Joe Richey
8820d49b18
CI: Allow SHA1 on Go 1.18
...
Signed-off-by: Joe Richey <joerichey@google.com>
2022-04-04 13:48:39 -07:00
Joe Richey
0961a88d7c
parseEfiSignature: Don't rely on type of error code
...
The specific error type is not part of x509.ParseCertificate documented
API. So we shouldn't rely on it for this workaround.
Signed-off-by: Joe Richey <joerichey@google.com>
2022-04-04 13:48:39 -07:00
Joe Richey
df6b91cbdb
test: Use Fatalf instead of Errorf to prevent segfault
...
Signed-off-by: Joe Richey <joerichey@google.com>
2022-04-04 13:48:39 -07:00
Joe Richey
03018e6828
Remove certificate-transparency-go dependancy
...
Signed-off-by: Joe Richey <joerichey@google.com>
2022-04-04 13:48:39 -07:00
Joe Richey
0a9ecdcf7c
Run CI for Go 1.18
...
Signed-off-by: Joe Richey <joerichey@google.com>
2022-03-25 13:55:33 -07:00
Joe Richey
4b44082d2c
ci: ONly run on pushes to master
...
This prevents running the CI twice when opening a PR with a non-master
branch.
Signed-off-by: Joe Richey <joerichey@google.com>
2022-03-25 13:55:33 -07:00
dependabot[bot]
2a5dfec7cf
Bump github.com/google/go-cmp from 0.5.5 to 0.5.7 ( #261 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.5 to 0.5.7.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.7 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-23 21:08:15 -07:00
Jiankun Lü
83d71b1c53
Bump go-tpm version ( #264 )
...
Certify now returns raw TPMT_SIGNATURE, so no need to pack it.
2022-02-14 16:31:48 -08:00
Tom D
277c40ca1d
AKPublic.VerifyAll: Additionally validate input parameters ( #263 )
2022-01-31 09:32:19 -08:00
Tom D
82f2c9c2c7
Merge pull request from GHSA-99cg-575x-774p
...
* AKPublic.Verify: Return an error if a provided PCR of the correct
digest was not included in the quote.
* AKPublic.VerifyAll: Implement VerifyAll method, which can cross-check
that provided PCRs were covered by quotes across PCR banks.
* PCR.QuoteVerified(): Introduce getter method to expose whether a
PCR value was covered during quote verification.
2022-01-31 09:10:07 -08:00
dependabot[bot]
21f642c3c7
Copybara import of the project:
...
--
54a86af398
by dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>:
Bump github.com/google/go-tpm-tools from 0.2.1 to 0.3.1
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools ) from 0.2.1 to 0.3.1.
- [Release notes](https://github.com/google/go-tpm-tools/releases )
- [Commits](https://github.com/google/go-tpm-tools/compare/v0.2.1...v0.3.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/go-attestation/pull/250 from google:dependabot/go_modules/github.com/google/go-tpm-tools-0.3.1 54a86af398
PiperOrigin-RevId: 415136926
2022-01-11 16:29:12 -08:00
Brandon Weeks
d114f3922f
Copybara import of the project:
...
--
501de37b33
by Brandon Weeks <bweeks@google.com>:
Restore changes accidentally reverted during reconciliation
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/go-attestation/pull/256 from brandonweeks:fix_reconciliation 501de37b33
PiperOrigin-RevId: 415128139
2022-01-11 16:29:01 -08:00
dependabot[bot]
b92e2746d6
Bump github.com/google/go-tpm-tools from 0.2.1 to 0.3.1 ( #250 )
...
Bumps [github.com/google/go-tpm-tools](https://github.com/google/go-tpm-tools ) from 0.2.1 to 0.3.1.
- [Release notes](https://github.com/google/go-tpm-tools/releases )
- [Commits](https://github.com/google/go-tpm-tools/compare/v0.2.1...v0.3.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-tpm-tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-08 17:24:29 -08:00
Brandon Weeks
2f8dbfc94e
Restore changes accidentally reverted during reconciliation ( #256 )
2021-12-08 16:43:38 -08:00
copybara-service[bot]
f1f1b84491
Revert "Internal change"
...
PiperOrigin-RevId: 415106054
Co-authored-by: Brandon Weeks <bweeks@google.com>
2021-12-08 15:06:48 -08:00
Brandon Weeks
57a6cb587a
Internal change
...
PiperOrigin-RevId: 415099842
2021-12-08 14:37:13 -08:00
Tom D'Netto
0393b91867
Implement CombineEventlogs().
...
PiperOrigin-RevId: 410914994
2021-11-18 15:36:36 -08:00
Brandon Weeks
be496f1149
Internal change
...
PiperOrigin-RevId: 394330027
2021-09-01 15:39:03 -07:00
Eric Chiang
a35bd36e42
attest: fix test build for MacOS ( #241 )
...
Windows still requires openssl due to tpm-tools simulator. Will try to
figure out that next.
2021-09-01 13:24:57 -07:00
Alex Wu
505680f536
Invert 'notspi' build tag to 'tspi' ( #237 )
...
This change allows users to specify TPM1.2 support rather than remove it.
go-attestation will build without needing Trousers/TSPI support.
The flip-side of this is that TPM1.2 does not just work; TPM1.2 users need to
include the `tspi` build tag.
2021-09-01 12:55:02 -07:00
Eric Chiang
7cf0af2beb
.github: add initial github action for CI ( #239 )
...
Goal is to switch current builder run internally by Google over to
GitHub Actions.
2021-09-01 11:15:26 -07:00
copybara-service[bot]
5410759ddc
Consider a nonce in NVRAM when computing the EK Template ( Fixes #236 ). ( #238 )
...
