mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-19 04:58:00 +00:00
Merge pull request #279 from nsacyber/issue-278
Set initialized values for PCRs 17-23
This commit is contained in:
commit
d10e7f1ebd
@ -38,8 +38,13 @@ public final class TCGEventLog {
|
||||
/** Initial value for SHA 256 values.*/
|
||||
public static final String INIT_SHA256_LIST = "00000000000000000000000000"
|
||||
+ "00000000000000000000000000000000000000";
|
||||
/** Initial value for SHA 256 values.*/
|
||||
public static final String LOCALITY4_SHA256_LIST = "ffffffffffffffffffffffffff"
|
||||
+ "ffffffffffffffffffffffffffffffffffffff";
|
||||
/** Initial value for SHA 1 values. */
|
||||
public static final String INIT_SHA1_LIST = "0000000000000000000000000000000000000000";
|
||||
/** Initial value for SHA 1 values. */
|
||||
public static final String LOCALITY4_SHA1_LIST = "ffffffffffffffffffffffffffffffffffffffff";
|
||||
/** PFP defined EV_NO_ACTION identifier. */
|
||||
public static final int NO_ACTION_EVENT = 0x00000003;
|
||||
/** String value of SHA1 hash.*/
|
||||
@ -48,6 +53,10 @@ public final class TCGEventLog {
|
||||
public static final String HASH256_STRING = "SHA-256";
|
||||
/** Each PCR bank holds 24 registers. */
|
||||
public static final int PCR_COUNT = 24;
|
||||
/** Locality 4 starts at PCR 17. */
|
||||
public static final int PCR_LOCALITY4_MIN = 17;
|
||||
/** Locality 4 Ends at PCR 23. */
|
||||
public static final int PCR_LOCALITY4_MAX = 23;
|
||||
/** 2 dimensional array holding the PCR values. */
|
||||
private byte[][] pcrList;
|
||||
/** List of parsed events within the log. */
|
||||
@ -56,8 +65,10 @@ public final class TCGEventLog {
|
||||
private int pcrLength;
|
||||
/** Name of hash algorithm. */
|
||||
private String hashType;
|
||||
/** Initial Value to use. */
|
||||
/** Initial PCR Value to use. */
|
||||
private String initValue;
|
||||
/** Initial PcR Value to use for locality 4. */
|
||||
private String initLocalityFourValue;
|
||||
/** Content Output Flag use. */
|
||||
private boolean bContent = false;
|
||||
/** Event Output Flag use. */
|
||||
@ -72,6 +83,7 @@ public final class TCGEventLog {
|
||||
public TCGEventLog() {
|
||||
this.pcrList = new byte[PCR_COUNT][EvConstants.SHA1_LENGTH];
|
||||
initValue = INIT_SHA1_LIST;
|
||||
initLocalityFourValue = LOCALITY4_SHA1_LIST;
|
||||
pcrLength = EvConstants.SHA1_LENGTH;
|
||||
hashType = HASH_STRING;
|
||||
algorithm = "TPM_ALG_SHA1";
|
||||
@ -107,11 +119,13 @@ public final class TCGEventLog {
|
||||
bCryptoAgile = isLogCrytoAgile(rawlog);
|
||||
if (bCryptoAgile) {
|
||||
initValue = INIT_SHA256_LIST;
|
||||
initLocalityFourValue = LOCALITY4_SHA256_LIST;
|
||||
algorithm = "TPM_ALG_SHA256";
|
||||
hashType = HASH256_STRING;
|
||||
pcrLength = EvConstants.SHA256_LENGTH;
|
||||
} else {
|
||||
initValue = INIT_SHA1_LIST;
|
||||
initLocalityFourValue = LOCALITY4_SHA1_LIST;
|
||||
hashType = HASH_STRING;
|
||||
algorithm = "TPM_ALG_SHA1";
|
||||
pcrLength = EvConstants.SHA1_LENGTH;
|
||||
@ -140,16 +154,19 @@ public final class TCGEventLog {
|
||||
* This method puts blank values in the pcrList.
|
||||
*/
|
||||
private void initPcrList() {
|
||||
for (int i = 0; i < PCR_COUNT; i++) {
|
||||
try {
|
||||
// Initialize the PCRlist1 array
|
||||
for (int i = 0; i < PCR_COUNT; i++) {
|
||||
System.arraycopy(Hex.decodeHex(initValue.toCharArray()),
|
||||
0, pcrList[i], 0, pcrLength);
|
||||
}
|
||||
for (int i = PCR_LOCALITY4_MIN; i < PCR_LOCALITY4_MAX; i++) {
|
||||
System.arraycopy(Hex.decodeHex(initLocalityFourValue.toCharArray()),
|
||||
0, pcrList[i], 0, pcrLength);
|
||||
}
|
||||
} catch (DecoderException deEx) {
|
||||
LOGGER.error(deEx);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a TPM baseline using the expected PCR Values.
|
||||
|
@ -13,11 +13,11 @@ import hirs.tpm.eventlog.uefi.UefiFirmware;
|
||||
* } UEFI_PLATFORM_FIRMWARE_BLOB;
|
||||
*
|
||||
* However Table 9 of the PC Client Platform firmware profile states that even content is a string
|
||||
* For POST code, the event data SHOULD be “POST CODE”.
|
||||
* For embedded SMM code, the event data SHOULD be “SMM CODE”.
|
||||
* For ACPI flash data, the event data SHOULD be “ACPI DATA”.
|
||||
* For BIS code, the event data SHOULD be “BIS CODE”.
|
||||
* For embedded option ROMs, the event data SHOULD be “Embedded UEFI Driver”.
|
||||
* For POST code, the event data SHOULD be POST CODE.
|
||||
* For embedded SMM code, the event data SHOULD be SMM CODE.
|
||||
* For ACPI flash data, the event data SHOULD be ACPI DATA.
|
||||
* For BIS code, the event data SHOULD be BIS CODE.
|
||||
* For embedded option ROMs, the event data SHOULD be Embedded UEFI Driver.
|
||||
*/
|
||||
public class EvPostCode {
|
||||
/** Event Description. */
|
||||
|
@ -15,10 +15,10 @@ c919e77702cb066016b575c008659ba7d758b0b4c3f9df29658e1770699823d1
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
||||
0000000000000000000000000000000000000000000000000000000000000000
|
||||
|
@ -15,10 +15,10 @@ b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
|
||||
0000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000
|
||||
0000000000000000000000000000000000000000
|
||||
ffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffff
|
||||
ffffffffffffffffffffffffffffffffffffffff
|
||||
0000000000000000000000000000000000000000
|
||||
|
Loading…
Reference in New Issue
Block a user