mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-16 09:49:46 +00:00
completed descriptions for data structures
This commit is contained in:
parent
422834a8bb
commit
c43e790c74
@ -11,10 +11,10 @@ import java.util.List;
|
|||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class to process the DeviceSecurityEventData event
|
* Class to process the DEVICE_SECURITY_EVENT_DATA event per PFP.
|
||||||
* DEVICE_SECURITY_EVENT_DATA has 2 structures:
|
* DEVICE_SECURITY_EVENT_DATA has 2 structures:
|
||||||
* 1) DEVICE_SECURITY_EVENT_DATA_HEADER
|
* 1) DEVICE_SECURITY_EVENT_DATA_HEADER
|
||||||
* 2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
|
* 2) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT
|
||||||
* DEVICE_SECURITY_EVENT_DATA_HEADER
|
* DEVICE_SECURITY_EVENT_DATA_HEADER
|
||||||
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
||||||
* NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
|
* NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
|
||||||
@ -30,11 +30,11 @@ import java.util.List;
|
|||||||
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext;
|
||||||
* } DEVICE_SECURITY_EVENT_DATA;
|
* } DEVICE_SECURITY_EVENT_DATA;
|
||||||
* <p>
|
* <p>
|
||||||
* Notes: Parses event data for an DEVICE_SECURITY_EVENT_DATA per PFP Spec.
|
* Notes: Parses event data for an DEVICE_SECURITY_EVENT_DATA per PFP v1.06 Rev52 Table 20.
|
||||||
* 1. Has an EventType of EV_EFI_SPDM_FIRMWARE_BLOB (0x800000E1)
|
* 1. Has an EventType of EV_EFI_SPDM_FIRMWARE_BLOB (0x800000E1)
|
||||||
* 2. Digest of 48 bytes
|
* 2. Digest of 48 bytes
|
||||||
* 3. Event content defined as DEVICE_SECURITY_EVENT_DATA Struct.
|
* 3. Event content defined as DEVICE_SECURITY_EVENT_DATA Struct.
|
||||||
* 4. First 16 bytes of the structure is an ASCII "SPDM Device Sec"
|
* 4. First 16 bytes of the structure header is an ASCII "SPDM Device Sec"
|
||||||
*/
|
*/
|
||||||
public class DeviceSecurityEventData {
|
public class DeviceSecurityEventData {
|
||||||
|
|
||||||
|
@ -1,15 +1,15 @@
|
|||||||
package hirs.utils.tpm.eventlog.events;
|
package hirs.utils.tpm.eventlog.events;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class to process the DeviceSecurityEventDataDeviceContext event
|
* Class to process the DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT event per PFP.
|
||||||
* DEVICE_SECURITY_EVENT_DATA has 2 structures:
|
* DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT is a common SPDM structure which includes the
|
||||||
* 1) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
|
* identification of the device, device vendor, subsystem, etc. Device can be either a PCI
|
||||||
* 2) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
|
* or USB connection.
|
||||||
* <p>
|
* <p>
|
||||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA {
|
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT {
|
||||||
* DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext;
|
* DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext;
|
||||||
* DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT UsbContext;
|
* DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT UsbContext;
|
||||||
* } DEVICE_SECURITY_EVENT_DATA;
|
* } tdDEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT;
|
||||||
* <p>
|
* <p>
|
||||||
*/
|
*/
|
||||||
public class DeviceSecurityEventDataDeviceContext {
|
public class DeviceSecurityEventDataDeviceContext {
|
||||||
|
@ -10,47 +10,52 @@ import java.util.ArrayList;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class to process the DeviceSecurityEventDataHeader.
|
* Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER per PFP.
|
||||||
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
||||||
* NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
|
* NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
|
||||||
* the event data is a DEVICE_SECURITY_EVENT_DATA. DEVICE_SECURITY_EVENT_DATA_HEADER contains
|
* the event data is a DEVICE_SECURITY_EVENT_DATA. DEVICE_SECURITY_EVENT_DATA_HEADER contains
|
||||||
* the measurement(s) and hash algorithm (SpdmHashAlg) identifier returned by the SPDM
|
* the measurement(s) and hash algorithm (SpdmHashAlg) identifier returned by the SPDM
|
||||||
* "GET_MEASUREMENTS" function.
|
* "GET_MEASUREMENTS" function.
