Commit Graph

706 Commits

Author SHA1 Message Date
Christian Walter 8bb065875e
pkg/provisioning/cbnt/config.go: Rework IBB segment hashing (#327) 2022-05-18 00:30:30 +02:00
Johnny Lin c3c13e1e3c Fix cbnt-prov README.md typo 2022-05-17 10:43:27 +02:00
Arthur Heymans 6d6f90c083
cbnt-prov: Allow *-show to work on full images (#314)
cbnt-prov: Allow *-show to work on full images

Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Christian Walter <christian.walter@9elements.com>

Co-authored-by: Dmitrii Okunev <xaionaro@gmail.com>
Co-authored-by: Christian Walter <christian.walter@9elements.com>
2022-05-17 10:32:35 +02:00
Dmitrii Okunev a8e9b94f10 Fix cbnt-prov bpm-gen for bare BIOS regions 2022-05-03 16:26:01 +02:00
Dmitrii Okunev 9e8b4def11 [dumpregisters] Dump registers in a human-readable YAML 2022-05-03 16:26:01 +02:00
Dmitrii Okunev ec7b2c5e5d [pcr0tool] Add a comparator with TPM EventLog
Added flag "-compare-with-eventlog" to verb "sum" of pcr0tool. The
option allows to compare the expected measurements with actual
measurements from TPM EventLog and print all the found mismatches.

Also the comparator tries to restore the original value of PCR0_DATA
through bruteforcing.

Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-05-03 16:26:01 +02:00
Dmitrii Okunev 9c65fff579 Add a fake Intel CBnT image 2022-05-03 16:26:01 +02:00
Dmitrii Okunev 733ae38177 [pcr0tool] Add verbs display_fwinfo and display_eventlog
* display_eventlog parses a TPM EventLog
* display_fwinfo parses vendor, version, release date and revision of a
  firmware

Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-05-03 16:26:01 +02:00
Dmitrii Okunev 9b29b78528 [pcr0tool] Fix error reporting on PCR0 measurements collecting
Single-measurement function was used in a wrong way, so that
a nil measurement was still considered a measurement. As
result the error was considered as a warning, not as a real error.
Fixing it.

Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-05-03 16:26:01 +02:00
Dmitrii Okunev 7362283277 [pcr0tool][dumpregisters] Add support for dumped TXT Public Space
Adding a parser for files with dumped TXT Public Space

Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-05-03 16:26:01 +02:00
Dmitrii Okunev cac795c4bb
Merge pull request #318 from 9elements/feature/cbnt_pcr1
Preparing the code for further development of CBnT PCR1 calculation support.
2022-04-21 11:10:42 +01:00
Dmitrii Okunev 9cf1de5482
Merge branch 'master' into feature/cbnt_pcr1 2022-04-20 19:03:20 +01:00
Trynity Mirell 922bbf0b29 add DataChunkIDBIOSStartup4 and DataChunkIDBIOSStartup5
Right now, we're just adding two additional startup modes
Longer term this would be better to be dynamic, since
according to the specification, there is no limit to the
number of Startup Modules.

From Intel's Documentation:

In order to enable more flexible flash layout, BIOS Init code can be split in multiple BIOS Startup Modules. Each BIOS Startup Module will have one corresponding Type 7 entry. Each Type 7 entry describes address and size of the corresponding BIOS Startup Module.

Signed-off-by: Trynity Mirell <trynity@fb.com>
2022-03-04 08:08:10 +01:00
Zaolin 614987fa23
Merge pull request #322 from 9elements/feature/acm_revision
Print ACM revision
2022-02-26 22:18:54 +01:00
Dmitrii Okunev 8c2863297b Print ACM revision 2022-02-10 20:18:58 +00:00
Christopher Meis 1cc4eac7fb Add km-verify and bpm-verify command to verify signature of KM and BPM.
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christopher Meis dff8f0d84e Add PKCS1 parsing for private keys
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christopher Meis bb8b97fce6 correct error message in GenRSAKey function. Now shows the correct required key bitlength
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christopher Meis b509df8a71 Add required SignAlgo argument to SignKM and SignBPM command.
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christopher Meis 75262471ac Bump up fiano version to make it all work again
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christian Walter 84c0dccf93
Merge branch 'master' into feature/cbnt_pcr1 2022-02-10 09:22:06 +01:00
Dmitrii Okunev 2db573fcca
Merge pull request #320 from 9elements/feature/replay_pcr1
[pcr] Allow to replay PCR1 EventLogs
2022-02-04 16:55:15 +00:00
Dmitrii Okunev 2e8a611e8c [pcr] Allow to replay PCR1 EventLogs 2022-02-04 16:51:15 +00:00
Dmitrii Okunev c3f81385a0 [pcr] Add a sample of CBnT PCR1 EventLog dump (from a real machine) 2022-02-03 16:40:28 +00:00
Dmitrii Okunev 92b600d4a0 [pcr] Join files pkg/pcr/get_measurements{,_pcr0}.go 2022-02-03 16:26:13 +00:00
Dmitrii Okunev c9fc9cd08f [pcr] Prepare code for PCR1 2022-02-03 16:25:36 +00:00
dependabot[bot] ca50b7c31b Bump github.com/google/go-attestation from 0.2.2 to 0.4.0
Bumps [github.com/google/go-attestation](https://github.com/google/go-attestation) from 0.2.2 to 0.4.0.
- [Release notes](https://github.com/google/go-attestation/releases)
- [Commits](https://github.com/google/go-attestation/compare/v0.2.2...v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-attestation
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-03 13:28:32 +01:00
Dmitrii Okunev 485be2e704
Merge pull request #316 from 9elements/feature/gen_acm
feat(cbnt-prov): Add verb "acm-gen"
2022-01-20 12:08:51 +00:00
Dmitrii Okunev dbee91ef7f fix(cbnt-prov): Set KeySize in a generated ACM 2022-01-19 15:36:55 +00:00
Dmitrii Okunev 6cb97a21af feat(cbnt-prov): Add verb "acm-gen"
Adding a command to generate ACM modules for unit-tests:

