mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-21 22:07:57 +00:00
Merge pull request #279 from nsacyber/issue-278
Set initialized values for PCRs 17-23
This commit is contained in:
commit
d10e7f1ebd
@ -38,8 +38,13 @@ public final class TCGEventLog {
|
|||||||
/** Initial value for SHA 256 values.*/
|
/** Initial value for SHA 256 values.*/
|
||||||
public static final String INIT_SHA256_LIST = "00000000000000000000000000"
|
public static final String INIT_SHA256_LIST = "00000000000000000000000000"
|
||||||
+ "00000000000000000000000000000000000000";
|
+ "00000000000000000000000000000000000000";
|
||||||
|
/** Initial value for SHA 256 values.*/
|
||||||
|
public static final String LOCALITY4_SHA256_LIST = "ffffffffffffffffffffffffff"
|
||||||
|
+ "ffffffffffffffffffffffffffffffffffffff";
|
||||||
/** Initial value for SHA 1 values. */
|
/** Initial value for SHA 1 values. */
|
||||||
public static final String INIT_SHA1_LIST = "0000000000000000000000000000000000000000";
|
public static final String INIT_SHA1_LIST = "0000000000000000000000000000000000000000";
|
||||||
|
/** Initial value for SHA 1 values. */
|
||||||
|
public static final String LOCALITY4_SHA1_LIST = "ffffffffffffffffffffffffffffffffffffffff";
|
||||||
/** PFP defined EV_NO_ACTION identifier. */
|
/** PFP defined EV_NO_ACTION identifier. */
|
||||||
public static final int NO_ACTION_EVENT = 0x00000003;
|
public static final int NO_ACTION_EVENT = 0x00000003;
|
||||||
/** String value of SHA1 hash.*/
|
/** String value of SHA1 hash.*/
|
||||||
@ -48,6 +53,10 @@ public final class TCGEventLog {
|
|||||||
public static final String HASH256_STRING = "SHA-256";
|
public static final String HASH256_STRING = "SHA-256";
|
||||||
/** Each PCR bank holds 24 registers. */
|
/** Each PCR bank holds 24 registers. */
|
||||||
public static final int PCR_COUNT = 24;
|
public static final int PCR_COUNT = 24;
|
||||||
|
/** Locality 4 starts at PCR 17. */
|
||||||
|
public static final int PCR_LOCALITY4_MIN = 17;
|
||||||
|
/** Locality 4 Ends at PCR 23. */
|
||||||
|
public static final int PCR_LOCALITY4_MAX = 23;
|
||||||
/** 2 dimensional array holding the PCR values. */
|
/** 2 dimensional array holding the PCR values. */
|
||||||
private byte[][] pcrList;
|
private byte[][] pcrList;
|
||||||
/** List of parsed events within the log. */
|
/** List of parsed events within the log. */
|
||||||
@ -56,8 +65,10 @@ public final class TCGEventLog {
|
|||||||
private int pcrLength;
|
private int pcrLength;
|
||||||
/** Name of hash algorithm. */
|
/** Name of hash algorithm. */
|
||||||
private String hashType;
|
private String hashType;
|
||||||
/** Initial Value to use. */
|
/** Initial PCR Value to use. */
|
||||||
private String initValue;
|
private String initValue;
|
||||||
|
/** Initial PcR Value to use for locality 4. */
|
||||||
|
private String initLocalityFourValue;
|
||||||
/** Content Output Flag use. */
|
/** Content Output Flag use. */
|
||||||
private boolean bContent = false;
|
private boolean bContent = false;
|
||||||
/** Event Output Flag use. */
|
/** Event Output Flag use. */
|
||||||
@ -72,6 +83,7 @@ public final class TCGEventLog {
|
|||||||
public TCGEventLog() {
|
public TCGEventLog() {
|
||||||
this.pcrList = new byte[PCR_COUNT][EvConstants.SHA1_LENGTH];
|
this.pcrList = new byte[PCR_COUNT][EvConstants.SHA1_LENGTH];
|
||||||
initValue = INIT_SHA1_LIST;
|
initValue = INIT_SHA1_LIST;
|
||||||
|
initLocalityFourValue = LOCALITY4_SHA1_LIST;
|
||||||
pcrLength = EvConstants.SHA1_LENGTH;
|
pcrLength = EvConstants.SHA1_LENGTH;
|
||||||
hashType = HASH_STRING;
|
hashType = HASH_STRING;
|
||||||
algorithm = "TPM_ALG_SHA1";
|
algorithm = "TPM_ALG_SHA1";
|
||||||
@ -107,11 +119,13 @@ public final class TCGEventLog {
|
|||||||
bCryptoAgile = isLogCrytoAgile(rawlog);
|
bCryptoAgile = isLogCrytoAgile(rawlog);
|
||||||
if (bCryptoAgile) {
|
if (bCryptoAgile) {
|
||||||
initValue = INIT_SHA256_LIST;
|
initValue = INIT_SHA256_LIST;
|
||||||
|
initLocalityFourValue = LOCALITY4_SHA256_LIST;
|
||||||
algorithm = "TPM_ALG_SHA256";
|
algorithm = "TPM_ALG_SHA256";
|
||||||
hashType = HASH256_STRING;
|
hashType = HASH256_STRING;
|
||||||
pcrLength = EvConstants.SHA256_LENGTH;
|
pcrLength = EvConstants.SHA256_LENGTH;
|
||||||
} else {
|
} else {
|
||||||
initValue = INIT_SHA1_LIST;
|
initValue = INIT_SHA1_LIST;
|
||||||
|
initLocalityFourValue = LOCALITY4_SHA1_LIST;
|
||||||
hashType = HASH_STRING;
|
hashType = HASH_STRING;
|
||||||
algorithm = "TPM_ALG_SHA1";
|
algorithm = "TPM_ALG_SHA1";
|
||||||
pcrLength = EvConstants.SHA1_LENGTH;
|
pcrLength = EvConstants.SHA1_LENGTH;
|
||||||
@ -140,16 +154,19 @@ public final class TCGEventLog {
|
|||||||
* This method puts blank values in the pcrList.
