpmPcrEvent {
return "EV_EFI_SPDM_FIRMWARE_CONFIG"; return "EV_EFI_SPDM_FIRMWARE_CONFIG";
} else if (event == EvConstants.EV_EFI_SPDM_DEVICE_POLICY) { } else if (event == EvConstants.EV_EFI_SPDM_DEVICE_POLICY) {
return "EV_EFI_SPDM_DEVICE_POLICY"; return "EV_EFI_SPDM_DEVICE_POLICY";
} else if (event == EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY) {
return "EV_EFI_SPDM_DEVICE_AUTHORITY";
} else { } else {
return "Unknown Event ID " + event + " encountered"; return "Unknown Event ID " + event + " encountered";
} }

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java
View File

@ -175,4 +175,8 @@ public final class EvConstants {
* EFI SPDM Device Policy Event ID. * EFI SPDM Device Policy Event ID.
*/ */
public static final int EV_EFI_SPDM_DEVICE_POLICY = 0x800000E3; public static final int EV_EFI_SPDM_DEVICE_POLICY = 0x800000E3;
/**
* EFI SPDM Device Authority Event ID.
*/
public static final int EV_EFI_SPDM_DEVICE_AUTHORITY = 0x800000E4;
} }

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java
View File

@ -150,9 +150,9 @@ public class UefiSignatureList {
} }
/** /**
* Method for processing a set of EFI SignatureList(s). * Method for processing the data in an EFI SignatureList (ex. can be one or more X509 certs)
* *
* @param efiSigData Byte array holding one or more SignatureLists * @param efiSigData Byte array holding the SignatureList data
* @throws java.security.cert.CertificateException If there's a problem parsing the X509 certificate. * @throws java.security.cert.CertificateException If there's a problem parsing the X509 certificate.
* @throws java.security.NoSuchAlgorithmException if there's a problem hashing the certificate. * @throws java.security.NoSuchAlgorithmException if there's a problem hashing the certificate.
* @throws java.io.IOException If there's a problem parsing the signature data. * @throws java.io.IOException If there's a problem parsing the signature data.

12
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
View File

@ -128,8 +128,8 @@ public class UefiVariable {
case "dbx": case "dbx":
processSigList(uefiVariableData); processSigList(uefiVariableData);
break; break;
case "devdb": case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
// if it's POLICY, process Sig List; if it's AUTHORITY, process Sig Data break; // PFP v1.06 Rev 52, Sec 3.3.4.8 (update when test patterns exist)
case "Boot00": case "Boot00":
bootv = new UefiBootVariable(uefiVariableData); bootv = new UefiBootVariable(uefiVariableData);
break; break;
@ -146,8 +146,8 @@ public class UefiVariable {
/** /**
* Processes the data as a list of UEFI defined Signature Lists. * Processes the data as a list of UEFI defined Signature Lists.
* *
* @param data the bye array holding the Signature List. * @param data the bye array holding one or more Signature Lists.
* @throws java.security.cert.CertificateException If there a problem * @throws java.security.cert.CertificateException If there's a problem
* parsing the X509 certificate. * parsing the X509 certificate.
* @throws java.security.NoSuchAlgorithmException if there's a problem * @throws java.security.NoSuchAlgorithmException if there's a problem
* hashing the certificate. * hashing the certificate.
@ -214,6 +214,10 @@ public class UefiVariable {
case "KEK": case "KEK":
case "db": case "db":
case "dbx": case "dbx":
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
// (update when test patterns exist)
efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " +
"To be processed once more test patterns exist\n");
break; break;
case "Boot00": case "Boot00":
efiVariable.append(bootv.toString()); efiVariable.append(bootv.toString());