completed descriptions for data structures

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java

@@ -11,10 +11,10 @@ import java.util.List;
 
 
 /**
- * Class to process the DeviceSecurityEventData event
+ * Class to process the DEVICE_SECURITY_EVENT_DATA event per PFP.
  * DEVICE_SECURITY_EVENT_DATA has 2 structures:
  *    1) DEVICE_SECURITY_EVENT_DATA_HEADER
- *    2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ *    2) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT
  * DEVICE_SECURITY_EVENT_DATA_HEADER
  *    The first 16 bytes of the event data header MUST be a String based identifier (Signature),
  *    NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
@@ -30,11 +30,11 @@ import java.util.List;
  * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT    DeviceContext;
  * } DEVICE_SECURITY_EVENT_DATA;
  * <p>
- * Notes: Parses event data for an DEVICE_SECURITY_EVENT_DATA per PFP Spec.
+ * Notes: Parses event data for an DEVICE_SECURITY_EVENT_DATA per PFP v1.06 Rev52 Table 20.
  * 1. Has an EventType of EV_EFI_SPDM_FIRMWARE_BLOB (0x800000E1)
  * 2. Digest of 48 bytes
  * 3. Event content defined as DEVICE_SECURITY_EVENT_DATA Struct.
- * 4. First 16 bytes of the structure is an ASCII "SPDM Device Sec"
+ * 4. First 16 bytes of the structure header is an ASCII "SPDM Device Sec"
  */
 public class DeviceSecurityEventData {
 

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataDeviceContext.java

@@ -1,15 +1,15 @@
 package hirs.utils.tpm.eventlog.events;
 
 /**
- * Class to process the DeviceSecurityEventDataDeviceContext event
+ * Class to process the DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT event per PFP.
- * DEVICE_SECURITY_EVENT_DATA has 2 structures:
+ * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT is a common SPDM structure which includes the
- *    1) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ * identification of the device, device vendor, subsystem, etc. Device can be either a PCI
- *    2) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
+ * or USB connection.
  * <p>
- * typedef struct tdDEVICE_SECURITY_EVENT_DATA {
+ * typedef struct tdDEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT {
- * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT       PciContext;
+ *      DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT       PciContext;
- * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT       UsbContext;
+ *      DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT       UsbContext;
- * } DEVICE_SECURITY_EVENT_DATA;
+ * } tdDEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT;
  * <p>
  */
 public class DeviceSecurityEventDataDeviceContext {

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java

@@ -10,47 +10,52 @@ import java.util.ArrayList;
 import java.util.List;
 
