go-attestation/attest/secureboot.go

// Copyright 2020 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
// use this file except in compliance with the License. You may obtain a copy of
// the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations under
// the License.

package attest

import (
	"bytes"
	"errors"
	"fmt"

	"github.com/google/go-attestation/attest/internal"
	"github.com/google/certificate-transparency-go/x509"
)

// SecurebootState describes the secure boot status of a machine, as determined
// by processing its event log.
type SecurebootState struct {
	Enabled bool

	// PlatformKeys enumerates keys which can sign a key exchange key.
	PlatformKeys []x509.Certificate
	// PlatformKeys enumerates key hashes which can sign a key exchange key.
	PlatformKeyHashes [][]byte

	// ExchangeKeys enumerates keys which can sign a database of permitted or
	// forbidden keys.
	ExchangeKeys []x509.Certificate
	// ExchangeKeyHashes enumerates key hashes which can sign a database or
	// permitted or forbidden keys.
	ExchangeKeyHashes [][]byte

	// PermittedKeys enumerates keys which may sign binaries to run.
	PermittedKeys []x509.Certificate
	// PermittedHashes enumerates hashes which permit binaries to run.
	PermittedHashes [][]byte

	// ForbiddenKeys enumerates keys which must not permit a binary to run.
	ForbiddenKeys []x509.Certificate
	// ForbiddenKeys enumerates hashes which must not permit a binary to run.
	ForbiddenHashes [][]byte

	// PreSeparatorAuthority describes the use of a secure-boot key to authorize
	// the execution of a binary before the separator.
	PreSeparatorAuthority []x509.Certificate
	// PostSeparatorAuthority describes the use of a secure-boot key to authorize
	// the execution of a binary after the separator.
	PostSeparatorAuthority []x509.Certificate

	// DriverLoadSourceHints describes the origin of boot services drivers.
	// This data is not tamper-proof and must only be used as a hint.
	DriverLoadSourceHints []DriverLoadSource
}

// DriverLoadSource describes the logical origin of a boot services driver.
type DriverLoadSource uint8

const (
	UnknownSource DriverLoadSource = iota
	PciMmioSource
)

// ParseSecurebootState parses a series of events to determine the
// configuration of secure boot on a device. An error is returned if
// the state cannot be determined, or if the event log is structured
// in such a way that it may have been tampered post-execution of
// platform firmware.
func ParseSecurebootState(events []Event) (*SecurebootState, error) {
	// This algorithm verifies the following:
	// - All events in PCR 7 have event types which are expected in PCR 7.
	// - All events are parsable according to their event type.
	// - All events have digests values corresponding to their data/event type.
	// - No unverifiable events were present.
	// - All variables are specified before the separator and never duplicated.
	// - The SecureBoot variable has a value of 0 or 1.
	// - If SecureBoot was 1 (enabled), authority events were present indicating
	//   keys were used to perform verification.
	// - If SecureBoot was 1 (enabled), platform + exchange + database keys
	//   were specified.
	// - No UEFI debugger was attached.

	var (
		out            SecurebootState
		seenSeparator7 bool
		seenSeparator2 bool
		seenAuthority  bool
		seenVars       = map[string]bool{}
		driverSources  [][]internal.EFIDevicePathElement
	)

	for _, e := range events {
		if e.Index != 7 && e.Index != 2 {
			continue
		}

		et, err := internal.UntrustedParseEventType(uint32(e.Type))
		if err != nil {
			return nil, fmt.Errorf("unrecognised event type: %v", err)
		}
		digestVerify := e.digestEquals(e.Data)

		switch e.Index {
		case 7:
			switch et {
			case internal.Separator:
				if seenSeparator7 {
					return nil, fmt.Errorf("duplicate separator at event %d", e.sequence)
				}
				seenSeparator7 = true
				if !bytes.Equal(e.Data, []byte{0, 0, 0, 0}) {
					return nil, fmt.Errorf("invalid separator data at event %d: %v", e.sequence, e.Data)
				}
				if digestVerify != nil {
					return nil, fmt.Errorf("invalid separator digest at event %d: %v", e.sequence, digestVerify)
				}

