ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #792 from nsacyber/v3_issue_784-spdm

Browse Source 
Add SPDM Events Part 2
This commit is contained in:
D2B8CA1B27286366A8607B6858C0565962613D18D0546480078B520CD7AD705A 2024-06-28 16:21:56 -04:00 committed by GitHub
commit aae34f3605
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 57 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
View File

@ -5,7 +5,7 @@ import hirs.utils.tpm.eventlog.events.EvCompactHash;
import hirs.utils.tpm.eventlog.events.EvConstants;
import hirs.utils.tpm.eventlog.events.EvEfiGptPartition;
import hirs.utils.tpm.eventlog.events.EvEfiHandoffTable;
import hirs.utils.tpm.eventlog.events.EvEfiSpdmFirmwareBlob;
import hirs.utils.tpm.eventlog.events.EvEfiSpdmDeviceSecurityEvent;
import hirs.utils.tpm.eventlog.events.EvEfiSpecIdEvent;
import hirs.utils.tpm.eventlog.events.EvEventTag;
import hirs.utils.tpm.eventlog.events.EvIPL;
@ -343,6 +343,8 @@ public class TpmPcrEvent {
break;
case EvConstants.EV_EFI_VARIABLE_BOOT:
case EvConstants.EV_EFI_VARIABLE_AUTHORITY:
case EvConstants.EV_EFI_SPDM_DEVICE_POLICY:
case EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY:
try {
sb.append(new UefiVariable(eventContent).toString());
} catch (CertificateException cEx) {
@ -388,8 +390,9 @@ public class TpmPcrEvent {
case EvConstants.EV_EFI_HCRTM_EVENT:
break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
try {
sb.append(new EvEfiSpdmFirmwareBlob(eventContent).toString());
sb.append(new EvEfiSpdmDeviceSecurityEvent(eventContent).toString());
} catch (UnsupportedEncodingException ueEx) {
log.error(ueEx);
sb.append(ueEx.toString());
@ -523,9 +526,12 @@ public class TpmPcrEvent {
vendorTableFileStatus = efiVar.getVendorTableFileStatus();
break;
case EvConstants.EV_EFI_VARIABLE_BOOT:
UefiVariable efiVarBoot = new UefiVariable(content);
description += "Event Content:\n" + efiVarBoot.toString();
vendorTableFileStatus = efiVarBoot.getVendorTableFileStatus();
case EvConstants.EV_EFI_VARIABLE_AUTHORITY:
case EvConstants.EV_EFI_SPDM_DEVICE_POLICY:
case EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY:
UefiVariable efiVar2 = new UefiVariable(content);
description += "Event Content:\n" + efiVar2.toString();
vendorTableFileStatus = efiVar2.getVendorTableFileStatus();
break;
case EvConstants.EV_EFI_BOOT_SERVICES_APPLICATION:
EvEfiBootServicesApp bootServices = new EvEfiBootServicesApp(content);
@ -553,13 +559,11 @@ public class TpmPcrEvent {
break;
case EvConstants.EV_EFI_HCRTM_EVENT:
break;
case EvConstants.EV_EFI_VARIABLE_AUTHORITY:
UefiVariable efiVarAuth = new UefiVariable(content);
description += "Event Content:\n" + efiVarAuth.toString();
vendorTableFileStatus = efiVarAuth.getVendorTableFileStatus();
break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
description += "Event Content:\n" + new EvEfiSpdmFirmwareBlob(content).toString();
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
break;
default:
description += " Unknown Event found" + "\n";
@ -640,6 +644,12 @@ public class TpmPcrEvent {
return "EV_EFI_VARIABLE_AUTHORITY";
} else if (event == EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB) {
return "EV_EFI_SPDM_FIRMWARE_BLOB";
} else if (event == EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG) {
return "EV_EFI_SPDM_FIRMWARE_CONFIG";
} else if (event == EvConstants.EV_EFI_SPDM_DEVICE_POLICY) {
return "EV_EFI_SPDM_DEVICE_POLICY";
} else if (event == EvConstants.EV_EFI_SPDM_DEVICE_AUTHORITY) {
return "EV_EFI_SPDM_DEVICE_AUTHORITY";
} else {
return "Unknown Event ID " + event + " encountered";
}

12
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvConstants.java
View File

@ -167,4 +167,16 @@ public final class EvConstants {
* EFI SPDM Firmware Blob Event ID.
*/
public static final int EV_EFI_SPDM_FIRMWARE_BLOB = 0x800000E1;
/**
* EFI SPDM Firmware Config Event ID.
*/
public static final int EV_EFI_SPDM_FIRMWARE_CONFIG = 0x800000E2;
/**
* EFI SPDM Device Policy Event ID.
*/
public static final int EV_EFI_SPDM_DEVICE_POLICY = 0x800000E3;
/**
* EFI SPDM Device Authority Event ID.
*/
public static final int EV_EFI_SPDM_DEVICE_AUTHORITY = 0x800000E4;
}

38
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java → HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
View File

