Export InvalidPCRs field in ReplayError (#189)

* Export InvalidPCRs field in ReplayError In order to retrieve the Invalid PCRs which couldn't be replayed against the Event log, we need this field to be exported as this gives the exact and true information. Replay error events will give all the events, but doesn't give the exact PCR index which doesn't get replayed. Following is the test to extend PCR 7 and verify the PCRs 7,8,9 against the Event log. Output: ``` event log failed to verify: the following registers failed to replay: [7] ReplayError Events:=[107] Replay Error Events PCR indexes=[0 7 2 3 6 9 8 1 4 5] ``` * Add Comment to the exported field
2025-02-21 09:11:46 +00:00 · 2020-11-30 11:56:55 -08:00 · 2020-11-30 11:56:55 -08:00 · 63c5188962
commit 63c5188962
parent d90962df3c
1 changed files with 5 additions and 4 deletions
--- a/attest/eventlog.go
+++ b/attest/eventlog.go
@ -38,11 +38,12 @@ import (
 // a particular PCR.
 type ReplayError struct {
 	Events      []Event
-	invalidPCRs []int
+	// InvalidPCRs reports the set of PCRs where the event log replay failed.
+	InvalidPCRs []int
 }

 func (e ReplayError) affected(pcr int) bool {
-	for _, p := range e.invalidPCRs {
+	for _, p := range e.InvalidPCRs {
 		if p == pcr {
 			return true
 		}
@ -52,7 +53,7 @@ func (e ReplayError) affected(pcr int) bool {

 // Error returns a human-friendly description of replay failures.
 func (e ReplayError) Error() string {
-	return fmt.Sprintf("event log failed to verify: the following registers failed to replay: %v", e.invalidPCRs)
+	return fmt.Sprintf("event log failed to verify: the following registers failed to replay: %v", e.InvalidPCRs)
 }

 // TPM algorithms. See the TPM 2.0 specification section 6.3.
@ -393,7 +394,7 @@ pcrLoop:
 		}
 		return nil, ReplayError{
 			Events:      events,
-			invalidPCRs: invalidReplays,
+			InvalidPCRs: invalidReplays,
 		}
 	}