search

9elements / converged-security-suite

Converged Security Suite for Intel & AMD platform security features
https://www.9esec.io
BSD 3-Clause "New" or "Revised" License
56 stars 15 forks source link

feat(pcr0tool): Add support of a logger #347

Closed xaionaro closed 7 months ago

xaionaro commented 1 year ago

Adding basic support of a Logger to pcr0tool.

Test Plan

Ran:

go run ./cmd/pcr0tool/ -log-level=trace sum -hash-func sha256 -registers ~/firmware/northdome.registers ~/firmware/northdome.fd

Output:

DEBU[0000] FindEmbeddedFirmwareStructure err-result: <nil>
debugInfo: {
  "config_orig": {
    "Flow": 0,
    "FindMissingFakeMeasurements": false,
    "Registers": [
      {
        "id": "MP0_C2P_MSG_37",
        "value": "jRAAEQ=="
      },
      {
        "id": "MP0_C2P_MSG_38",
        "value": "AAAAUA=="
      }
    ],
    "PCR0DataIbbDigestHashAlgorithm": 11,
    "TPMDevice": 0
  },
  "config_result": {
    "Flow": 6,
    "FindMissingFakeMeasurements": false,
    "Registers": [
      {
        "id": "MP0_C2P_MSG_37",
        "value": "jRAAEQ=="
      },
      {
        "id": "MP0_C2P_MSG_38",
        "value": "AAAAUA=="
      }
    ],
    "PCR0DataIbbDigestHashAlgorithm": 11,
    "TPMDevice": 0
  },
  "detectedAttestationFlow": "LegacyAMDLocality3",
  "warnings": "errors: unable to collect measurement 'pcdFirmwareVendor_measured_data' (is_fake:false): unable to find the source of firmware vendor version"
}
measurements: [
  {
    "ID": "PSP firmware version",
    "Data": [
      {
        "Range": {
          "Offset": 1778784,
          "Length": 4
        }
      }
    ]
  },
  {
    "ID": "BIOS RTM Volume",
    "Data": [
      {
        "Range": {
          "Offset": 13041664,
          "Length": 3735552
        }
      }
    ]
  },
  {
    "ID": "pcdFirmwareVendor_measured_data",
    "Data": [
      {
        "Range": {
          "Offset": 0,
          "Length": 0
        },
        "ForceData": "HvtrVAwdVUCkrU70vxe4Og=="
      }
    ]
  },
  {
    "ID": "DXE",
    "Data": [
      {
        "Range": {
          "Offset": 5644288,
          "Length": 7397376
        }
      }
    ]
  },
  {
    "ID": "separator",
    "Data": [
      {
        "Range": {
          "Offset": 0,
          "Length": 0
        },
        "ForceData": "AAAAAA=="
      }
    ]
  }
]
Set 0x -> 0x0000000000000000000000000000000000000000000000000000000000000003

Event 'PSP firmware version': 6e001300 (*sha256.digest)
*sha256.digest(0x 0000000000000000000000000000000000000000000000000000000000000003 625C8E327941BDFB9099E21223DA6A76506A53F78150731CC15A46C5A69B5F49) == 0xA64E77E3E58BE712166AAD6094EDADB54835C700C287BF824FEDDC211F058C93

Event 'BIOS RTM Volume': 0000000000000000000000000000000078e58c8c... (len: 3735552) (*sha256.digest)
*sha256.digest(0x A64E77E3E58BE712166AAD6094EDADB54835C700C287BF824FEDDC211F058C93 B03975AC0D62E52C907CA1B219FB17847F54D33F49088C45BBEC19FF7662B8B7) == 0x82AA886E4FCC39440AFF481E743FF3D7F1EC8A254264147AC554B40F7243901C

Event 'pcdFirmwareVendor_measured_data': 1efb6b540c1d5540a4ad4ef4bf17b83a (*sha256.digest)
*sha256.digest(0x 82AA886E4FCC39440AFF481E743FF3D7F1EC8A254264147AC554B40F7243901C D4720B4009438213B803568017F903093F6BEA8AB47D283DB32B6EABEDBBF155) == 0x69422284A65D8494AF6A2F1EDC597759DE77B055EDD59E115D807A9B86D04E96

Event 'DXE': 000000000000000000000000000000007ac07354... (len: 7397376) (*sha256.digest)
*sha256.digest(0x 69422284A65D8494AF6A2F1EDC597759DE77B055EDD59E115D807A9B86D04E96 327885A92725B24F36664245B79517F7C2E1EB8DEDE90489540508250821A430) == 0x12E7B33F7160E7AFDE19A1D8A1BB3CC7F42615228B1FA706DAD88A2FCE701393

Event 'separator': 00000000 (*sha256.digest)
*sha256.digest(0x 12E7B33F7160E7AFDE19A1D8A1BB3CC7F42615228B1FA706DAD88A2FCE701393 DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119) == 0x64C87B9C60B73B405A8E21323D7BFFB67A8FF39D8B095DF1FEBE2988FF9CA4CC

Resulting PCR0: 64C87B9C60B73B405A8E21323D7BFFB67A8FF39D8B095DF1FEBE2988FF9CA4CC

The first line is:

DEBU[0000] FindEmbeddedFirmwareStructure err-result: <nil>

(as expected)

ChriMarMe commented 7 months ago

I know this took way too long on my side, sorry for that.

Can you rebase and fix, push and i will happily review and merge this week.

xaionaro commented 7 months ago

The PR is beyond recovery by now.

I know this took way too long on my side, sorry for that.

No worries. A lot of stuff changes since then, and logger was basically introduced as a side effect of other PRs anyway.