Merge branch 'master' into fix/pcr0_detect_txt_enabled
This commit is contained in:
commit
be74de6728
|
@ -128,6 +128,7 @@ type generateBPMCmd struct {
|
||||||
IbbSegbase uint32 `flag optional name:"ibbsegbase" help:"Value for IbbSegment structure"`
|
IbbSegbase uint32 `flag optional name:"ibbsegbase" help:"Value for IbbSegment structure"`
|
||||||
IbbSegsize uint32 `flag optional name:"ibbsegsize" help:"Value for IBB segment structure"`
|
IbbSegsize uint32 `flag optional name:"ibbsegsize" help:"Value for IBB segment structure"`
|
||||||
IbbSegFlag uint16 `flag optional name:"ibbsegflag" help:"Reducted"`
|
IbbSegFlag uint16 `flag optional name:"ibbsegflag" help:"Reducted"`
|
||||||
|
Coreboot bool `flag optional name:"coreboot" help:"Required when BIOS binary file is a coreboot image"`
|
||||||
// TXT args
|
// TXT args
|
||||||
SinitMin uint8 `flag optional name:"sinitmin" help:"OEM authorized SinitMinSvn value"`
|
SinitMin uint8 `flag optional name:"sinitmin" help:"OEM authorized SinitMinSvn value"`
|
||||||
TXTFlags bootpolicy.TXTControlFlags `flag optional name:"txtflags" help:"TXT Element control flags"`
|
TXTFlags bootpolicy.TXTControlFlags `flag optional name:"txtflags" help:"TXT Element control flags"`
|
||||||
|
@ -415,11 +416,20 @@ func (g *generateBPMCmd) Run(ctx *context) error {
|
||||||
se.DigestList.List[iterator].HashAlg = g.IbbHash[iterator]
|
se.DigestList.List[iterator].HashAlg = g.IbbHash[iterator]
|
||||||
}
|
}
|
||||||
|
|
||||||
seg := *bootpolicy.NewIBBSegment()
|
if g.IbbSegbase != 0 {
|
||||||
seg.Base = g.IbbSegbase
|
seg := *bootpolicy.NewIBBSegment()
|
||||||
seg.Size = g.IbbSegsize
|
seg.Base = g.IbbSegbase
|
||||||
seg.Flags = g.IbbSegFlag
|
seg.Size = g.IbbSegsize
|
||||||
se.IBBSegments = append(se.IBBSegments, seg)
|
seg.Flags = g.IbbSegFlag
|
||||||
|
se.IBBSegments = append(se.IBBSegments, seg)
|
||||||
|
}
|
||||||
|
if g.Coreboot {
|
||||||
|
ibbs, err := cbnt.FindAdditionalIBBs(g.BIOS)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
se.IBBSegments = append(se.IBBSegments, ibbs...)
|
||||||
|
}
|
||||||
|
|
||||||
cbnto.BootPolicyManifest.SE = append(cbnto.BootPolicyManifest.SE, *se)
|
cbnto.BootPolicyManifest.SE = append(cbnto.BootPolicyManifest.SE, *se)
|
||||||
|
|
||||||
|
|
1
go.mod
1
go.mod
|
@ -16,6 +16,7 @@ require (
|
||||||
github.com/google/uuid v1.2.0
|
github.com/google/uuid v1.2.0
|
||||||
github.com/intel-go/cpuid v0.0.0-20200819041909-2aa72927c3e2
|
github.com/intel-go/cpuid v0.0.0-20200819041909-2aa72927c3e2
|
||||||
github.com/kr/pretty v0.2.1 // indirect
|
github.com/kr/pretty v0.2.1 // indirect
|
||||||
|
github.com/linuxboot/cbfs v0.0.0-20210504130259-7e6ab4ccb5aa
|
||||||
github.com/linuxboot/fiano v6.0.0-rc.0.20210427094458-991eadf32b6a+incompatible
|
github.com/linuxboot/fiano v6.0.0-rc.0.20210427094458-991eadf32b6a+incompatible
|
||||||
github.com/logrusorgru/aurora v2.0.3+incompatible
|
github.com/logrusorgru/aurora v2.0.3+incompatible
|
||||||
github.com/steakknife/hamming v0.0.0-20180906055917-c99c65617cd3
|
github.com/steakknife/hamming v0.0.0-20180906055917-c99c65617cd3
|
||||||
|
|
5
go.sum
5
go.sum
|
@ -241,6 +241,11 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+
|
||||||
github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
|
github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
|
||||||
github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
|
github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
|
||||||
github.com/linuxboot/fiano v5.0.0+incompatible h1:DZAZO0z9l35cakTNnkdh+yWRZfzCCJnDHmPAYW/t0No=
|
github.com/linuxboot/fiano v5.0.0+incompatible h1:DZAZO0z9l35cakTNnkdh+yWRZfzCCJnDHmPAYW/t0No=
