search

9elements / converged-security-suite

Converged Security Suite for Intel & AMD platform security features
https://www.9esec.io
BSD 3-Clause "New" or "Revised" License
56 stars 15 forks source link

Migrate from `pcr` to `bootflow` #363

Closed xaionaro closed 1 year ago

xaionaro commented 1 year ago

Deleting pkg/pcr (the deprecated code) and migrating all the depending code to pkg/bootflow (the new fancy code), instead.

[xaionaro@void converged-security-suite]$ go run ./cmd/pcr0tool sum ~/firmware/TPM04.bin
Log:
0. if FITPresent{} then SetFlow({if BPMPresent{} then SetFlow({SetActor(P..., ...}):
    Actions:
        0. SetFlow({if BPMPresent{} then SetFlow({SetActor(P..., ...})
1. if BPMPresent{} then SetFlow({SetActor(PCH{}), ...}):
2. SetFlow({SetActor(PCH{}), ...}):
    Actions:
        0. SetFlow({SetActor(PCH{}), ...})
3. SetActor(PCH{}):
    Actions:
        0. SetActor(PCH{})
4. VerifyACMType{FallbackFlow:types.Flow{Name:"IntelLegacyTXTDisabled", Steps:types.Steps{(*commonsteps.SetFlowStruct)(0xc000025890)}}}:
    MeasuredData:
        0. PCH <- BIOSImage:PhysMemMapper:[FFBC0000:FFC00000] (IntelFITFirst(SACM)) [intelactors.PCH]
    Actions:
        0. SetPCHVerified(IntelFITFirst(SACM))
5. SetActor(ACM{}):
    Actions:
        0. SetActor(ACM{})
6. InitTPMStruct{Locality:0x3, WithLog:true}:
    Actions:
        0. TPMInit(3)
        1. TPMEventLogAdd(PCR: 0, Algo: SHA1, Digest: 0x0x0000000000000000000000000000000000000000, EventData: 537461727475704C6F63616C6974790003)
        2. TPMEventLogAdd(PCR: 0, Algo: SHA256, Digest: 0x0x0000000000000000000000000000000000000000000000000000000000000000, EventData: 537461727475704C6F63616C6974790003)
7. MeasureACMDate{}:
    MeasuredData:
        0. TPM <- BIOSImage:PhysMemMapper:[FFBC0014:FFBC0018] (ACMDate) [intelactors.ACM]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: ACMDate, Type: EV_S_CRTM_CONTENTS (0x7), EventData: 41434D5F64617465)
8. 0x7:
    MeasuredData:
        0. TPM <- BIOSImage:PhysMemMapper:[FFBB0160:FFBB0180,FFC00000:100000000] (IntelFITAll(BIOSStartupModuleEntry)) [intelactors.ACM]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: IntelFITAll(BIOSStartupModuleEntry), Type: EV_S_CRTM_CONTENTS (0x7), EventData: 42494F535F737461727475705F6D6F64756C65)
9. StaticStep{TPMEvent(PCR: 0, DataSource: Bytes{00000000}, Type: EV_SEPARATOR (0x4))}:
    MeasuredData:
        0. TPM <- RawBytes:[0:4] (Bytes{00000000}) [intelactors.ACM]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: Bytes{00000000}, Type: EV_SEPARATOR (0x4))
10. SetFlow({SetActor(Unknown{}), ...}):
    Actions:
        0. SetFlow({SetActor(Unknown{}), ...})
11. SetActor(Unknown{}):
    Actions:
        0. SetActor(Unknown{})
12. if IsOCPv0{} then SetFlow({SetActor(PEI{}), ...}):
    Actions:
        0. SetFlow({SetActor(PEI{}), ...})
13. SetActor(PEI{}):
    Actions:
        0. SetActor(PEI{})
14. unless TPMIsInited{} do InitTPMStruct{Locality:0x0, WithLog:false}:
15. StaticStep{TPMEvent(PCR: 0, DataSource: PCDVariable("FirmwareVendorVersion"), Type: EV_S_CRTM_VERSION (0x8))}:
    MeasuredData:
        0. TPM <- RawBytes:[0:10] (PCDVariable("FirmwareVendorVersion")) [actors.PEI]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: PCDVariable("FirmwareVendorVersion"), Type: EV_S_CRTM_VERSION (0x8))
16. if IsOCPv0{} then if ManifestPresent{} then MergeSteps{types.StaticStep{(*tpmactions.TPMEvent)(0xe67a40)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67c40)}} else MergeSteps{types.StaticStep{(*tpmactions.TPMEvent)(0xe67940)}} else if ManifestPresent{} then MergeSteps{types.StaticStep{(*tpmactions.TPMEvent)(0xe679c0)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67a00)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67a80)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67ac0)}} else MergeSteps{types.StaticStep{(*tpmactions.TPMEvent)(0xe67b00)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67b40)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67b80)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67bc0)}}:
    MeasuredData:
        0. TPM <- BIOSImage:PhysMemMapper:[FF110000:FFBAF000] (UEFIGUIDFirst(4F1C52D3-D824-4D2A-A2F0-EC40C23C5916, 5C60F367-A505-419A-859E-2A4FF6CA6FE5)) [actors.PEI]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: UEFIGUIDFirst(4F1C52D3-D824-4D2A-A2F0-EC40C23C5916, 5C60F367-A505-419A-859E-2A4FF6CA6FE5), Type: EV_POST_CODE (0x1))
17. StaticStep{TPMEvent(PCR: 0, DataSource: Bytes{00000000}, Type: EV_SEPARATOR (0x4))}:
    MeasuredData:
        0. TPM <- RawBytes:[0:4] (Bytes{00000000}) [actors.PEI]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: Bytes{00000000}, Type: EV_SEPARATOR (0x4))
18. SetFlow({SetActor(DXE{})}):
    Actions:
        0. SetFlow({SetActor(DXE{})})
19. SetActor(DXE{}):
    Actions:
        0. SetActor(DXE{})