    $ go run ./cmd/cbnt-prov/ acm-gen /tmp/acm --txtsvn 2
    $ hexdump -C /tmp/acm
    00000000  00 00 00 00 b0 01 00 00  00 03 00 00 00 00 00 00  |................|
    00000010  00 00 00 00 00 00 00 00  00 00 00 00 02 00 00 00  |................|
    00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000006c0

Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-01-19 14:14:24 +00:00
Dmitrii Okunev 380880c5d2 Upgrade fiano version 2022-01-19 14:12:58 +00:00
Dmitrii Okunev feb4062220
Merge pull request #315 from 9elements/migrate/intel_to_fiano
Switch pkg/intel to fiano's version
2022-01-19 10:58:25 +00:00
Dmitrii Okunev e2a02949f4 Switch pkg/intel to fiano's version 2022-01-14 12:41:27 +00:00
Ilya a6d57f0744
Merge pull request #304 from 9elements/additional_amd_measurements 2021-12-22 12:06:36 +00:00
Ilya Arzamartsev 1079011f52 Support measuring of PMU firmware instructions/data, microcode patch and video binary interpreter
Signed-off-by: Ilya <rihter007@inbox.ru>
2021-12-21 13:46:49 +00:00
Ilya 8737a4dfb2
Merge pull request #312 from 9elements/feature/update_fiano_package
Update linuxboot/fiano dependency
2021-12-21 12:08:23 +00:00
Ilya 4cce7faa88 Update linuxboot/fiano dependency
Signed-off-by: Ilya <rihter007@inbox.ru>
2021-12-20 21:13:37 +00:00
Dmitrii Okunev 452fee291a
Merge pull request #310 from 9elements/feature/pcrFlow_CPUVendorID
feat(pcr): Add Flow.CPUVendorID()
2021-12-15 15:18:41 +00:00
Dmitrii Okunev 877153f7d4 feat(pcr): Add Flow.CPUVendorID()
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2021-12-15 14:25:28 +00:00
Dmitrii Okunev 72758502a8 Update github.com/9elements/go-linux-lowlevel-hw
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2021-12-15 14:25:25 +00:00
Ilya 257c3382ee
Use Fiano's amd package (#311)
Signed-off-by: Ilya <rihter007@inbox.ru>
2021-12-15 12:20:23 +00:00
Ilya 95c3366c09
Merge pull request #309 from 9elements/use_fiano_bytes_package
Use Fiano's bytes package
2021-12-15 11:46:27 +00:00
Ilya 2275e28131 Use Fiano's bytes package
Signed-off-by: Ilya <rihter007@inbox.ru>
2021-12-14 20:58:27 +00:00
Trynity Mirell 7c383d7841
Merge pull request #308 from 9elements/change-MeasurementIDDXE-event-amd
Change MeasurementIDDXE to EV_EFI_PLATFORM_FIRMWARE_BLOB2
2021-12-02 12:05:35 +00:00
Trynity Mirell a91e1788a2 Change MeasurementIDDXE to EV_EFI_PLATFORM_FIRMWARE_BLOB2
This supports having multiple types for measurements. Right now,
this will only be used for EV_EFI_PLATFORM_FIRMWARE_BLOB2 which is
defined in the newer TCG spec.

It's possible that we can make this more intelligent, by examining
a certain section of the firmware to determine the TCG spec used.

However, I do not know of such a section.

The caveat to this approach is that it will choose whatever matches
first in the slice. Right now with EV_EFI_PLATFORM_FIRMWARE_BLOB2 this
will not be an issue, since EV_POST_CODE is not used when
EV_EFI_PLATFORM_FIRMWARE_BLOB2 is used.

In the future, this approach may need to be refined

Signed-off-by: Trynity Mirell <trynity@fb.com>
2021-12-02 08:31:59 +00:00
Trynity Mirell d8a48bd8d0
Merge pull request #307 from 9elements/add-new-event-type
Add EV_EFI_PLATFORM_FIRMWARE_BLOB2 event type
2021-11-09 13:57:59 +00:00
Trynity Mirell 43ab1eebee Add EV_EFI_PLATFORM_FIRMWARE_BLOB2 event type
This appears in the newer TCG standard
2021-11-04 13:17:17 +00:00
Zaolin 1d3b366e6f
Merge pull request #306 from 9elements/codeowner-add-trynity-marco
Add myself and Marco Guerri to CODEOWNERS
2021-10-19 17:01:00 +02:00
Trynity Mirell fa3f2e6c3e Add myself and Marco Guerri to CODEOWNERS 2021-10-19 15:44:16 +01:00
Trynity Mirell 5d277ef296
Merge pull request #305 from 9elements/psp-fake-measurements
Add PSP Table, PSP Headers, BIOS/PSP Entries to Fake Measurements
2021-10-19 11:09:47 +00:00