cbnt

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2021 License: BSD-3-Clause Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CalculateNEMSize 

func CalculateNEMSize(image []byte, bpm *bootpolicy.Manifest, km *key.Manifest, acm *tools.ACM) (bootpolicy.Size4K, error)

CalculateNEMSize calculates No Eviction Memory and returns it as count of 4K pages.

func DecryptPrivKey 

func DecryptPrivKey(data []byte, password string) (crypto.PrivateKey, error)

DecryptPrivKey takes the encrypted Key as byte slice and the password to decrypt the private key and returns it with it's type.

func FindAdditionalIBBs 

func FindAdditionalIBBs(imagepath string) ([]bootpolicy.IBBSegment, error)

FindAdditionalIBBs takes a coreboot image, searches cbfs files for additional IBBSegment.

func GenECCKey 

func GenECCKey(curve int, password string, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile *os.File) error

GenECCKey takes the required curve, two boolean to decide for KM and BPM key and a path to create a ECDSA key pair and writes its public and private keys to files.

func GenRSAKey 

func GenRSAKey(len int, password string, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile *os.File) error

GenRSAKey takes the required keylength, two boolean to decide for KM and BPM key and a path to create a RSA key pair and writes its public and private keys to files.

func GenerateBPM 

func GenerateBPM(cbnto *Options, biosFilepath string) (*bootpolicy.Manifest, error)

GenerateBPM generates a Boot Policy Manifest with the given config and firmware image

func GetBPMPubHash 

func GetBPMPubHash(path string, hashAlg manifest.Algorithm) ([]key.Hash, error)

GetBPMPubHash takes the path to public BPM signing key and hash algorithm and returns a hash with hashAlg of pub BPM singing key

func ParseBPM 

func ParseBPM(reader io.Reader) (*bootpolicy.Manifest, error)

ParseBPM reads from a binary and parses into the boot policy manifest structure

func ParseFITEntries 

func ParseFITEntries(image []byte) (bpm *fit.EntryBootPolicyManifestRecord, km *fit.EntryKeyManifestRecord, acm *fit.EntrySACM, err error)

ParseFITEntries takes a firmware image and extract Boot policy manifest, key manifest and acm information.

func ParseKM 

func ParseKM(reader io.Reader) (*key.Manifest, error)

ParseKM reads from a binary source and parses into the key manifest structure

func PrintCBnTStructures 

func PrintCBnTStructures(image []byte) error

PrintCBnTStructures takes a firmware image and prints boot policy manifest, key manifest, ACM, chipset, processor and tpm information if available.

func ReadPubKey 

func ReadPubKey(path string) (crypto.PublicKey, error)

ReadPubKey ready a pem encoded RSA/ECC public key file

func SetKM 

func SetKM(cbnto *Options) (*key.Manifest, error)

SetKM takes Options struct and initializes a new KM with the given configuration.

func StitchBPM 

func StitchBPM(bpm *bootpolicy.Manifest, pubKey crypto.PublicKey, signature []byte) ([]byte, error)

StitchBPM returns a boot policy manifest as byte slice

func StitchFITEntries 

func StitchFITEntries(biosFilename string, acm, bpm, km []byte) error

StitchFITEntries takes a firmware filename, an acm, a boot policy manifest and a key manifest as byte slices and writes the information into the Firmware Interface Table of the firmware image.

func StitchKM 

func StitchKM(km *key.Manifest, pubKey crypto.PublicKey, signature []byte) ([]byte, error)

StitchKM returns a key manifest manifest as byte slice

func ValidateBPM 

func ValidateBPM(reader io.Reader) error

ValidateBPM reads from a binary, parses into the boot policy manifest structure and validates the structure

func ValidateKM 

func ValidateKM(reader io.Reader) error

ValidateKM reads from a binary source, parses into the key manifest structure and validates the structure

func WriteBPM 

func WriteBPM(bpm *bootpolicy.Manifest) ([]byte, error)

WriteBPM returns a boot policy manifest as byte slice

func WriteCBnTStructures 

func WriteCBnTStructures(image []byte, bpmFile, kmFile, acmFile *os.File) error

WriteCBnTStructures takes a firmware image and extracts boot policy manifest, key manifest and acm into separate files.

func WriteConfig 

func WriteConfig(f *os.File, cbnto *Options) error

WriteConfig writes a CBnT config file to the given path with given options.

func WriteKM 

func WriteKM(km *key.Manifest) ([]byte, error)

WriteKM returns a key manifest as bytes in format defined in #575623.

Types

type CMOSIoAddress 

type CMOSIoAddress struct {
	MediaType            uint8
	IndexRegisterAddress uint16
	DataRegisterAddress  uint16
	BitFieldWidth        uint8
	BitFieldPosition     uint8
	IndexOffset          uint8
}

CMOSIoAddress holds information about the location of on-demand power down requests in CMOS. The structure is a substructure used in PowerDownRequest structure.

type IbbSegment 

type IbbSegment struct {
	Offset uint32 `json:"offset"` //
	Size   uint32 `json:"size"`   //
	Flags  uint16 `json:"flags"`  //
}

IbbSegment exports the struct of IBB Segments

type KeyHash 

type KeyHash struct {
	Usage     uint64             `json:"usage"`     //
	Hash      string             `json:"hash"`      //
	Algorithm manifest.Algorithm `json:"algorithm"` //
}

KeyHash export for usage as cmd line argument type

type Options 

type Options struct {
	BootPolicyManifest *bootpolicy.Manifest
	KeyManifest        *key.Manifest
}

Options presents all available options for CBnT configuarion file.

func ParseConfig 

func ParseConfig(filepath string) (*Options, error)

ParseConfig parses a boot guard option json file

func ReadConfigFromBIOSImage 

func ReadConfigFromBIOSImage(biosFilepath string, configFilepath *os.File) (*Options, error)

ReadConfigFromBIOSImage reads boot guard options, boot policy manifest and key manifest from a given firmware image and writes that to a given file in json format

type Pcr0Data 

type Pcr0Data struct {
	ACMPolicyStatus uint64
	ACMSVN          uint16
	ACMSignature    []byte
	KMSignature     []byte
	BPMSignature    []byte
	BPMIBBDigest    []byte
}

Pcr0Data represents the data hashed into PCR0 of the TPM by S-ACM

type Pcr7Data 

type Pcr7Data struct {
	ACMPolicyStatus uint64
	ACMSVN          uint16
	ACMKeyHash      [32]byte
	BPMKey          [32]byte
	BPMKeyHash      []byte
}

Pcr7Data represents the data hashed into PCR7 of the TPM by S-ACM optionally

type PowerDownRequest 

type PowerDownRequest struct {
	ID         uint64 `default:"0x5F5F504452535F5F"`
	Version    uint8  `default:"0x10"`
	SizeOfData uint16 `default:"0"`
	Reserved   uint8  `default:"0"`
	PDReqMedia []byte
}

PowerDownRequest holds information of the storage location for the on-demand power down variable. Field: PDReqMedia holds an union of 1 CMOSIoAddress or array of 1:3 TPMNvAddress

type TPMNvAddress 

type TPMNvAddress struct {
	MediaType        uint8
	NVIndex          uint32
	BitFieldWidth    uint8
	BitFieldPosition uint8
	IndexOffset      uint8
}

TPMNvAddress holds information about the location of on-demand power down requests in TPM NVRAM. The structure is a substructure used in PowerDownRequest structure.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.