Merge branch 'master' into fix/pcr0_detect_txt_enabled
This commit is contained in:
commit
be74de6728
|
@ -128,6 +128,7 @@ type generateBPMCmd struct {
|
|||
IbbSegbase uint32 `flag optional name:"ibbsegbase" help:"Value for IbbSegment structure"`
|
||||
IbbSegsize uint32 `flag optional name:"ibbsegsize" help:"Value for IBB segment structure"`
|
||||
IbbSegFlag uint16 `flag optional name:"ibbsegflag" help:"Reducted"`
|
||||
Coreboot bool `flag optional name:"coreboot" help:"Required when BIOS binary file is a coreboot image"`
|
||||
// TXT args
|
||||
SinitMin uint8 `flag optional name:"sinitmin" help:"OEM authorized SinitMinSvn value"`
|
||||
TXTFlags bootpolicy.TXTControlFlags `flag optional name:"txtflags" help:"TXT Element control flags"`
|
||||
|
@ -415,11 +416,20 @@ func (g *generateBPMCmd) Run(ctx *context) error {
|
|||
se.DigestList.List[iterator].HashAlg = g.IbbHash[iterator]
|
||||
}
|
||||
|
||||
seg := *bootpolicy.NewIBBSegment()
|
||||
seg.Base = g.IbbSegbase
|
||||
seg.Size = g.IbbSegsize
|
||||
seg.Flags = g.IbbSegFlag
|
||||
se.IBBSegments = append(se.IBBSegments, seg)
|
||||
if g.IbbSegbase != 0 {
|
||||
seg := *bootpolicy.NewIBBSegment()
|
||||
seg.Base = g.IbbSegbase
|
||||
seg.Size = g.IbbSegsize
|
||||
seg.Flags = g.IbbSegFlag
|
||||
se.IBBSegments = append(se.IBBSegments, seg)
|
||||
}
|
||||
if g.Coreboot {
|
||||
ibbs, err := cbnt.FindAdditionalIBBs(g.BIOS)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
se.IBBSegments = append(se.IBBSegments, ibbs...)
|
||||
}
|
||||
|
||||
cbnto.BootPolicyManifest.SE = append(cbnto.BootPolicyManifest.SE, *se)
|
||||
|
||||
|
|
1
go.mod
1
go.mod
|
@ -16,6 +16,7 @@ require (
|
|||
github.com/google/uuid v1.2.0
|
||||
github.com/intel-go/cpuid v0.0.0-20200819041909-2aa72927c3e2
|
||||
github.com/kr/pretty v0.2.1 // indirect
|
||||
github.com/linuxboot/cbfs v0.0.0-20210504130259-7e6ab4ccb5aa
|
||||
github.com/linuxboot/fiano v6.0.0-rc.0.20210427094458-991eadf32b6a+incompatible
|
||||
github.com/logrusorgru/aurora v2.0.3+incompatible
|
||||
github.com/steakknife/hamming v0.0.0-20180906055917-c99c65617cd3
|
||||
|
|
5
go.sum
5
go.sum
|
@ -241,6 +241,11 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+
|
|||
github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
|
||||
github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
|
||||
github.com/linuxboot/fiano v5.0.0+incompatible h1:DZAZO0z9l35cakTNnkdh+yWRZfzCCJnDHmPAYW/t0No=
|
||||
github.com/linuxboot/cbfs v0.0.0-20210427144633-800f7849937f h1:9E+AteMLhYXSy66VsoE+JVDHmgSo9LXSessrjS+v4mg=
|
||||
github.com/linuxboot/cbfs v0.0.0-20210427144633-800f7849937f/go.mod h1:aO3vI0+YnezdSVke7+A7wL/d7QFJgq04oo7+3x0Y3Bo=
|
||||
github.com/linuxboot/cbfs v0.0.0-20210504130259-7e6ab4ccb5aa h1:rPAsF/VXW48u/JmtSXifY0yvz/5ow3X+Cj3qIuVavW4=
|
||||
github.com/linuxboot/cbfs v0.0.0-20210504130259-7e6ab4ccb5aa/go.mod h1:aO3vI0+YnezdSVke7+A7wL/d7QFJgq04oo7+3x0Y3Bo=
|
||||
github.com/linuxboot/fiano v6.0.0-rc+incompatible/go.mod h1:IPKmAwYdbidivI8+nWCBO97QkdsiF8OThAHowU8Tvdk=
|
||||
github.com/linuxboot/fiano v6.0.0-rc.0.20210212032429-91b79e9335d4+incompatible h1:U60PidlAhhlHVKIXC1RIBUvDIrW3e/SiKTbzXOT3Zpc=
|
||||
github.com/linuxboot/fiano v6.0.0-rc.0.20210212032429-91b79e9335d4+incompatible/go.mod h1:IPKmAwYdbidivI8+nWCBO97QkdsiF8OThAHowU8Tvdk=
|
||||
github.com/linuxboot/fiano v6.0.0-rc.0.20210427094458-991eadf32b6a+incompatible h1:QWVmkVGWK79Rby0X9VAZ1BXJtw9qqxSgst3SkqsWVMo=
|
||||
|
|
|
@ -11,6 +11,8 @@ import (
|
|||
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest/common/pretty"
|
||||
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest/key"
|
||||
"github.com/9elements/converged-security-suite/v2/pkg/tools"
|
||||
|
||||
"github.com/linuxboot/cbfs/pkg/cbfs"
|
||||
)
|
||||
|
||||
// WriteCBnTStructures takes a firmware image and extracts boot policy manifest, key manifest and acm into seperate files.
|
||||
|
@ -290,3 +292,42 @@ func StitchFITEntries(biosFilename string, acm, bpm, km []byte) error {
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// FindAdditionalIBBs takes a coreboot image and finds componentName to create
|
||||
// additional IBBSegment.
|
||||
func FindAdditionalIBBs(imagepath string) ([]bootpolicy.IBBSegment, error) {
|
||||
ibbs := make([]bootpolicy.IBBSegment, 0)
|
||||
image, err := os.Open(imagepath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer image.Close()
|
||||
|
||||
stat, err := image.Stat()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
img, err := cbfs.NewImage(image)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
flashBase := 0xffffffff - stat.Size() + 1
|
||||
cbfsbaseaddr := img.Area.Offset
|
||||
for _, seg := range img.Segs {
|
||||
switch seg.GetFile().Name {
|
||||
case
|
||||
"fspt.bin",
|
||||
"fallback/verstage",
|
||||
"bootblock":
|
||||
|
||||
ibb := bootpolicy.NewIBBSegment()
|
||||
ibb.Base = uint32(flashBase) + cbfsbaseaddr + seg.GetFile().RecordStart + seg.GetFile().SubHeaderOffset
|
||||
ibb.Size = seg.GetFile().Size
|
||||
ibb.Flags = 0
|
||||
ibbs = append(ibbs, *ibb)
|
||||
}
|
||||
}
|
||||
return ibbs, nil
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue