mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-11 07:22:38 +00:00
Update README.md
This commit is contained in:
parent
f530914e6d
commit
c5dbb22d7b
@ -1,18 +1,18 @@
|
|||||||
To support the [PC Client RIM Specification](https://trustedcomputinggroup.org/resource/tcg-pc-client-reference-integrity-manifest-specification/) which utilizes the TPM Event Log as a Support RIM type , it was useful to have a tool for inspecting the contents of the [TPM event log](https://github.com/nsacyber/HIRS/wiki/TPM-Event-Logs). A Linux command line tool named "elt" (event log tool) has been created to parse and print human readable output, provide hexidecimal events which can be used as test patterns, and to compare event logs for providing details on what events mis-compared.
|
The tcg_eventlog_tool was created in order to inspect the Trusted Platform Module (TPM) Event Log's contents. This command tool supports the [PC Client RIM Specification](https://trustedcomputinggroup.org/resource/tcg-pc-client-reference-integrity-manifest-specification/), which specifies the use of the TPM Event Log as a Support RIM type. This tool can be used to parse and print human readable output, provide hexadecimal events which can be used as test patterns, and provide details in the case of events failing comparison.
|
||||||
|
|
||||||
Note that a TCG Event Log will only be populated on a given device if the device:
|
Note that a TPM Event Log will only be populated on a given device if the device:
|
||||||
1. Utilizes TCG compliant UEFI Firmware.
|
1. Utilizes TCG compliant UEFI Firmware.
|
||||||
2. Has a TPM 2.0.
|
2. Has a TPM 2.0.
|
||||||
3. Has a TPM aware OS (Most flavors of Linux and Windows).
|
3. Has a TPM aware OS (true for most flavors of Linux and Windows).
|
||||||
|
|
||||||
The default locations for the TCG Event Log are:
|
The default locations for the TPM Event Log are:
|
||||||
* Windows: C:\Windows\Logs\MeasuredBoot\
|
* Windows: C:\Windows\Logs\MeasuredBoot\
|
||||||
* Linux: /sys/kernel/security/tpm0/ with a default name of "binary_bios_measurements"
|
* Linux: /sys/kernel/security/tpm0/ with a default name of "binary_bios_measurements"
|
||||||
|
|
||||||
# Building
|
# Building
|
||||||
|
|
||||||
## Linux
|
## Linux
|
||||||
To build this tool navigate to the tcg_eventlog-tool directory and use the following command:
|
To build this tool navigate to the tcg_eventlog_tool directory and use the following command:
|
||||||
> ./gradlew clean build
|
> ./gradlew clean build
|
||||||
|
|
||||||
## Windows
|
## Windows
|
||||||
@ -21,16 +21,14 @@ Several options exist for building on Windows 11:
|
|||||||
1. Windows command shell (CMD.exe):
|
1. Windows command shell (CMD.exe):
|
||||||
* Navigate to the tcg_eventlog_tool folder and run the widows gradle wrapper:
|
* Navigate to the tcg_eventlog_tool folder and run the widows gradle wrapper:
|
||||||
> gradlew.bat clean build
|
> gradlew.bat clean build
|
||||||
2. Windows powershell with Windows Subsystem for Linux enabled.
|
2. Windows powershell with Windows Subsystem for Linux enabled:
|
||||||
* Navigate to the tcg_eventlog_tool folder and run the Linux gradle wrapper:
|
* Navigate to the tcg_eventlog_tool folder and run the Linux gradle wrapper:
|
||||||
> ./gradlew clean build
|
> ./gradlew clean build
|
||||||
|
|
||||||
In both cases the tcg_eventlog_tool-X.X.jar file should have been placed in the build\libs\tools\ (Windows) or build/libs/tools/ (Linux) folder.
|
The tcg_eventlog_tool-X.X.jar file should have been placed in the build\libs\tools\ (Windows) or build/libs/tools/ (Linux) folder.
