ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-28 00:38:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

spdm processing

Browse Source
This commit is contained in:
iadgovuser58 2024-06-24 15:08:23 -04:00 committed by chubtub
parent 39bdd26b58
commit 866e76545a
4 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
View File

@ -345,6 +345,7 @@ public class TpmPcrEvent {
case EvConstants.EV_EFI_VARIABLE_BOOT:
case EvConstants.EV_EFI_VARIABLE_AUTHORITY:
case EvConstants.EV_EFI_SPDM_DEVICE_POLICY:
case EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY:
try {
sb.append(new UefiVariable(eventContent).toString());
} catch (CertificateException cEx) {
@ -568,6 +569,7 @@ public class TpmPcrEvent {
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
break;
case EvConstants.EV_EFI_SPDM_DEVICE_POLICY:
case EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY:
UefiVariable efiSpdmDevPol = new UefiVariable(content);
description += "Event Content:\n" + efiSpdmDevPol.toString();
vendorTableFileStatus = efiSpdmDevPol.getVendorTableFileStatus();
@ -655,6 +657,8 @@ public class TpmPcrEvent {
return "EV_EFI_SPDM_FIRMWARE_CONFIG";
} else if (event == EvConstants.EV_EFI_SPDM_DEVICE_POLICY) {
return "EV_EFI_SPDM_DEVICE_POLICY";
} else if (event == EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY) {
return "EV_EFI_SPDM_DEVICE_AUTHORITY";
} else {
return "Unknown Event ID " + event + " encountered";
}

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java
View File

@ -175,4 +175,8 @@ public final class EvConstants {
* EFI SPDM Device Policy Event ID.
*/
public static final int EV_EFI_SPDM_DEVICE_POLICY = 0x800000E3;
/**
* EFI SPDM Device Authority Event ID.
*/
public static final int EV_EFI_SPDM_DEVICE_AUTHORITY = 0x800000E4;
}

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java
View File

@ -150,9 +150,9 @@ public class UefiSignatureList {
}
/**
* Method for processing a set of EFI SignatureList(s).
* Method for processing the data in an EFI SignatureList (ex. can be one or more X509 certs)
*
* @param efiSigData Byte array holding one or more SignatureLists
* @param efiSigData Byte array holding the SignatureList data
* @throws java.security.cert.CertificateException If there's a problem parsing the X509 certificate.
* @throws java.security.NoSuchAlgorithmException if there's a problem hashing the certificate.
* @throws java.io.IOException If there's a problem parsing the signature data.

12
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
View File

@ -128,8 +128,8 @@ public class UefiVariable {
case "dbx":
processSigList(uefiVariableData);
break;
case "devdb":
// if it's POLICY, process Sig List; if it's AUTHORITY, process Sig Data
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
break; // PFP v1.06 Rev 52, Sec 3.3.4.8 (update when test patterns exist)
case "Boot00":
bootv = new UefiBootVariable(uefiVariableData);
break;
@ -146,8 +146,8 @@ public class UefiVariable {
/**
* Processes the data as a list of UEFI defined Signature Lists.
*
* @param data the bye array holding the Signature List.
* @throws java.security.cert.CertificateException If there a problem
* @param data the bye array holding one or more Signature Lists.
* @throws java.security.cert.CertificateException If there's a problem
* parsing the X509 certificate.
* @throws java.security.NoSuchAlgorithmException if there's a problem
* hashing the certificate.
@ -214,6 +214,10 @@ public class UefiVariable {
case "KEK":
case "db":
case "dbx":
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
// (update when test patterns exist)
efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " +
"To be processed once more test patterns exist\n");
break;
case "Boot00":
efiVariable.append(bootv.toString());