Documentation
¶
Overview ¶
Copyright 2020 the u-root Authors. All rights reserved Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
Copyright 2020 the u-root Authors. All rights reserved Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
Copyright 2020 the u-root Authors. All rights reserved Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
Package txtlog provides reading/parsing of Intel TXT logs. Huge parts were taken from 9elements/tpmtool
Index ¶
- Constants
- Variables
- func DumpLog(tcpaLog *PCRLog) error
- type BIOSLogID
- type EFIConfigurationTable
- type EFIDevicePath
- type EFIGptData
- type EFIGuid
- type EFIHandoffTablePointers
- type EFIImageLoadEvent
- type EFILogID
- type EFIPlatformFirmwareBlob
- type EFIVariableData
- type FirmwareType
- type IAlgHash
- type IAlgHashSize
- type IHA
- type LDigestValues
- type PCRDigestValue
- type PCREvent
- type PCRLog
- type TCGPCClientTaggedEvent
- type THA
- type TcgBiosSpecIDEvent
- type TcgEfiSpecIDEvent
- type TcgEfiSpecIDEventAlgorithmSize
- type TcgPcrEvent
- type TcgPcrEvent2
- type TxtEventLogContainer
- type TxtLogID
Constants ¶
View Source
const ( Txt12EvtLog_Cntnr_Major_Ver = 1 Txt12EvtLog_Cntnr_Minor_Ver = 0 Txt12EvtLog_Evt_Major_Ver = 1 Txt12EvtLog_Evt_Minor_Ver = 0 )
TXT TPM1.2 log versions
View Source
const HCRTM string = "HCRTM"
HCRTM string for event type EV_EFI_HCRTM_EVENT
View Source
const TCGAgileEventFormatID string = "Spec ID Event03"
TCGAgileEventFormatID is the agile eventlog identifier for EV_NO_ACTION events
View Source
const TCGOldEfiFormatID string = "Spec ID Event02"
TCGOldEfiFormatID is the legacy eventlog identifier for EV_NO_ACTION events
View Source
const Txt12EvtLogSignature = "TXT Event Container\000"
TXT TPM1.2 log container signature
Variables ¶
View Source
var BIOSLogTypes = map[BIOSLogID]string{ EvPrebootCert: "EV_PREBOOT_CERT", EvPostCode: "EV_POST_CODE", EvUnused: "EV_UNUSED", EvNoAction: "EV_NO_ACTION", EvSeparator: "EV_SEPARATOR", EvAction: "EV_ACTION", EvEventTag: "EV_EVENT_TAG", EvSCRTMContents: "EV_S_CRTM_CONTENTS", EvSCRTMVersion: "EV_S_CRTM_VERSION", EvCPUMicrocode: "EV_CPU_MICROCODE", EvPlatformConfigFlags: "EV_PLATFORM_CONFIG_FLAGS", EvTableOfServices: "EV_TABLE_OF_DEVICES", EvCompactHash: "EV_COMPACT_HASH", EvIPL: "EV_IPL", EvIPLPartitionData: "EV_IPL_PARTITION_DATA", EvNonHostCode: "EV_NONHOST_CODE", EvNonHostConfig: "EV_NONHOST_CONFIG", EvNonHostInfo: "EV_NONHOST_INFO", EvOmitBootDeviceEvents: "EV_OMIT_BOOT_DEVICE_EVENTS", }
BIOSLogTypes are the BIOS eventlog types
View Source
var (
// DefaultTCPABinaryLog log file where the TCPA log is stored
DefaultTCPABinaryLog = "/sys/kernel/security/tpm0/binary_bios_measurements"
)
[1] TCG EFI Platform Specification For TPM Family 1.1 or 1.2 https://trustedcomputinggroup.org/wp-content/uploads/TCG_EFI_Platform_1_22_Final_-v15.pdf
