File: eventlog.go

package info (click to toggle)
golang-github-google-go-attestation 0.5.1-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,260 kB
  • sloc: sh: 158; makefile: 22
file content (185 lines) | stat: -rw-r--r-- 6,881 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 
// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
// use this file except in compliance with the License. You may obtain a copy of
// the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations under
// the License.

// Package eventlog implements experimental logic for parsing the TCG event log format.
package eventlog

import "fmt"

// eventType indicates what kind of data an event is reporting.
type eventType uint32

func isReserved(t eventType) bool {
	if 0x00000013 <= t && t <= 0x0000FFFF {
		return true
	}
	if 0x800000E1 <= t && t <= 0x8000FFFF {
		return true
	}
	return false
}

// String returns the name as defined by the TCG specification.
func (e eventType) String() string {
	if s, ok := eventTypeNames[e]; ok {
		return s
	}
	s := fmt.Sprintf("eventType(0x%08x)", int(e))
	if isReserved(e) {
		s += " (reserved)"
	}
	return s
}

const (
	// https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_Specific_Platform_Profile_for_TPM_2p0_1p04_PUBLIC.pdf#page=103

	// Reserved for future use.
	evPrebootCert eventType = 0x00000000

	// Host platform trust chain measurements. The event data can contain one of
	// the following, indicating different points of boot: "POST CODE", "SMM CODE",
	// "ACPI DATA", "BIS CODE", "Embedded UEFI Driver".
	//
	// PCR[0] MUST be extended with this event type.
	//
	// https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_Specific_Platform_Profile_for_TPM_2p0_1p04_PUBLIC.pdf#page=38
	evPostCode eventType = 0x00000001

	// The event type was never used and is considered reserved.
	evUnused eventType = 0x00000002

	// Used for PCRs[0,6]. This event type doesn't extend the PCR, the digest MUST
	// be all zeros, and the data holds information intended for parsers such as
	// delimiting a switch to the agile crypto event format.
	//
	// This event MUST NOT extend any PCR
	evNoAction eventType = 0x00000003

	// Delineates the point where the Platform Firmware relinquishes control of TPM
	// measurements to the operating system.
	//
	// Event data size MUST contain either 0x00000000 or 0xFFFFFFFF, the digest MUST
	// match the data.
	//
	// This event MUST extend the PCRs 0 through 7 inclusive.
	evSeparator eventType = 0x00000004

	// An event indicating a particular action in the boot sequence, for example
	// "User Password Entered" or "Booting BCV Device s".
	//
	// The digests field contains the tagged hash of the event field for each PCR bank.
	//
	// Used for PCRs [1, 2, 3, 4, 5, and 6].
	evAction eventType = 0x00000005

	// Used for PCRs defined for OS and application usage. The digest field MUST
	// contain a hash of the data. The data contains a TCG_PCClientTaggedEvent
	// sructure.
	evEventTag eventType = 0x00000006

	// Used for PCR[0] only. The digest contains the hash of the SRTM for each PCR
	// bank. The data is informative and not expected to match the digest.
	evSCRTMContents eventType = 0x00000007
	evSCRTMVersion  eventType = 0x00000008

	// The digests field contains the tagged hash of the microcode patch applied for
	// each PCR bank. The data is informative and not expected to match the digest.
	evCUPMicrocode eventType = 0x00000009

	// TODO(ericchiang): explain these events
	evPlatformConfigFiles eventType = 0x0000000A
	evTableOfDevices      eventType = 0x0000000B

	// Can be used for any PCRs except 0, 1, 2, or 3.
	evCompactHash eventType = 0x0000000C

	// IPL events are deprecated
	evIPL              eventType = 0x0000000D
	evIPLPartitionData eventType = 0x0000000E

	// Used for PCR[0] only.
	//
	// TODO(ericchiang): explain these events
	evNonhostCode          eventType = 0x0000000F
	evNonhostConfig        eventType = 0x00000010
	evNonhostInfo          eventType = 0x00000011
	evOmitBootDeviceEvents eventType = 0x00000012

	// The following events are UEFI specific.

