Rename bg-prov to cbnt-prov
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
This commit is contained in:
parent
4daa4edd2b
commit
6bcba89435
|
@ -19,37 +19,37 @@ jobs:
|
|||
- run: golint -set_exit_status ./pkg/tools
|
||||
- run: golint -set_exit_status ./pkg/hwapi
|
||||
- run: golint -set_exit_status ./pkg/provisioning/txt
|
||||
- run: golint -set_exit_status ./pkg/provisioning/bg
|
||||
- run: golint -set_exit_status ./pkg/provisioning/cbnt
|
||||
#- run: golint -set_exit_status ./pkg/intel/metadata/manifest/
|
||||
#- run: golint -set_exit_status ./pkg/intel/metadata/manifest/bootpolicy
|
||||
#- run: golint -set_exit_status ./pkg/intel/metadata/manifest/key
|
||||
- run: golint -set_exit_status ./cmd/txt-suite
|
||||
- run: golint -set_exit_status ./cmd/txt-prov
|
||||
- run: golint -set_exit_status ./cmd/bg-prov
|
||||
- run: golint -set_exit_status ./cmd/cbnt-prov
|
||||
- run: go mod download
|
||||
- run: go mod verify
|
||||
- run: CGO_ENABLED=0 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-suite cmd/txt-suite/*.go
|
||||
- run: CGO_ENABLED=0 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o txt-prov cmd/txt-prov/*.go
|
||||
- run: CGO_ENABLED=0 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o bg-prov cmd/bg-prov/*.go
|
||||
- run: CGO_ENABLED=0 go build -ldflags '-X main.gitcommit=${CIRCLE_SHA1} -X main.gittag=${CIRCLE_TAG} -w -extldflags "-static"' -o cbnt-prov cmd/cbnt-prov/*.go
|
||||
- run: go test ./pkg/hwapi/
|
||||
- run: go test ./pkg/tools/
|
||||
- run: go test ./pkg/test/
|
||||
- run: go test ./pkg/provisioning/txt
|
||||
- run: go test ./pkg/provisioning/bg
|
||||
- run: go test ./pkg/provisioning/cbnt
|
||||
- run: mkdir out
|
||||
- run: git config user.email "circleci@circleci.com"
|
||||
- run: git config user.name "CI"
|
||||
- run: ./txt-suite markdown > ./cmd/txt-suite/TESTPLAN.md
|
||||
- run: git add ./cmd/txt-suite/TESTPLAN.md
|
||||
- run: (git commit -m "Update testplan file" && git push --set-upstream origin ${CIRCLE_BRANCH}) || true
|
||||
- run: cp txt-suite txt-prov bg-prov out/
|
||||
- run: cp txt-suite txt-prov cbnt-prov out/
|
||||
|
||||
- persist_to_workspace:
|
||||
root: out
|
||||
paths:
|
||||
- txt-suite
|
||||
- txt-prov
|
||||
- bg-prov
|
||||
- cbnt-prov
|
||||
|
||||
create_deb_rpm:
|
||||
docker:
|
||||
|
@ -65,7 +65,7 @@ jobs:
|
|||
- run: go build github.com/goreleaser/nfpm/cmd/nfpm
|
||||
- run: cp /tmp/out/txt-suite .
|
||||
- run: cp /tmp/out/txt-prov .
|
||||
- run: cp /tmp/out/bg-prov .
|
||||
- run: cp /tmp/out/cbnt-prov .
|
||||
- run: if [ -z "$CIRCLE_TAG" ]; then echo "export CIRCLE_TAG=$(git describe --tags|cut -d'-' -f1);" >> $BASH_ENV; fi
|
||||
- run: if [ -z "$CIRCLE_BUILD_NUM" ]; then echo "export CIRCLE_BUILD_NUM=$(git describe --tags|cut -d'-' -f2);" >> $BASH_ENV; fi
|
||||
- run: MY_APP_VERSION=${CIRCLE_TAG} MY_APP_BUILDNUMBER=${CIRCLE_BUILD_NUM} go run github.com/goreleaser/nfpm/cmd/nfpm pkg --config ./build/package/nfpm_rpm.yaml --target golang-css-suite-${CIRCLE_TAG}-${CIRCLE_BUILD_NUM}.x86_64.rpm
|
||||
|
@ -73,7 +73,7 @@ jobs:
|
|||
- run: mkdir -p out && cp *.rpm ./out/ && cp *.deb ./out/
|
||||
- run: cp txt-suite ./out/
|
||||
- run: cp txt-prov ./out/
|
||||
- run: cp bg-prov ./out/
|
||||
- run: cp cbnt-prov ./out/
|
||||
- run: cp golang-css-suite-${CIRCLE_TAG}-${CIRCLE_BUILD_NUM}.x86_64.rpm artifact.rpm
|
||||
- run: cp go_css-suite-${CIRCLE_TAG}-${CIRCLE_BUILD_NUM}_amd64.deb artifact.deb
|
||||
- persist_to_workspace:
|
||||
|
@ -83,7 +83,7 @@ jobs:
|
|||
- go_css-suite*.deb
|
||||
- txt-suite
|
||||
- txt-prov
|
||||
- bg-prov
|
||||
- cbnt-prov
|
||||
- store_artifacts:
|
||||
path: artifact.rpm
|
||||
destination: golang-css-suite.rpm
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/txt-suite
|
||||
/txt-prov
|
||||
/bg-prov
|
||||
/cbnt-prov
|
||||
cmd/txt-prov/txt-prov
|
||||
cmd/bg-prov/bg-prov
|
||||
cmd/txt-suite/test_log.json
|
||||
cmd/txt-suite/txt-suite
|
||||
cmd/cbnt-prov/cbnt-prov
|
||||
|
|
|
@ -30,13 +30,13 @@ Verify all downloaded dependencies run:
|
|||
To build the test suite run:
|
||||
|
||||
```
|
||||
<GO111MODULE=on> go build -o txt-suite cmd/bg-prov/*.go
|
||||
<GO111MODULE=on> go build -o txt-suite cmd/cbnt-prov/*.go
|
||||
```
|
||||
|
||||
Commandline subcommands:
|
||||
--------------
|
||||
```bash
|
||||
Usage of ./bg-prov:
|
||||
Usage of ./cbnt-prov:
|
||||
version
|
||||
Prints the version of the program
|
||||
show-km
|
||||
|
@ -72,63 +72,63 @@ Usage of ./bg-prov:
|
|||
|
||||
Flags:
|
||||
--help (-h)
|
||||
Prints more information about ./bg-prov
|
||||
Prints more information about ./cbnt-prov
|
||||
```
|
||||
Every subcommand has several required or optional arguments and flags. To learn more about them:
|
||||
```bash
|
||||
./bg-prov <subcommand> -h
|
||||
./cbnt-prov <subcommand> -h
|
||||
```
|
||||
|
||||
Extended documentation about subcommands:
