go-attestation

mirror of https://github.com/google/go-attestation.git synced 2024-12-20 05:28:22 +00:00

History

Alex Wu 0a3c6e82bf Ignore SBAT events in ParseUEFIVariableAuthority (#222 ) As part of the Boothole fixes, shim has introduced an SBAT feature https://github.com/rhboot/shim/blob/main/SBAT.md. SBAT configuration is configured to log to PCR7 using EV_EFI_VARIABLE_AUTHORITY. `493bd940e5/mok.c (L228-L247)` This causes issue with ParseUEFIVariableAuthority, as it asssumes that an event with type EV_EFI_VARIABLE_AUTHORITY can be parsed as EFI_SIGNATURE_DATA, per section 3.3.4.8 of the TCG PC Client Platform Firmware Profile Specification.	2021-06-03 14:28:24 -07:00
..
events_test.go	Implement extractor for determining secure boot state (#148 )	2019-12-19 12:28:32 -08:00
events.go	Ignore SBAT events in ParseUEFIVariableAuthority (#222 )	2021-06-03 14:28:24 -07:00

Ignore SBAT events in ParseUEFIVariableAuthority (#222 )

As part of the Boothole fixes, shim has introduced an
SBAT feature https://github.com/rhboot/shim/blob/main/SBAT.md.
SBAT configuration is configured to log to PCR7 using
EV_EFI_VARIABLE_AUTHORITY.
493bd940e5/mok.c (L228-L247)

This causes issue with ParseUEFIVariableAuthority, as
it asssumes that an event with type EV_EFI_VARIABLE_AUTHORITY
can be parsed as EFI_SIGNATURE_DATA, per section 3.3.4.8
of the TCG PC Client Platform Firmware Profile Specification.

2021-06-03 14:28:24 -07:00

events_test.go Implement extractor for determining secure boot state (#148 ) 2019-12-19 12:28:32 -08:00

events.go Ignore SBAT events in ParseUEFIVariableAuthority (#222 ) 2021-06-03 14:28:24 -07:00