Executed TPM commands log:
    0: TPMInit(3)
    1: TPMEventLogAdd(0, SHA1, 0x0000000000000000000000000000000000000000, Type: EV_NO_ACTION (0x3), Data: 0x537461727475704C6F63616C6974790003)
    2: TPMEventLogAdd(0, SHA256, 0x0000000000000000000000000000000000000000000000000000000000000000, Type: EV_NO_ACTION (0x3), Data: 0x537461727475704C6F63616C6974790003)
    3: TPMExtend(0, SHA1, 0x2169DEB3F74D90BE85746E23C27DB948933E5A60)
    4: TPMEventLogAdd(0, SHA1, 0x2169DEB3F74D90BE85746E23C27DB948933E5A60, Type: EV_S_CRTM_CONTENTS (0x7), Data: 0x41434D5F64617465)
    5: TPMExtend(0, SHA256, 0x6E8BD2C5C88D0B35A79D19F53B6F5938762A0714DB16DF2FC2B0733C19BF961D)
    6: TPMEventLogAdd(0, SHA256, 0x6E8BD2C5C88D0B35A79D19F53B6F5938762A0714DB16DF2FC2B0733C19BF961D, Type: EV_S_CRTM_CONTENTS (0x7), Data: 0x41434D5F64617465)
    7: TPMExtend(0, SHA1, 0x2B987FEC9164E07DF8518462AC897569E3F119BC)
    8: TPMEventLogAdd(0, SHA1, 0x2B987FEC9164E07DF8518462AC897569E3F119BC, Type: EV_S_CRTM_CONTENTS (0x7), Data: 0x42494F535F737461727475705F6D6F64756C65)
    9: TPMExtend(0, SHA256, 0x336DE08E5748B91F573AD96C31CEDB600153F56AB5E5ABDBAAA81B31ACD34BD2)
    10: TPMEventLogAdd(0, SHA256, 0x336DE08E5748B91F573AD96C31CEDB600153F56AB5E5ABDBAAA81B31ACD34BD2, Type: EV_S_CRTM_CONTENTS (0x7), Data: 0x42494F535F737461727475705F6D6F64756C65)
    11: TPMExtend(0, SHA1, 0x9069CA78E7450A285173431B3E52C5C25299E473)
    12: TPMEventLogAdd(0, SHA1, 0x9069CA78E7450A285173431B3E52C5C25299E473, Type: EV_SEPARATOR (0x4))
    13: TPMExtend(0, SHA256, 0xDF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119)
    14: TPMEventLogAdd(0, SHA256, 0xDF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119, Type: EV_SEPARATOR (0x4))
    15: TPMExtend(0, SHA1, 0xC42FEDAD268200CB1D15F97841C344E79DAE3320)
    16: TPMEventLogAdd(0, SHA1, 0xC42FEDAD268200CB1D15F97841C344E79DAE3320, Type: EV_S_CRTM_VERSION (0x8))
    17: TPMExtend(0, SHA256, 0xD4720B4009438213B803568017F903093F6BEA8AB47D283DB32B6EABEDBBF155)
    18: TPMEventLogAdd(0, SHA256, 0xD4720B4009438213B803568017F903093F6BEA8AB47D283DB32B6EABEDBBF155, Type: EV_S_CRTM_VERSION (0x8))
    19: TPMExtend(0, SHA1, 0x4EA161953F21554A8F7F1953244FFF85CD7F2320)
    20: TPMEventLogAdd(0, SHA1, 0x4EA161953F21554A8F7F1953244FFF85CD7F2320, Type: EV_POST_CODE (0x1))
    21: TPMExtend(0, SHA256, 0xC2FC59B06565CD4B3980FED4D898456D5CD4540804B2D6313969213677D48A2A)
    22: TPMEventLogAdd(0, SHA256, 0xC2FC59B06565CD4B3980FED4D898456D5CD4540804B2D6313969213677D48A2A, Type: EV_POST_CODE (0x1))
    23: TPMExtend(0, SHA1, 0x9069CA78E7450A285173431B3E52C5C25299E473)
    24: TPMEventLogAdd(0, SHA1, 0x9069CA78E7450A285173431B3E52C5C25299E473, Type: EV_SEPARATOR (0x4))
    25: TPMExtend(0, SHA256, 0xDF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119)
    26: TPMEventLogAdd(0, SHA256, 0xDF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119, Type: EV_SEPARATOR (0x4))

