diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UEFIPartition.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UEFIPartition.java new file mode 100644 index 00000000..06dfbddc --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UEFIPartition.java @@ -0,0 +1,119 @@ +package hirs.tpm.eventlog.uefi; + +import hirs.utils.HexUtils; +/** + * Class to process EFI Partitions for EFI Partition tables defined in UEFI section 5.3.3 + * typedef struct { + * EFI_GUID PartitionTypeGUID; + * EFI_GUID UniquePartitionGUID; + * EFI_LBA StartingLBA; // Same as UINT64. + * EFI_LBA EndingLBA; + * UINT64 Attributes; + * CHAR16 PartitionName[36]; // 36 CHAR16 = 72 Bytes + * } EFI_PARTITION_ENTRY; + * + * UEFI Table 23. Defined GPT Partition Entry - Partition Type GUIDs (implemented in EFIGui.java) + * Unused Entry 00000000-0000-0000-0000-000000000000 + * EFI System Partition C12A7328-F81F-11D2-BA4B-00A0C93EC93B + * Partition containing a legacy MBR 024DEE41-33E7-11D3-9D69-0008C781F39F + * + * A list of type Partition GUIDs from: https://en.wikipedia.org/wiki/GUID_Partition_Table + * Linux filesystem data 0FC63DAF-8483-4772-8E79-3D69D8477DE4 + * Logical Volume Manager (LVM) partition E6D6D379-F507-44C2-A23C-238F2A3DF928 + * Plain dm-crypt partition 7FFEC5C9-2D00-49B7-8941-3EA10A5586B7 + * Root partition (x86-64) 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709 + * RAID partition A19D880F-05FC-4D3B-A006-743F0F84911E + * LUKS partition CA7D7CCB-63ED-4C53-861C-1742536059CC + * Swap partition 0657FD6D-A4AB-43C4-84E5-0933C84B4F4F + * /home partition 933AC7E1-2EB4-4F13-B844-0E14E2AEF915 + * /srv (server data) partition 3B8F8425-20E0-4F3B-907F-1A25A76F98E8 + * + * linux commands to check uuids: + * blkid list //unique parition guids + * ls /dev/disk/by-partuuid + */ +public class UEFIPartition { + private UefiGuid partitionTypeGUID = null; + private UefiGuid uniquePartitionGUID = null; + private String partitionName = ""; + private String attributes = ""; + /** standard byte length. */ + private static final int BYTE_LENGTH = 8; + /** standard byte length. */ + private static final int ATTRIBUTE_LENGTH = 48; + /** standard byte length. */ + private static final int PART_NAME_LENGTH = 56; + /** standard UEFI partition table lengh. */ + private static final int UEFI_PT_LENGTH = 72; +/** + * Processes a UEFI defined partition entry. + * @param table byte array holding the partition table. + */ + public UEFIPartition(final byte[] table) { + byte[] partitionGUID = new byte[UefiGuid.getGuidLength()]; + System.arraycopy(table, 0, partitionGUID, 0, UefiGuid.getGuidLength()); + partitionTypeGUID = new UefiGuid(partitionGUID); + byte[] uniquePartGUID = new byte[UefiGuid.getGuidLength()]; + System.arraycopy(table, UefiGuid.getGuidLength(), uniquePartGUID, 0, UefiGuid.getGuidLength()); + uniquePartitionGUID = new UefiGuid(uniquePartGUID); + byte[] attribute = new byte[BYTE_LENGTH]; + System.arraycopy(table, ATTRIBUTE_LENGTH, attribute, 0, BYTE_LENGTH); + attributes = HexUtils.byteArrayToHexString(attribute); + byte[] partitionname = new byte[UEFI_PT_LENGTH]; + System.arraycopy(table, PART_NAME_LENGTH, partitionname, 0, UEFI_PT_LENGTH); + byte[] pName = convertChar16tobyteArray(partitionname); + partitionName = HexUtils.byteArrayToHexString(pName); + String[] parts = partitionName.split("[^\\x00-\\x7F]"); // remove any non ASCII + partitionName = parts[0]; + } + +/** + * Returns the partition Type GIUD. + * @return the partition type GUID. + */ +public UefiGuid getPartitionTypeGUID() { + return partitionTypeGUID; +} +/** + * Returns the unique partition GUID. + * @return the unique partition GUID. + */ +public UefiGuid getUniquePartitionGUID() { + return uniquePartitionGUID; +} + +/** + * Returns the partition name. + * @return the partition name. + */ +public String getName() { + return partitionName; + } + +/** + * Returns a description of the partition. + * @return partition description. + */ +public String toString() { + String partitionInfo = ""; + partitionInfo += " Partition