11691e5b29
* issue_863: Successfully moved all the dependencies to toml file and currently replacing dependencies listed in the build.gradle file with the ones referenced in the toml file * issue_863: finished updating dependency versions. Ready for PR * issue_863: downgraded versions since there was an issue with the dependencies versions and the ci/cd pipeline in git. will update each depedency slowly to ensure that upgrades are down correctly. * issue_863: upgrading this slowly but surely * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes. * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) partIII * issue_863: Part IV of upgrading this slowly to see if github's ci/cd is happy still with these set of changes (again) * issue_863: Part V of upgrading this slowly to see if github's ci/cd is happy still with these set of changes (again) * issue_863: Part VI of updating dependencies slowly * issue_863: Part VII of updating dependencies * issue_863: Part 8 of updating dependencies * issue_863: Part 9 of updating dependencies * issue_863: Part 10 of updating dependencies * issue_863: Part 12 of updating dependencies * issue_863: Part 13 of updating dependencies * issue_863: Part 14 of updating dependencies * issue_863: Part 15 of updating dependencies * issue_863: Updating tomcat core. * issue_863: removed some critical vulnerable dependencies * issue_863: updated spring boot version. second try at it. * issue_863: undid spring update. need to figure out how to smoothly transition to newer spring. * issue_863: updated spring boot, hibernate, and spring retry. Removed an unused dependency. * issue_863: removed unused dependencies and am currently resolving critical vulnerable dependendcies * issue_863: reverted changes from last commit. let's see if that makes a difference * issue_863: Updated gradle version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities. * issue_863: Updated gradle plugins version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities. * issue_863: Updated gradle plugins version again. Ready for PR. Vulnerability issues will be addressed in another PR. I've cut down vulnerabilities by quite a lot and I want to test the new OWASP plugin against the remaining vulnerabilities. * issue_863: Finishing touches to the PR. Upgraded some more dependencies and removed unused one. * issue_863: Removed testng from codebase. Has been officially replaced with spring junit.
The tcg_eventlog_tool is a command line application that allows a user to inspect the Trusted Platform Module (TPM) Event Log's contents. This command tool supports the PC Client RIM Specification, which specifies the use of the TPM Event Log as a Support RIM type. This tool can be used to parse and print human readable output, provide hexadecimal events which can be used as test patterns, and provide details in the case of events failing comparison.
Note that a TPM Event Log will only be populated on a given device if the device:
- Utilizes TCG compliant UEFI Firmware
- Has a TPM 2.0
- Has a TPM aware OS (true for most flavors of Linux and Windows)
The default locations for the TPM Event Log are:
- Windows: C:\Windows\Logs\MeasuredBoot\
- Linux: /sys/kernel/security/tpm0/ with a default name of "binary_bios_measurements"
Building
Linux
To build this tool, navigate to the tcg_eventlog_tool directory and use the following command:
./gradlew clean build
Windows
Several options exist for building on Windows 11:
- Windows command shell (CMD.exe):
- Navigate to the tcg_eventlog_tool folder and run the Windows gradle wrapper:
gradlew.bat clean build
- Windows powershell with Windows Subsystem for Linux enabled:
- Navigate to the tcg_eventlog_tool folder and run the Linux gradle wrapper:
./gradlew clean build
The tcg_eventlog_tool-X.X.jar file should populate in the build\libs\ (Windows) or build/libs/tools/ (Linux) folder.
Packaging
Packages for this tool can be found on the HIRS release page. Download the RPM files which apply to the latest release. Currently installation packages for HIRS V3 are only available for Rocky and RHEL version 8 and 9, and Ubuntu 22 and 24.
To create an RPM on a Redhat or Rocky linux device use the following command in the same directory:
./gradlew buildRpm
or for a Debian or Ubuntu Linux device:
./gradlew buildDeb
The package can be found under the build/distributions/ folder.
Installing
Currently only an install package for Linux is supported.
To install this tool on a Redhat or Rocky Linux distro use the following command from the same directory:
sudo dnf install build/distributions/tcg_eventlog_tool*.rpm
or for a Debian or Ubuntu Linux distro:
sudo apt-get install build/distributions/tcg_eventlog_tool*.deb
Notes:
- Package naming convention: tcg_eventlog_tool-X.X.X-Y.Z.el8-1.x86_64.rpm
- Where X.X.X is the latest version of the tcg_eventlog_tool package, Y is the date and Z is the git commit hash associated with that version tag
- Once installed, the tcg_eventlog_tool can be run from any directory in Linux
Usage
Additional details on using the tcg_eventlog_tool can be found in the TCG Event Log Tool user Guide. A quick summary is listed below.
Linux
The tcg_eventlog_tool installation package provides an elt command. The elt command has various command line options to view all events, specific events, or to display expected PCRs.
Current options for the tool can be found using the -h option:
elt -h
With No FILE the default event log path (e.g. /sys/kernel/security/tpm0/binary_bios_measurements on Linux) is used. Note admin privileges are required for accessing the default path in Linux.
All OPTIONS must be separated by a space delimiter, no concatenation of OPTIONS is currently supported.
An example output for the tcg_eventlog_tool filtering on event 1 would be:
elt -f ~/TpmLog.bin -e 1
Windows
Currently there is not an install package for the tcg_eventlog_tool for Windows. It can be invoked using java:
To run the tcg_eventlog_tool from a command shell:
navigate to the tcg_eventlog_tool folder invoke using java -jar option to the tcg_eventlog_tool jar file with options:
java -jar build\libs\tcg_eventlog_tool-1.0.jar -h
another example:
java -jar build\libs\tcg_eventlog_tool-1.0.jar -f C:\Windows\Logs\MeasuredBoot\0000000059-0000000000.log -e