			case internal.EFIAction:
				if string(e.Data) == "UEFI Debug Mode" {
					return nil, errors.New("a UEFI debugger was present during boot")
				}
				return nil, fmt.Errorf("event %d: unexpected EFI action event", e.sequence)

			case internal.EFIVariableDriverConfig:
				v, err := internal.ParseUEFIVariableData(bytes.NewReader(e.Data))
				if err != nil {
					return nil, fmt.Errorf("failed parsing EFI variable at event %d: %v", e.sequence, err)
				}
				if _, seenBefore := seenVars[v.VarName()]; seenBefore {
					return nil, fmt.Errorf("duplicate EFI variable %q at event %d", v.VarName(), e.sequence)
				}
				seenVars[v.VarName()] = true
				if seenSeparator7 {
					return nil, fmt.Errorf("event %d: variable %q specified after separator", e.sequence, v.VarName())
				}

				if digestVerify != nil {
					return nil, fmt.Errorf("invalid digest for variable %q on event %d: %v", v.VarName(), e.sequence, digestVerify)
				}

				switch v.VarName() {
				case "SecureBoot":
					if len(v.VariableData) != 1 {
						return nil, fmt.Errorf("event %d: SecureBoot data len is %d, expected 1", e.sequence, len(v.VariableData))
					}
					out.Enabled = v.VariableData[0] == 1
				case "PK":
					if out.PlatformKeys, out.PlatformKeyHashes, err = v.SignatureData(); err != nil {
						return nil, fmt.Errorf("event %d: failed parsing platform keys: %v", e.sequence, err)
					}
				case "KEK":
					if out.ExchangeKeys, out.ExchangeKeyHashes, err = v.SignatureData(); err != nil {
						return nil, fmt.Errorf("event %d: failed parsing key exchange keys: %v", e.sequence, err)
					}
				case "db":
					if out.PermittedKeys, out.PermittedHashes, err = v.SignatureData(); err != nil {
						return nil, fmt.Errorf("event %d: failed parsing signature database: %v", e.sequence, err)
					}
				case "dbx":
					if out.ForbiddenKeys, out.ForbiddenHashes, err = v.SignatureData(); err != nil {
						return nil, fmt.Errorf("event %d: failed parsing forbidden signature database: %v", e.sequence, err)
					}
				}

			case internal.EFIVariableAuthority:
				v, err := internal.ParseUEFIVariableData(bytes.NewReader(e.Data))
				if err != nil {
					return nil, fmt.Errorf("failed parsing UEFI variable data: %v", err)
				}

				a, err := internal.ParseUEFIVariableAuthority(v)
				if err != nil {
					// Workaround for: https://github.com/google/go-attestation/issues/157
					if err == internal.ErrSigMissingGUID {
						// Versions of shim which do not carry
						// https://github.com/rhboot/shim/commit/8a27a4809a6a2b40fb6a4049071bf96d6ad71b50
						// have an erroneous additional byte in the event, which breaks digest
						// verification. If verification failed, we try removing the last byte.
						if digestVerify != nil && len(e.Data) > 0 {
							digestVerify = e.digestEquals(e.Data[:len(e.Data)-1])
						}
					} else {
						return nil, fmt.Errorf("failed parsing EFI variable authority at event %d: %v", e.sequence, err)
					}
				}
				seenAuthority = true
				if digestVerify != nil {
					return nil, fmt.Errorf("invalid digest for authority on event %d: %v", e.sequence, digestVerify)
				}
				if !seenSeparator7 {
					out.PreSeparatorAuthority = append(out.PreSeparatorAuthority, a.Certs...)
				} else {
					out.PostSeparatorAuthority = append(out.PostSeparatorAuthority, a.Certs...)
				}

			default:
				return nil, fmt.Errorf("unexpected event type in PCR7: %v", et)
			}