Name : " + partitionName + "\n"; + partitionInfo += " Partition Type GUID : " + partitionTypeGUID.toString() + "\n"; + partitionInfo += " Unique Partition GUID : " + uniquePartitionGUID.toStringNoLookup() + "\n"; + partitionInfo += " Attributes : " + attributes + "\n"; + return partitionInfo; + } + +/** + * Copies character array to a byte by removing upper byte of character array. + * @param data input char array + * @return byte array + */ +private byte[] convertChar16tobyteArray(final byte[] data) { + byte[] hexdata = new byte[data.length]; + int j = 0; + for (int i = 0; i < data.length; i = i + 2) { + hexdata[j++] = data[i]; + } + return hexdata; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiFirmware.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiFirmware.java new file mode 100644 index 00000000..3cbeec9e --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiFirmware.java @@ -0,0 +1,76 @@ +package hirs.tpm.eventlog.uefi; + +import java.math.BigInteger; +import hirs.utils.HexUtils; + +/** + * Class to process the PFP defined UEFI_PLATFORM_FIRMWARE_BLOB structure. + * + * typedef struct tdUEFI_PLATFORM_FIRMWARE_BLOB { + * UEFI_PHYSICAL_ADDRESS BlobBase; + * UINT64 BlobLength; + * } UEFI_PLATFORM_FIRMWARE_BLOB; + */ +public class UefiFirmware { + /** standard uefi address length. */ + private static final int ADDRESS_LENGTH = 8; + /** error flag. */ + private boolean berror = false; + /** byte array holding the firmwares physical address. */ + private byte[] physicalAddress = null; + /** byte array holding the uefi address length. */ + private byte[] addressLength = null; + /** uefi physical address. */ + private int blobAddress = 0; + /** uefi address length. */ + private int blobLength = 0; + /** standard uefi address length. */ + + /** + * UefiFirmware constructor. + * @param blob byte array holding a Firmware Blob. + */ + public UefiFirmware(final byte[] blob) { + if (blob.length != 16) { + berror = true; + } else { + physicalAddress = new byte[ADDRESS_LENGTH]; + System.arraycopy(blob, 0, physicalAddress, 0, ADDRESS_LENGTH); + System.arraycopy(blob, ADDRESS_LENGTH, addressLength, 0, ADDRESS_LENGTH); + byte[] lelength = HexUtils.leReverseByte(addressLength); + BigInteger bigIntLength = new BigInteger(lelength); + blobLength = bigIntLength.intValue(); + byte[]leAddress = HexUtils.leReverseByte(addressLength); + BigInteger bigIntAddress = new BigInteger(leAddress); + blobAddress = bigIntAddress.intValue(); + } +} +/** + * Returns the uefi firmware blobs physical address. + * @return uefi firmware address. + */ +public int getPhysicalAddress() { + return blobAddress; + } +/** + * Returns the length of the blobs physical address. + * @return length of the address. + */ +public int getBlobLength() { + return blobLength; +} +/** + * Returns a description of the firmware blobs location. + * @returns a descritpion of the the firmware blobs location. + */ +public String toString() { + String blobInfo = ""; + if(!berror) { + blobInfo += " Platform Firwmare Blob Address = "+blobAddress; + blobInfo += " length = "+ blobLength; + } else { + blobInfo += " Invalid Firmware Blob event encountered"; + } + return blobInfo; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiGuid.java new file mode 100644 index 00000000..2d088d1d --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/UefiGuid.java @@ -0,0 +1,423 @@ +package hirs.tpm.eventlog.uefi; + +import java.math.BigInteger; +import java.util.UUID; + +import hirs.utils.HexUtils; + +/** + * Class to process GUID per the UEFI specification + * GUIDs are essentially UUID as defined by RFC-1422, however Microsoft refers to GUIDS. + */ +public class UefiGuid { + /** standard GUID length. */ + private static final int GUID_LENGTH = 16; + /** standard short length. */ + private static final int SHORT_LENGTH = 2; + /** standard int length. */ + private static final int INT_LENGTH = 4; + /** standard long length. */ + private static final int LONG_LENGTH = 8; + /** number of 100ns intervals since UUID