Measured/protected data log:
    0: PCH <- BIOSImage:PhysMemMapper:[FFBC0000:FFC00000] (IntelFITFirst(SACM)) [intelactors.PCH]
    1: TPM <- BIOSImage:PhysMemMapper:[FFBC0014:FFBC0018] (ACMDate) [intelactors.ACM]
    2: TPM <- BIOSImage:PhysMemMapper:[FFBB0160:FFBB0180,FFC00000:100000000] (IntelFITAll(BIOSStartupModuleEntry)) [intelactors.ACM]
    3: TPM <- RawBytes:[0:4] (Bytes{00000000}) [intelactors.ACM]
    4: TPM <- RawBytes:[0:10] (PCDVariable("FirmwareVendorVersion")) [actors.PEI]
    5: TPM <- BIOSImage:PhysMemMapper:[FF110000:FFBAF000] (UEFIGUIDFirst(4F1C52D3-D824-4D2A-A2F0-EC40C23C5916, 5C60F367-A505-419A-859E-2A4FF6CA6FE5)) [actors.PEI]
    6: TPM <- RawBytes:[0:4] (Bytes{00000000}) [actors.PEI]

TPM EventLog:
    0: {PCR: 0, Alg: SHA1, Digest: 0x0000000000000000000000000000000000000000, Type: EV_NO_ACTION (0x3), Data: 0x537461727475704C6F63616C6974790003}
    1: {PCR: 0, Alg: SHA256, Digest: 0x0000000000000000000000000000000000000000000000000000000000000000, Type: EV_NO_ACTION (0x3), Data: 0x537461727475704C6F63616C6974790003}
    2: {PCR: 0, Alg: SHA1, Digest: 0x2169DEB3F74D90BE85746E23C27DB948933E5A60, Type: EV_S_CRTM_CONTENTS (0x7), Data: 0x41434D5F64617465}
    3: {PCR: 0, Alg: SHA256, Digest: 0x6E8BD2C5C88D0B35A79D19F53B6F5938762A0714DB16DF2FC2B0733C19BF961D, Type: EV_S_CRTM_CONTENTS (0x7), Data: 0x41434D5F64617465}
    4: {PCR: 0, Alg: SHA1, Digest: 0x2B987FEC9164E07DF8518462AC897569E3F119BC, Type: EV_S_CRTM_CONTENTS (0x7), Data: 0x42494F535F737461727475705F6D6F64756C65}
    5: {PCR: 0, Alg: SHA256, Digest: 0x336DE08E5748B91F573AD96C31CEDB600153F56AB5E5ABDBAAA81B31ACD34BD2, Type: EV_S_CRTM_CONTENTS (0x7), Data: 0x42494F535F737461727475705F6D6F64756C65}
    6: {PCR: 0, Alg: SHA1, Digest: 0x9069CA78E7450A285173431B3E52C5C25299E473, Type: EV_SEPARATOR (0x4)}
    7: {PCR: 0, Alg: SHA256, Digest: 0xDF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119, Type: EV_SEPARATOR (0x4)}
    8: {PCR: 0, Alg: SHA1, Digest: 0xC42FEDAD268200CB1D15F97841C344E79DAE3320, Type: EV_S_CRTM_VERSION (0x8)}
    9: {PCR: 0, Alg: SHA256, Digest: 0xD4720B4009438213B803568017F903093F6BEA8AB47D283DB32B6EABEDBBF155, Type: EV_S_CRTM_VERSION (0x8)}
    10: {PCR: 0, Alg: SHA1, Digest: 0x4EA161953F21554A8F7F1953244FFF85CD7F2320, Type: EV_POST_CODE (0x1)}
    11: {PCR: 0, Alg: SHA256, Digest: 0xC2FC59B06565CD4B3980FED4D898456D5CD4540804B2D6313969213677D48A2A, Type: EV_POST_CODE (0x1)}
    12: {PCR: 0, Alg: SHA1, Digest: 0x9069CA78E7450A285173431B3E52C5C25299E473, Type: EV_SEPARATOR (0x4)}
    13: {PCR: 0, Alg: SHA256, Digest: 0xDF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119, Type: EV_SEPARATOR (0x4)}