PiperOrigin-RevId: 394112776
Co-authored-by: Tom D'Netto <jsonp@google.com>
2021-08-31 17:45:37 -07:00
Tom D
cc52e2d143
Handle EFI_ACTION events signalling DMA protection is disabled. ( #235 )
2021-08-23 14:03:58 -07:00
Timo Lindfors
7d128657ca
Fix misleading comment
2021-08-10 12:18:55 -07:00
Timo Lindfors
e8c5dc4fd5
Fix minor spelling issues in comments
2021-08-10 12:18:55 -07:00
tracefinder
5df8a8e979
Add a build tag to turn off TPM12 support and avoid tspi dependency ( #232 )
...
* Add build tag to turn off TPM12 support and avoid tspi dependency
* Add notspi build flag related information in README.md
2021-07-30 12:26:45 -07:00
dependabot[bot]
9ff0d31d3c
Bump github.com/google/go-cmp from 0.5.5 to 0.5.6 ( #221 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-02 11:17:17 -07:00
Eric Chiang
fa6830fc2f
update go-tspi dependency ( #231 )
...
This fixes go-attestation builds on 32 bit architectures.
2021-07-02 10:45:08 -07:00
Brandon Weeks
7ec6228f59
Rollback using certificatetransparency/x509 for the CI code
...
PiperOrigin-RevId: 380897258
2021-06-22 14:48:41 -07:00
copybara-service[bot]
bec58f2406
Internal change ( #227 )
...
PiperOrigin-RevId: 380891920
Co-authored-by: Brandon Weeks <bweeks@google.com>
2021-06-22 14:33:47 -07:00
Go-Attestation Team
20a9e4b381
Internal change
...
PiperOrigin-RevId: 380881515
2021-06-22 20:41:11 +00:00
Tom D
1b4849d2c3
Make possibly-missing WBCL values ternary-typed ( #226 )
2021-06-21 14:10:45 -07:00
Alex Wu
0a3c6e82bf
Ignore SBAT events in ParseUEFIVariableAuthority ( #222 )
...
As part of the Boothole fixes, shim has introduced an
SBAT feature https://github.com/rhboot/shim/blob/main/SBAT.md .
SBAT configuration is configured to log to PCR7 using
EV_EFI_VARIABLE_AUTHORITY.
493bd940e5/mok.c (L228-L247)
This causes issue with ParseUEFIVariableAuthority, as
it asssumes that an event with type EV_EFI_VARIABLE_AUTHORITY
can be parsed as EFI_SIGNATURE_DATA, per section 3.3.4.8
of the TCG PC Client Platform Firmware Profile Specification.
2021-06-03 14:28:24 -07:00
Paweł Szałachowski
c4760bd1c6
Validate the RSA-PSS salt length argument. ( #219 )
2021-05-21 15:28:56 -07:00
Paweł Szałachowski
0b7298fb18
Support RSA application keys ( #218 )
2021-05-20 11:15:09 -07:00
Paweł Szałachowski
7f6fec6b36
add ecdsa configuration options ( #217 )
...
Add configuration options for ECDSA key generation.
2021-05-19 11:32:54 -07:00
Tom D
ee5bb94c43
WIP processing image load events ( #216 )
2021-05-10 12:11:58 -07:00
Paweł Szałachowski
9b857465d0
Handle to interface{} in *windowsKey12.certify() ( #214 )
2021-04-23 16:13:10 -07:00
Paweł Szałachowski
6848928436
Add AK.Certify() and use CertifyEx() for certification ( #210 )
...
* replace CertifyCreation() by CertifyEx() to handle certification of objects for which we cannot extract CreationData
* add AK.Certify(handle) allowing to certify externally-created keys
2021-04-23 14:41:30 -07:00
Tom D
e24a847d44
Add initial docs for attest-tool ( #213 )
2021-04-15 12:14:18 -07:00
Brandon Weeks
b6c6a0c365
Parse TCG_PCClientPCREvent structures with an eventSize of 0 ( #212 )
2021-04-14 13:59:06 -07:00
Brandon Weeks
31ad4f57fd
Fix integer overflow in digest parsing ( #211 )
2021-04-13 15:57:16 -07:00
Dmitrii Okunev
b89180c3eb
bugfix(eventlog): Assume TPM1.2 events if NO_ACTION is too short ( #208 )
2021-04-13 10:46:15 -07:00
Tom D
1ceeedc8dc
win_events: Determine if the WBCL was for a cold boot (as opposed to a resume from hibernation) ( #209 )
2021-04-07 16:08:29 -07:00
Paweł Szałachowski
1bbba0bdfd
Minor fixes and additions ( #207 )
...
* replace ReadPublic() by DecodePublic() when creating and loading keys: the current implementation calls ReadPublic() even if public data is already accessible
* drop handle() from the ak interface: it is unnecessary
* add Blobs() to attest.Key: to allow agnostic key marshaling
2021-04-01 19:29:45 -07:00
Paweł Szałachowski
611c6598b2
testKeySign: small fix ( #206 )
2021-04-01 09:53:30 -07:00
Brandon Weeks
9fc6c7504a
Bump Go version to 1.16, update dependencies ( #205 )
2021-03-17 15:05:37 -07:00
Paweł Szałachowski
1379a4f766
Verify(): ensure that the hash function is available ( #204 )
2021-03-09 09:30:11 -08:00
Paweł Szałachowski
440d34a877
Support for application signing keys ( #201 )
2021-03-08 12:27:00 -08:00
dependabot[bot]
328912c0ae
Bump github.com/google/go-cmp from 0.5.4 to 0.5.5 ( #203 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.4 to 0.5.5.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.4...v0.5.5 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-03-08 11:09:05 -08:00