Christian Walter
8bb065875e
pkg/provisioning/cbnt/config.go: Rework IBB segment hashing ( #327 )
2022-05-18 00:30:30 +02:00
Johnny Lin
c3c13e1e3c
Fix cbnt-prov README.md typo
2022-05-17 10:43:27 +02:00
Arthur Heymans
6d6f90c083
cbnt-prov: Allow *-show to work on full images ( #314 )
...
cbnt-prov: Allow *-show to work on full images
Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
Signed-off-by: Christian Walter <christian.walter@9elements.com>
Co-authored-by: Dmitrii Okunev <xaionaro@gmail.com>
Co-authored-by: Christian Walter <christian.walter@9elements.com>
2022-05-17 10:32:35 +02:00
Dmitrii Okunev
a8e9b94f10
Fix cbnt-prov bpm-gen for bare BIOS regions
2022-05-03 16:26:01 +02:00
Dmitrii Okunev
9e8b4def11
[dumpregisters] Dump registers in a human-readable YAML
2022-05-03 16:26:01 +02:00
Dmitrii Okunev
ec7b2c5e5d
[pcr0tool] Add a comparator with TPM EventLog
...
Added flag "-compare-with-eventlog" to verb "sum" of pcr0tool. The
option allows to compare the expected measurements with actual
measurements from TPM EventLog and print all the found mismatches.
Also the comparator tries to restore the original value of PCR0_DATA
through bruteforcing.
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-05-03 16:26:01 +02:00
Dmitrii Okunev
9c65fff579
Add a fake Intel CBnT image
2022-05-03 16:26:01 +02:00
Dmitrii Okunev
733ae38177
[pcr0tool] Add verbs display_fwinfo and display_eventlog
...
* display_eventlog parses a TPM EventLog
* display_fwinfo parses vendor, version, release date and revision of a
firmware
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-05-03 16:26:01 +02:00
Dmitrii Okunev
9b29b78528
[pcr0tool] Fix error reporting on PCR0 measurements collecting
...
Single-measurement function was used in a wrong way, so that
a nil measurement was still considered a measurement. As
result the error was considered as a warning, not as a real error.
Fixing it.
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-05-03 16:26:01 +02:00
Dmitrii Okunev
7362283277
[pcr0tool][dumpregisters] Add support for dumped TXT Public Space
...
Adding a parser for files with dumped TXT Public Space
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-05-03 16:26:01 +02:00
Dmitrii Okunev
cac795c4bb
Merge pull request #318 from 9elements/feature/cbnt_pcr1
...
Preparing the code for further development of CBnT PCR1 calculation support.
2022-04-21 11:10:42 +01:00
Dmitrii Okunev
9cf1de5482
Merge branch 'master' into feature/cbnt_pcr1
2022-04-20 19:03:20 +01:00
Trynity Mirell
922bbf0b29
add DataChunkIDBIOSStartup4 and DataChunkIDBIOSStartup5
...
Right now, we're just adding two additional startup modes
Longer term this would be better to be dynamic, since
according to the specification, there is no limit to the
number of Startup Modules.
From Intel's Documentation:
In order to enable more flexible flash layout, BIOS Init code can be split in multiple BIOS Startup Modules. Each BIOS Startup Module will have one corresponding Type 7 entry. Each Type 7 entry describes address and size of the corresponding BIOS Startup Module.
Signed-off-by: Trynity Mirell <trynity@fb.com>
2022-03-04 08:08:10 +01:00
Zaolin
614987fa23
Merge pull request #322 from 9elements/feature/acm_revision
...
Print ACM revision
2022-02-26 22:18:54 +01:00
Dmitrii Okunev
8c2863297b
Print ACM revision
2022-02-10 20:18:58 +00:00
Christopher Meis
1cc4eac7fb
Add km-verify and bpm-verify command to verify signature of KM and BPM.
...
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christopher Meis
dff8f0d84e
Add PKCS1 parsing for private keys
...
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christopher Meis
bb8b97fce6
correct error message in GenRSAKey function. Now shows the correct required key bitlength
...
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christopher Meis
b509df8a71
Add required SignAlgo argument to SignKM and SignBPM command.
...
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christopher Meis
75262471ac
Bump up fiano version to make it all work again
...
Signed-off-by: Christopher Meis <christopher.meis@9elements.com>
2022-02-10 12:30:39 +01:00
Christian Walter
84c0dccf93
Merge branch 'master' into feature/cbnt_pcr1
2022-02-10 09:22:06 +01:00
Dmitrii Okunev
2db573fcca
Merge pull request #320 from 9elements/feature/replay_pcr1
...
[pcr] Allow to replay PCR1 EventLogs
2022-02-04 16:55:15 +00:00
Dmitrii Okunev
2e8a611e8c
[pcr] Allow to replay PCR1 EventLogs
2022-02-04 16:51:15 +00:00
Dmitrii Okunev
c3f81385a0
[pcr] Add a sample of CBnT PCR1 EventLog dump (from a real machine)
2022-02-03 16:40:28 +00:00
Dmitrii Okunev
92b600d4a0
[pcr] Join files pkg/pcr/get_measurements{,_pcr0}.go
2022-02-03 16:26:13 +00:00
Dmitrii Okunev
c9fc9cd08f
[pcr] Prepare code for PCR1
2022-02-03 16:25:36 +00:00
dependabot[bot]
ca50b7c31b
Bump github.com/google/go-attestation from 0.2.2 to 0.4.0
...
Bumps [github.com/google/go-attestation](https://github.com/google/go-attestation ) from 0.2.2 to 0.4.0.