Final PCR values:
    PCR[0]: SHA1:0x3E48AAC524365425430F7C7ADB2B4AA4362CA329 SHA256:0x7B2007D9E36EE7608AB6A3DEE0B8D7AA100C57F195B498B4EE7FFDEBC784465C
    PCR[1]: SHA1:0x0000000000000000000000000000000000000000 SHA256:0x0000000000000000000000000000000000000000000000000000000000000000
[xaionaro@void converged-security-suite]$ go run ./cmd/pcr0tool/ diff -registers ~/firmware/craterlake_dvt_Y35CLP01/registers.json ~/firmware/craterlake_dvt_Y35CLP01/Y35CLP01.bin ~/firmware/craterlake_dvt_Y35CLP01/Y35CLP01-corrupted-IBB.bin
debugInfo: {
  "scanRanges": [
    {
      "Offset": 4289200128,
      "Length": 262144
    },
    {
      "Offset": 4294584960,
      "Length": 869
    },
    {
      "Offset": 4294583680,
      "Length": 1173
    },
    {
      "Offset": 4293722112,
      "Length": 861568
    },
    {
      "Offset": 4294584896,
      "Length": 64
    },
    {
      "Offset": 4294585856,
      "Length": 381440
    },
    {
      "Offset": 4289200156,
      "Length": 2
    },
    {
      "Offset": 4289200640,
      "Length": 384
    },
    {
      "Offset": 4294585445,
      "Length": 384
    },
    {
      "Offset": 4294584469,
      "Length": 384
    },
    {
      "Offset": 4294583812,
      "Length": 20
    },
    {
      "Offset": 4289200156,
      "Length": 2
    },
    {
      "Offset": 4289200640,
      "Length": 384
    },
    {
      "Offset": 4294585445,
      "Length": 384
    },
    {
      "Offset": 4294584469,
      "Length": 384
    },
    {
      "Offset": 4294583776,
      "Length": 32
    },
    {
      "Offset": 4289921024,
      "Length": 393216
    },
    {
      "Offset": 4289462272,
      "Length": 458752
    },
    {
      "Offset": 4288409600,
      "Length": 262144
    },
    {
      "Offset": 4279304192,
      "Length": 6746112
    }
  ]
}

offset: 0xfffa1dac; bytes differs: 1; hamming distance is: 3, for non-(0x00|0xff): 3.
related measurements: VerifyIBBType{FallbackFlow:types.Flow{Name:"IntelCBnTFailure", Steps:types.Steps{(*commonsteps.SetFlowStruct)(0xc0000b1860)}}}:BIOSImage:PhysMemMapper:[FFED0000:FFFA2580,FFFA2A40:FFFA2A80,FFFA2E00:100000000]
0xFFFA1DA0:   A6    9A    54    01    03    A5    C0    71
0xFFFA1DA8:   01    00    00    00    64|55 3A    5C    79
0xFFFA1DB0:   76    33    35    5C    79    76    33    35

Total:
    changed bytes: 1 (in 1 ranges)
    hamming distance: 3
    hamming distance for non-(0x00|0xff) bytes: 3
The earliest offset of a different measured byte: 0xFFFA1DAC
The earliest offset of a different measured byte in the image: 0x03FA1DAC
[xaionaro@void converged-security-suite]$ go run ./cmd/pcr0tool validate_security ~/firmware/TPM04.bin