	// Data contains a UEFI_VARIABLE_DATA structure.
	evEFIVariableDriverConfig eventType = 0x80000001 // PCR[1,3,5]
	evEFIVariableBoot         eventType = 0x80000002 // PCR[1]

	// Data contains a UEFI_IMAGE_LOAD_EVENT structure.
	evEFIBootServicesApplication eventType = 0x80000003 // PCR[2,4]
	evEFIBootServicesDriver      eventType = 0x80000004 // PCR[0,2]
	evEFIRuntimeServicesDriver   eventType = 0x80000005 // PCR[2,4]

	// Data contains a UEFI_GPT_DATA structure.
	evEFIGPTEvent eventType = 0x80000006 // PCR[5]

	evEFIAction eventType = 0x80000007 // PCR[1,2,3,4,5,6,7]

	// Data contains a UEFI_PLATFORM_FIRMWARE_BLOB structure.
	evEFIPlatformFirmwareBlob eventType = 0x80000008 // PCR[0,2,4]

	// Data contains a UEFI_HANDOFF_TABLE_POINTERS structure.
	evEFIHandoffTables eventType = 0x80000009 // PCR[1]

	// The digests field contains the tagged hash of the H-CRTM event
	// data for each PCR bank.
	//
	// The Event Data MUST be the string: “HCRTM”.
	evEFIHCRTMEvent eventType = 0x80000010 // PCR[0]

	// Data contains a UEFI_VARIABLE_DATA structure.
	evEFIVariableAuthority eventType = 0x800000E0 // PCR[7]
)

var eventTypeNames = map[eventType]string{
	evPrebootCert:          "EV_PREBOOT_CERT",
	evPostCode:             "EV_POST_CODE",
	evUnused:               "EV_UNUSED",
	evNoAction:             "EV_NO_ACTION",
	evSeparator:            "EV_SEPARATOR",
	evAction:               "EV_ACTION",
	evEventTag:             "EV_EVENT_TAG",
	evSCRTMContents:        "EV_S_CRTM_CONTENTS",
	evSCRTMVersion:         "EV_S_CRTM_VERSION",
	evCUPMicrocode:         "EV_CPU_MICROCODE",
	evPlatformConfigFiles:  "EV_PLATFORM_CONFIG_FLAGS",
	evTableOfDevices:       "EV_TABLE_OF_DEVICES",
	evCompactHash:          "EV_COMPACT_HASH",
	evIPL:                  "EV_IPL (deprecated)",
	evIPLPartitionData:     "EV_IPL_PARTITION_DATA (deprecated)",
	evNonhostCode:          "EV_NONHOST_CODE",
	evNonhostConfig:        "EV_NONHOST_CONFIG",
	evNonhostInfo:          "EV_NONHOST_INFO",
	evOmitBootDeviceEvents: "EV_OMIT_BOOT_DEVICE_EVENTS",

	// UEFI events
	evEFIVariableDriverConfig:    "EV_EFI_VARIABLE_DRIVER_CONFIG",
	evEFIVariableBoot:            "EV_EFI_VARIABLE_BOOT",
	evEFIBootServicesApplication: "EV_EFI_BOOT_SERVICES_APPLICATION",
	evEFIBootServicesDriver:      "EV_EFI_BOOT_SERVICES_DRIVER",
	evEFIRuntimeServicesDriver:   "EV_EFI_RUNTIME_SERVICES_DRIVER",
	evEFIGPTEvent:                "EV_EFI_GPT_EVENT",
	evEFIAction:                  "EV_EFI_ACTION",
	evEFIPlatformFirmwareBlob:    "EV_EFI_PLATFORM_FIRMWARE_BLOB",
	evEFIHandoffTables:           "EV_EFI_HANDOFF_TABLES",
	evEFIHCRTMEvent:              "EV_EFI_HCRTM_EVENT",
	evEFIVariableAuthority:       "EV_EFI_VARIABLE_AUTHORITY",
}