- [Release notes](https://github.com/google/go-attestation/releases )
- [Commits](https://github.com/google/go-attestation/compare/v0.2.2...v0.4.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-attestation
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-03 13:28:32 +01:00
Dmitrii Okunev
485be2e704
Merge pull request #316 from 9elements/feature/gen_acm
...
feat(cbnt-prov): Add verb "acm-gen"
2022-01-20 12:08:51 +00:00
Dmitrii Okunev
dbee91ef7f
fix(cbnt-prov): Set KeySize in a generated ACM
2022-01-19 15:36:55 +00:00
Dmitrii Okunev
6cb97a21af
feat(cbnt-prov): Add verb "acm-gen"
...
Adding a command to generate ACM modules for unit-tests:
$ go run ./cmd/cbnt-prov/ acm-gen /tmp/acm --txtsvn 2
$ hexdump -C /tmp/acm
00000000 00 00 00 00 b0 01 00 00 00 03 00 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000006c0
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2022-01-19 14:14:24 +00:00
Dmitrii Okunev
380880c5d2
Upgrade fiano version
2022-01-19 14:12:58 +00:00
Dmitrii Okunev
feb4062220
Merge pull request #315 from 9elements/migrate/intel_to_fiano
...
Switch pkg/intel to fiano's version
2022-01-19 10:58:25 +00:00
Dmitrii Okunev
e2a02949f4
Switch pkg/intel to fiano's version
2022-01-14 12:41:27 +00:00
Ilya
a6d57f0744
Merge pull request #304 from 9elements/additional_amd_measurements
2021-12-22 12:06:36 +00:00
Ilya Arzamartsev
1079011f52
Support measuring of PMU firmware instructions/data, microcode patch and video binary interpreter
...
Signed-off-by: Ilya <rihter007@inbox.ru>
2021-12-21 13:46:49 +00:00
Ilya
8737a4dfb2
Merge pull request #312 from 9elements/feature/update_fiano_package
...
Update linuxboot/fiano dependency
2021-12-21 12:08:23 +00:00
Ilya
4cce7faa88
Update linuxboot/fiano dependency
...
Signed-off-by: Ilya <rihter007@inbox.ru>
2021-12-20 21:13:37 +00:00
Dmitrii Okunev
452fee291a
Merge pull request #310 from 9elements/feature/pcrFlow_CPUVendorID
...
feat(pcr): Add Flow.CPUVendorID()
2021-12-15 15:18:41 +00:00
Dmitrii Okunev
877153f7d4
feat(pcr): Add Flow.CPUVendorID()
...
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2021-12-15 14:25:28 +00:00
Dmitrii Okunev
72758502a8
Update github.com/9elements/go-linux-lowlevel-hw
...
Signed-off-by: Dmitrii Okunev <xaionaro@fb.com>
2021-12-15 14:25:25 +00:00
Ilya
257c3382ee
Use Fiano's amd package ( #311 )
...
Signed-off-by: Ilya <rihter007@inbox.ru>
2021-12-15 12:20:23 +00:00
Ilya
95c3366c09
Merge pull request #309 from 9elements/use_fiano_bytes_package
...
Use Fiano's bytes package
2021-12-15 11:46:27 +00:00
Ilya
2275e28131
Use Fiano's bytes package
...
Signed-off-by: Ilya <rihter007@inbox.ru>
2021-12-14 20:58:27 +00:00
Trynity Mirell
7c383d7841
Merge pull request #308 from 9elements/change-MeasurementIDDXE-event-amd
...
Change MeasurementIDDXE to EV_EFI_PLATFORM_FIRMWARE_BLOB2
2021-12-02 12:05:35 +00:00
Trynity Mirell
a91e1788a2
Change MeasurementIDDXE to EV_EFI_PLATFORM_FIRMWARE_BLOB2
...
This supports having multiple types for measurements. Right now,
this will only be used for EV_EFI_PLATFORM_FIRMWARE_BLOB2 which is
defined in the newer TCG spec.
It's possible that we can make this more intelligent, by examining
a certain section of the firmware to determine the TCG spec used.
However, I do not know of such a section.
The caveat to this approach is that it will choose whatever matches
first in the slice. Right now with EV_EFI_PLATFORM_FIRMWARE_BLOB2 this
will not be an issue, since EV_POST_CODE is not used when
EV_EFI_PLATFORM_FIRMWARE_BLOB2 is used.
In the future, this approach may need to be refined
Signed-off-by: Trynity Mirell <trynity@fb.com>
2021-12-02 08:31:59 +00:00
Trynity Mirell
d8a48bd8d0
Merge pull request #307 from 9elements/add-new-event-type
...
Add EV_EFI_PLATFORM_FIRMWARE_BLOB2 event type
2021-11-09 13:57:59 +00:00
Trynity Mirell
43ab1eebee
Add EV_EFI_PLATFORM_FIRMWARE_BLOB2 event type
...
This appears in the newer TCG standard
2021-11-04 13:17:17 +00:00
Zaolin
1d3b366e6f
Merge pull request #306 from 9elements/codeowner-add-trynity-marco
...
Add myself and Marco Guerri to CODEOWNERS
2021-10-19 17:01:00 +02:00
Trynity Mirell
fa3f2e6c3e
Add myself and Marco Guerri to CODEOWNERS
2021-10-19 15:44:16 +01:00
Trynity Mirell
5d277ef296
Merge pull request #305 from 9elements/psp-fake-measurements
...
Add PSP Table, PSP Headers, BIOS/PSP Entries to Fake Measurements
2021-10-19 11:09:47 +00:00