|
||||||
* <p>
|
* <p>
|
||||||
|
* PFP v1.06 Rev 52:
|
||||||
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
|
* typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
|
||||||
* UINT8 Signature[16];
|
* UINT8 Signature[16];
|
||||||
* UINT16 Version;
|
* UINT16 Version;
|
||||||
* UINT16 Length;
|
* UINT16 Length;
|
||||||
* UINT32 SpdmHashAlg;
|
* UINT32 SpdmHashAlg;
|
||||||
* UINT32 DeviceType;
|
* UINT32 DeviceType;
|
||||||
* SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
|
* SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
|
||||||
* UINT64 DevicePathLength;
|
* UINT64 DevicePathLength;
|
||||||
* UNIT8 DevicePath[DevicePathLength]
|
* UNIT8 DevicePath[DevicePathLength]
|
||||||
* } DEVICE_SECURITY_EVENT_DATA_HEADER;
|
* } DEVICE_SECURITY_EVENT_DATA_HEADER;
|
||||||
* <p>
|
* <p>
|
||||||
* typedef struct tdSPDM_MEASUREMENT_BLOCK {
|
* SPDM_MEASUREMENT_BLOCK:
|
||||||
* tbd tbdalgorithmId;
|
* SPDM v1.03, Sect 10.11.1, Table 53:
|
||||||
* tbd tbddigestSize;
|
* Measurement block format {
|
||||||
* } SPDM_MEASUREMENT_BLOCK;
|
* Index 1 byte;
|
||||||
|
* MeasurementSpec 1 byte;
|
||||||
|
* MeasurementSize 2 bytes;
|
||||||
|
* Measurement <MeasurementSize> bytes;
|
||||||
|
* }
|
||||||
* <p>
|
* <p>
|
||||||
* typedef struct tdDEVICEPATHLENGTH {
|
* SPDM v1.03, SPDM 10.11.1, Table 54:
|
||||||
* tbd tbdalgorithmId;
|
* DMTF measurement spec format {
|
||||||
* tbd tbddigestSize;
|
* DMTFSpecMeasurementValueType 1 byte;
|
||||||
* } DEVICEPATHLENGTH;
|
* DMTFSpecMeasurementValueSize 2 bytes;
|
||||||
|
* DMTFSpecMeasurementValue <DMTFSpecMeasurementValueSize> bytes;
|
||||||
|
* }
|
||||||
* <p>
|
* <p>
|
||||||
* define TPM_ALG_SHA1 (TPM_ALG_ID)(0x0004)
|
* DMTFSpecMeasurementValueType[7]
|
||||||
* define TPM_ALG_SHA256 (TPM_ALG_ID)(0x000B)
|
* Indicates how bits [0:6] are represented
|
||||||
* define TPM_ALG_SHA384 (TPM_ALG_ID)(0x000C)
|
* Bit = 0: Digest
|
||||||
* define TPM_ALG_SHA512 (TPM_ALG_ID)(0x000D)
|
* Bit = 1: Raw bit stream
|
||||||
|
* DMTFSpecMeasurementValueType[6:0]
|
||||||
|
* Immutable ROM 0x0
|
||||||
|
* Mutable firmware 0x1
|
||||||
|
* Hardware configuration 0x2
|
||||||
|
* Firmware configuration 0x3
|
||||||
|
* etc.
|
||||||
* <p>
|
* <p>
|
||||||
// * Notes: Parses event data for an EfiSpecID per Table 5 TCG_EfiSpecIdEvent Example.
|
|
||||||
// * 1. Should be the first Structure in the log
|
|
||||||
// * 2. Has an EventType of EV_NO_ACTION (0x00000003)
|
|
||||||
// * 3. Digest of 20 bytes of all 0's
|
|
||||||
// * 4. Event content defined as TCG_EfiSpecIDEvent Struct.
|
|
||||||
// * 5. First 16 bytes of the structure is an ASCII "Spec ID Event03"
|
|
||||||
// * 6. The version of the log is used to determine which format the Log
|
|
||||||
// * is to use (sha1 or Crypto Agile)
|
|
||||||
*/
|
*/
|
||||||
public class DeviceSecurityEventDataHeader {
|
public class DeviceSecurityEventDataHeader {
|
||||||
// /**
|
// /**
|
||||||
|
@ -1,4 +1,22 @@
|
|||||||
package hirs.utils.tpm.eventlog.events;
|
package hirs.utils.tpm.eventlog.events;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class to process the DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT event per PFP.
|
||||||
|
* DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT is an SPDM structure which includes the
|
||||||
|
* identification of the device, device vendor, subsystem, etc. for a PCI device.
|
||||||
|
* <p>
|
||||||
|
* typedef struct DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT {
|
||||||
|
* UINT16 Version;
|
||||||
|
* UINT16 Length;
|
||||||
|
* UINT16 VendorId;
|
||||||
|
* UINT16 DeviceId;
|
||||||
|
* UINT8 RevisionID;
|
||||||
|
* UINT8 ClassCode[3];
|
||||||
|
* UINT16 SubsystemVendorID;
|
||||||
|
* UINT16 SubsystemID;
|
||||||
|
* } DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT;
|
||||||
|
* <p>
|
||||||
|
*/
|
||||||
public class DeviceSecurityEventDataPciContext {
|
public class DeviceSecurityEventDataPciContext {
|
||||||
}
|
}
|
||||||
|
@ -14,7 +14,9 @@ import java.util.List;
|
|||||||
* Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structure DEVICE_SECURITY_EVENT_DATA
|
* Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structure DEVICE_SECURITY_EVENT_DATA
|
||||||
* DEVICE_SECURITY_EVENT_DATA has 2 structures:
|
* DEVICE_SECURITY_EVENT_DATA has 2 structures:
|
||||||
* 1) DEVICE_SECURITY_EVENT_DATA_HEADER
|
* 1) DEVICE_SECURITY_EVENT_DATA_HEADER
|
||||||
* 2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
|
* 2) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT, which has 2 structures
|
||||||
|
* a) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
|
||||||
|
* b) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
|
||||||
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
* The first 16 bytes of the event data header MUST be a String based identifier (Signature),
|
||||||
* NUL-terminated. The only currently defined Signature is "SPDM Device Sec"
|
* NUL-terminated. The only currently defined Signature is "SPDM Device Sec"
|
||||||
* which implies the event data is a DEVICE_SECURITY_EVENT_DATA.
|
* which implies the event data is a DEVICE_SECURITY_EVENT_DATA.
|
||||||
|
Loading…
Reference in New Issue
Block a user