Documentation ¶
Index ¶
- func CalculateNEMSize(image []byte, bpm *bootpolicy.Manifest, km *key.Manifest, acm *tools.ACM) (bootpolicy.Size4K, error)
- func DecryptPrivKey(data []byte, password string) (crypto.PrivateKey, error)
- func FindAdditionalIBBs(imagepath string) ([]bootpolicy.IBBSegment, error)
- func GenECCKey(curve int, password string, ...) error
- func GenRSAKey(len int, password string, ...) error
- func GenerateBPM(cbnto *Options, biosFilepath string) (*bootpolicy.Manifest, error)
- func GetBPMPubHash(path string, hashAlg manifest.Algorithm) ([]key.Hash, error)
- func ParseBPM(reader io.Reader) (*bootpolicy.Manifest, error)
- func ParseFITEntries(image []byte) (bpm *fit.EntryBootPolicyManifestRecord, km *fit.EntryKeyManifestRecord, ...)
- func ParseKM(reader io.Reader) (*key.Manifest, error)
- func PrintCBnTStructures(image []byte) error
- func ReadPubKey(path string) (crypto.PublicKey, error)
- func SetKM(cbnto *Options) (*key.Manifest, error)
- func StitchBPM(bpm *bootpolicy.Manifest, pubKey crypto.PublicKey, signature []byte) ([]byte, error)
- func StitchFITEntries(biosFilename string, acm, bpm, km []byte) error
- func StitchKM(km *key.Manifest, pubKey crypto.PublicKey, signature []byte) ([]byte, error)
- func ValidateBPM(reader io.Reader) error
- func ValidateKM(reader io.Reader) error
- func WriteBPM(bpm *bootpolicy.Manifest) ([]byte, error)
- func WriteCBnTStructures(image []byte, bpmFile, kmFile, acmFile *os.File) error
- func WriteConfig(f *os.File, cbnto *Options) error
- func WriteKM(km *key.Manifest) ([]byte, error)
- type CMOSIoAddress
- type IbbSegment
- type KeyHash
- type Options
- type Pcr0Data
- type Pcr7Data
- type PowerDownRequest
- type TPMNvAddress
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CalculateNEMSize ¶
func CalculateNEMSize(image []byte, bpm *bootpolicy.Manifest, km *key.Manifest, acm *tools.ACM) (bootpolicy.Size4K, error)
CalculateNEMSize calculates No Eviction Memory and returns it as count of 4K pages.
func DecryptPrivKey ¶
func DecryptPrivKey(data []byte, password string) (crypto.PrivateKey, error)
DecryptPrivKey takes the encrypted Key as byte slice and the password to decrypt the private key and returns it with it's type.
func FindAdditionalIBBs ¶
func FindAdditionalIBBs(imagepath string) ([]bootpolicy.IBBSegment, error)
FindAdditionalIBBs takes a coreboot image, searches cbfs files for additional IBBSegment.
func GenECCKey ¶
func GenECCKey(curve int, password string, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile *os.File) error
GenECCKey takes the required curve, two boolean to decide for KM and BPM key and a path to create a ECDSA key pair and writes its public and private keys to files.
func GenRSAKey ¶
func GenRSAKey(len int, password string, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile *os.File) error
GenRSAKey takes the required keylength, two boolean to decide for KM and BPM key and a path to create a RSA key pair and writes its public and private keys to files.
func GenerateBPM ¶
func GenerateBPM(cbnto *Options, biosFilepath string) (*bootpolicy.Manifest, error)
GenerateBPM generates a Boot Policy Manifest with the given config and firmware image
func GetBPMPubHash ¶
GetBPMPubHash takes the path to public BPM signing key and hash algorithm and returns a hash with hashAlg of pub BPM singing key
func ParseBPM ¶
func ParseBPM(reader io.Reader) (*bootpolicy.Manifest, error)
ParseBPM reads from a binary and parses into the boot policy manifest structure
func ParseFITEntries ¶
func ParseFITEntries(image []byte) (bpm *fit.EntryBootPolicyManifestRecord, km *fit.EntryKeyManifestRecord, acm *fit.EntrySACM, err error)
ParseFITEntries takes a firmware image and extract Boot policy manifest, key manifest and acm information.