 /**
- * Class to process the DeviceSecurityEventDataHeader.
+ * Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER per PFP.
  * The first 16 bytes of the event data header MUST be a String based identifier (Signature),
  * NUL-terminated. The only currently defined Signature is "SPDM Device Sec" which implies
  * the event data is a DEVICE_SECURITY_EVENT_DATA. DEVICE_SECURITY_EVENT_DATA_HEADER contains
  * the measurement(s) and hash algorithm (SpdmHashAlg) identifier returned by the SPDM
  * "GET_MEASUREMENTS" function.
  * <p>
+ * PFP v1.06 Rev 52:
  * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
- * UINT8                             Signature[16];
+ *      UINT8                           Signature[16];
- * UINT16                            Version;
+ *      UINT16                          Version;
- * UINT16                           Length;
+ *      UINT16                          Length;
- * UINT32                           SpdmHashAlg;
+ *      UINT32                          SpdmHashAlg;
- * UINT32                           DeviceType;
+ *      UINT32                          DeviceType;
- * SPDM_MEASUREMENT_BLOCK           SpdmMeasurementBlock;
+ *      SPDM_MEASUREMENT_BLOCK          SpdmMeasurementBlock;
- * UINT64                           DevicePathLength;
+ *      UINT64                          DevicePathLength;
- * UNIT8                            DevicePath[DevicePathLength]
+ *      UNIT8                           DevicePath[DevicePathLength]
  * } DEVICE_SECURITY_EVENT_DATA_HEADER;
  * <p>
- * typedef struct tdSPDM_MEASUREMENT_BLOCK {
+ * SPDM_MEASUREMENT_BLOCK:
- * tbd      tbdalgorithmId;
+ * SPDM v1.03, Sect 10.11.1, Table 53:
- * tbd      tbddigestSize;
+ * Measurement block format {
- * } SPDM_MEASUREMENT_BLOCK;
+ *      Index                           1 byte;
+ *      MeasurementSpec                 1 byte;
+ *      MeasurementSize                 2 bytes;
+ *      Measurement                     <MeasurementSize> bytes;
+ * }
  * <p>
- * typedef struct tdDEVICEPATHLENGTH {
+ * SPDM v1.03, SPDM 10.11.1, Table 54:
- * tbd      tbdalgorithmId;
+ * DMTF measurement spec format {
- * tbd      tbddigestSize;
+ *      DMTFSpecMeasurementValueType    1 byte;
- * } DEVICEPATHLENGTH;
+ *      DMTFSpecMeasurementValueSize    2 bytes;
+ *      DMTFSpecMeasurementValue        <DMTFSpecMeasurementValueSize> bytes;
+ * }
  * <p>
- * define TPM_ALG_SHA1           (TPM_ALG_ID)(0x0004)
+ * DMTFSpecMeasurementValueType[7]
- * define TPM_ALG_SHA256         (TPM_ALG_ID)(0x000B)
+ *      Indicates how bits [0:6] are represented
- * define TPM_ALG_SHA384         (TPM_ALG_ID)(0x000C)
+ *      Bit = 0: Digest
- * define TPM_ALG_SHA512         (TPM_ALG_ID)(0x000D)
+ *      Bit = 1: Raw bit stream
+ * DMTFSpecMeasurementValueType[6:0]
+ *      Immutable ROM                   0x0
+ *      Mutable firmware                0x1
+ *      Hardware configuration          0x2
+ *      Firmware configuration          0x3
+ *      etc.
  * <p>
-// * Notes: Parses event data for an EfiSpecID per Table 5 TCG_EfiSpecIdEvent Example.
-// * 1. Should be the first Structure in the log
-// * 2. Has an EventType of EV_NO_ACTION (0x00000003)
-// * 3. Digest of 20 bytes of all 0's
-// * 4. Event content defined as TCG_EfiSpecIDEvent Struct.
-// * 5. First 16 bytes of the structure is an ASCII "Spec ID Event03"
-// * 6. The version of the log is used to determine which format the Log
-// * is to use (sha1 or Crypto Agile)
  */
 public class DeviceSecurityEventDataHeader {
 //    /**

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java

@@ -1,4 +1,22 @@
 package hirs.utils.tpm.eventlog.events;
 
+
+/**
+ * Class to process the DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT event per PFP.
+ * DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT is an SPDM structure which includes the
+ * identification of the device, device vendor, subsystem, etc. for a PCI device.
+ * <p>
+ * typedef struct DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT {
+ *      UINT16                          Version;
+ *      UINT16                          Length;
+ *      UINT16                          VendorId;
+ *      UINT16                          DeviceId;
+ *      UINT8                           RevisionID;
+ *      UINT8                           ClassCode[3];
+ *      UINT16                          SubsystemVendorID;
+ *      UINT16                          SubsystemID;
+ * } DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT;
+ * <p>
+ */
 public class DeviceSecurityEventDataPciContext {
 }

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmFirmwareBlob.java

@@ -14,7 +14,9 @@ import java.util.List;
  * Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event using structure DEVICE_SECURITY_EVENT_DATA
  * DEVICE_SECURITY_EVENT_DATA has 2 structures:
  *    1) DEVICE_SECURITY_EVENT_DATA_HEADER
- *    2) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ *    2) DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT, which has 2 structures
+ *       a) DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT
+ *       b) DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT
  * The first 16 bytes of the event data header MUST be a String based identifier (Signature),
  *    NUL-terminated. The only currently defined Signature is "SPDM Device Sec"
  *    which implies the event data is a DEVICE_SECURITY_EVENT_DATA.