[2] TCG PC Client Specific Implementation Specification for Conventional BIOS", version 1.21 https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementation_1-21_1_00.pdf
[3] TCG EFI Protocol Specification, Family "2.0" https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
[4] TCG PC Client Platform Firmware Profile Specification https://trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf
View Source
var EFILogTypes = map[EFILogID]string{ EvEFIEventBase: "EV_EFI_EVENT_BASE", EvEFIVariableDriverConfig: "EV_EFI_VARIABLE_DRIVER_CONFIG", EvEFIVariableBoot: "EV_EFI_VARIABLE_BOOT", EvEFIBootServicesApplication: "EV_EFI_BOOT_SERVICES_APPLICATION", EvEFIBootServicesDriver: "EV_EFI_BOOT_SERVICES_DRIVER", EvEFIRuntimeServicesDriver: "EV_EFI_RUNTIME_SERVICES_DRIVER", EvEFIGPTEvent: "EV_EFI_GPT_EVENT", EvEFIAction: "EV_EFI_ACTION", EvEFIPlatformFirmwareBlob: "EV_EFI_PLATFORM_FIRMWARE_BLOB", EvEFIHandoffTables: "EV_EFI_HANDOFF_TABLES", EvEFIHCRTMEvent: "EV_EFI_HCRTM_EVENT", EvEFIVariableAuthority: "EV_EFI_VARIABLE_AUTHORITY", }
EFILogTypes are the EFI eventlog types
View Source
var HashAlgoToSize = map[IAlgHash]IAlgHashSize{ TPMAlgSha: TPMAlgShaSize, TPMAlgSha256: TPMAlgSha256Size, TPMAlgSha384: TPMAlgSha384Size, TPMAlgSha512: TPMAlgSha512Size, TPMAlgSm3s256: TPMAlgSm3s256Size, }
View Source
var TxtLogTypes = map[TxtLogID]string{ TxtEvTypeBase: "EVTYPE_BASE", TxtEvTypePcrMapping: "EVTYPE_PCR_MAPPING", TxtEvTypeHashStart: "EVTYPE_HASH_START", TxtEvTypeCombinedHash: "EVTYPE_COMBINED_HASH", TxtEvTypeMleHash: "EVTYPE_MLE_HASH", TxtEvTypeBiosAcRegData: "EVTYPE_BIOSAC_REG_DATA", TxtEvTypeCpuScrtmStat: "EVTYPE_CPU_SCRTM_STAT", TxtEvTypeLcpControlHash: "EVTYPE_LCP_CONTROL_HASH", TxtEvTypeElementsHash: "EVTYPE_ELEMENTS_HASH", TxtEvTypeStmHash: "EVTYPE_STM_HASH", TxtEvTypeOsSinitDataCapHash: "EVTYPE_OSSINITDATA_CAP_HASH", TxtEvTypeSinitPubKeyHash: "EVTYPE_SINIT_PUBKEY_ HASH", TxtEvTypeLcpHash: "EVTYPE_LCP_HASH", TxtEvTypeLcpDetailsHash: "EVTYPE_LCP_DETAILS_HASH", TxtEvTypeLcpAuthoritiesHash: "EVTYPE_LCP_AUTHORITIES_HASH", TxtEvTypeNvInfoHash: "EVTYPE_NV_INFO_HASH", TxtEvTypeColdBootBiosHash: "EVTYPE_COLD_BOOT_BIOS_HASH", TxtEvTypeKmHash: "EVTYPE_KM_HASH", TxtEvTypeBpmHash: "EVTYPE_KM_HASH", TxtEvTypeKmInfoHash: "EVTYPE_KM_INFO_HASH", TxtEvTypeBpmInfoHash: "EVTYPE_BPM_INFO_HASH", TxtEvTypeBootPolHash: "EVTYPE_BOOT_POL_HASH", TxtEvTypeRandValue: "EVTYPE_RANDOM_VALUE", TxtEvTypeCapValue: "EVTYPE_CAP_VALUE", }
Txt12LogTypes are the Intel TXT eventlog types
Functions ¶
Types ¶
type BIOSLogID ¶
type BIOSLogID uint32
BIOSLogID is the legacy eventlog type