|
||||
--------------
|
||||
|
||||
```bash
|
||||
./bg-prov show-km Prints Key Manifest binary in human-readable format
|
||||
./cbnt-prov show-km Prints Key Manifest binary in human-readable format
|
||||
<path> Path to binary file containing Key Manifest
|
||||
```
|
||||
|
||||
```bash
|
||||
./bg-prov show-bpm Prints Boot Policy Manifest binary in human-readable format
|
||||
./cbnt-prov show-bpm Prints Boot Policy Manifest binary in human-readable format
|
||||
<path> Path to binary file containing Boot Policy Manifest
|
||||
```
|
||||
|
||||
```bash
|
||||
./bg-prov show-acm Prints ACM binary in human-readable format
|
||||
./cbnt-prov show-acm Prints ACM binary in human-readable format
|
||||
<path> Path to binary file containing Authenticated Code Module (ACM)
|
||||
```
|
||||
|
||||
```bash
|
||||
./bg-prov show-all Prints BPM, KM, FIT and ACM from Firmware image binary in human-readable format
|
||||
./cbnt-prov show-all Prints BPM, KM, FIT and ACM from Firmware image binary in human-readable format
|
||||
<path> Path to full Firmaware image binary file containing Key Manifest, Boot Policy Manifest and ACM
|
||||
```
|
||||
|
||||
```bash
|
||||
./bg-prov export-acm Exports ACM binary from Firmware image into file
|
||||
./cbnt-prov export-acm Exports ACM binary from Firmware image into file
|
||||
<bios> Path to the full Firmware image binary file.
|
||||
<out> Path to the newly generated ACM binary file.
|
||||
```
|
||||
|
||||
```bash
|
||||
./bg-prov export-km Exports KM structures from Firmware image image into file
|
||||
./cbnt-prov export-km Exports KM structures from Firmware image image into file
|
||||
<bios> Path to the full Firmware image binary file.
|
||||
<out> Path to the newly generated Key Manifest binary file.
|
||||
```
|
||||
|
||||
```bash
|
||||
./bg-prov export-bpm Exports BPM structures from Firmware image image into file
|
||||
./cbnt-prov export-bpm Exports BPM structures from Firmware image image into file
|
||||
<bios> Path to the full Firmware image binary file.
|
||||
<out> Path to the newly generated Boot Policy Manifest binary file.
|
||||
```
|
||||
|
||||
```bash
|
||||
./bg-prov read-config Reads config from existing BIOS file and translates it to a JSON configuration
|
||||
./cbnt-prov read-config Reads config from existing BIOS file and translates it to a JSON configuration
|
||||
<config> Path to the JSON config file.
|
||||
<bios> Path to the full Firmware image binary file.
|
||||
```
|
||||
|
||||
|
||||
```bash
|
||||
./bg-prov km-gen Generate KM file based of json configuration
|
||||
./cbnt-prov km-gen Generate KM file based of json configuration
|
||||
<km> Path to the newly generated Key Manifest binary file.
|
||||
<key> Public Boot Policy signing key
|
||||
|
||||
|
@ -144,7 +144,7 @@ Extended documentation about subcommands:
|
|||
```
|
||||
|
||||
```bash
|
||||
./bg-prov bpm-gen Generate BPM file based of json configuration and complete firmware image
|
||||
./cbnt-prov bpm-gen Generate BPM file based of json configuration and complete firmware image
|
||||
<bpm> Path to the newly generated Boot Policy Manifest binary file.
|
||||
<bios> Path to the firmware image binary file.
|
||||
|
||||
|
@ -176,7 +176,7 @@ Extended documentation about subcommands:
|
|||
```
|
||||
|
||||
```bash
|
||||
./bg-prov km-sign Sign key manifest with given key
|
||||
./cbnt-prov km-sign Sign key manifest with given key
|
||||
<km-in> Path to the generated Key Manifest binary file.
|
||||
<km-out> Path to write the signed KM to
|
||||
<km-keyfile> Path to the encrypted PKCS8 private key file.
|
||||
|
@ -184,7 +184,7 @@ Extended documentation about subcommands:
|
|||
```
|
||||
|
||||
```bash
|
||||
./bg-prov bpm-sign Sign Boot Policy Manifest with given key
|
||||
./cbnt-prov bpm-sign Sign Boot Policy Manifest with given key
|
||||
<bpm-in> Path to the newly generated Boot Policy Manifest binary file.
|
||||
<bpm-out> Path to write the signed BPM to
|
||||
<bpm-keyfile> Path to the encrypted PKCS8 private key file.
|
||||
|
@ -192,7 +192,7 @@ Extended documentation about subcommands:
|
|||
```
|
||||
|
||||
```bash
|
||||
./bg-prov stitch Stitches BPM, KM and ACM into given BIOS image file
|
||||
./cbnt-prov stitch Stitches BPM, KM and ACM into given BIOS image file
|
||||
<bios> Path to the full BIOS binary file.
|
||||
[<acm>] Path to the ACM binary file.
|
||||
[<km>] Path to the Key Manifest binary file.
|
||||
|
@ -200,7 +200,7 @@ Extended documentation about subcommands:
|
|||
```
|
||||
|
||||
```bash
|
||||
./bg-prov key-gen Generates key for KM and BPM signing
|
||||
./cbnt-prov key-gen Generates key for KM and BPM signing
|
||||
<algo> Select crypto algorithm for key generation. Options: RSA2048. RSA3072, ECC224, ECC256
|
||||
<password> Password for AES256 encryption of private keys
|
||||
[<path>] Path to store keys.