		case 2:
			switch et {
			case internal.Separator:
				if seenSeparator2 {
					return nil, fmt.Errorf("duplicate separator at event %d", e.sequence)
				}
				seenSeparator2 = true
				if !bytes.Equal(e.Data, []byte{0, 0, 0, 0}) {
					return nil, fmt.Errorf("invalid separator data at event %d: %v", e.sequence, e.Data)
				}
				if digestVerify != nil {
					return nil, fmt.Errorf("invalid separator digest at event %d: %v", e.sequence, digestVerify)
				}

			case internal.EFIBootServicesDriver:
				if !seenSeparator2 {
					imgLoad, err := internal.ParseEFIImageLoad(bytes.NewReader(e.Data))
					if err != nil {
						return nil, fmt.Errorf("failed parsing EFI image load at boot services driver event %d: %v", e.sequence, err)
					}
					dp, err := imgLoad.DevicePath()
					if err != nil {
						return nil, fmt.Errorf("failed to parse device path for driver load event %d: %v", e.sequence, err)
					}
					driverSources = append(driverSources, dp)
				}
			}
		}
	}

	// Compute driver source hints based on the EFI device path observed in
	// EFI Boot-services driver-load events.
sourceLoop:
	for _, source := range driverSources {
		// We consider a driver to have originated from PCI-MMIO if any number
		// of elements in the device path [1] were PCI devices, and are followed by
		// an element representing a "relative offset range" read.
		// In the wild, we have typically observed 4-tuple device paths for such
		// devices: ACPI device -> PCI device -> PCI device -> relative offset.
		//
		// [1]: See section 9 of the UEFI specification v2.6 or greater.
		var seenPCI bool
		for _, e := range source {
			// subtype 0x1 corresponds to a PCI device (See: 9.3.2.1)
			if e.Type == internal.HardwareDevice && e.Subtype == 0x1 {
				seenPCI = true
			}
			// subtype 0x8 corresponds to "relative offset range" (See: 9.3.6.8)
			if seenPCI && e.Type == internal.MediaDevice && e.Subtype == 0x8 {
				out.DriverLoadSourceHints = append(out.DriverLoadSourceHints, PciMmioSource)
				continue sourceLoop
			}
		}
		out.DriverLoadSourceHints = append(out.DriverLoadSourceHints, UnknownSource)
	}

	if !out.Enabled {
		return &out, nil
	}

	if !seenAuthority {
		return nil, errors.New("secure boot was enabled but no key was used")
	}
	if len(out.PlatformKeys) == 0 && len(out.PlatformKeyHashes) == 0 {
		return nil, errors.New("secure boot was enabled but no platform keys were known")
	}
	if len(out.ExchangeKeys) == 0 && len(out.ExchangeKeyHashes) == 0 {
		return nil, errors.New("secure boot was enabled but no key exchange keys were known")
	}
	if len(out.PermittedKeys) == 0 && len(out.PermittedHashes) == 0 {
		return nil, errors.New("secure boot was enabled but no keys or hashes were permitted")
	}
	return &out, nil
}
Begin implementing extraction of windows info from the event log (#167) 2020-06-02 00:35:23 +00:00			`// Copyright 2020 Google Inc.`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License"); you may not`
			`// use this file except in compliance with the License. You may obtain a copy of`
			`// the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the`
			`// License for the specific language governing permissions and limitations under`
			`// the License.`

Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`package attest`

			`import (`
			`"bytes"`
			`"errors"`
			`"fmt"`

			`"github.com/google/go-attestation/attest/internal"`
Internal change PiperOrigin-RevId: 380881515 2021-06-22 20:33:15 +00:00			`"github.com/google/certificate-transparency-go/x509"`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`)`

			`// SecurebootState describes the secure boot status of a machine, as determined`
			`// by processing its event log.`
			`type SecurebootState struct {`
			`Enabled bool`

			`// PlatformKeys enumerates keys which can sign a key exchange key.`
			`PlatformKeys []x509.Certificate`
			`// PlatformKeys enumerates key hashes which can sign a key exchange key.`
			`PlatformKeyHashes [][]byte`

