HIRS/tools/tcg_eventlog_tool
iadgovuser26 iadgovuser26@empire.eclipse.ncsc.mil 203691e09c Updated README.md and VERSION files
2024-08-22 16:40:03 -04:00
..
config/spotbugs This commit sets up the suppression filter file. The locations previous 2024-02-05 10:50:12 -05:00
gradle/wrapper added VERSION file to /opt/hirs 2024-01-16 18:28:40 -05:00
scripts updated with package for tcg_rim_tool [no ci] 2023-03-17 14:47:10 -04:00
src/main/java/hirs/tcg_eventlog debugging SLF4J warning 2024-08-09 13:50:15 -04:00
build.gradle updated build to include HIRS_UTILS 2024-04-25 13:43:26 -04:00
gradlew added a eventcheck script to check and event log against a signed RIM 2020-05-27 17:31:15 -04:00
gradlew.bat added a gradlew.bat for bulding the tcg_event_log on windows 2020-07-23 10:59:46 -04:00
README.md Updated README.md and VERSION files 2024-08-22 16:40:03 -04:00
VERSION Updated README.md and VERSION files 2024-08-22 16:40:03 -04:00

To support the PC Client RIM Specification which utilizes the TPM Event Log as a Support RIM type , it was useful to have a tool for inspecting the contents of the TPM event log. A Linux command line tool named "elt" (event log tool) has been created to parse and print human readable output, provide hexidecimal events which can be used as test patterns, and to compare event logs for providing details on what events mis-compared.

Note that a TCG Event Log will only be populated on a given device if the device:

  1. Utilizes TCG compliant UEFI Firmware.
  2. Has a TPM 2.0.
  3. Has a TPM aware OS (Most flavors of Linux and Windows).

The default locations for the TCG Event Log are:

  • Windows: C:\Windows\Logs\MeasuredBoot\
  • Linux: /sys/kernel/security/tpm0/ with a default name of "binary_bios_measurements"

Building

Linux

To build this tool navigate to the tcg_eventlog-tool directory and use the following command:

./gradlew clean build

Windows

Several options exist for building on Windows 11:

  1. Windows command shell (CMD.exe):
    • Navigate to the tcg_eventlog_tool folder and run the widows gradle wrapper:

    gradlew.bat clean build

  2. Windows powershell with Windows Subsystem for Linux enabled.
    • Navigate to the tcg_eventlog_tool folder and run the Linux gradle wrapper:

    ./gradlew clean build

In both cases the tcg_eventlog_tool-X.X.jar file should have been placed in the build\libs\tools\ (Windows) or build/libs/tools/ (Linux) folder.

Packaging

Packages for this tool can be found on the HIRS release page

Currently only a packaging for Linux is supported.

To create an RPM on a Redhat or Rocky linux device use the following command in the same directory:

./gradlew buildRpm

or for a Debian or Ubuntu Linux device:

./gradlew buildDeb

the package can be found under the build/distributions/ folder

Installing

Currently only a install package for Linux is supported.

To install this tool on a Redhat or Rocky Linux distro use the following command from the same directory:

sudo dnf install build/distributions/tcg_eventlog_tool*.rpm

or for a Debian or Ubuntu Linux distro:

sudo apt-get install build/distributions/tcg_eventlog_tool*.deb

Usage

Linux

The tcg_eventlog_tool installation package provides an elt command. The elt command has various command line options to view all event , specific events, or to display expected PCRs.

Current options for the tool can be found using the -h option:

elt -h

With No FILE the default event log path (e.g. /sys/kernel/security/tpm0/binary_bios_measurements on Linux) is used. Note admin privileges are required for accessing the default path in Linux.

All OPTIONS must be separated by a space delimiter, no concatenation of OPTIONS is currently supported.

An example output for the tcg_eventlog_tool filtering on event 1 would be:

elt -f ~/TpmLog.bin -e 1

Windows

Currently there is not a install package for the tcg_eventlog_tool for windows. it can be invoked usinng java:

To run the tcg_eventlog_tool from the a command shell:

navigate to the tcg_eventlog_tool folder invoke using java -jar option to the tcg_eventlog_tool jar file with options:

java -jar build\libs\tools\tcg_eventlog_tool-1.0.jar -h

another example:

java -jar build\libs\tools\tcg_eventlog_tool-1.0.jar -f C:\Windows\Logs\MeasuredBoot\0000000059-0000000000.log -e