|
||||
|
@ -209,7 +209,7 @@ Extended documentation about subcommands:
|
|||
|
||||
|
||||
```bash
|
||||
./bg-prov template Writes template JSON configuration into file
|
||||
./cbnt-prov template Writes template JSON configuration into file
|
||||
<path> Path to the newly generated JSON configuration file.
|
||||
|
||||
--revision Platform Manufacturer’s BPM revision number.
|
||||
|
@ -243,18 +243,18 @@ I. Boot Policy / Key Manifest Generation/Signing/Stitching
|
|||
|
||||
1. Create a template config file
|
||||
```bash
|
||||
./bg-prov template ./config.json
|
||||
./cbnt-prov template ./config.json
|
||||
```
|
||||
|
||||
2. Create keys for signing of Key Manifest (KM) and Boot Policy Manifest (BPM)
|
||||
Algorithm: RSA, BitSize: 2048, no password for enryption of private key files
|
||||
```bash
|
||||
./bg-prov key-gen RSA2048 "" --path=./Keys/mykey
|
||||
./cbnt-prov key-gen RSA2048 "" --path=./Keys/mykey
|
||||
```
|
||||
|
||||
3. Generate Key Manifest (KM)
|
||||
```bash
|
||||
./bg-prov km-gen ./KM/km_unsigned.bin ./Keys/mykey_km_pub.pem \
|
||||
./cbnt-prov km-gen ./KM/km_unsigned.bin ./Keys/mykey_km_pub.pem \
|
||||
--config=./config.json \
|
||||
--pkhashalg=12 \
|
||||
--bpmpubkey=./Keys/mykey_bpmpub.pem \
|
||||
|
@ -263,72 +263,72 @@ Algorithm: RSA, BitSize: 2048, no password for enryption of private key files
|
|||
|
||||
4. Generation of Boot Policy Manifest (BPM)
|
||||
```bash
|
||||
./bg-prov bpm-gen ./BPM/bpm_unsigned.bin ./firmware.rom --config=./config.json
|
||||
./cbnt-prov bpm-gen ./BPM/bpm_unsigned.bin ./firmware.rom --config=./config.json
|
||||
```
|
||||
|
||||
5. Sign Key Manifest (KM)
|
||||
```bash
|
||||
./bg-prov km-sign ./KM/km_unsigned.bin ./KM/km_signed.bin ./Keys/myKey_km_priv.pem ""
|
||||
./cbnt-prov km-sign ./KM/km_unsigned.bin ./KM/km_signed.bin ./Keys/myKey_km_priv.pem ""
|
||||
```
|
||||
|
||||
6. Sign Boot Policy Manifest (BPM)
|
||||
```bash
|
||||
./bg-prov bpm-sign ./BPM/bpm_unsigned.bin ./BPM/bpm_signed.bin ./Keys/myKey_bpm_priv.pem ""
|
||||
./cbnt-prov bpm-sign ./BPM/bpm_unsigned.bin ./BPM/bpm_signed.bin ./Keys/myKey_bpm_priv.pem ""
|
||||
|
||||
```
|
||||
|
||||
7. Export ACM for stitching (Firmware image must contain an ACM)
|
||||
Skip this if you already have an ACM for stitching
|
||||
```bash
|
||||
./bg-prov export-acm ./firmware.rom ./ACM/acm_export.bin
|
||||
./cbnt-prov export-acm ./firmware.rom ./ACM/acm_export.bin
|
||||
```
|
||||
|
||||
8. Stitch BPM, KM and ACM into firmware image
|
||||
```bash
|
||||
./bg-prov stitch ./firmware.rom ./ACM/acm.bin ./KM/km_signed.bin ./BPM/bpm_signed.bin
|
||||
./cbnt-prov stitch ./firmware.rom ./ACM/acm.bin ./KM/km_signed.bin ./BPM/bpm_signed.bin
|
||||
```
|
||||
|
||||
II. Read config from a CBnT enabled firmware image
|
||||
-------------------------------------------
|
||||
```bash
|
||||
./bg-prov read-config ./config.json ./firmware.rom
|
||||
./cbnt-prov read-config ./config.json ./firmware.rom
|
||||
```
|
||||
|
||||
III Export KM, BPM and ACM from CBnT enabled firmware image
|
||||
------------------------------------------------
|
||||
1. Export of KM
|
||||
```bash
|
||||
./bg-prov export-km ./firmware.rom ./KM/km_export.bin
|
||||
./cbnt-prov export-km ./firmware.rom ./KM/km_export.bin
|
||||
```
|
||||
|
||||
2. Export BPM
|
||||
```bash
|
||||
./bg-prov export-km ./firmware.rom ./BPM/bpm_export.bin
|
||||
./cbnt-prov export-km ./firmware.rom ./BPM/bpm_export.bin
|
||||
```
|
||||
|
||||
3. Export ACM
|
||||
```bash
|
||||
./bg-prov export-acm ./firmware.rom ./ACM/acm_export.bin
|
||||
./cbnt-prov export-acm ./firmware.rom ./ACM/acm_export.bin
|
||||
```
|
||||
|
||||
IV. Show details of exported KM, BPM, ACM
|
||||
--------------------------------------
|
||||
1. Show details of KM
|
||||
```bash
|
||||
./bg-prov show-km ./KM/km_signed.bin
|
||||
./cbnt-prov show-km ./KM/km_signed.bin
|
||||
```
|
||||
|
||||
2. Show details of BPM
|
||||
```bash
|
||||
./bg-prov show-bpm ./BPM/bpm_signed.bin
|
||||
./cbnt-prov show-bpm ./BPM/bpm_signed.bin
|
||||
```
|
||||
|
||||
3. Show details of ACM
|
||||
```bash
|
||||
./bg-prov show-acm ./ACM/acm_signed.bin
|
||||
./cbnt-prov show-acm ./ACM/acm_signed.bin
|
||||
```
|
||||
|
||||
4. Show all
|
||||
```bash
|
||||
./bg-prov show-all ./firmware.rom
|
||||
./cbnt-prov show-all ./firmware.rom
|
||||
```
|
|
@ -16,7 +16,7 @@ import (
|
|||
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest"
|
||||
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest/bootpolicy"
|
||||
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest/key"
|
||||
"github.com/9elements/converged-security-suite/v2/pkg/provisioning/bg"
|
||||
"github.com/9elements/converged-security-suite/v2/pkg/provisioning/cbnt"
|
||||
"github.com/9elements/converged-security-suite/v2/pkg/tools"
|
||||
)
|
||||
|
||||
|
@ -29,7 +29,7 @@ type versionCmd struct {
|
|||
|
||||
type templateCmd struct {
|
||||
Path string `arg required name:"path" help:"Path to the newly generated JSON configuration file." type:"path"`
|
||||
//BootGuard Manifest Header args
|
||||
//CBnT Manifest Header args
|
||||
Revision uint8 `flag optional name:"revision" help:"Platform Manufacturer’s BPM revision number."`
|
||||
SVN manifest.SVN `flag optional name:"svn" help:"Boot Policy Manifest Security Version Number"`
|
||||
ACMSVN manifest.SVN `flag optional name:"acmsvn" help:"Authorized ACM Security Version Number"`
|
||||
|
@ -109,7 +109,7 @@ type generateBPMCmd struct {
|
|||
BPM string `arg required name:"bpm" help:"Path to the newly generated Boot Policy Manifest binary file." type:"path"`
|
||||
BIOS string `arg required name:"bios" help:"Path to the full BIOS binary file." type:"path"`
|
||||
Config string `flag optional name:"config" help:"Path to the JSON config file." type:"path"`
|
||||
//BootGuard Manifest Header args
|
||||
//CBnT Manifest Header args
|
||||
Revision uint8 `flag optional name:"revision" help:"Platform Manufacturer’s BPM revision number."`
|
||||
SVN manifest.SVN `flag optional name:"svn" help:"Boot Policy Manifest Security Version Number"`
|
||||
ACMSVN manifest.SVN `flag optional name:"acmsvn" help:"Authorized ACM Security Version Number"`
|
||||
|
@ -199,7 +199,7 @@ func (kmp *kmPrintCmd) Run(ctx *context) error {
|
|||
return err
|
||||
}
|
||||
reader := bytes.NewReader(data)
|
||||
km, err := bg.ParseKM(reader)
|
||||
km, err := cbnt.ParseKM(reader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -218,7 +218,7 @@ func (bpmp *bpmPrintCmd) Run(ctx *context) error {
|
|||
return err
|
||||
}
|
||||
reader := bytes.NewReader(data)
|
||||
bpm, err := bg.ParseBPM(reader)
|
||||
bpm, err := cbnt.ParseBPM(reader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -255,11 +255,11 @@ func (biosp *biosPrintCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = bg.PrintFIT(data)
|
||||
err = cbnt.PrintFIT(data)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = bg.PrintBootGuardStructures(data)
|
||||
err = cbnt.PrintCBnTStructures(data)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -275,7 +275,7 @@ func (acme *acmExportCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = bg.WriteBootGuardStructures(data, nil, nil, acmfile)
|
||||
err = cbnt.WriteCBnTStructures(data, nil, nil, acmfile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -291,7 +291,7 @@ func (kme *kmExportCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = bg.WriteBootGuardStructures(data, nil, kmfile, nil)
|
||||
err = cbnt.WriteCBnTStructures(data, nil, kmfile, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -307,7 +307,7 @@ func (bpme *bpmExportCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = bg.WriteBootGuardStructures(data, bpmfile, nil, nil)
|
||||
err = cbnt.WriteCBnTStructures(data, bpmfile, nil, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -315,15 +315,15 @@ func (bpme *bpmExportCmd) Run(ctx *context) error {
|
|||
}
|
||||
|
||||
func (g *generateKMCmd) Run(ctx *context) error {
|
||||
var options *bg.BootGuardOptions
|
||||
var options *cbnt.Options
|
||||
if g.Config != "" {
|
||||
bgo, err := bg.ParseConfig(g.Config)
|
||||
cbnto, err := cbnt.ParseConfig(g.Config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
options = bgo
|
||||
options = cbnto
|
||||
} else {
|
||||
var bgo bg.BootGuardOptions
|
||||
var cbnto cbnt.Options
|
||||
tmpKM := key.NewManifest()
|
||||
tmpKM.Revision = g.Revision
|
||||
tmpKM.KMSVN = g.SVN
|
||||
|
@ -332,17 +332,17 @@ func (g *generateKMCmd) Run(ctx *context) error {
|
|||
tmpKM.Hash = g.KMHashes
|
||||
// Create KM_Hash for BPM pub signing key
|
||||
if g.BpmPubkey != "" {
|
||||
kh, err := bg.GetBPMPubHash(g.BpmPubkey, g.BpmHashAlg)
|
||||
kh, err := cbnt.GetBPMPubHash(g.BpmPubkey, g.BpmHashAlg)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
tmpKM.Hash = kh
|
||||
}
|
||||
bgo.KeyManifest = *tmpKM
|
||||
options = &bgo
|
||||
cbnto.KeyManifest = tmpKM
|
||||
options = &cbnto
|
||||
}
|
||||
|
||||
key, err := bg.ReadPubKey(g.Key)
|
||||
key, err := cbnt.ReadPubKey(g.Key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -357,7 +357,7 @@ func (g *generateKMCmd) Run(ctx *context) error {
|
|||
}
|
||||
}
|
||||
}
|
||||
bKM, err := bg.WriteKM(&options.KeyManifest)
|
||||
bKM, err := cbnt.WriteKM(options.KeyManifest)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -366,7 +366,7 @@ func (g *generateKMCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := bg.WriteConfig(out, options); err != nil {
|
||||
if err := cbnt.WriteConfig(out, options); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -382,19 +382,19 @@ func (g *generateKMCmd) Run(ctx *context) error {
|
|||
}
|
||||
|
||||
func (g *generateBPMCmd) Run(ctx *context) error {
|
||||
var options *bg.BootGuardOptions
|
||||
var options *cbnt.Options
|
||||
if g.Config != "" {
|
||||
bgo, err := bg.ParseConfig(g.Config)
|
||||
cbnto, err := cbnt.ParseConfig(g.Config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