Epoch. */ + private static final long UUID_EPOCH_INTERVALS = 0x01b21dd213814000L; + /** used for conversion to uuid time. */ + private static final int UUID_EPOCH_DIVISOR = 10000; + /** guid byte array. */ + private byte[] guid = new byte[GUID_LENGTH ]; + /** UUID object. */ + private UUID uuid; + + /** + * UefiGUID constructor. + * @param guidBytes byte array holding a valid guid. + */ + public UefiGuid(final byte[] guidBytes) { + System.arraycopy(guidBytes, 0, guid, 0, GUID_LENGTH); + uuid = processGuid(guidBytes); + } + + /** Converts a GUID with a byte array to a RFC-1422 UUID object. + * Assumes a MS format and converts to Big Endian format used by most others , including Linux + * Matched uuids found in /sys/firmware/efi/efivars on Centos 7. + */ +private static UUID processGuid(final byte[] guid) { + byte[] msb1 = new byte[INT_LENGTH]; + System.arraycopy(guid, 0, msb1, 0, INT_LENGTH); + byte[] msb1r = HexUtils.leReverseByte(msb1); + byte[] msb2 = new byte[INT_LENGTH]; + System.arraycopy(guid, INT_LENGTH, msb2, 0, INT_LENGTH); + byte[] msb2r = HexUtils.leReverseByte(msb2); + byte[] msb2rs = new byte[INT_LENGTH]; + System.arraycopy(msb2r, 0, msb2rs, SHORT_LENGTH, SHORT_LENGTH); + System.arraycopy(msb2r, SHORT_LENGTH, msb2rs, 0, SHORT_LENGTH); + byte[] msbt = new byte[LONG_LENGTH]; + System.arraycopy(msb1r, 0, msbt, 0, INT_LENGTH); + System.arraycopy(msb2rs, 0, msbt, INT_LENGTH, INT_LENGTH); + long msbl = new BigInteger(msbt).longValue(); + byte[] lsb = new byte[LONG_LENGTH]; + System.arraycopy(guid, LONG_LENGTH, lsb, 0, LONG_LENGTH); + long lsbl = new BigInteger(lsb).longValue(); + UUID tmpUuid = new UUID(msbl, lsbl); + return tmpUuid; + } +/** + * Returns the standard GUID length. + * @return guid length + */ +public static int getGuidLength() { + return GUID_LENGTH; +} +/** + * Returns a String that represents a specification name referenced by the EFI_CONFIGURATION_TABLE + * VendorGUID field. For structure of EFI_CONFIGURATION_TABLE type, the UEFI specification + * has set of GUIDs published that represent standards that one can find further information on + * the configuration table being referenced. + * Refer to section 4.6 of UEFI spec v 2.8, page 101. + * + * @return A String of major UUID parameters + */ +@SuppressWarnings("checkstyle:methodlength") +public String getVendorTableReference() { + + String vendorRef = uuid.toString().toLowerCase(); + String reference = ""; + + switch (vendorRef) { + // UUIDS listed in the UEFI Specification + case "eb9d2d30-2d88-11d3-9a16-0090273fc14d": reference = "ACPI_TABLE_GUID"; break; + case "eb9d2d32-2d88-11d3-9a16-0090273fc14d": reference = "SAL_SYSTEM_TABLE_GUID"; break; + case "eb9d2d31-2d88-11d3-9a16-0090273fc14d": reference = "SMBIOS_TABLE_GUID"; break; + case "f2fd1544-9794-4a2c-992e-e5bbcf20e394": reference = "SMBIOS3_TABLE_GUID"; break; + case "eb9d2d2f-2d88-11d3-9a16-0090273fc14d": reference = "MPS_TABLE_GUID"; break; + case "8868e871-e4f1-11d3-bc22-0080c73c8881": reference = "EFI_ACPI_TABLE_GUID"; break; + case "87367f87-1119-41ce-aaec-8be01101f558": + reference = "EFI_JSON_CONFIG_DATA_TABLE_GUID "; break; + case "35e7a725-8dd2-4cac-8011-33cda8109056": + reference = "EFI_JSON_CAPSULE_DATA_TABLE_GUID"; break; + case "dbc461c3-b3de-422a-b9b4-9886fd49a1e5": + reference = "EFI_JSON_CAPSULE_RESULT_TABLE_GUID"; break; + case "77ab535a-45fc-624b-5560-f7b281d1f96e": reference = "EFI_VIRTUAL_DISK_GUID"; break; + case "3d5abd30-4175-87Ce-6d64-d2ADe523C4bb": reference = "EFI_VIRTUAL_CD_GUID"; break; + case "5Cea02c9-4d07-69d3-269f-4496Fbe096f9": + reference = "EFI_PERSISTENT_VIRTUAL_DISK_GUID"; break; + case "08018188-42cd-bb48-100f-5387D53ded3d": reference = "EFI_PERSISTENT_VIRTUAL_CD_GUID"; break; + + // DXE GUIds from https://github.com/linuxboot/linuxboot/blob/master/boards/qemu/image-files.txt + case "fc510ee7-ffdc-11d4-bd41-0080c73c8881": reference = "DXE Apriori-FVRECOVERY"; break; + case "1b45cc0a-156a-428a-62af-49864da0e6e6": reference = "PEI Apriori file name"; break; + case "80cf7257-87ab-47f9-a3fe-d50b76d89541": reference = "PcdDxe"; break; + case "b601f8c4-43b7-4784-95b1-f4226cb40cee": reference = "RuntimeDxe"; break; + case "f80697e9-7fd6-4665-8646-88e33ef71dfc": reference = "SecurityStubDxe"; break; + case "1a1e4886-9517-440e-9fde-3be44cee2136": reference = "CpuDxe"; break; + case "11a6edf6-a9be-426d-a6cc-b22fe51d9224": reference = "PciHotPlugInitDxe"; break; + case "128fb770-5e79-4176-9e51-9bb268a17dd1": reference = "PciHostBridgeDxe"; break; + case "93b80004-9fb3-11d4-9a3a-0090273fc14d": reference = "PCI Bus Driver - PciBusDxe"; break; + case "9b680fce-ad6b-4f3a-b60b-f59899003443": reference = "DevicePathDxe"; break; + case "f9d88642-0737-49bc-81b5-6889cd57d9ea": reference = "SmbiosDxe"; break; + case "4110465d-5ff3-4f4b-b580-24ed0d06747a": reference = "SmbiosPlatformDxe"; break; + case "9622e42c-8e38-4a08-9e8f-54f784652f6b": reference = "AcpiTableDxe"; break; + case "49970331-e3fa-4637-9abc-3b7868676970": reference = "AcpiPlatform"; break; + case "7e374e25-8e01-4fee-87f2-390c23c606cd": reference = "ACPI data"; break; + case "bdce85bb-fbaa-4f4e-9264-501a2c249581": reference = "S3SaveStateDxe"; break; + case "d9dcc5df-4007-435e-9098-8970935504b2": reference = "PlatformDxe"; break; + case "8657015b-ea43-440d-949a-af3be365c0fc": reference = "IoMmuDxe"; break; + case "cbd2e4d5-7068-4ff5-b462-9822b4ad8d60": reference = "VariableRuntimeDxe"; break; + + //PIWG Dxe driver Files (FvFile) + // from https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/1272444 + case "70d57d67-7f05-494d-a014-b75d7345b700": reference = "Storage Security Command Driver"; break; + case "3acc966d-8e33-45c6-b4fe-62724bcd15a9": reference = "AHCI Bus Driver"; break; + case "67bbc344-84bc-4e5c-b4df-f5e4a00e1f3a": reference = "Host Controller Driver"; break; + case "86edaae5-073c-4c89-b949-8984ac8a55f3": reference = "MMC/SD Media Device Driver"; break; + case "9e863906-a40f-4875-977F-5b93ff237fc6": reference = "Serial Terminal Driver"; break; + case "a6cc6bc8-2ada-46C3-bba4-e99672CC9530": reference = "PCI Serial Driver"; break; + case "69fd8e47-a161-4550-b01a-5594ceb2b2b2": reference = "PCI IDE/ATAPI Bus Driver"; break; + case "51ccf399-4fdf-4e55-a45b-e123f84d456a": + reference = "Platform Console Management Driver"; break; + case "6b38f7b4-ad98-40e9-9093-aca2b5a253c4": reference = "Generic Disk I/O Driver"; break; + case "2d2e62cf-9ecf-43b7-8219-94e7fC713dfe": reference = "Usb Keyboard Driver"; break; + case "9fb4b4a7-42C0-4bcd-8540-9bcc6711f83e": reference = "Usb Mass Storage Driver"; break; + case "e3752948-b9a1-4770-90c4-df41c38986be": reference = "QEMU Video Driver"; break; + case "240612B7-a063-11d4-9a3a-0090273fc14d": reference = "Usb Bus Driver"; break; + case "bdfe430e-8F2a-4db0-9991-6f856594777e": reference = "Usb Ehci Driver"; break; + case "2fb92efa-2ee0-4bae-9eB6-7464125E1EF7": reference = "Usb Ehci Driver"; break; + case "a92cdb4b-82f1-4e0b-a516-8a655d371524": reference = "Virtio Network Driver"; break; + case "4579b72d-7ec4-4dd4-8486-083c86b182a7": reference = "iSCSI Driver"; break; + case "3b1deaB5-c75d-442e-9238-8e2ffb62b0bb": reference = "UEFI PXE Base Code Driver"; break; + case "6b6963ab-906d-4a65-a7ca-bd40e5d6af2b": reference = "UDP Network Service Driver"; break; + case "6d6963ab-906d-4a65-a7ca-bd40e5d6af4d": reference = "Tcp Network Service Driver"; break; + case "dc3641b8-2fa8-4ed3-bc1f-f9962a03454b": reference = "MTFTP4 Network Service Driver"; break; + case "9fb1a1f3-3b71-4324-b39a-745cbb015fff": reference = "IP4 Network Service Driver"; break; + case "26841bde-920a-4e7a-9Fbe-637f477143a6": + reference = "IP4 CONFIG Network Service Driver"; break; + case "94734718-0bbc-47fb-96a5-ee7a5ae6a2ad": reference = "DHCP Protocol Driver"; break; + case "529d3f93-e8e9-4e73-b1e1-bdf6a9d50113": reference = "ARP Network Service Driver "; break; + case "e4f61863-fe2c-4b56-a8d4-08519bc439df": reference = "VLAN Configuration Driver"; break; + case "a2f436ea-a127-4ef8-957c-8048606ff670": reference = "Simple Network Protocol Driver"; break; + case "961578fe-b6b7-44c3-af35-6bc705cd2b1f": reference = "FAT File System Driver"; break; + case "0abd8284-6da3-4616-971a-83a5148067ba": reference = "ISA Floppy Driver"; break; + case "3dc82376-637b-40a6-a8fc-a565417f2c38": reference = "PS/2 Keyboard Driver"; break; + case "93b80003-9fb3-11d4-9a3a-0090273fc14d": reference = "ISA Serial Driver"; break; + case "240612b5-a063-11d4-9a3a-0090273fc14a": reference = "ISA Bus Driver"; break; + case "99549f44-49bb-4820-b9d2-901329412d67": reference = "IDE Controller Init Driver"; break; + case "0a66e322-3740-4cce-ad62-bd172cecca35": reference = "Scsi Disk Driver"; break; + case "1fa1f39e-feff-4aae-bd7b-38a070a3b609": reference = "Partition Driver"; break; + case "9e863906-a40f-4875-977f-5b93ff237fc6": reference = "Serial Terminal Driver"; break; + case "cccb0c28-4b24-11d5-9a5a-0090273fc14d": reference = "Graphics Console Driver"; break; + case "408edcec-cf6d-477c-a5a8-b4844e3de281": reference = "Console Splitter Driver"; break; + case "fab5d4f4-83c0-4aaf-8480-442d11df6cea": reference = "Virtio SCSI Host Driver"; break; + case "11d92dfb-3Ca9-4f93-ba2e-4780ed3e03b5": reference = "Virtio Block Driver"; break; + case "33cb97af-6c33-4c42-986b-07581fa366d4": reference = "Block MMIO to Block IO Driver"; break; + // PIWG Volumes (Fv) + case "a881d567-6cb0-4eee-8435-2e72d33e45B5": reference = "PIWG Default Volume"; break; + + // UEFI UUIDS for Certificates + case "3c5766e8-269c-4e34-aa14-ed776e85b3b6":reference = "EFI_CERT_RSA2048_GUID"; break; + case "e2b36190-879b-4a3d-ad8d-f2e7bba32784":reference = "EFI_CERT_RSA2048_SHA256_GUID"; break; + case "c1c41626-504c-4092-aca9-41f936934328":reference = "EFI_CERT_SHA256_GUID"; break; + case "826ca512-cf10-4ac9-b187-be01496631bd":reference = "EFI_CERT_SHA1_GUID"; break; + case "67f8444f-8743-48f1-a328-1eaab8736080":reference = "EFI_CERT_RSA2048_SHA1_GUID"; break; + case "a5c059a1-94e4-4aa7-87b5-ab155c2bf072":reference = "EFI_CERT_X509_GUID"; break; + case "0b6e5233-a65c-44c9-9407-d9ab83bfc8bd":reference = "EFI_CERT_SHA224_GUID"; break; + case "ff3e5307-9fd0-48c9-85f1-8ad56c701e01":reference = "EFI_CERT_SHA384_GUID"; break; + case "093e0fae-a6c4-4f50-9f1b-d41e2b89c19a":reference = "EFI_CERT_SHA512_GUID"; break; + case "3bd2a492-96c0-4079-b420-fcf98ef103ed":reference = "EFI_CERT_X509_SHA256_GUID"; break; + case "7076876e-80c2-4ee6-aad2-28b349a6865b":reference = "EFI_CERT_X509_SHA384_GUID"; break; + case "446dbf63-2502-4cda-bcfa-2465d2b0fe9d":reference = "EFI_CERT_X509_SHA512_GUID"; break; + case "a7717414-c616-4977-9420-844712a735bf": + reference = "EFI_CERT_TYPE_RSA2048_SHA256_GUID"; break; + // UEFI defined variables + case "452e8ced-dfff-4b8c-ae01-5118862e682c": + reference = "EFI_CERT_EXTERNAL_MANAGEMENT_GUID"; break; + case "d719b2cb-3d3a-4596-a3bc-dad00e67656f":reference = "EFI_IMAGE_SECURITY_DATABASE_GUID"; break; + case "4aafd29d-68df-49ee-8aa9-347d375665a7":reference = "EFI_CERT_TYPE_PKCS7_GUID"; break; + case "c12a7328-f81f-11d2-ba4b-00a0c93ec93b" :reference = "EFI System Partition"; break; + case "024DEE41-33E7-11D3-9D69-0008C781F39F" : + reference = "Partition containing a legacy MBR"; break; + // RHBoot UEFI Application UUIDs + // From listed in RHBoot (RHShim) https://github.com/rhboot/efivar/blob/master/src/guids.txt + case "0abba7dc-e516-4167-bbf5-4d9d1c739416":reference = "fwupdate:"; break; + case "3b8c8162-188c-46a4-aec9-be43f1d65697":reference = "ux_capsule"; break; + case "605dab50-e046-4300-abb6-3dd810dd8b23":reference = "RH_Shim"; break; + case "8be4df61-93ca-11d2-aa0d-00e098032b8c":reference = "EFI_Global_Variable"; break; + case "91376aff-cba6-42be-949d-06fde81128e8":reference = "GRUB"; break; + + // Partition Table GUIDs + case "0fc63daf-8483-4772-8e79-3d69d8477de4":reference = "Linux filesystem data"; break; + case "e6d6d379-f507-44c2-a23c-238f2a3df928": + reference = "Logical Volume Manager (LVM) partition"; break; + case "4f68bce3-e8cd-4db1-96e7-fbcaf984b709":reference = "Root partition (x86-64)"; break; + case "a19d880f-05fc-4d3b-a006-743f0f84911e":reference = "RAID partition "; break; + case "933ac7e1-2eb4-4f13-b844-0e14e2aef915":reference = "/home partition[ (x86-64)"; break; + case "ebd0a0a2-b9e5-4433-87c0-68b6b72699c7":reference = "GPT Basic data partition"; break; + + // RHBoot Lenovo specific UUIDS + case "3cc24e96-22c7-41d8-8863-8e39dcdcc2cf":reference = "lenovo"; break; + case "82988420-7467-4490-9059-feb448dd1963":reference = "lenovo_me_config"; break; + case "f7e615b-0d45-4f80-88dc-26b234958560":reference = "lenovo_diag"; break; + case "665d3f60-ad3e-4cad-8e26-db46eee9f1b5":reference = "lenovo_rescue"; break; + case "721c8b66-426c-4e86-8e99-3457c46ab0b9":reference = "lenovo_setup"; break; + case "f46ee6f4-4785-43a3-923d-7f786c3c8479":reference = "lenovo_startup_interrupt"; break; + case "126a762d-5758-4fca-8531-201a7f57f850":reference = "lenovo_boot_menu"; break; + case "a7d8d9a6-6ab0-4aeb-ad9d-163e59a7a380":reference = "lenovo_diag_splash"; break; + // Company UUIDs (From Internet searches) + case "77fa9abd-0359-4d32-bd60-28f4e78f784b":reference = "Microsoft Inc."; break; + case "f5a96b31-dba0-4faa-a42a-7a0c9832768e":reference = "HPE Inc."; break; + case "2879c886-57ee-45cc-b126-f92f24f906b9":reference = "SUSE Certificate"; break; + case "70564dce-9afc-4ee3-85fc-949649d7e45c":reference = "Dell Inc."; break; + + // Intel GUIDS + case "bfcc0833-2125-42d1-8c6d-13821e23c078":reference = "Intel(R) Desktop Boards"; break; + case "80b3ad5b-9880-4af9-a645-e56a68be89de":reference = "Intel(R) CISD FW Update"; break; + +// Microsoft GUIDS + case "e3c9e316-0b5c-4db8-817d-f92df00215ae": + reference = "Microsoft Reserved Partition (MSR)"; break; + case "5808c8aa-7e8f-42e0-85d2-e1e90434cfb3": + reference = "Logical Disk Manager (LDM) metadata partition "; break; + case "af9b60a0-1431-4f62-bc68-3311714a69ad": + reference = "Logical Disk Manager data partition"; break; + case "de94bba4-06d1-4d40-a16a-bfd50179d6ac":reference = "Windows Recovery Environment"; break; + case "9f25ee7a-e7b7-11db-94b5-f7e662935912":reference = "Windows Boot Loader"; break; + + // Linux specific GUIDS + case "0fc63daf-8483-4772-8e79-3d69d8477de":reference = "Linux filesystem data"; break; + case "44479540-f297-41b2-9af7-d131d5f0458a4":reference = "Root partition (x86)"; break; + case "69dad710-2ce4-4e3c-b16c-21a1d49abed3":reference = "Root partition (32-bit ARM)"; break; + case "b921b045-1df0-41c3-af44-4c6f280d3fae": + reference = "Root partition (64-bit ARM/AArch64)"; break; + case "0657fd6d-a4ab-43c4-84e5-0933c84b4f4f":reference = "Swap partition"; break; + case "3b8f8425-20e0-4f3b-907f-1a25a76f98e8":reference = "/srv (server data) partition"; break; + case "7ffec5c9-2d00-49b7-8941-3ea10a5586b7":reference = "Plain dm-crypt partitiont"; break; + case "ca7d7ccb-63ed-4c53-861c-1742536059cc":reference = "LUKS partition"; break; + + // Linux Boot GUIDS + // https://github.com/linuxboot/linuxboot/blob/master/boards/s2600wf/vendor-files.txt + case "9cfd802c-09a1-43d6-8217-aa49c1f90d2c": + reference = "IntelĀ® Management Engine BIOS Extension (Mebx)"; break; + case "b62efbbb-3923-4cb9-a6e8-db818e828a80": + reference = "IntelĀ® Management Engine BIOS Extension (Mebx) Setup Browser"; break; + case "9ce4325e-003e-11e3-b582-b8ac6f199a57": + reference = "Non-Volatile Dual In-line Memory Module (NVDIMM) Driver"; break; + case "ea9de6d5-7839-46f7-9e63-4de8b00e2e5d": + reference = "NVM DIMM Human Interface Infrastructure (HII)"; break; + case "56a1b86f-0d4a-485d-87de-ad0eba1c8c2a":reference = "IBM C Video Gop"; break; + case "a1f436ea-a127-4ef8-957c-8048606ff670":reference = "SnpDxe"; break; + case "a210f973-229d-4f4d-aa37-9895e6c9eaba":reference = "DpcDxe"; break; + case "025bbfc7-e6a9-4b8b-82ad-6815a1aeaf4a": + reference = "MNP Network Service Driver - MnpDxe"; break; + case "b44b2005-42bc-41c9-80af-abd7dc7d6923":reference = "RSTesSATAEFI"; break; + case "15e1e31a-9f9d-4c84-82fb-1a707fc0f63b":reference = "RSTeSATAEFI"; break; + case "2cc25173-bd9f-4c89-89cc-29256a3fd9c3":reference = "RSTesSATALegacy"; break; + case "bd5d4ca5-674f-4584-8cf9-ce4ea1f54dd1":reference = "RSTeSATALegacy"; break; + + // WinNt GUIDs, add if they are still found in use + //https://sourceforge.net/p/uefinotes/wiki/FV%20Sources/?version=3 + case "fc5c7020-1a48-4198-9be2-ead5abc8cf2f":reference = "BdsDxe"; break; + case "d0893f05-b06d-4161-b947-9be9b85ac3a1":reference = "SnpNt32Dxe"; break; + case "9b3ada4f-ae56-4c24-8Dea-f03b7558ae50":reference = "PcdPeim"; break; + case "34c8c28F-b61c-45a2-8f2e-89e46becc63b":reference = "PeiVariable"; break; + case "fe5cea76-4f72-49e8-986f-2cd899dffe5d":reference = "FaultTolerantWriteDxe"; break; + + // Linux Boot Image files + // UEFI Platform Initialization (PI) specifications + // Driver Execution Environment (DXE) Architectural protocols and platform modules + //https://github.com/linuxboot/linuxboot/blob/master/boards/winterfell/image-files.txt + case "5ae3f37e-4eae-41ae-8240-35465b5e81eb":reference = "CORE_DXE"; break; + case "cbc59c4a-383a-41eb-a8ee-4498aea567e4":reference = "DXE Runtime"; break; + case "3c1de39f-d207-408a-aacc-731cfb7f1dd7":reference = "DXE PciBus"; break; + case "80e66e0a-ccd1-43fa-a7b1-2d5ee0f13910":reference = "DXE PciRootBridge"; break; + case "9f3a0016-ae55-4288-829d-d22fd344c347":reference = "DXE AmiBoardInfo"; break; + case "13ac6dd0-73d0-11d4-b06b-00aa00bd6de7":reference = "DXE EBC"; break; + case "e03abadf-e536-4e88-b3a0-b77f78eb34fe":reference = "CPU DXE"; break; + case "b7d19491-e55a-470d-8508-85a5dfa41974":reference = "SBDXE"; break; + case "e23f86e1-056e-4888-b685-cfcd67c179d4":reference = "DXE SBRun"; break; + case "e4ecd0b2-e277-4f2b-becb-e4d75c9a812e":reference = "NBDXE"; break; + case "5ad34ba6-f024-2149-52e4-da0398e2bb9" :reference = "DXE Services Table"; break; + // ACPI configuration and tables + case "750890a6-7acf-4f4f-81bd-b400c2bea95a":reference = "AcpiModeEnable"; break; + case "d4c05cd1-5eae-431d-a095-13a9e5822045":reference = "MPST"; break; + case "db93cb2c-bf1c-431a-abc8-8737bc2afc1f":reference = "PRAD-ACPI-table"; break; + case "3bc5b795-a4e0-4d56-9321-316d18a7aefe":reference = "PRAD"; break; + case "16d0a23e-c09c-407d-a14a-ad058fdd0ca1":reference = "ACPI"; break; + case "26a2481e-4424-46a2-9943-cc4039ead8f8":reference = "S3Save"; break; + case "efd652cc-0e99-40f0-96c0-e08c089070fc":reference = "S3Restore"; break; + case "8c783970-f02a-4a4d-af09-8797a51eec8d":reference = "PowerManagement"; break; + case "299141bb-211a-48a5-92c0-6f9a0a3a006e0":reference = "PowerManagement-ACPI-table"; break; + case "2df10014-cf21-4280-8c3f-e539b8ee5150":reference = "PpmPolicyInitDxe"; break; + case "4b680e2d-0d63-4f62-b930-7ae995b9b3a3":reference = "SmBusDxe"; break; + // SMM handlers + case "4a37320b-3fb3-4365-9730-9e89c600395d":reference = "SmmDispatcher"; break; + case "753630c9-fae5-47a9-bbbf-88d621cd7282":reference = "SmmChildDispatcher"; break; + case "be216ba8-38c4-4535-a6ca-5dca5b43addf":reference = "SmiVariable"; break; + case "a56897a1-a77f-4600-84db-22b0a801fa9a":reference = "SmmRuntime"; break; + case "d2596f82-f0e1-49fa-95bc-62012c795728":reference = "SmmBase Data"; break; + case "69009842-63f2-43db-964b-efad1c39ec85":reference = "SmmBase Data"; break; + case "d0632c90-afd7-4492-b186-257c63143c61":reference = "SmmBase"; break; + case "7e2d983f-f703-4a29-9761-77b51f5354ed":reference = "SmmCommunicate"; break; + // CMOS and NVRAM handlers + case "6869c5b3-ac8d-4973-8b37-e354dbf34add":reference = "CmosManagerSmm"; break; + case "842a454a-75e5-408b-8b1c-36420e4e3f21":reference = "NvramSmi"; break; + case "5446c293-339b-47cd-b719-585de39408cc":reference = "PostReport"; break; + case "71ca9ca1-325d-4bfe-afa3-2ec5c94a8680":reference = "DmAcpi"; break; + case "cef68c66-06ab-4fb3-a3ed-5ffa885b5725":reference = "SMBiosBoard"; break; + case "b13edd38-684c-41ed-a305-d7b7e32497df":reference = "SMBios64"; break; + case "ded7956d-7e20-4f20-91a1-190439b04d5b":reference = "SmbiosGetFlashData64"; break; + case "daf4bf89-ce71-4917-b522-c89d32fbc59f":reference = "SmbiosStaticData"; break; + // Apple GUIDS + case "48465300-0000-11aa-aa11-00306543ecac": + reference = "Apple Hierarchical File