Actors:
    * PCH{}: <nil>
    * ACM{}: BIOSImage:PhysMemMapper:[FFBC0000:FFC00000]
    * Unknown{}: <nil>
    * PEI{}: BIOSImage:PhysMemMapper:[FFC00158:FFC01EBA,FFC01EC0:FFC0F61E,FFC0F620:FFC1340E,FFC13410:FFC16D3A,FFC16D40:FFC180BA,FFC180C0:FFC1BDD6,FFC1BDD8:FFC20102,FFC20108:FFD1F6C6,FFD1F6C8:FFD1FF22,FFD1FF28:FFD23446,FFD23448:FFD2451A,FFD24520:FFD38D46,FFD38D48:FFD57ECA,FFD57ED0:FFD5C28A,FFD5C290:FFD60942,FFD60948:FFD65682,FFD65688:FFD68A5E,FFD68A60:FFD69F3E,FFD69F40:FFD6BF92,FFD6BF98:FFD6E15A,FFD6E160:FFD70C02,FFD70C08:FFD72DD2,FFD72DD8:FFD7815E,FFD78160:FFD8F626,FFD8F628:FFD9FE1A,FFD9FE20:FFDA42FA,FFDA4300:FFDA6752,FFDA6758:FFDAAE8E,FFDAAE90:FFDAF286,FFDAF288:FFDBBAFE,FFDBBB00:FFDBCDA2,FFDBCDA8:FFDCC68A,FFDCC690:FFDCCF52,FFDCCF58:FFDD1C12,FFDD1C18:FFDD4F9A,FFDD4FA0:FFDDC01A,FFDDC020:FFDE9DAA,FFDE9DB0:FFDEAADA,FFDEAAE0:FFDEBE0E,FFDEBE10:FFDF8E9E,FFDF8EA0:FFE08B7E,FFE08B80:FFE09696,FFE09698:FFE0C35E,FFE0C360:FFE0D182,FFE0D188:FFE0E67E,FFE0E680:FFE0F946,FFE0F948:FFE15CEA,FFE15FE0:FFE1CACE,FFE1CAD0:FFE1FE4A,FFE1FE50:FFE2460A,FFE24610:FFE27556,FFE27558:FFE2D4A2,FFE2D4A8:FFE3186A,FFE31870:FFE32B6E,FFE32B70:FFE3360A,FFE33610:FFE3425C,FFE34260:FFE36A5D,FFE36A60:FFE398E6,FFE39958:FFE3D52B]
    * DXE{}: BIOSImage:PhysMemMapper:[FF110148:FF110C96,FF110C98:FF124477,FF124478:FF130DFC,FF130E00:FF136045,FF136048:FF13676A,FF136770:FF1386E9,FF1386F0:FF1443E6,FF1443E8:FF149B37,FF149B38:FF14A2E6,FF14A2E8:FF14AB12,FF14AB18:FF14EBE2,FF14EBE8:FF14F27A,FF14F280:FF150BC9,FF150BD0:FF15D464,FF15D468:FF162A56,FF162A58:FF165DB9,FF165DC0:FF168949,FF168950:FF16A9B5,FF16A9B8:FF16B433,FF16B438:FF1744EF,FF1744F0:FF1750BC,FF1750C0:FF176B3B,FF176B40:FF177895,FF177898:FF179876,FF179878:FF17C094,FF17D9C8:FF18C6F5,FF18C6F8:FF18DE6A,FF18DE70:FF1958AB,FF1958B0:FF196B8F,FF196B90:FF19AC13,FF19AC18:FF19C6DB,FF19C6E0:FF1A149C,FF1A14A0:FF1A2BF2,FF1A2BF8:FF1A6E67,FF1A6E68:FF1A824A,FF1A8250:FF1A9377,FF1A9378:FF1AD803,FF1AD808:FF1B6AC9,FF1B6AD0:FF1B9E41,FF1B9E48:FF1BB9A3,FF1BB9A8:FF1BCB0E,FF1BCB10:FF1BD2E3,FF1BD2E8:FF1BD9E5,FF1BD9E8:FF1BE677,FF1BE678:FF1C2794,FF1C2798:FF1CAE4C,FF1CAE50:FF1CBD74,FF1CBD78:FF1CCD84,FF1CCD88:FF1CEAB3,FF1CEAB8:FF1D0D06,FF1D0D08:FF1D16C2,FF1D16C8:FF1D2861,FF1D2868:FF1D3022,FF1D3028:FF1D70D6,FF1D70D8:FF1D9B26,FF1D9B28:FF1DABB7,FF1DABB8:FF1DB536,FF1DB538:FF1E3C04,FF1E3C08:FF1E4D2D,FF1E4D30:FF1E7767,FF1E7768:FF1E80A3,FF1E80A8:FF1E9EFD,FF1E9F00:FF1EBA46,FF1EBA48:FF1EE6C3,FF1EE6C8:FF1EF511,FF1EF518:FF1F1A89,FF1F1A90:FF203199,FF2031A0:FF205C94,FF205C98:FF206DF3,FF206DF8:FF20B7FC,FF20B800:FF20C2FE,FF20C300:FF20DC14,FF20DC18:FF20FD65,FF20FD68:FF2109E4,FF2109E8:FF21D3EB,FF21D3F0:FF21F7D7,FF21F7D8:FF222D24,FF222D28:FF223606,FF223608:FF225407,FF225408:FF226F1E,FF226F20:FF2279CD,FF2279D0:FF227F32,FF227F38:FF228426,FF228428:FF228915,FF228918:FF229BB1,FF229BB8:FF22A25D,FF22A260:FF22C282,FF22C288:FF22C834,FF22C838:FF22CD34,FF22CD38:FF22D8B2,FF22D8B8:FF22F3C4,FF22F3C8:FF230651,FF230658:FF230B45,FF230B48:FF23114D,FF231150:FF23168E,FF231690:FF23239D,FF2323A0:FF23295C,FF232960:FF233007,FF233008:FF2334FA,FF233500:FF233A0C,FF233A10:FF23553E,FF235540:FF2367DC,FF2367E0:FF236CDD,FF236CE0:FF23729E,FF2372A0:FF237949,FF237950:FF237E42,FF237E48:FF238356,FF238358:FF239E86,FF239E88:FF23B124,FF23B128:FF23B626,FF23B628:FF23BBE5,FF23BBE8:FF23C291,FF23C298:FF23C78A,FF23C790:FF23CC9E,FF23CCA0:FF23E7CE,FF23E7D0:FF23FA6D,FF23FA70:FF23FF6E,FF23FF70:FF24052D,FF240530:FF240BD9,FF240BE0:FF2410D1,FF2410D8:FF2415E5,FF2415E8:FF243115,FF243118:FF2443B4,FF2443B8:FF2448B6,FF2448B8:FF244E61,FF244E68:FF245502,FF245508:FF2459EC,FF2459F0:FF245EDC,FF245EE0:FF247A02,FF247A08:FF248C96,FF248C98:FF250AB5,FF250AB8:FF252223,FF252228:FF252E4F,FF252E50:FF25841F,FF258420:FF2595EF,FF2595F0:FF2602C2,FF2602C8:FF2614EC,FF2614F0:FF262A0B,FF262A10:FF26A94F,FF26A950:FF2797B9,FF2797C0:FF27A992,FF27A998:FF27C7E3,FF27C7E8:FF27CE89,FF27CE90:FF27D4F7,FF27D4F8:FF27DDAA,FF27DDB0:FF27EB57,FF27EB58:FF27F469,FF27F470:FF280185,FF280188:FF28440D,FF284410:FF28D2AF,FF28D2B0:FF294AF1,FF294AF8:FF295E5F,FF295E60:FF296D83,FF296D88:FF29E4F9,FF29E500:FF2A0D51,FF2A0D58:FF2A1811,FF2A1818:FF2A2219,FF2A2220:FF2A2EF9,FF2A2F00:FF2A33F1,FF2A33F8:FF2A3B0C,FF2A3B10:FF2A6ABF,FF2A6AC0:FF2A9731,FF2A9738:FF2AB453,FF2AB458:FF2AD8A7,FF2AD8A8:FF2AFBBD,FF2AFBC0:FF2B3E41,FF2B3E48:FF2B842F,FF2B8430:FF2C73BC,FF2C73C0:FF2CADE4,FF2CADE8:FF2CD04F,FF2CD050:FF2D0769,FF2D0770:FF2D54AA,FF2D54B0:FF2D7952,FF2D7958:FF2DFC5C,FF2DFC60:FF2E82F6,FF2E82F8:FF2ED7D2,FF2ED7D8:FF2F1529,FF2F1530:FF2F69D5,FF2F69D8:FF2FBC84,FF2FBC88:FF30499D,FF3049A0:FF309227,FF309228:FF30D955,FF30D958:FF3183D4,FF3183D8:FF31C9FC,FF31CA00:FF321E64,FF321E68:FF326AD7,FF326AD8:FF327B7E,FF327B80:FF3299D6,FF3299D8:FF32C8CE,FF32C8D0:FF32FF47,FF32FF48:FF33B66F,FF33B670:FF33F1AC,FF33F1B0:FF3429A5,FF3429A8:FF349E94,FF437578:FF437C78,FF45DB20:FF49B9E0,FF4A32F0:FF4A6344,FF4A85D0:FF4AAE1C,FF4AAE20:FF4B55CA,FF4B5688:FF4B8BB2,FF4B8BB8:FF4B9ADF,FF4BA690:FF4BC81E,FF4BC820:FF4BECC0,FF57DEC8:FF57F8DB,FF57FC08:FF583807,FF583808:FF58A9FF,FF58AA00:FF58B2C5,FF593D40:FF5BB4FD,FF5F1F98:FF647034,FF647038:FF65FC54,FF660108:FF6DB929]

Measured/protected data log:
    0: PCH <- BIOSImage:PhysMemMapper:[FFBC0000:FFC00000] (IntelFITFirst(SACM)) [intelactors.PCH]
    1: TPM <- BIOSImage:PhysMemMapper:[FFBC0014:FFBC0018] (ACMDate) [intelactors.ACM]
    2: TPM <- BIOSImage:PhysMemMapper:[FFBB0160:FFBB0180,FFC00000:100000000] (IntelFITAll(BIOSStartupModuleEntry)) [intelactors.ACM]
    3: TPM <- RawBytes:[0:4] (Bytes{00000000}) [intelactors.ACM]
    4: TPM <- RawBytes:[0:10] (PCDVariable("FirmwareVendorVersion")) [actors.PEI]
    5: TPM <- BIOSImage:PhysMemMapper:[FF110000:FFBAF000] (UEFIGUIDFirst(4F1C52D3-D824-4D2A-A2F0-EC40C23C5916, 5C60F367-A505-419A-859E-2A4FF6CA6FE5)) [actors.PEI]
    6: TPM <- RawBytes:[0:4] (Bytes{00000000}) [actors.PEI]

Measured/protected data:
    0: *biosimage.BIOSImage (biosimage.PhysMemMapper)
        0: 0xFF110000:0xFFBAF000
        1: 0xFFBB0160:0xFFBB0180
        2: 0xFFBC0000:0x100000000
    1: types.RawBytes
        0: 0x0:0x4
    2: types.RawBytes
        0: 0x0:0x10
    3: types.RawBytes
        0: 0x0:0x4