options = bgo
|
||||
options = cbnto
|
||||
} else {
|
||||
var bgo bg.BootGuardOptions
|
||||
bgo.BootPolicyManifest.BPMH.BPMRevision = g.Revision
|
||||
bgo.BootPolicyManifest.BPMH.BPMSVN = g.SVN
|
||||
bgo.BootPolicyManifest.BPMH.ACMSVNAuth = g.ACMSVN
|
||||
bgo.BootPolicyManifest.BPMH.NEMDataStack = g.NEMS
|
||||
var cbnto cbnt.Options
|
||||
cbnto.BootPolicyManifest.BPMH.BPMRevision = g.Revision
|
||||
cbnto.BootPolicyManifest.BPMH.BPMSVN = g.SVN
|
||||
cbnto.BootPolicyManifest.BPMH.ACMSVNAuth = g.ACMSVN
|
||||
cbnto.BootPolicyManifest.BPMH.NEMDataStack = g.NEMS
|
||||
|
||||
se := bootpolicy.NewSE()
|
||||
se.PBETValue = g.PBET
|
||||
|
@ -419,7 +419,7 @@ func (g *generateBPMCmd) Run(ctx *context) error {
|
|||
seg.Flags = g.IbbSegFlag
|
||||
se.IBBSegments = append(se.IBBSegments, seg)
|
||||
|
||||
bgo.BootPolicyManifest.SE = append(bgo.BootPolicyManifest.SE, *se)
|
||||
cbnto.BootPolicyManifest.SE = append(cbnto.BootPolicyManifest.SE, *se)
|
||||
|
||||
txt := bootpolicy.NewTXT()
|
||||
txt.SInitMinSVNAuth = g.SintMin
|
||||
|
@ -430,12 +430,12 @@ func (g *generateBPMCmd) Run(ctx *context) error {
|
|||
txt.PTTCMOSOffset0 = g.CMOSOff0
|
||||
txt.PTTCMOSOffset1 = g.CMOSOff1
|
||||
|
||||
bgo.BootPolicyManifest.TXTE = txt
|
||||
cbnto.BootPolicyManifest.TXTE = txt
|
||||
|
||||
options = &bgo
|
||||
options = &cbnto
|
||||
}
|
||||
|
||||
bpm, err := bg.GenerateBPM(options, g.BIOS)
|
||||
bpm, err := cbnt.GenerateBPM(options, g.BIOS)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -449,11 +449,11 @@ func (g *generateBPMCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := bg.WriteConfig(out, options); err != nil {
|
||||
if err := cbnt.WriteConfig(out, options); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
bBPM, err := bg.WriteBPM(bpm)
|
||||
bBPM, err := cbnt.WriteBPM(bpm)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -471,7 +471,7 @@ func (s *signKMCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
privkey, err := bg.DecryptPrivKey(encKey, s.Password)
|
||||
privkey, err := cbnt.DecryptPrivKey(encKey, s.Password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -490,7 +490,7 @@ func (s *signKMCmd) Run(ctx *context) error {
|
|||
if err = km.SetSignature(0, privkey.(crypto.Signer), unsignedKM); err != nil {
|
||||
return err
|
||||
}
|
||||
bKMSigned, err := bg.WriteKM(&km)
|
||||
bKMSigned, err := cbnt.WriteKM(&km)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -505,7 +505,7 @@ func (s *signBPMCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
key, err := bg.DecryptPrivKey(encKey, s.Password)
|
||||
key, err := cbnt.DecryptPrivKey(encKey, s.Password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -529,7 +529,7 @@ func (s *signBPMCmd) Run(ctx *context) error {
|
|||
return fmt.Errorf("Invalid key type")
|
||||
}
|
||||
bpm.PMSE = *kAs
|
||||
bpmRaw, err = bg.WriteBPM(&bpm)
|
||||
bpmRaw, err = cbnt.WriteBPM(&bpm)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -540,7 +540,7 @@ func (s *signBPMCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return fmt.Errorf("unable to make a signature: %w", err)
|
||||
}
|
||||
bBPMSigned, err := bg.WriteBPM(&bpm)
|
||||
bBPMSigned, err := cbnt.WriteBPM(&bpm)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -551,14 +551,14 @@ func (s *signBPMCmd) Run(ctx *context) error {
|
|||
}
|
||||
|
||||
func (t *templateCmd) Run(ctx *context) error {
|
||||
var bgo bg.BootGuardOptions
|
||||
km := *key.NewManifest()
|
||||
bpm := *bootpolicy.NewManifest()
|
||||
var cbnto cbnt.Options
|
||||
cbnto.BootPolicyManifest = bootpolicy.NewManifest()
|
||||
cbnto.KeyManifest = key.NewManifest()
|
||||
|
||||
bpm.BPMRevision = t.Revision
|
||||
bpm.BPMSVN = t.SVN
|
||||
bpm.ACMSVNAuth = t.ACMSVN
|
||||
bpm.NEMDataStack = t.NEMS
|
||||
cbnto.BootPolicyManifest.BPMH.BPMRevision = t.Revision
|
||||
cbnto.BootPolicyManifest.BPMH.BPMSVN = t.SVN
|
||||
cbnto.BootPolicyManifest.BPMH.ACMSVNAuth = t.ACMSVN
|
||||
cbnto.BootPolicyManifest.BPMH.NEMDataStack = t.NEMS
|
||||
|
||||
se := bootpolicy.NewSE()
|
||||
se.PBETValue = t.PBET
|
||||
|
@ -577,7 +577,7 @@ func (t *templateCmd) Run(ctx *context) error {
|
|||
seg.Flags = t.IbbSegFlag
|
||||
se.IBBSegments = append(se.IBBSegments, seg)
|
||||
|
||||
bpm.SE = append(bpm.SE, *se)
|
||||
cbnto.BootPolicyManifest.SE = append(cbnto.BootPolicyManifest.SE, *se)
|
||||
|
||||
txt := bootpolicy.NewTXT()
|
||||
txt.SInitMinSVNAuth = t.SintMin
|
||||
|
@ -588,16 +588,13 @@ func (t *templateCmd) Run(ctx *context) error {
|
|||
txt.PTTCMOSOffset0 = t.CMOSOff0
|
||||
txt.PTTCMOSOffset1 = t.CMOSOff1
|
||||
|
||||
bpm.TXTE = txt
|
||||
|
||||
bgo.BootPolicyManifest = bpm
|
||||
bgo.KeyManifest = km
|
||||
cbnto.BootPolicyManifest.TXTE = txt
|
||||
|
||||
out, err := os.Create(t.Path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := bg.WriteConfig(out, &bgo); err != nil {
|
||||
if err := cbnt.WriteConfig(out, &cbnto); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