			`// ExchangeKeys enumerates keys which can sign a database of permitted or`
			`// forbidden keys.`
			`ExchangeKeys []x509.Certificate`
			`// ExchangeKeyHashes enumerates key hashes which can sign a database or`
			`// permitted or forbidden keys.`
			`ExchangeKeyHashes [][]byte`

			`// PermittedKeys enumerates keys which may sign binaries to run.`
			`PermittedKeys []x509.Certificate`
			`// PermittedHashes enumerates hashes which permit binaries to run.`
			`PermittedHashes [][]byte`

			`// ForbiddenKeys enumerates keys which must not permit a binary to run.`
			`ForbiddenKeys []x509.Certificate`
			`// ForbiddenKeys enumerates hashes which must not permit a binary to run.`
			`ForbiddenHashes [][]byte`

			`// PreSeparatorAuthority describes the use of a secure-boot key to authorize`
			`// the execution of a binary before the separator.`
			`PreSeparatorAuthority []x509.Certificate`
			`// PostSeparatorAuthority describes the use of a secure-boot key to authorize`
			`// the execution of a binary after the separator.`
			`PostSeparatorAuthority []x509.Certificate`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00
			`// DriverLoadSourceHints describes the origin of boot services drivers.`
			`// This data is not tamper-proof and must only be used as a hint.`
			`DriverLoadSourceHints []DriverLoadSource`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`

WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`// DriverLoadSource describes the logical origin of a boot services driver.`
			`type DriverLoadSource uint8`

			`const (`
			`UnknownSource DriverLoadSource = iota`
			`PciMmioSource`
			`)`

Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`// ParseSecurebootState parses a series of events to determine the`
			`// configuration of secure boot on a device. An error is returned if`
			`// the state cannot be determined, or if the event log is structured`
			`// in such a way that it may have been tampered post-execution of`
			`// platform firmware.`
			`func ParseSecurebootState(events []Event) (*SecurebootState, error) {`
			`// This algorithm verifies the following:`
			`// - All events in PCR 7 have event types which are expected in PCR 7.`
			`// - All events are parsable according to their event type.`
			`// - All events have digests values corresponding to their data/event type.`
			`// - No unverifiable events were present.`
			`// - All variables are specified before the separator and never duplicated.`
			`// - The SecureBoot variable has a value of 0 or 1.`
			`// - If SecureBoot was 1 (enabled), authority events were present indicating`
			`// keys were used to perform verification.`
			`// - If SecureBoot was 1 (enabled), platform + exchange + database keys`
			`// were specified.`
			`// - No UEFI debugger was attached.`

			`var (`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`out SecurebootState`
			`seenSeparator7 bool`
			`seenSeparator2 bool`
			`seenAuthority bool`
			`seenVars = map[string]bool{}`
			`driverSources [][]internal.EFIDevicePathElement`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`)`

			`for _, e := range events {`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`if e.Index != 7 && e.Index != 2 {`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`continue`
			`}`

			`et, err := internal.UntrustedParseEventType(uint32(e.Type))`
			`if err != nil {`
			`return nil, fmt.Errorf("unrecognised event type: %v", err)`
			`}`
			`digestVerify := e.digestEquals(e.Data)`

WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`switch e.Index {`
			`case 7:`
			`switch et {`
			`case internal.Separator:`
			`if seenSeparator7 {`
			`return nil, fmt.Errorf("duplicate separator at event %d", e.sequence)`
			`}`
			`seenSeparator7 = true`
			`if !bytes.Equal(e.Data, []byte{0, 0, 0, 0}) {`
			`return nil, fmt.Errorf("invalid separator data at event %d: %v", e.sequence, e.Data)`
			`}`
			`if digestVerify != nil {`
			`return nil, fmt.Errorf("invalid separator digest at event %d: %v", e.sequence, digestVerify)`
			`}`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`case internal.EFIAction:`
			`if string(e.Data) == "UEFI Debug Mode" {`
			`return nil, errors.New("a UEFI debugger was present during boot")`
			`}`
			`return nil, fmt.Errorf("event %d: unexpected EFI action event", e.sequence)`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`case internal.EFIVariableDriverConfig:`
			`v, err := internal.ParseUEFIVariableData(bytes.NewReader(e.Data))`
			`if err != nil {`
			`return nil, fmt.Errorf("failed parsing EFI variable at event %d: %v", e.sequence, err)`
			`}`
			`if _, seenBefore := seenVars[v.VarName()]; seenBefore {`
			`return nil, fmt.Errorf("duplicate EFI variable %q at event %d", v.VarName(), e.sequence)`
			`}`
			`seenVars[v.VarName()] = true`
			`if seenSeparator7 {`
			`return nil, fmt.Errorf("event %d: variable %q specified after separator", e.sequence, v.VarName())`
			`}`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`if digestVerify != nil {`
			`return nil, fmt.Errorf("invalid digest for variable %q on event %d: %v", v.VarName(), e.sequence, digestVerify)`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00
			`switch v.VarName() {`
			`case "SecureBoot":`
			`if len(v.VariableData) != 1 {`
			`return nil, fmt.Errorf("event %d: SecureBoot data len is %d, expected 1", e.sequence, len(v.VariableData))`
			`}`
			`out.Enabled = v.VariableData[0] == 1`
			`case "PK":`
			`if out.PlatformKeys, out.PlatformKeyHashes, err = v.SignatureData(); err != nil {`
			`return nil, fmt.Errorf("event %d: failed parsing platform keys: %v", e.sequence, err)`
			`}`
			`case "KEK":`
			`if out.ExchangeKeys, out.ExchangeKeyHashes, err = v.SignatureData(); err != nil {`
			`return nil, fmt.Errorf("event %d: failed parsing key exchange keys: %v", e.sequence, err)`
			`}`
			`case "db":`
			`if out.PermittedKeys, out.PermittedHashes, err = v.SignatureData(); err != nil {`
			`return nil, fmt.Errorf("event %d: failed parsing signature database: %v", e.sequence, err)`
			`}`
			`case "dbx":`
			`if out.ForbiddenKeys, out.ForbiddenHashes, err = v.SignatureData(); err != nil {`
			`return nil, fmt.Errorf("event %d: failed parsing forbidden signature database: %v", e.sequence, err)`
			`}`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00
			`case internal.EFIVariableAuthority:`
Ignore SBAT events in ParseUEFIVariableAuthority (#222) As part of the Boothole fixes, shim has introduced an SBAT feature https://github.com/rhboot/shim/blob/main/SBAT.md. SBAT configuration is configured to log to PCR7 using EV_EFI_VARIABLE_AUTHORITY. https://github.com/rhboot/shim/blob/493bd940e5c6e28e673034687de7adef9529efff/mok.c#L228-L247 This causes issue with ParseUEFIVariableAuthority, as it asssumes that an event with type EV_EFI_VARIABLE_AUTHORITY can be parsed as EFI_SIGNATURE_DATA, per section 3.3.4.8 of the TCG PC Client Platform Firmware Profile Specification. 2021-06-03 21:28:24 +00:00			`v, err := internal.ParseUEFIVariableData(bytes.NewReader(e.Data))`
			`if err != nil {`
			`return nil, fmt.Errorf("failed parsing UEFI variable data: %v", err)`
			`}`

			`a, err := internal.ParseUEFIVariableAuthority(v)`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`if err != nil {`
			`// Workaround for: https://github.com/google/go-attestation/issues/157`
			`if err == internal.ErrSigMissingGUID {`
			`// Versions of shim which do not carry`
			`// https://github.com/rhboot/shim/commit/8a27a4809a6a2b40fb6a4049071bf96d6ad71b50`
			`// have an erroneous additional byte in the event, which breaks digest`
			`// verification. If verification failed, we try removing the last byte.`
			`if digestVerify != nil && len(e.Data) > 0 {`
			`digestVerify = e.digestEquals(e.Data[:len(e.Data)-1])`
			`}`
			`} else {`
			`return nil, fmt.Errorf("failed parsing EFI variable authority at event %d: %v", e.sequence, err)`
			`}`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`seenAuthority = true`
			`if digestVerify != nil {`
			`return nil, fmt.Errorf("invalid digest for authority on event %d: %v", e.sequence, digestVerify)`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`if !seenSeparator7 {`
			`out.PreSeparatorAuthority = append(out.PreSeparatorAuthority, a.Certs...)`
			`} else {`
			`out.PostSeparatorAuthority = append(out.PostSeparatorAuthority, a.Certs...)`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00
			`default:`
			`return nil, fmt.Errorf("unexpected event type in PCR7: %v", et)`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`

WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`case 2:`
			`switch et {`
			`case internal.Separator:`
			`if seenSeparator2 {`
			`return nil, fmt.Errorf("duplicate separator at event %d", e.sequence)`
			`}`
			`seenSeparator2 = true`
			`if !bytes.Equal(e.Data, []byte{0, 0, 0, 0}) {`
			`return nil, fmt.Errorf("invalid separator data at event %d: %v", e.sequence, e.Data)`
			`}`
			`if digestVerify != nil {`
			`return nil, fmt.Errorf("invalid separator digest at event %d: %v", e.sequence, digestVerify)`
			`}`

			`case internal.EFIBootServicesDriver:`
			`if !seenSeparator2 {`
			`imgLoad, err := internal.ParseEFIImageLoad(bytes.NewReader(e.Data))`
			`if err != nil {`
			`return nil, fmt.Errorf("failed parsing EFI image load at boot services driver event %d: %v", e.sequence, err)`
Implement workaround for secureboot authority events from shim (#158) 2020-05-01 21:20:54 +00:00			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`dp, err := imgLoad.DevicePath()`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to parse device path for driver load event %d: %v", e.sequence, err)`
			`}`
			`driverSources = append(driverSources, dp)`
Implement workaround for secureboot authority events from shim (#158) 2020-05-01 21:20:54 +00:00			`}`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`}`
			`}`

			`// Compute driver source hints based on the EFI device path observed in`
			`// EFI Boot-services driver-load events.`
			`sourceLoop:`
			`for _, source := range driverSources {`
			`// We consider a driver to have originated from PCI-MMIO if any number`
			`// of elements in the device path [1] were PCI devices, and are followed by`
			`// an element representing a "relative offset range" read.`
			`// In the wild, we have typically observed 4-tuple device paths for such`
			`// devices: ACPI device -> PCI device -> PCI device -> relative offset.`
			`//`
			`// [1]: See section 9 of the UEFI specification v2.6 or greater.`
			`var seenPCI bool`
			`for _, e := range source {`
			`// subtype 0x1 corresponds to a PCI device (See: 9.3.2.1)`
			`if e.Type == internal.HardwareDevice && e.Subtype == 0x1 {`
			`seenPCI = true`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`// subtype 0x8 corresponds to "relative offset range" (See: 9.3.6.8)`
			`if seenPCI && e.Type == internal.MediaDevice && e.Subtype == 0x8 {`
			`out.DriverLoadSourceHints = append(out.DriverLoadSourceHints, PciMmioSource)`
			`continue sourceLoop`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`
			`}`
WIP processing image load events (#216) 2021-05-10 19:11:58 +00:00			`out.DriverLoadSourceHints = append(out.DriverLoadSourceHints, UnknownSource)`
Implement extractor for determining secure boot state (#148) 2019-12-19 20:28:32 +00:00			`}`

			`if !out.Enabled {`
			`return &out, nil`
			`}`

			`if !seenAuthority {`
			`return nil, errors.New("secure boot was enabled but no key was used")`
			`}`
			`if len(out.PlatformKeys) == 0 && len(out.PlatformKeyHashes) == 0 {`
			`return nil, errors.New("secure boot was enabled but no platform keys were known")`
			`}`
			`if len(out.ExchangeKeys) == 0 && len(out.ExchangeKeyHashes) == 0 {`
			`return nil, errors.New("secure boot was enabled but no key exchange keys were known")`
			`}`
			`if len(out.PermittedKeys) == 0 && len(out.PermittedHashes) == 0 {`
			`return nil, errors.New("secure boot was enabled but no keys or hashes were permitted")`
			`}`
			`return &out, nil`
			`}`