func PrintCBnTStructures ¶
PrintCBnTStructures takes a firmware image and prints boot policy manifest, key manifest, ACM, chipset, processor and tpm information if available.
func ReadPubKey ¶
ReadPubKey ready a pem encoded RSA/ECC public key file
func StitchFITEntries ¶
StitchFITEntries takes a firmware filename, an acm, a boot policy manifest and a key manifest as byte slices and writes the information into the Firmware Interface Table of the firmware image.
func ValidateBPM ¶
ValidateBPM reads from a binary, parses into the boot policy manifest structure and validates the structure
func ValidateKM ¶
ValidateKM reads from a binary source, parses into the key manifest structure and validates the structure
func WriteBPM ¶
func WriteBPM(bpm *bootpolicy.Manifest) ([]byte, error)
WriteBPM returns a boot policy manifest as byte slice
func WriteCBnTStructures ¶
WriteCBnTStructures takes a firmware image and extracts boot policy manifest, key manifest and acm into separate files.
func WriteConfig ¶
WriteConfig writes a CBnT config file to the given path with given options.
Types ¶
type CMOSIoAddress ¶
type CMOSIoAddress struct { MediaType uint8 IndexRegisterAddress uint16 DataRegisterAddress uint16 BitFieldWidth uint8 BitFieldPosition uint8 IndexOffset uint8 }
CMOSIoAddress holds information about the location of on-demand power down requests in CMOS. The structure is a substructure used in PowerDownRequest structure.
type IbbSegment ¶
type IbbSegment struct { Offset uint32 `json:"offset"` // Size uint32 `json:"size"` // Flags uint16 `json:"flags"` // }
IbbSegment exports the struct of IBB Segments
type KeyHash ¶
type KeyHash struct { Usage uint64 `json:"usage"` // Hash string `json:"hash"` // Algorithm manifest.Algorithm `json:"algorithm"` // }
KeyHash export for usage as cmd line argument type
type Options ¶
type Options struct { BootPolicyManifest *bootpolicy.Manifest KeyManifest *key.Manifest }
Options presents all available options for CBnT configuarion file.
func ParseConfig ¶
ParseConfig parses a boot guard option json file
type Pcr0Data ¶
type Pcr0Data struct { ACMPolicyStatus uint64 ACMSVN uint16 ACMSignature []byte KMSignature []byte BPMSignature []byte BPMIBBDigest []byte }
Pcr0Data represents the data hashed into PCR0 of the TPM by S-ACM
type Pcr7Data ¶
type Pcr7Data struct { ACMPolicyStatus uint64 ACMSVN uint16 ACMKeyHash [32]byte BPMKey [32]byte BPMKeyHash []byte }
Pcr7Data represents the data hashed into PCR7 of the TPM by S-ACM optionally
type PowerDownRequest ¶
type PowerDownRequest struct { ID uint64 `default:"0x5F5F504452535F5F"` Version uint8 `default:"0x10"` SizeOfData uint16 `default:"0"` Reserved uint8 `default:"0"` PDReqMedia []byte }
PowerDownRequest holds information of the storage location for the on-demand power down variable. Field: PDReqMedia holds an union of 1 CMOSIoAddress or array of 1:3 TPMNvAddress
type TPMNvAddress ¶
type TPMNvAddress struct { MediaType uint8 NVIndex uint32 BitFieldWidth uint8 BitFieldPosition uint8 IndexOffset uint8 }
TPMNvAddress holds information about the location of on-demand power down requests in TPM NVRAM. The structure is a substructure used in PowerDownRequest structure.