|
||||||
|
github.com/linuxboot/cbfs v0.0.0-20210427144633-800f7849937f h1:9E+AteMLhYXSy66VsoE+JVDHmgSo9LXSessrjS+v4mg=
|
||||||
|
github.com/linuxboot/cbfs v0.0.0-20210427144633-800f7849937f/go.mod h1:aO3vI0+YnezdSVke7+A7wL/d7QFJgq04oo7+3x0Y3Bo=
|
||||||
|
github.com/linuxboot/cbfs v0.0.0-20210504130259-7e6ab4ccb5aa h1:rPAsF/VXW48u/JmtSXifY0yvz/5ow3X+Cj3qIuVavW4=
|
||||||
|
github.com/linuxboot/cbfs v0.0.0-20210504130259-7e6ab4ccb5aa/go.mod h1:aO3vI0+YnezdSVke7+A7wL/d7QFJgq04oo7+3x0Y3Bo=
|
||||||
|
github.com/linuxboot/fiano v6.0.0-rc+incompatible/go.mod h1:IPKmAwYdbidivI8+nWCBO97QkdsiF8OThAHowU8Tvdk=
|
||||||
github.com/linuxboot/fiano v6.0.0-rc.0.20210212032429-91b79e9335d4+incompatible h1:U60PidlAhhlHVKIXC1RIBUvDIrW3e/SiKTbzXOT3Zpc=
|
github.com/linuxboot/fiano v6.0.0-rc.0.20210212032429-91b79e9335d4+incompatible h1:U60PidlAhhlHVKIXC1RIBUvDIrW3e/SiKTbzXOT3Zpc=
|
||||||
github.com/linuxboot/fiano v6.0.0-rc.0.20210212032429-91b79e9335d4+incompatible/go.mod h1:IPKmAwYdbidivI8+nWCBO97QkdsiF8OThAHowU8Tvdk=
|
github.com/linuxboot/fiano v6.0.0-rc.0.20210212032429-91b79e9335d4+incompatible/go.mod h1:IPKmAwYdbidivI8+nWCBO97QkdsiF8OThAHowU8Tvdk=
|
||||||
github.com/linuxboot/fiano v6.0.0-rc.0.20210427094458-991eadf32b6a+incompatible h1:QWVmkVGWK79Rby0X9VAZ1BXJtw9qqxSgst3SkqsWVMo=
|
github.com/linuxboot/fiano v6.0.0-rc.0.20210427094458-991eadf32b6a+incompatible h1:QWVmkVGWK79Rby0X9VAZ1BXJtw9qqxSgst3SkqsWVMo=
|
||||||
|
|
|
@ -11,6 +11,8 @@ import (
|
||||||
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest/common/pretty"
|
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest/common/pretty"
|
||||||
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest/key"
|
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest/key"
|
||||||
"github.com/9elements/converged-security-suite/v2/pkg/tools"
|
"github.com/9elements/converged-security-suite/v2/pkg/tools"
|
||||||
|
|
||||||
|
"github.com/linuxboot/cbfs/pkg/cbfs"
|
||||||
)
|
)
|
||||||
|
|
||||||
// WriteCBnTStructures takes a firmware image and extracts boot policy manifest, key manifest and acm into seperate files.
|
// WriteCBnTStructures takes a firmware image and extracts boot policy manifest, key manifest and acm into seperate files.
|
||||||
|
@ -290,3 +292,42 @@ func StitchFITEntries(biosFilename string, acm, bpm, km []byte) error {
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// FindAdditionalIBBs takes a coreboot image and finds componentName to create
|
||||||
|
// additional IBBSegment.
|
||||||
|
func FindAdditionalIBBs(imagepath string) ([]bootpolicy.IBBSegment, error) {
|
||||||
|
ibbs := make([]bootpolicy.IBBSegment, 0)
|
||||||
|
image, err := os.Open(imagepath)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer image.Close()
|
||||||
|
|
||||||
|
stat, err := image.Stat()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
img, err := cbfs.NewImage(image)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
flashBase := 0xffffffff - stat.Size() + 1
|
||||||
|
cbfsbaseaddr := img.Area.Offset
|
||||||
|
for _, seg := range img.Segs {
|
||||||
|
switch seg.GetFile().Name {
|
||||||
|
case
|
||||||
|
"fspt.bin",
|
||||||
|
"fallback/verstage",
|
||||||
|
"bootblock":
|
||||||
|
|
||||||
|
ibb := bootpolicy.NewIBBSegment()
|
||||||
|
ibb.Base = uint32(flashBase) + cbfsbaseaddr + seg.GetFile().RecordStart + seg.GetFile().SubHeaderOffset
|
||||||
|
ibb.Size = seg.GetFile().Size
|
||||||
|
ibb.Flags = 0
|
||||||
|
ibbs = append(ibbs, *ibb)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ibbs, nil
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue