- * Notes: Parses event data for an DEVICE_SECURITY_EVENT_DATA per PFP Spec. + * Notes: Parses event data for an DEVICE_SECURITY_EVENT_DATA per PFP v1.06 Rev52 Table 20. * 1. Has an EventType of EV_EFI_SPDM_FIRMWARE_BLOB (0x800000E1) * 2. Digest of 48 bytes * 3. Event content defined as DEVICE_SECURITY_EVENT_DATA Struct. - * 4. First 16 bytes of the structure is an ASCII "SPDM Device Sec" + * 4. First 16 bytes of the structure header is an ASCII "SPDM Device Sec" */ public class DeviceSecurityEventData { diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java index bd12cb92..34b9b28a 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java @@ -1,15 +1,15 @@ package hirs.utils.tpm.eventlog.events; /** - * Class to process the DeviceSecurityEventDataDeviceContext event - * DEVICE_SECURITY_EVENT_DATA has 2 structures: - * 1) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT - * 2) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT + * Class to process the DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT event per PFP. + * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT is a common SPDM structure which includes the + * identification of the device, device vendor, subsystem, etc. Device can be either a PCI + * or USB connection. *
- * typedef struct tdDEVICE_SECURITY_EVENT_DATA { - * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext; - * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT UsbContext; - * } DEVICE_SECURITY_EVENT_DATA; + * typedef struct tdDEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT { + * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext; + * DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT UsbContext; + * } tdDEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT; *
*/ public class DeviceSecurityEventDataDeviceContext { diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java index a6d83580..1ad91963 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java @@ -10,47 +10,52 @@ import java.util.ArrayList; import java.util.List; /** - * Class to process the DeviceSecurityEventDataHeader. + * Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER per PFP. * The first 16 bytes of the event data header MUST be a String based identifier (Signature), * NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies * the event data is a DEVICE_SECURITY_EVENT_DATA. DEVICE_SECURITY_EVENT_DATA_HEADER contains * the measurement(s) and hash algorithm (SpdmHashAlg) identifier returned by the SPDM * "GET_MEASUREMENTS" function. *
+ * PFP v1.06 Rev 52: * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER { - * UINT8 Signature[16]; - * UINT16 Version; - * UINT16 Length; - * UINT32 SpdmHashAlg; - * UINT32 DeviceType; - * SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; - * UINT64 DevicePathLength; - * UNIT8 DevicePath[DevicePathLength] + * UINT8 Signature[16]; + * UINT16 Version; + * UINT16 Length; + * UINT32 SpdmHashAlg; + * UINT32 DeviceType; + * SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; + * UINT64 DevicePathLength; + * UNIT8 DevicePath[DevicePathLength] * } DEVICE_SECURITY_EVENT_DATA_HEADER; *
- * typedef struct tdSPDM_MEASUREMENT_BLOCK {
- * tbd tbdalgorithmId;
- * tbd tbddigestSize;
- * } SPDM_MEASUREMENT_BLOCK;
+ * SPDM_MEASUREMENT_BLOCK:
+ * SPDM v1.03, Sect 10.11.1, Table 53:
+ * Measurement block format {
+ * Index 1 byte;
+ * MeasurementSpec 1 byte;
+ * MeasurementSize 2 bytes;
+ * Measurement
- * typedef struct tdDEVICEPATHLENGTH {
- * tbd tbdalgorithmId;
- * tbd tbddigestSize;
- * } DEVICEPATHLENGTH;
+ * SPDM v1.03, SPDM 10.11.1, Table 54:
+ * DMTF measurement spec format {
+ * DMTFSpecMeasurementValueType 1 byte;
+ * DMTFSpecMeasurementValueSize 2 bytes;
+ * DMTFSpecMeasurementValue
- * define TPM_ALG_SHA1 (TPM_ALG_ID)(0x0004)
- * define TPM_ALG_SHA256 (TPM_ALG_ID)(0x000B)
- * define TPM_ALG_SHA384 (TPM_ALG_ID)(0x000C)
- * define TPM_ALG_SHA512 (TPM_ALG_ID)(0x000D)
+ * DMTFSpecMeasurementValueType[7]
+ * Indicates how bits [0:6] are represented
+ * Bit = 0: Digest
+ * Bit = 1: Raw bit stream
+ * DMTFSpecMeasurementValueType[6:0]
+ * Immutable ROM 0x0
+ * Mutable firmware 0x1
+ * Hardware configuration 0x2
+ * Firmware configuration 0x3
+ * etc.
*
-// * Notes: Parses event data for an EfiSpecID per Table 5 TCG_EfiSpecIdEvent Example.
-// * 1. Should be the first Structure in the log
-// * 2. Has an EventType of EV_NO_ACTION (0x00000003)
-// * 3. Digest of 20 bytes of all 0's
-// * 4. Event content defined as TCG_EfiSpecIDEvent Struct.
-// * 5. First 16 bytes of the structure is an ASCII "Spec ID Event03"
-// * 6. The version of the log is used to determine which format the Log
-// * is to use (sha1 or Crypto Agile)
*/
public class DeviceSecurityEventDataHeader {
// /**
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java
index cd6e01bd..174dab66 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java
@@ -1,4 +1,22 @@
package hirs.utils.tpm.eventlog.events;
+
+/**
+ * Class to process the DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT event per PFP.
+ * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT is an SPDM structure which includes the
+ * identification of the device, device vendor, subsystem, etc. for a PCI device.
+ *
+ * typedef struct DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT {
+ * UINT16 Version;
+ * UINT16 Length;
+ * UINT16 VendorId;
+ * UINT16 DeviceId;
+ * UINT8 RevisionID;
+ * UINT8 ClassCode[3];
+ * UINT16 SubsystemVendorID;
+ * UINT16 SubsystemID;
+ * } DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT;
+ *
+ */
public class DeviceSecurityEventDataPciContext {
}
diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java
index 64d717e8..8ea069fe 100644
--- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java
@@ -14,7 +14,9 @@ import java.util.List;
* Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structure DEVICE_SECURITY_EVENT_DATA
* DEVICE_SECURITY_EVENT_DATA has 2 structures:
* 1) DEVICE_SECURITY_EVENT_DATA_HEADER
- * 2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ * 2) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT, which has 2 structures
+ * a) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ * b) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
* NUL-terminated. The only currently defined Signature is "SPDM Device Sec"
* which implies the event data is a DEVICE_SECURITY_EVENT_DATA.