@ -608,7 +605,7 @@ func (rc *readConfigCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = bg.ReadConfigFromBIOSImage(rc.BIOS, f)
|
||||
_, err = cbnt.ReadConfigFromBIOSImage(rc.BIOS, f)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -624,7 +621,7 @@ func (s *stitchingKMCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
pub, err := bg.ReadPubKey(s.PubKey)
|
||||
pub, err := cbnt.ReadPubKey(s.PubKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -632,11 +629,11 @@ func (s *stitchingKMCmd) Run(ctx *context) error {
|
|||
return fmt.Errorf("loaded files are empty")
|
||||
}
|
||||
reader := bytes.NewReader(kmData)
|
||||
km, err := bg.ParseKM(reader)
|
||||
km, err := cbnt.ParseKM(reader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
kmRaw, err := bg.StitchKM(km, pub, sig)
|
||||
kmRaw, err := cbnt.StitchKM(km, pub, sig)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -655,7 +652,7 @@ func (s *stitchingBPMCmd) Run(ctx *context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
pub, err := bg.ReadPubKey(s.PubKey)
|
||||
pub, err := cbnt.ReadPubKey(s.PubKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -663,11 +660,11 @@ func (s *stitchingBPMCmd) Run(ctx *context) error {
|
|||
return fmt.Errorf("loaded files are empty")
|
||||
}
|
||||
reader := bytes.NewReader(bpmData)
|
||||
bpm, err := bg.ParseBPM(reader)
|
||||
bpm, err := cbnt.ParseBPM(reader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
bpmRaw, err := bg.StitchBPM(bpm, pub, sig)
|
||||
bpmRaw, err := cbnt.StitchBPM(bpm, pub, sig)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -703,7 +700,7 @@ func (s *stitchingCmd) Run(ctx *context) error {
|
|||
if len(acm) == 0 && len(km) == 0 && len(bpm) == 0 && len(me) == 0 {
|
||||
return fmt.Errorf("at least one optional parameter required")
|
||||
}
|
||||
if err := bg.StitchFITEntries(s.BIOS, acm, bpm, km); err != nil {
|
||||
if err := cbnt.StitchFITEntries(s.BIOS, acm, bpm, km); err != nil {
|
||||
return err
|
||||
}
|
||||
if len(me) != 0 {
|
||||
|
@ -751,22 +748,22 @@ func (k *keygenCmd) Run(ctx *context) error {
|
|||
|
||||
switch k.Algo {
|
||||
case "RSA2048":
|
||||
err := bg.GenRSAKey(2048, k.Password, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile)
|
||||
err := cbnt.GenRSAKey(2048, k.Password, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
case "RSA3072":
|
||||
err := bg.GenRSAKey(3072, k.Password, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile)
|
||||
err := cbnt.GenRSAKey(3072, k.Password, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
case "ECC224":
|
||||
err := bg.GenECCKey(224, k.Password, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile)
|
||||
err := cbnt.GenECCKey(224, k.Password, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
case "ECC256":
|
||||
err := bg.GenECCKey(256, k.Password, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile)
|
||||
err := cbnt.GenECCKey(256, k.Password, kmPubFile, kmPrivFile, bpmPubFile, bpmPrivFile)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
package bg
|
||||
package cbnt
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
@ -34,34 +34,34 @@ type KeyHash struct {
|
|||
Algorithm manifest.Algorithm `json:"algorithm"` //
|
||||
}
|
||||
|
||||
// BootGuardOptions presents all available options for BootGuard configuarion file.
|
||||
type BootGuardOptions struct {
|
||||
BootPolicyManifest bootpolicy.Manifest
|
||||
KeyManifest key.Manifest
|
||||
// Options presents all available options for CBnT configuarion file.
|
||||
type Options struct {
|
||||
BootPolicyManifest *bootpolicy.Manifest
|
||||
KeyManifest *key.Manifest
|
||||
}
|
||||
|
||||
// ParseConfig parses a boot guard option json file
|
||||
func ParseConfig(filepath string) (*BootGuardOptions, error) {
|
||||
var bgo BootGuardOptions
|
||||
func ParseConfig(filepath string) (*Options, error) {
|
||||
var cbnto Options
|
||||
data, err := ioutil.ReadFile(filepath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err = json.Unmarshal(data, &bgo); err != nil {
|
||||
if err = json.Unmarshal(data, &cbnto); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &bgo, nil
|
||||
return &cbnto, nil
|
||||
}
|
||||
|
||||
func setBPMHeader(bgo *BootGuardOptions, bpm *bootpolicy.Manifest) (*bootpolicy.BPMH, error) {
|
||||
func setBPMHeader(cbnto *Options, bpm *bootpolicy.Manifest) (*bootpolicy.BPMH, error) {
|
||||
header := bootpolicy.NewBPMH()
|
||||
if err := defaults.Set(header); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
header.BPMRevision = bgo.BootPolicyManifest.BPMRevision
|
||||
header.BPMSVN = manifest.SVN(bgo.BootPolicyManifest.BPMH.BPMSVN)
|
||||
header.ACMSVNAuth = manifest.SVN(bgo.BootPolicyManifest.BPMH.ACMSVNAuth)
|
||||
header.NEMDataStack = bootpolicy.Size4K(bgo.BootPolicyManifest.BPMH.NEMDataStack)
|
||||
header.BPMRevision = cbnto.BootPolicyManifest.BPMRevision
|
||||
header.BPMSVN = manifest.SVN(cbnto.BootPolicyManifest.BPMH.BPMSVN)