|
||||||
|
|
||||||
# Packaging
|
# Packaging
|
||||||
Packages for this tool can be found on the [HIRS release page](https://github.com/nsacyber/HIRS/releases)
|
Packages for this tool can be found on the [HIRS release page](https://github.com/nsacyber/HIRS/releases). Download the RPM files which apply to the latest release. Currently installation packages for HIRS V3 are only available for Rocky and RHEL version 8 and 9, and Ubuntu 22 and 24.
|
||||||
|
|
||||||
Currently only a packaging for Linux is supported.
|
|
||||||
|
|
||||||
To create an RPM on a Redhat or Rocky linux device use the following command in the same directory:
|
To create an RPM on a Redhat or Rocky linux device use the following command in the same directory:
|
||||||
> ./gradlew buildRpm
|
> ./gradlew buildRpm
|
||||||
@ -38,10 +36,10 @@ To create an RPM on a Redhat or Rocky linux device use the following command in
|
|||||||
or for a Debian or Ubuntu Linux device:
|
or for a Debian or Ubuntu Linux device:
|
||||||
> ./gradlew buildDeb
|
> ./gradlew buildDeb
|
||||||
|
|
||||||
the package can be found under the build/distributions/ folder
|
The package can be found under the build/distributions/ folder.
|
||||||
|
|
||||||
# Installing
|
# Installing
|
||||||
Currently only a install package for Linux is supported.
|
Currently only an install package for Linux is supported.
|
||||||
|
|
||||||
To install this tool on a Redhat or Rocky Linux distro use the following command from the same directory:
|
To install this tool on a Redhat or Rocky Linux distro use the following command from the same directory:
|
||||||
> sudo dnf install build/distributions/tcg_eventlog_tool*.rpm
|
> sudo dnf install build/distributions/tcg_eventlog_tool*.rpm
|
||||||
@ -49,6 +47,11 @@ To install this tool on a Redhat or Rocky Linux distro use the following command
|
|||||||
or for a Debian or Ubuntu Linux distro:
|
or for a Debian or Ubuntu Linux distro:
|
||||||
> sudo apt-get install build/distributions/tcg_eventlog_tool*.deb
|
> sudo apt-get install build/distributions/tcg_eventlog_tool*.deb
|
||||||
|
|
||||||
|
Notes:
|
||||||
|
> Package naming convention: tcg_eventlog_tool-X.X.X-Y.Z.el8-1.x86_64.rpm
|
||||||
|
Where X.X.X is the latest version of the tcg_eventlog_tool package, Y is the date and Z is the git commit hash associated with that version tag
|
||||||
|
> Once installed, the tcg_eventlog_tool can be run from any directory in Linux
|
||||||
|
|
||||||
# Usage
|
# Usage
|
||||||
## Linux
|
## Linux
|
||||||
|
|
||||||
@ -68,9 +71,9 @@ An example output for the tcg_eventlog_tool filtering on event 1 would be:
|
|||||||
> elt -f ~/TpmLog.bin -e 1
|
> elt -f ~/TpmLog.bin -e 1
|
||||||
|
|
||||||
## Windows
|
## Windows
|
||||||
Currently there is not a install package for the tcg_eventlog_tool for windows. it can be invoked usinng java:
|
Currently there is not an install package for the tcg_eventlog_tool for Windows. It can be invoked using java:
|
||||||
|
|
||||||
To run the tcg_eventlog_tool from the a command shell:
|
To run the tcg_eventlog_tool from a command shell:
|
||||||
|
|
||||||
navigate to the tcg_eventlog_tool folder
|
navigate to the tcg_eventlog_tool folder
|
||||||
invoke using java -jar option to the tcg_eventlog_tool jar file with options:
|
invoke using java -jar option to the tcg_eventlog_tool jar file with options:
|
||||||
|
Loading…
Reference in New Issue
Block a user