combined SPDM_FIRMWARE_BLOB and SPDM_FIRMWARE_CONFIG as they have the same internal data structure

This commit is contained in:
iadgovuser58 2024-06-20 17:28:30 -04:00 committed by chubtub
parent 45755a345c
commit c6e5dd125c
3 changed files with 40 additions and 23 deletions

View File

@ -5,7 +5,8 @@ import hirs.utils.tpm.eventlog.events.EvCompactHash;
import hirs.utils.tpm.eventlog.events.EvConstants; import hirs.utils.tpm.eventlog.events.EvConstants;
import hirs.utils.tpm.eventlog.events.EvEfiGptPartition; import hirs.utils.tpm.eventlog.events.EvEfiGptPartition;
import hirs.utils.tpm.eventlog.events.EvEfiHandoffTable; import hirs.utils.tpm.eventlog.events.EvEfiHandoffTable;
import hirs.utils.tpm.eventlog.events.EvEfiSpdmFirmwareBlob; import hirs.utils.tpm.eventlog.events.EvEfiSpdmDevicePolicy;
import hirs.utils.tpm.eventlog.events.EvEfiSpdmDeviceSecurityEvent;
import hirs.utils.tpm.eventlog.events.EvEfiSpecIdEvent; import hirs.utils.tpm.eventlog.events.EvEfiSpecIdEvent;
import hirs.utils.tpm.eventlog.events.EvEventTag; import hirs.utils.tpm.eventlog.events.EvEventTag;
import hirs.utils.tpm.eventlog.events.EvIPL; import hirs.utils.tpm.eventlog.events.EvIPL;
@ -388,15 +389,14 @@ public class TpmPcrEvent {
case EvConstants.EV_EFI_HCRTM_EVENT: case EvConstants.EV_EFI_HCRTM_EVENT:
break; break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB: case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
try { try {
sb.append(new EvEfiSpdmFirmwareBlob(eventContent).toString()); sb.append(new EvEfiSpdmDeviceSecurityEvent(eventContent).toString());
} catch (UnsupportedEncodingException ueEx) { } catch (UnsupportedEncodingException ueEx) {
log.error(ueEx); log.error(ueEx);
sb.append(ueEx.toString()); sb.append(ueEx.toString());
} }
break; break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
break;
case EvConstants.EV_EFI_SPDM_DEVICE_POLICY: case EvConstants.EV_EFI_SPDM_DEVICE_POLICY:
break; break;
default: default:
@ -563,10 +563,10 @@ public class TpmPcrEvent {
vendorTableFileStatus = efiVarAuth.getVendorTableFileStatus(); vendorTableFileStatus = efiVarAuth.getVendorTableFileStatus();
break; break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB: case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
description += "Event Content:\n" + new EvEfiSpdmFirmwareBlob(content).toString(); description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
break; break;
case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG: case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
description += "Event Content:\n" + new EvEfiSpdmFirmwareConfig(content).toString(); description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
break; break;
case EvConstants.EV_EFI_SPDM_DEVICE_POLICY: case EvConstants.EV_EFI_SPDM_DEVICE_POLICY:
description += "Event Content:\n" + new EvEfiSpdmDevicePolicy(content).toString(); description += "Event Content:\n" + new EvEfiSpdmDevicePolicy(content).toString();

View File

@ -0,0 +1,14 @@
package hirs.utils.tpm.eventlog.events;
public class EvEfiSpdmDevicePolicy {
/**
* EvEfiSpdmDevicePolicy constructor.
*
* @param eventData byte array holding the event to process.
*/
public EvEfiSpdmDevicePolicy(final byte[] eventData) {
}
}

View File

@ -7,7 +7,8 @@ import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
/** /**
* Class to process the EV_EFI_SPDM_FIRMWARE_BLOB event. The event field MUST be a * Abstract class to process any SPDM event that is solely a DEVICE_SECURITY_EVENT_DATA or
* DEVICE_SECURITY_EVENT_DATA2. The event field MUST be a
* 1) DEVICE_SECURITY_EVENT_DATA or * 1) DEVICE_SECURITY_EVENT_DATA or
* 2) DEVICE_SECURITY_EVENT_DATA2 * 2) DEVICE_SECURITY_EVENT_DATA2
* DEVICE_SECURITY_EVENT_DATA has 2 structures: * DEVICE_SECURITY_EVENT_DATA has 2 structures:
@ -28,7 +29,7 @@ import java.nio.charset.StandardCharsets;
* firmware, such as immutable ROM, mutable firmware, firmware version, firmware secure version * firmware, such as immutable ROM, mutable firmware, firmware version, firmware secure version
* number, etc. * number, etc.
*/ */
public class EvEfiSpdmFirmwareBlob { public class EvEfiSpdmDeviceSecurityEvent {
/** /**
* Signature (text) data. * Signature (text) data.
@ -49,7 +50,7 @@ public class EvEfiSpdmFirmwareBlob {
* @param eventData byte array holding the event to process. * @param eventData byte array holding the event to process.
* @throws java.io.UnsupportedEncodingException if input fails to parse. * @throws java.io.UnsupportedEncodingException if input fails to parse.
*/ */
public EvEfiSpdmFirmwareBlob(final byte[] eventData) throws UnsupportedEncodingException { public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) throws UnsupportedEncodingException {
byte[] signatureBytes = new byte[UefiConstants.SIZE_15]; byte[] signatureBytes = new byte[UefiConstants.SIZE_15];
System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_15); System.arraycopy(eventData, 0, signatureBytes, 0, UefiConstants.SIZE_15);
@ -78,14 +79,14 @@ public class EvEfiSpdmFirmwareBlob {
} }
} }
/** // /**
* Determines if this event is a DeviceSecurityEventData. // * Determines if this event is a DeviceSecurityEventData.
* // *
* @return true of the event is a DeviceSecurityEventData. // * @return true of the event is a DeviceSecurityEventData.
*/ // */
public boolean isSpdmDeviceSecurityEventData() { // public boolean isSpdmDeviceSecurityEventData() {
return bSpdmDeviceSecurityEventData; // return bSpdmDeviceSecurityEventData;
} // }
/** /**
* Returns a description of this event. * Returns a description of this event.
@ -93,12 +94,14 @@ public class EvEfiSpdmFirmwareBlob {
* @return Human readable description of this event. * @return Human readable description of this event.
*/ */
public String toString() { public String toString() {
if (bSpdmDeviceSecurityEventData) {
spdmInfo = " Signature = SPDM Device Sec" + spdmInfo; spdmInfo = " Signature = SPDM Device Sec" + spdmInfo;
} else { // if (bSpdmDeviceSecurityEventData) {
spdmInfo = "EV_EFI_SPDM_FIRMWARE_BLOB event named " + signature // spdmInfo = " Signature = SPDM Device Sec" + spdmInfo;
+ " encountered but support for processing it has not been added to this application.\n"; // } else {
} // spdmInfo = "EV_EFI_SPDM_FIRMWARE_BLOB event named " + signature
// + " encountered but support for processing it has not been added to this application.\n";
// }
return spdmInfo; return spdmInfo;
} }
} }