propogated the error where vendor-table is not accessible through the classes, so that it can be printed out at the beginning of the list of event printouts

2024-12-18 20:47:58 +00:00 · 2024-05-14 13:22:03 -04:00 · 2024-05-14 13:22:03 -04:00 · 93c3109b29
commit 93c3109b29
parent 667b9c0392
6 changed files with 50 additions and 11 deletions
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java
@ -77,6 +77,11 @@ public final class TCGEventLog {
    /** Event Output Flag use. */
    @Getter
    private boolean bCryptoAgile = false;
+    /** Track if vendor-table file is inaccessible.
+     *  If vendor-table file is not used, this remains false.
+     * */
+    @Getter
+    private boolean bVendorTableFileInaccessbile = false;

    /**
     * Default blank object constructor.
@ -147,6 +152,9 @@ public final class TCGEventLog {
            } else {
                eventList.put(eventNumber, new TpmPcrEvent1(is, eventNumber++));
            }
+            if(eventList.get(eventNumber-1).isBVendorTableFileInaccessbile()) {
+                bVendorTableFileInaccessbile = true;
+            }
        }
        calculatePcrValues();
    }
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
@ -117,6 +117,12 @@ public class TpmPcrEvent {
    @Setter @Getter
    private boolean error = false;

+    /** Track if vendor-table file is inaccessible.
+     *  If vendor-table file is not used, this remains false.
+     * */
+    @Getter
+    private boolean bVendorTableFileInaccessbile = false;
+
    /**
     * Constructor.
     *
@ -508,9 +514,16 @@ public class TpmPcrEvent {
                String efiVarDescription = efiVar.toString().replace("\n", "\n   ");
                description += "Event Content:\n   " + efiVarDescription.substring(0,
                        efiVarDescription.length() - INDENT_3);
+                if(efiVar.isBVendorTableFileInaccessbile()) {
+                    bVendorTableFileInaccessbile = true;
+                }
                break;
            case EvConstants.EV_EFI_VARIABLE_BOOT:
-                description += "Event Content:\n" + new UefiVariable(content).toString();
+                UefiVariable efiVarBoot = new UefiVariable(content);
+                description += "Event Content:\n" + efiVarBoot.toString();
+                if(efiVarBoot.isBVendorTableFileInaccessbile()) {
+                    bVendorTableFileInaccessbile = true;
+                }
                break;
            case EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION:
                EvEfiBootServicesApp bootServices = new EvEfiBootServicesApp(content);
@ -539,7 +552,11 @@ public class TpmPcrEvent {
            case EvConstants.EV_EFI_HCRTM_EVENT:
                break;
            case EvConstants.EV_EFI_VARIABLE_AUTHORITY:
-                description += "Event Content:\n" + new UefiVariable(content).toString();
+                UefiVariable efiVarAuth = new UefiVariable(content);
+                description += "Event Content:\n" + efiVarAuth.toString();
+                if(efiVarAuth.isBVendorTableFileInaccessbile()) {
+                    bVendorTableFileInaccessbile = true;
+                }
                break;
            case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
                description += "Event Content:\n" + new EvEfiSpdmFirmwareBlob(content).toString();
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java
@ -45,10 +45,6 @@ public class UefiGuid {
        System.arraycopy(guidBytes, 0, guid, 0, UefiConstants.SIZE_16);
        uuid = processGuid(guidBytes);
        uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_PATH, "VendorTable");
-
-        if(uefiVendorRef.isEmpty()) {
-            System.out.println("XXXX IS EMPTY");
-        }
    }

    /**
@ -102,13 +98,12 @@ public class UefiGuid {
    }

    /**
-     *
     * Checks whether the handle to the file needed to look up the UUID is valid. If empty,
     * this likely means the file was not accessible to due to existence or permissions.
     *
     * @return true if the reference to the file handle needed to look up the UUID is empty
     */
-    public boolean isUefiVendorRefEmpty() {
+    public boolean isVendorTableReferenceHandleEmpty() {
        return uefiVendorRef.isEmpty();
    }

--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java
@ -69,6 +69,11 @@ public class UefiSignatureList {
     * Type of signature.
     */
    private UefiGuid signatureType = null;
+    /** Track if vendor-table file is inaccessible.
+     *  If vendor-table file is not used, this remains false.
+     * */
+    @Getter
+    private boolean bVendorTableFileInaccessbile = false;

    /**
     * UefiSignatureList constructor.
@ -114,9 +119,9 @@ public class UefiSignatureList {
        byte[] guid = new byte[UefiConstants.SIZE_16];
        lists.read(guid);
        signatureType = new UefiGuid(guid);
-//        if(signatureType.getVendorTableReference().isEmpty()) {
-//            System.out.println("XXXX IS EMPTY");
-//        }
+        if(signatureType.isVendorTableReferenceHandleEmpty()) {
+            bVendorTableFileInaccessbile = true;
+        }

        // if signatureType is invalid, don't even process any of the data
        // however, if signatureTYpe is valid, but some of the data later on is invalid, that will
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
@ -63,6 +63,12 @@ public class UefiVariable {
     */
    private byte[] uefiVariableData = null;

+    /** Track if vendor-table file is inaccessible.
+     *  If vendor-table file is not used, this remains false.
+     * */
+    @Getter
+    private boolean bVendorTableFileInaccessbile = false;
+
    /**
     * EFIVariable constructor.
     * The UEFI_VARIABLE_DATA contains a "VariableName" field which is used to determine
@ -147,6 +153,9 @@ public class UefiVariable {
            UefiSignatureList list;
            list = new UefiSignatureList(certData);
 //            efiVariableSigListContents += list.toString();
+            if(list.isBVendorTableFileInaccessbile()) {
+                bVendorTableFileInaccessbile = true;
+            }
            if(!list.isSignatureTypeValid()) {
                invalidSignatureListEncountered = true;
                invalidSignatureListStatus = list.toString();
@ -163,6 +172,7 @@ public class UefiVariable {
     */
    public String toString() {
        StringBuilder efiVariable = new StringBuilder();
+
        efiVariable.append("UEFI Variable Name: " + efiVarName + "\n");
        efiVariable.append("UEFI Variable GUID: " + uefiVarGuid.toString() + "\n");
        if (efiVarName != "") {
--- a/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java
+++ b/tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java
@ -127,6 +127,10 @@ final class Main {
                        writeOut("\nEvent Log follows the \"SHA1\" format and has "
                                + evLog.getEventList().size() + " events:\n\n");
                    }
+                    if (evLog.isBVendorTableFileInaccessbile()) {
+                        writeOut("*** WARNING: The file vendor-table.json file was not accessible so data " +
+                                "in some Secure Boot PCR 7 events cannot be processed.\n\n");
+                    }
                }
                int eventCount = 0;
                for (TpmPcrEvent event : evLog.getEventList()) {