From 9d837f9b4d56ef35d1ff2e129f7f41061c5c28f3 Mon Sep 17 00:00:00 2001
From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com>
Date: Mon, 8 Jul 2024 14:46:59 -0400
Subject: [PATCH] updated comments for DeviceSecurityEvent files, started
 processing of new data structure

---
 .../eventlog/events/DeviceSecurityEvent.java  | 19 ++------
 .../events/EvEfiSpdmDeviceSecurityEvent.java  |  3 --
 .../utils/tpm/eventlog/events/EvNoAction.java |  2 +
 .../events/NvIndexInstanceEventLogData.java   | 47 +++++++++++++++++++
 4 files changed, 53 insertions(+), 18 deletions(-)
 create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java

diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
index 49cf9555..161f7a7a 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
@@ -7,7 +7,6 @@ import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TY
 import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TYPE_PCI;
 import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TYPE_USB;
 
-
 /**
  * Abstract base class to process the DEVICE_SECURITY_EVENT_DATA or ..DATA2 event.
  * Parses event data per PFP v1.06 Rev52 Tables 20 and 26.
@@ -17,10 +16,10 @@ import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TY
  * The first 2 fields of the respective headers are the same in both ..DATA and ..DATA2.
  * Field 1:
  *    The first 16 bytes of the event data header MUST be a String based identifier (Signature),
- *    NUL-terminated, per PFP. The only currently defined Signature is "SPDM Device Sec", which
- *    implies the data is a DEVICE_SECURITY_EVENT_DATA or ..DATA2.
+ *    per PFP. The only currently defined Signatures are "SPDM Device Sec" and "SPDM Device Sec2",
+ *    which implies the data is a DEVICE_SECURITY_EVENT_DATA or ..DATA2, respectively.
  * Field 2:
- *    The Version field indicates whether the Device Security Event is ..DATA or ..DATA2.
+ *    The Version field also indicates whether the Device Security Event is ..DATA or ..DATA2.
  *
  * DEVICE SECURITY EVENT structures defined by PFP v1.06 Rev 52:
  * <p>
@@ -39,19 +38,9 @@ import static hirs.utils.tpm.eventlog.events.DeviceSecurityEventHeader.DEVICE_TY
  *      UINT8                           Signature[16];
  *      UINT16                          Version;
  *      ...                             ...
+ *      (The rest of the components are different for HEADER vs HEADER2)
  * }
  * <p>
- * Notes:
- * 1. Has an EventType of EV_EFI_SPDM_FIRMWARE_BLOB (0x800000E1)
- * 2. Event content defined as DEVICE_SECURITY_EVENT_DATA Struct.
- * 3. First 16 bytes of the structure header is an ASCII "SPDM Device Sec"
- * <p>
- * Only a few of the Device Security Event Data events have been implemented as there are many,
- * but only those that were reported using the test devices at hand.
- * Without test patterns, the processing may lead to an un-handled exception.
- * For now, the only test pattern uses ..DeviceContext with PCI only, without USB -> assume only 1
- * even though the spec says both are in the data structure. If it is only 1, though, there's no
- * method to tell them apart.
  */
 public abstract class DeviceSecurityEvent {
 
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
index 8da93b23..f686e560 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
@@ -2,10 +2,7 @@ package hirs.utils.tpm.eventlog.events;
 
 import hirs.utils.HexUtils;
 import hirs.utils.tpm.eventlog.uefi.UefiConstants;
-import lombok.Getter;
 
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
 import java.nio.charset.StandardCharsets;
 
 /**
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java
index 2b058187..3da56ae0 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java
@@ -48,6 +48,8 @@ public class EvNoAction {
         if (signature.contains("Spec ID Event03")) {      // implies CryptAgileFormat
             specIDEvent = new EvEfiSpecIdEvent(eventData);
             bSpecIDEvent = true;
+        } else if (signature.contains("NvIndexInstance")) {
+            System.out.println("XXXX Nv Index Instance");
         }
     }
 
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java
new file mode 100644
index 00000000..295fb119
--- /dev/null
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java
@@ -0,0 +1,47 @@
+package hirs.utils.tpm.eventlog.events;
+
+
+/**
+ * Class to process the NV_INDEX_INSTANCE_EVENT_LOG_DATA per PFP.
+ * The first 16 bytes of the event data header are a String based identifier (Signature),
+ * NUL-terminated, per PFP. The only currently defined Signature is "SPDM Device Sec",
+ * which implies the data is a DEVICE_SECURITY_EVENT_DATA or ..DATA2.
+ *
+ * HEADERS defined by PFP v1.06 Rev 52.
+ * Certain fields are common to both ..HEADER and ..HEADER2, and are noted below the structures.
+ * <p>
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
+ *      UINT8                           Signature[16];
+ *      UINT16                          Version;
+ *      UINT16                          Length;
+ *      UINT32                          SpdmHashAlg;
+ *      UINT32                          DeviceType;
+ *      SPDM_MEASUREMENT_BLOCK          SpdmMeasurementBlock;
+ *      UINT64                          DevicePathLength;
+ *      UNIT8                           DevicePath[DevicePathLength]
+ * } DEVICE_SECURITY_EVENT_DATA_HEADER;
+ * <p>
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER2 {        - NOT IMPLEMENTED YET
+ *      UINT8                           Signature[16];
+ *      UINT16                          Version;
+ *      UINT8                           AuthState;
+ *      UINT8                           Reserved;
+ *      UINT32                          Length;
+ *      UINT32                          DeviceType;
+ *      UINT32                          SubHeaderType;
+ *      UINT32                          SubHeaderLength;
+ *      UINT32                          SubHeaderUID;
+ *      UINT64                          DevicePathLength;
+ *      UNIT8                           DevicePath[DevicePathLength]
+ * } DEVICE_SECURITY_EVENT_DATA_HEADER2;
+ * <p>
+ * Fields common to both ..HEADER and ..HEADER2:
+ *    Signature
+ *    Version
+ *    DeviceType
+ *    DevicePathLength
+ *    DevicePath
+ * <p>
+ */
+public class NvIndexInstanceEventLogData {
+}