const ( // EvPrebootCert see [2] specification in tcpa_log.go EvPrebootCert BIOSLogID = 0x0 // EvPostCode see [2] specification in tcpa_log.go EvPostCode BIOSLogID = 0x1 // EvUnused see [2] specification in tcpa_log.go EvUnused BIOSLogID = 0x2 // EvNoAction see [2] specification in tcpa_log.go EvNoAction BIOSLogID = 0x3 // EvSeparator see [2] specification in tcpa_log.go EvSeparator BIOSLogID = 0x4 // EvAction see [2] specification in tcpa_log.go EvAction BIOSLogID = 0x5 // EvEventTag see [2] specification in tcpa_log.go EvEventTag BIOSLogID = 0x6 // EvSCRTMContents see [2] specification in tcpa_log.go EvSCRTMContents BIOSLogID = 0x7 // EvSCRTMVersion see [2] specification in tcpa_log.go EvSCRTMVersion BIOSLogID = 0x8 // EvCPUMicrocode see [2] specification in tcpa_log.go EvCPUMicrocode BIOSLogID = 0x9 // EvPlatformConfigFlags see [2] specification in tcpa_log.go EvPlatformConfigFlags BIOSLogID = 0xA // EvTableOfServices see [2] specification in tcpa_log.go EvTableOfServices BIOSLogID = 0xB // EvCompactHash see [2] specification in tcpa_log.go EvCompactHash BIOSLogID = 0xC // EvIPL see [2] specification in tcpa_log.go EvIPL BIOSLogID = 0xD // EvIPLPartitionData see [2] specification in tcpa_log.go EvIPLPartitionData BIOSLogID = 0xE // EvNonHostCode see [2] specification in tcpa_log.go EvNonHostCode BIOSLogID = 0xF // EvNonHostConfig see [2] specification in tcpa_log.go EvNonHostConfig BIOSLogID = 0x10 // EvNonHostInfo see [2] specification in tcpa_log.go EvNonHostInfo BIOSLogID = 0x11 // EvOmitBootDeviceEvents see [2] specification in tcpa_log.go EvOmitBootDeviceEvents BIOSLogID = 0x12 )
type EFIConfigurationTable ¶
type EFIConfigurationTable struct {
// contains filtered or unexported fields
}
EFIConfigurationTable is an internal UEFI structure see [1]
type EFIDevicePath ¶
type EFIDevicePath struct {
// contains filtered or unexported fields
}
EFIDevicePath is an internal UEFI structure see [1]
type EFIGptData ¶
type EFIGptData struct {
// contains filtered or unexported fields
}
EFIGptData is the GPT structure
type EFIGuid ¶
type EFIGuid struct {
// contains filtered or unexported fields
}
EFIGuid is the EFI Guid format
type EFIHandoffTablePointers ¶
type EFIHandoffTablePointers struct {
// contains filtered or unexported fields
}
EFIHandoffTablePointers is an internal UEFI structure see [1]
type EFIImageLoadEvent ¶
type EFIImageLoadEvent struct {
// contains filtered or unexported fields
}
EFIImageLoadEvent is an internal UEFI structure see [1]
type EFILogID ¶
type EFILogID uint32
EFILogID is the EFI eventlog type
const ( // EvEFIEventBase is the base value for all EFI platform EvEFIEventBase EFILogID = 0x80000000 // EvEFIVariableDriverConfig see [1] specification in tcpa_log.go EvEFIVariableDriverConfig EFILogID = 0x80000001 // EvEFIVariableBoot see [1] specification in tcpa_log.go EvEFIVariableBoot EFILogID = 0x80000002 // EvEFIBootServicesApplication see [1] specification in tcpa_log.go EvEFIBootServicesApplication EFILogID = 0x80000003 // EvEFIBootServicesDriver see [1] specification in tcpa_log.go EvEFIBootServicesDriver EFILogID = 0x80000004 // EvEFIRuntimeServicesDriver see [1] specification in tcpa_log.go EvEFIRuntimeServicesDriver EFILogID = 0x80000005 // EvEFIGPTEvent see [1] specification in tcpa_log.go EvEFIGPTEvent EFILogID = 0x80000006 // EvEFIAction see [1] specification in tcpa_log.go EvEFIAction EFILogID = 0x80000007 // EvEFIPlatformFirmwareBlob see [1] specification in tcpa_log.go EvEFIPlatformFirmwareBlob EFILogID = 0x80000008 // EvEFIHandoffTables see [1] specification in tcpa_log.go EvEFIHandoffTables EFILogID = 0x80000009 // EvEFIHCRTMEvent see [1] specification in tcpa_log.go EvEFIHCRTMEvent EFILogID = 0x80000010 // EvEFIVariableAuthority see [1] specification in tcpa_log.go EvEFIVariableAuthority EFILogID = 0x800000E0 )
type EFIPlatformFirmwareBlob ¶
type EFIPlatformFirmwareBlob struct {
// contains filtered or unexported fields
}
EFIPlatformFirmwareBlob is an internal UEFI structure see [1]
type EFIVariableData ¶
type EFIVariableData struct {
// contains filtered or unexported fields
}
EFIVariableData representing UEFI vars
type FirmwareType ¶
type FirmwareType string
FirmwareType (BIOS)
const ( // Uefi is an Open Source UEFI implementation, www.tianocore.org Uefi FirmwareType = "UEFI" // Coreboot is an Open Source firmware, www.coreboot.org Coreboot FirmwareType = "coreboot" // UBoot is an Open Source firmware, www.denx.de/wiki/U-Boot UBoot FirmwareType = "U-Boot" // LinuxBoot is an Open Source firmware based on UEFI and a Linux runtime, // www.linuxboot.org LinuxBoot FirmwareType = "LinuxBoot" // Bios is the legacy BIOS Bios FirmwareType = "BIOS" // TXT is Intel TXT launch Txt FirmwareType = "TXT" )
type IAlgHashSize ¶
type IAlgHashSize uint8
IAlgHashSize is the TPM hash algorithm length
const ( // TPMAlgShaSize SHA hash size TPMAlgShaSize IAlgHashSize = 20 // TPMAlgSha256Size SHA256 hash size TPMAlgSha256Size IAlgHashSize = 32 // TPMAlgSha384Size SHA384 hash size TPMAlgSha384Size IAlgHashSize = 48 // TPMAlgSha512Size SHA512 hash size TPMAlgSha512Size IAlgHashSize = 64 // TPMAlgSm3s256Size SM3-256 hash size TPMAlgSm3s256Size IAlgHashSize = 32 )
type LDigestValues ¶
type LDigestValues struct {
// contains filtered or unexported fields
}
LDigestValues is a TPM2 structure
type PCRDigestValue ¶
PCRDigestValue is the hash and algorithm
type PCREvent ¶
type PCREvent interface {
PcrIndex() int
PcrEventType() uint32
PcrEventName() string
PcrEventData() string
Digests() *[]PCRDigestValue
String() string
}
PCREvent is a common interface for TcgPcrEvent & TcgPcrEvent2
type PCRLog ¶
type PCRLog struct {
Firmware FirmwareType
PcrList []PCREvent
}
PCRLog is a generic PCR eventlog structure
func ParseLog ¶
func ParseLog(firmware FirmwareType, tpmSpec tss.TPMVersion) (*PCRLog, error)
type TCGPCClientTaggedEvent ¶