@ -7,7 +7,8 @@ import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
/**
* Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event. The event field MUST be a
* Abstract class to process any SPDM event that is solely a DEVICE_SECURITY_EVENT_DATA or
* DEVICE_SECURITY_EVENT_DATA2. The event field MUST be a
* 1) DEVICE_SECURITY_EVENT_DATA or
* 2) DEVICE_SECURITY_EVENT_DATA2
* DEVICE_SECURITY_EVENT_DATA has 2 structures:
@ -28,16 +29,12 @@ import java.nio.charset.StandardCharsets;
* firmware, such as immutable ROM, mutable firmware, firmware version, firmware secure version
* number, etc.
*/
public class EvEfiSpdmFirmwareBlob {
public class EvEfiSpdmDeviceSecurityEvent {
/**
* Signature (text) data.
*/
private String signature = "";
/**
* True if the event is a DEVICE_SECURITY_EVENT_DATA or ..DATA2.
*/
private boolean bSpdmDeviceSecurityEventData = false;
/**
* Human readable description of the data within this DEVICE_SECURITY_EVENT_DATA/..DATA2 event.
*/
@ -49,7 +46,7 @@ public class EvEfiSpdmFirmwareBlob {
* @param eventData byte array holding the event to process.
* @throws java.io.UnsupportedEncodingException if input fails to parse.
*/
public EvEfiSpdmFirmwareBlob(final byte[] eventData) throws UnsupportedEncodingException {
public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) throws UnsupportedEncodingException {
byte[] signatureBytes = new byte[UefiConstants.SIZE_15];
System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_15);
@ -57,7 +54,8 @@ public class EvEfiSpdmFirmwareBlob {
signature = signature.replaceAll("[^\\P{C}\t\r\n]", ""); // remove null characters
if (signature.contains("SPDM Device Sec")) { // implies Device Security event
bSpdmDeviceSecurityEventData = true;
spdmInfo = " Signature = SPDM Device Sec";
byte[] versionBytes = new byte[UefiConstants.SIZE_2];
System.arraycopy(eventData, UefiConstants.OFFSET_16, versionBytes, 0,
@ -66,25 +64,19 @@ public class EvEfiSpdmFirmwareBlob {
if (version.equals("0100")) {
DeviceSecurityEventData dSED = new DeviceSecurityEventData(eventData);
spdmInfo = dSED.toString();
spdmInfo += dSED.toString();
}
else if (version.equals("0200")) {
DeviceSecurityEventData2 dSED2 = new DeviceSecurityEventData2(eventData);
spdmInfo = dSED2.toString();
spdmInfo += dSED2.toString();
}
else {
spdmInfo = " Unknown version of DeviceSecurityEventData structure";
spdmInfo += " Unknown version of DeviceSecurityEventData structure";
}
}
}
/**
* Determines if this event is a DeviceSecurityEventData.
*
* @return true of the event is a DeviceSecurityEventData.
*/
public boolean isSpdmDeviceSecurityEventData() {
return bSpdmDeviceSecurityEventData;
else {
spdmInfo = " Signature = Undetermined value: " + signature;
}
}
/**
@ -93,12 +85,6 @@ public class EvEfiSpdmFirmwareBlob {
* @return Human readable description of this event.
*/
public String toString() {
if (bSpdmDeviceSecurityEventData) {
spdmInfo = " Signature = SPDM Device Sec" + spdmInfo;
} else {
spdmInfo = "EV_EFI_SPDM_FIRMWARE_BLOB event named " + signature
+ " encountered but support for processing it has not been added to this application.\n";
}
return spdmInfo;
}
}

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java
View File

@ -150,9 +150,9 @@ public class UefiSignatureList {
}
/**
* Method for processing a set of EFI SignatureList(s).
* Method for processing the data in an EFI SignatureList (ex. can be one or more X509 certs)
*
* @param efiSigData Byte array holding one or more SignatureLists
* @param efiSigData Byte array holding the SignatureList data
* @throws java.security.cert.CertificateException If there's a problem parsing the X509 certificate.
* @throws java.security.NoSuchAlgorithmException if there's a problem hashing the certificate.
* @throws java.io.IOException If there's a problem parsing the signature data.

12
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java
View File

@ -128,6 +128,10 @@ public class UefiVariable {
case "dbx":
processSigList(uefiVariableData);
break;
case "devdb": // Update when test patterns exist
break; // PFP v1.06 Rev 52, Sec 3.3.4.8
// EV_EFI_SPDM_DEVICE_POLICY: EFI_SIGNATURE_LIST
// EV_EFI_SPDM_DEVICE_AUTHORITY: EFI_SIGNATURE_DATA
case "Boot00":
bootv = new UefiBootVariable(uefiVariableData);
break;
@ -144,8 +148,8 @@ public class UefiVariable {
/**
* Processes the data as a list of UEFI defined Signature Lists.
*
* @param data the bye array holding the Signature List.
* @throws java.security.cert.CertificateException If there a problem
* @param data the bye array holding one or more Signature Lists.
* @throws java.security.cert.CertificateException If there's a problem
* parsing the X509 certificate.
* @throws java.security.NoSuchAlgorithmException if there's a problem
* hashing the certificate.
@ -212,6 +216,10 @@ public class UefiVariable {
case "KEK":
case "db":
case "dbx":
case "devdb": // SPDM_DEVICE_POLICY and SPDM_DEVICE_AUTHORITY
// (update when test patterns exist)
efiVariable.append(" EV_EFI_SPDM_DEVICE_POLICY and EV_EFI_SPDM_DEVICE_AUTHORITY: " +
"To be processed once more test patterns exist\n");
break;
case "Boot00":
efiVariable.append(bootv.toString());