|
* This method puts blank values in the pcrList.
|
||||||
*/
|
*/
|
||||||
private void initPcrList() {
|
private void initPcrList() {
|
||||||
for (int i = 0; i < PCR_COUNT; i++) {
|
|
||||||
try {
|
try {
|
||||||
// Initialize the PCRlist1 array
|
for (int i = 0; i < PCR_COUNT; i++) {
|
||||||
System.arraycopy(Hex.decodeHex(initValue.toCharArray()),
|
System.arraycopy(Hex.decodeHex(initValue.toCharArray()),
|
||||||
0, pcrList[i], 0, pcrLength);
|
0, pcrList[i], 0, pcrLength);
|
||||||
|
}
|
||||||
|
for (int i = PCR_LOCALITY4_MIN; i < PCR_LOCALITY4_MAX; i++) {
|
||||||
|
System.arraycopy(Hex.decodeHex(initLocalityFourValue.toCharArray()),
|
||||||
|
0, pcrList[i], 0, pcrLength);
|
||||||
|
}
|
||||||
} catch (DecoderException deEx) {
|
} catch (DecoderException deEx) {
|
||||||
LOGGER.error(deEx);
|
LOGGER.error(deEx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a TPM baseline using the expected PCR Values.
|
* Creates a TPM baseline using the expected PCR Values.
|
||||||
|
@ -13,11 +13,11 @@ import hirs.tpm.eventlog.uefi.UefiFirmware;
|
|||||||
* } UEFI_PLATFORM_FIRMWARE_BLOB;
|
* } UEFI_PLATFORM_FIRMWARE_BLOB;
|
||||||
*
|
*
|
||||||
* However Table 9 of the PC Client Platform firmware profile states that even content is a string
|
* However Table 9 of the PC Client Platform firmware profile states that even content is a string
|
||||||
* For POST code, the event data SHOULD be “POST CODE”.
|
* For POST code, the event data SHOULD be POST CODE.
|
||||||
* For embedded SMM code, the event data SHOULD be “SMM CODE”.
|
* For embedded SMM code, the event data SHOULD be SMM CODE.
|
||||||
* For ACPI flash data, the event data SHOULD be “ACPI DATA”.
|
* For ACPI flash data, the event data SHOULD be ACPI DATA.
|
||||||
* For BIS code, the event data SHOULD be “BIS CODE”.
|
* For BIS code, the event data SHOULD be BIS CODE.
|
||||||
* For embedded option ROMs, the event data SHOULD be “Embedded UEFI Driver”.
|
* For embedded option ROMs, the event data SHOULD be Embedded UEFI Driver.
|
||||||
*/
|
*/
|
||||||
public class EvPostCode {
|
public class EvPostCode {
|
||||||
/** Event Description. */
|
/** Event Description. */
|
||||||
|
@ -15,10 +15,10 @@ c919e77702cb066016b575c008659ba7d758b0b4c3f9df29658e1770699823d1
|
|||||||
0000000000000000000000000000000000000000000000000000000000000000
|
0000000000000000000000000000000000000000000000000000000000000000
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
0000000000000000000000000000000000000000000000000000000000000000
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
0000000000000000000000000000000000000000000000000000000000000000
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000000000000000000000000000
|
0000000000000000000000000000000000000000000000000000000000000000
|
||||||
|
@ -15,10 +15,10 @@ b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
|
|||||||
0000000000000000000000000000000000000000
|
0000000000000000000000000000000000000000
|
||||||
0000000000000000000000000000000000000000
|
0000000000000000000000000000000000000000
|
||||||
0000000000000000000000000000000000000000
|
0000000000000000000000000000000000000000
|
||||||
0000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000
|
ffffffffffffffffffffffffffffffffffffffff
|
||||||
0000000000000000000000000000000000000000
|
0000000000000000000000000000000000000000
|
||||||
|
Loading…
Reference in New Issue
Block a user