|
||||
header.ACMSVNAuth = manifest.SVN(cbnto.BootPolicyManifest.BPMH.ACMSVNAuth)
|
||||
header.NEMDataStack = bootpolicy.Size4K(cbnto.BootPolicyManifest.BPMH.NEMDataStack)
|
||||
header.KeySignatureOffset = uint16(bpm.PMSEOffset() + bpm.PMSE.KeySignatureOffset())
|
||||
|
||||
return header, nil
|
||||
|
@ -169,85 +169,85 @@ func getIBBsDigest(ibbs []bootpolicy.IBBSegment, image []byte, algo manifest.Alg
|
|||
return hash, nil
|
||||
}
|
||||
|
||||
func setIBBSegment(bgo *BootGuardOptions, image []byte) (*bootpolicy.SE, error) {
|
||||
for iterator, item := range bgo.BootPolicyManifest.SE[0].DigestList.List {
|
||||
d, err := getIBBsDigest(bgo.BootPolicyManifest.SE[0].IBBSegments, image, item.HashAlg)
|
||||
func setIBBSegment(cbnto *Options, image []byte) (*bootpolicy.SE, error) {
|
||||
for iterator, item := range cbnto.BootPolicyManifest.SE[0].DigestList.List {
|
||||
d, err := getIBBsDigest(cbnto.BootPolicyManifest.SE[0].IBBSegments, image, item.HashAlg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
bgo.BootPolicyManifest.SE[0].DigestList.List[iterator].HashBuffer = make([]byte, len(d))
|
||||
copy(bgo.BootPolicyManifest.SE[0].DigestList.List[iterator].HashBuffer, d)
|
||||
cbnto.BootPolicyManifest.SE[0].DigestList.List[iterator].HashBuffer = make([]byte, len(d))
|
||||
copy(cbnto.BootPolicyManifest.SE[0].DigestList.List[iterator].HashBuffer, d)
|
||||
}
|
||||
|
||||
return &bgo.BootPolicyManifest.SE[0], nil
|
||||
return &cbnto.BootPolicyManifest.SE[0], nil
|
||||
}
|
||||
|
||||
func setTXTElement(bgo *BootGuardOptions) (*bootpolicy.TXT, error) {
|
||||
func setTXTElement(cbnto *Options) (*bootpolicy.TXT, error) {
|
||||
txte := bootpolicy.NewTXT()
|
||||
txte = bgo.BootPolicyManifest.TXTE
|
||||
txte = cbnto.BootPolicyManifest.TXTE
|
||||
return txte, nil
|
||||
}
|
||||
|
||||
func setPCDElement(bgo *BootGuardOptions) (*bootpolicy.PCD, error) {
|
||||
func setPCDElement(cbnto *Options) (*bootpolicy.PCD, error) {
|
||||
pcde := bootpolicy.NewPCD()
|
||||
if bgo.BootPolicyManifest.PCDE == nil {
|
||||
if cbnto.BootPolicyManifest.PCDE == nil {
|
||||
return nil, nil
|
||||
}
|
||||
pcde.Data = bgo.BootPolicyManifest.PCDE.Data
|
||||
pcde.Data = cbnto.BootPolicyManifest.PCDE.Data
|
||||
return pcde, nil
|
||||
}
|
||||
|
||||
func setPMElement(bgo *BootGuardOptions) (*bootpolicy.PM, error) {
|
||||
func setPMElement(cbnto *Options) (*bootpolicy.PM, error) {
|
||||
pme := bootpolicy.NewPM()
|
||||
if bgo.BootPolicyManifest.PME == nil {
|
||||
if cbnto.BootPolicyManifest.PME == nil {
|
||||
return nil, nil
|
||||
}
|
||||
pme.Data = bgo.BootPolicyManifest.PME.Data
|
||||
pme.Data = cbnto.BootPolicyManifest.PME.Data
|
||||
return pme, nil
|
||||
}
|
||||
|
||||
func setPMSElement(bgo *BootGuardOptions, bpm *bootpolicy.Manifest) (*bootpolicy.Signature, error) {
|
||||
func setPMSElement(cbnto *Options, bpm *bootpolicy.Manifest) (*bootpolicy.Signature, error) {
|
||||
psme := bootpolicy.NewSignature()
|
||||
return psme, nil
|
||||
}
|
||||
|
||||
// SetKM takes BootGuardOptiones struct and initializes a new KM with the given configuration.
|
||||
func SetKM(bgo *BootGuardOptions) (*key.Manifest, error) {
|
||||
// SetKM takes Options struct and initializes a new KM with the given configuration.
|
||||
func SetKM(cbnto *Options) (*key.Manifest, error) {
|
||||
km := key.NewManifest()
|
||||
km = &bgo.KeyManifest
|
||||
km = cbnto.KeyManifest
|
||||
return km, nil
|
||||
}
|
||||
|
||||
// GenerateBPM generates a Boot Policy Manifest with the given config and firmware image
|
||||
func GenerateBPM(bgo *BootGuardOptions, biosFilepath string) (*bootpolicy.Manifest, error) {
|
||||
func GenerateBPM(cbnto *Options, biosFilepath string) (*bootpolicy.Manifest, error) {
|
||||
bpm := bootpolicy.NewManifest()
|
||||
data, err := ioutil.ReadFile(biosFilepath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
se, err := setIBBSegment(bgo, data)
|
||||
se, err := setIBBSegment(cbnto, data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
bpm.SE = append(bpm.SE, *se)
|
||||
bpm.TXTE, err = setTXTElement(bgo)
|
||||
bpm.TXTE, err = setTXTElement(cbnto)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
bpm.PCDE, err = setPCDElement(bgo)
|
||||
bpm.PCDE, err = setPCDElement(cbnto)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
bpm.PME, err = setPMElement(bgo)
|
||||
bpm.PME, err = setPMElement(cbnto)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
bpmh, err := setBPMHeader(bgo, bpm)
|
||||
bpmh, err := setBPMHeader(cbnto, bpm)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
bpm.BPMH = *bpmh
|
||||
pmse, err := setPMSElement(bgo, bpm)
|
||||
pmse, err := setPMSElement(cbnto, bpm)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -256,9 +256,9 @@ func GenerateBPM(bgo *BootGuardOptions, biosFilepath string) (*bootpolicy.Manife
|
|||
return bpm, nil
|
||||
}
|
||||
|
||||
// WriteConfig writes a BootGuard config file to the given path with given options.