type TCGPCClientTaggedEvent struct {
// contains filtered or unexported fields
}
TCGPCClientTaggedEvent is an legacy tag structure
type TcgBiosSpecIDEvent ¶
type TcgBiosSpecIDEvent struct {
// contains filtered or unexported fields
}
TcgBiosSpecIDEvent is a TPM2 structure
type TcgEfiSpecIDEvent ¶
type TcgEfiSpecIDEvent struct {
// contains filtered or unexported fields
}
TcgEfiSpecIDEvent is a TPM2 structure
type TcgEfiSpecIDEventAlgorithmSize ¶
type TcgEfiSpecIDEventAlgorithmSize struct {
// contains filtered or unexported fields
}
TcgEfiSpecIDEventAlgorithmSize is a TPM2 structure
type TcgPcrEvent ¶
type TcgPcrEvent struct {
// contains filtered or unexported fields
}
TcgPcrEvent is the TPM1.2 default log structure (BIOS, EFI compatible)
func (*TcgPcrEvent) Digests ¶
func (e *TcgPcrEvent) Digests() *[]PCRDigestValue
func (*TcgPcrEvent) PcrEventData ¶
func (e *TcgPcrEvent) PcrEventData() string
func (*TcgPcrEvent) PcrEventName ¶
func (e *TcgPcrEvent) PcrEventName() string
func (*TcgPcrEvent) PcrEventType ¶
func (e *TcgPcrEvent) PcrEventType() uint32
func (*TcgPcrEvent) PcrIndex ¶
func (e *TcgPcrEvent) PcrIndex() int
func (*TcgPcrEvent) String ¶
func (e *TcgPcrEvent) String() string
type TcgPcrEvent2 ¶
type TcgPcrEvent2 struct {
// contains filtered or unexported fields
}
TcgPcrEvent2 is a TPM2 default log structure (EFI only)
func (*TcgPcrEvent2) Digests ¶
func (e *TcgPcrEvent2) Digests() *[]PCRDigestValue
func (*TcgPcrEvent2) PcrEventData ¶
func (e *TcgPcrEvent2) PcrEventData() string
func (*TcgPcrEvent2) PcrEventName ¶
func (e *TcgPcrEvent2) PcrEventName() string
func (*TcgPcrEvent2) PcrEventType ¶
func (e *TcgPcrEvent2) PcrEventType() uint32
func (*TcgPcrEvent2) PcrIndex ¶
func (e *TcgPcrEvent2) PcrIndex() int
func (*TcgPcrEvent2) String ¶
func (e *TcgPcrEvent2) String() string
type TxtEventLogContainer ¶
type TxtEventLogContainer struct {
Signature [20]uint8
Reserved [12]uint8
ContainerVerMajor uint8
ContainerVerMinor uint8
PcrEventVerMajor uint8
PcrEventVerMinor uint8
Size uint32
PcrEventsOffset uint32
NextEventOffset uint32
}
TxtEventLogContainer is log header for TPM1.2 TXT log
type TxtLogID ¶
type TxtLogID uint32
const ( TxtEvTypeBase TxtLogID = iota + 0x400 TxtEvTypePcrMapping TxtEvTypeHashStart TxtEvTypeCombinedHash TxtEvTypeMleHash TxtEvTypeBiosAcRegData TxtLogID = iota + 0x405 TxtEvTypeCpuScrtmStat TxtEvTypeLcpControlHash TxtEvTypeElementsHash TxtEvTypeStmHash TxtEvTypeOsSinitDataCapHash TxtEvTypeSinitPubKeyHash TxtEvTypeLcpHash TxtEvTypeLcpDetailsHash TxtEvTypeLcpAuthoritiesHash TxtEvTypeNvInfoHash TxtEvTypeColdBootBiosHash TxtEvTypeKmHash TxtEvTypeBpmHash TxtEvTypeKmInfoHash TxtEvTypeBpmInfoHash TxtEvTypeBootPolHash TxtEvTypeRandValue TxtLogID = iota + 0x4e8 TxtEvTypeCapValue )
Source Files
Click to show internal directories.
Click to hide internal directories.