System Plus (HFS+) partition "; break; + case "7c3457ef-0000-11aa-aa11-00306543ecac":reference = "Apple APFS container"; break; + case "55465300-0000-11aa-aa11-00306543ecac":reference = "Apple UFS container"; break; + case "52414944-0000-11aa-aa11-00306543ecac":reference = "Apple RAID partition"; break; + case "4c616265-6c00-11aa-aa11-00306543ecac":reference = "Apple Label"; break; + case "53746f72-6167-11aa-aa11-00306543ecac":reference = "Apple Core Storage Container"; break; + case "6a898cc3-1dd2-11b2-99a6-080020736631":reference = "ZFS Partition"; break; + + // Chrome OS GUIDS + case "2568845d-2332-4675-bc39-8fa5a4748d15":reference = "Chrome OS kernel "; break; + case "3cb8e202-3b7e-47dd-8a3c-7ff2a13cfcec":reference = "Chrome OS rootfs "; break; + case "2e0a753d-9e48-43b0-8337-b15192cb1b5e":reference = "Chrome OS future use "; break; + + // Android GUIDS + case "fe3a2a5d-4f32-41a7-b725-accc3285a309":reference = "Android Bootloader"; break; + case "114eaffe-1552-4022-b26e-9b053604cf84":reference = "Android Bootloader 2"; break; + case "49a4d17f-93a3-45c1-a0de-f50b2ebe2599":reference = "Android Boot"; break; + case "4177c722-9e92-4aab-8644-43502bfd5506":reference = "Android Recovery"; break; + case "38f428e6-d326-425d-9140-6e0ea133647c":reference = "Android System"; break; + case "bd59408b-4514-490d-bf12-9878d963f378":reference = "Android Config"; break; + case "8f68cc74-c5e5-48da-be91-a0c8c15e9c80":reference = "Android Factory"; break; + case "ac6d7924-eb71-4df8-b48d-e267b27148ff":reference = "Android OEM"; break; + + // MISC GUIDs + case "5023b95c-db26-429b-a648-bd47664c8012":reference = "Built-in EFI Shell"; break; + case "610a0202-d308-00c4-0000-000004300d06":reference = "Mystery UUID"; break; + case "00000000-0000-0000-0000-000000000000":reference = "Empty UUID"; break; + + default: reference = "Unknown GUID reference"; + } + return reference; + } + +/** + * Returns a string of the entity that the UUID represents. + * Contains a Vendor String lookup on the UUID. + * @return UUID description. + */ +public String toString() { + String guidinfo = ""; + guidinfo = uuid.toString() + " : " + getVendorTableReference(); + return guidinfo; + } + +/** + * Returns a string of the entity that the UUID represents. + * Does not contain a vendor lookup on the UUID. + * @return UUID description. + */ +public String toStringNoLookup() { + return uuid.toString(); +} +/** + * Returns a string of the entity that the UUID represents. + * Does not contain a vendor lookup on the UUID. + * @param guid byte array holding the guid data. + * @return true if the UUID has a valid structure. + */ +public static boolean isValidUUID(final byte[] guid) { + boolean valid = false; + UUID tmpUuid = processGuid(guid); + if (tmpUuid.toString().length() != 0) { + valid = true; + } + return (valid); + } + +/** + * Checks to see if the uuid is the test or Empty UUID ("00000000-0000-0000-0000-000000000000"). + * @return true if the uuid is the Empty UUID, false if not + */ +public boolean isEmptyUUID() { + return uuid.toString().equals("00000000-0000-0000-0000-000000000000"); + } + +/** + * Checks to see if the uuid is the Empty UUID or an unknown. + * @return true if the uuid is the Empty UUID, false if not + */ +public boolean isUnknownUUID() { + if (getVendorTableReference().equals("Unknown GUID reference")) { + return true; + } + return false; + } + +/** + * Retrieves the timestamp within a time based GUID. + * @param uuid uuid object + * @return long representing the time stamp from the GUID + */ +public long getTimeFromUUID(final UUID uuid) { + return (uuid.timestamp() - UUID_EPOCH_INTERVALS) / UUID_EPOCH_DIVISOR; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/package-info.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/package-info.java new file mode 100644 index 00000000..7b0ed551 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/uefi/package-info.java @@ -0,0 +1,6 @@ +/** + * Non-persistant classes related to TGC Event Logs. + */ + +package hirs.tpm.eventlog.uefi; +