|
||||
func WriteConfig(f *os.File, bgo *BootGuardOptions) error {
|
||||
cfg, err := json.Marshal(bgo)
|
||||
// WriteConfig writes a CBnT config file to the given path with given options.
|
||||
func WriteConfig(f *os.File, cbnto *Options) error {
|
||||
cfg, err := json.Marshal(cbnto)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -271,8 +271,8 @@ func WriteConfig(f *os.File, bgo *BootGuardOptions) error {
|
|||
|
||||
// ReadConfigFromBIOSImage reads boot guard options, boot policy manifest and key manifest from a given firmware image
|
||||
// and writes that to a given file in json format
|
||||
func ReadConfigFromBIOSImage(biosFilepath string, configFilepath *os.File) (*BootGuardOptions, error) {
|
||||
var bgo BootGuardOptions
|
||||
func ReadConfigFromBIOSImage(biosFilepath string, configFilepath *os.File) (*Options, error) {
|
||||
var cbnto Options
|
||||
var bpm *bootpolicy.Manifest
|
||||
var km *key.Manifest
|
||||
bios, err := ioutil.ReadFile(biosFilepath)
|
||||
|
@ -296,11 +296,11 @@ func ReadConfigFromBIOSImage(biosFilepath string, configFilepath *os.File) (*Boo
|
|||
|
||||
/* Boot Policy Manifest */
|
||||
// BPMH
|
||||
bgo.BootPolicyManifest = *bpm
|
||||
cbnto.BootPolicyManifest = bpm
|
||||
|
||||
/* Key Manifest */
|
||||
bgo.KeyManifest = *km
|
||||
data, err := json.Marshal(bgo)
|
||||
cbnto.KeyManifest = km
|
||||
data, err := json.Marshal(cbnto)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -308,7 +308,7 @@ func ReadConfigFromBIOSImage(biosFilepath string, configFilepath *os.File) (*Boo
|
|||
if _, err = configFilepath.Write(json); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &bgo, nil
|
||||
return &cbnto, nil
|
||||
}
|
||||
|
||||
// GetBPMPubHash takes the path to public BPM signing key and hash algorithm
|
|
@ -1,4 +1,4 @@
|
|||
package bg
|
||||
package cbnt
|
||||
|
||||
import "testing"
|
||||
|
||||
|
@ -14,7 +14,7 @@ func TestSetBPMHeaderValid(T *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func TestSetBPMHeaderInvalidBadBGO(T *testing.T) {
|
||||
func TestSetBPMHeaderInvalidBadCBnTO(T *testing.T) {
|
||||
|
||||
}
|
||||
|
||||
|
@ -26,7 +26,7 @@ func TestSetIBBSegmentValid(T *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func TestSetIBBSegmentInvalidBGO(T *testing.T) {
|
||||
func TestSetIBBSegmentInvalidCBnTO(T *testing.T) {
|
||||
|
||||
}
|
||||
|
||||
|
@ -38,7 +38,7 @@ func TestTXTElementValid(T *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func TestTXTElementInvalidBadBGO(T *testing.T) {
|
||||
func TestTXTElementInvalidBadCBnTO(T *testing.T) {
|
||||
|
||||
}
|
||||
|
||||
|
@ -46,7 +46,7 @@ func TestSetPCDElementValid(T *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func TestSetPCDElementInvalidBGO(T *testing.T) {
|
||||
func TestSetPCDElementInvalidCBnTO(T *testing.T) {
|
||||
|
||||
}
|
||||
|
||||
|
@ -54,6 +54,6 @@ func TestPMElementValid(T *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func TestPMElementInvalidBGO(T *testing.T) {
|
||||
func TestPMElementInvalidCBnTO(T *testing.T) {
|
||||
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
package bg
|
||||
package cbnt
|
||||
|
||||
const (
|
||||
keySignatureElementMaxSize = 3072 // how this value was calculated?
|
|
@ -1,4 +1,4 @@
|
|||
package bg
|
||||
package cbnt
|
||||
|
||||
import (
|
||||
"crypto"
|
|
@ -1,4 +1,4 @@
|
|||
package bg
|
||||
package cbnt
|
||||
|
||||
import (
|
||||
"bytes"
|
|
@ -1,4 +1,4 @@
|
|||
package bg
|
||||
package cbnt
|
||||
|
||||
// CMOSIoAddress holds information about the location of on-demand power down requests in CMOS.
|
||||
// The structure is a substructure used in PowerDownRequest structure.
|
|
@ -1,4 +1,4 @@
|
|||
package bg
|
||||
package cbnt
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
@ -18,8 +18,8 @@ import (
|
|||
"github.com/9elements/converged-security-suite/v2/pkg/tools"
|
||||
)
|
||||
|
||||
// WriteBootGuardStructures takes a firmware image and extracts boot policy manifest, key manifest and acm into seperate files.
|
||||
func WriteBootGuardStructures(image []byte, bpmFile, kmFile, acmFile *os.File) error {
|
||||
// WriteCBnTStructures takes a firmware image and extracts boot policy manifest, key manifest and acm into seperate files.
|
||||
func WriteCBnTStructures(image []byte, bpmFile, kmFile, acmFile *os.File) error {
|
||||
bpm, km, acm, err := ParseFITEntries(image)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -42,8 +42,8 @@ func WriteBootGuardStructures(image []byte, bpmFile, kmFile, acmFile *os.File) e
|
|||
return nil
|
||||
}
|
||||
|
||||
// PrintBootGuardStructures takes a firmware image and prints boot policy manifest, key manifest, ACM, chipset, processor and tpm information if available.
|
||||
func PrintBootGuardStructures(image []byte) error {
|
||||
// PrintCBnTStructures takes a firmware image and prints boot policy manifest, key manifest, ACM, chipset, processor and tpm information if available.
|
||||
func PrintCBnTStructures(image []byte) error {
|
||||
var acm *tools.ACM
|
||||
var chipsets *tools.Chipsets
|
||||
var processors *tools.Processors
|
|
@ -1,4 +1,4 @@
|
|||
package bg
|
||||
package cbnt
|
||||
|
||||
import (
|
||||
"errors"
|
Loading…
Reference in New Issue