Issues:
    <NONE>
[xaionaro@void converged-security-suite]$ go run ./cmd/pcr0tool bruteforce_acm_policy_status -expected-pcr0 9712906BE7714A3B38B595A7AD3342C7C0A49271 -registers /tmp/1.json ~/firmware/craterlake_dvt_Y35CLP01/Y35CLP01.bin
Log:
0. if FITPresent{} then SetFlow({if BPMPresent{} then SetFlow({SetActor(P..., ...}):
    Actions:
        0. SetFlow({if BPMPresent{} then SetFlow({SetActor(P..., ...})
1. if BPMPresent{} then SetFlow({SetActor(PCH{}), ...}):
    Actions:
        0. SetFlow({SetActor(PCH{}), ...})
2. SetActor(PCH{}):
    Actions:
        0. SetActor(PCH{})
3. VerifyACMType{FallbackFlow:types.Flow{Name:"IntelCBnTFailure", Steps:types.Steps{(*commonsteps.SetFlowStruct)(0xc00011d860)}}}:
    MeasuredData:
        0. PCH <- BIOSImage:PhysMemMapper:[FFA80000:FFAC0000] (IntelFITFirst(SACM)) [intelactors.PCH]
    Actions:
        0. SetPCHVerified(IntelFITFirst(SACM))
4. VerifyKMType{FallbackFlow:types.Flow{Name:"IntelCBnTFailure", Steps:types.Steps{(*commonsteps.SetFlowStruct)(0xc00011d860)}}}:
    MeasuredData:
        0. PCH <- BIOSImage:PhysMemMapper:[FFFA2A80:FFFA2DE5] (IntelFITFirst(KeyManifestRecord)) [intelactors.PCH]
    Actions:
        0. SetPCHVerified(IntelFITFirst(KeyManifestRecord))
5. VerifyBPMType{FallbackFlow:types.Flow{Name:"IntelCBnTFailure", Steps:types.Steps{(*commonsteps.SetFlowStruct)(0xc00011d860)}}}:
    MeasuredData:
        0. PCH <- BIOSImage:PhysMemMapper:[FFFA2580:FFFA2A15] (IntelFITFirst(BootPolicyManifestRecord)) [intelactors.PCH]
    Actions:
        0. SetPCHVerified(IntelFITFirst(BootPolicyManifestRecord))
6. VerifyIBBType{FallbackFlow:types.Flow{Name:"IntelCBnTFailure", Steps:types.Steps{(*commonsteps.SetFlowStruct)(0xc00011d860)}}}:
    MeasuredData:
        0. PCH <- BIOSImage:PhysMemMapper:[FFED0000:FFFA2580,FFFA2A40:FFFA2A80,FFFA2E00:100000000] (IBB) [intelactors.PCH]
    Actions:
        0. SetPCHVerified(IBB)
7. SetActor(ACM{}):
    Actions:
        0. SetActor(ACM{})
8. InitTPMStruct{Locality:0x3, WithLog:true}:
    Actions:
        0. TPMInit(3)
        1. TPMEventLogAdd(PCR: 0, Algo: SHA1, Digest: 0x0x0000000000000000000000000000000000000000, EventData: 537461727475704C6F63616C6974790003)
        2. TPMEventLogAdd(PCR: 0, Algo: SHA256, Digest: 0x0x0000000000000000000000000000000000000000000000000000000000000000, EventData: 537461727475704C6F63616C6974790003)
9. MeasurePCR0DATA{}:
    MeasuredData:
        0. TPM <- TXTPublic:[378:380], BIOSImage:PhysMemMapper:[FFA8001C:FFA8001E], BIOSImage:PhysMemMapper:[FFA80200:FFA80380], BIOSImage:PhysMemMapper:[FFFA2C65:FFFA2DE5], BIOSImage:PhysMemMapper:[FFFA2895:FFFA2A15], BIOSImage:PhysMemMapper:[FFFA2604:FFFA2618] (StaticData{TXTPublic:[378:380], BIOSImage:PhysMemMapper:[FFA8001C:FFA8001E], BIOSImage:PhysMemMapper:[FFA80200:FFA80380], BIOSImage:PhysMemMapper:[FFFA2C65:FFFA2DE5], BIOSImage:PhysMemMapper:[FFFA2895:FFFA2A15], BIOSImage:PhysMemMapper:[FFFA2604:FFFA2618]}) [intelactors.ACM]
        1. TPM <- TXTPublic:[378:380], BIOSImage:PhysMemMapper:[FFA8001C:FFA8001E], BIOSImage:PhysMemMapper:[FFA80200:FFA80380], BIOSImage:PhysMemMapper:[FFFA2C65:FFFA2DE5], BIOSImage:PhysMemMapper:[FFFA2895:FFFA2A15], BIOSImage:PhysMemMapper:[FFFA25E0:FFFA2600] (StaticData{TXTPublic:[378:380], BIOSImage:PhysMemMapper:[FFA8001C:FFA8001E], BIOSImage:PhysMemMapper:[FFA80200:FFA80380], BIOSImage:PhysMemMapper:[FFFA2C65:FFFA2DE5], BIOSImage:PhysMemMapper:[FFFA2895:FFFA2A15], BIOSImage:PhysMemMapper:[FFFA25E0:FFFA2600]}) [intelactors.ACM]
    Actions:
        0. TPMExtend(PCR: 0, DataSource: StaticData{TXTPublic:[378:380], BIOSImage:PhysMemMapper:[FFA8001C:FFA8001E], BIOSImage:PhysMemMapper:[FFA80200:FFA80380], BIOSImage:PhysMemMapper:[FFFA2C65:FFFA2DE5], BIOSImage:PhysMemMapper:[FFFA2895:FFFA2A15], BIOSImage:PhysMemMapper:[FFFA2604:FFFA2618]})
        1. TPMEventLogAdd(PCR: 0, Algo: SHA1, Digest: 0x0x653D0F0526AB604D7E85A5A47CD5B0DAB5DA068A, EventData: 504352305F444154412053484131)
        2. TPMExtend(PCR: 0, DataSource: StaticData{TXTPublic:[378:380], BIOSImage:PhysMemMapper:[FFA8001C:FFA8001E], BIOSImage:PhysMemMapper:[FFA80200:FFA80380], BIOSImage:PhysMemMapper:[FFFA2C65:FFFA2DE5], BIOSImage:PhysMemMapper:[FFFA2895:FFFA2A15], BIOSImage:PhysMemMapper:[FFFA25E0:FFFA2600]})
        3. TPMEventLogAdd(PCR: 0, Algo: SHA256, Digest: 0x0xABEFCEC86049CC87B84EFD1EF18B98BC386D476C5709BD21A3885EE1309679B7, EventData: 504352305F4441544120534841323536)
10. SetFlow({SetActor(Unknown{}), ...}):
    Actions:
        0. SetFlow({SetActor(Unknown{}), ...})
11. SetActor(Unknown{}):
    Actions:
        0. SetActor(Unknown{})
12. if IsOCPv0{} then SetFlow({SetActor(PEI{}), ...}):
13. if IsOCPv1{} then SetFlow({SetActor(PEI{}), ...}):
    Actions:
        0. SetFlow({SetActor(PEI{}), ...})
14. SetActor(PEI{}):
    Actions:
        0. SetActor(PEI{})
15. unless TPMIsInited{} do InitTPMStruct{Locality:0x0, WithLog:false}:
16. StaticStep{TPMEvent(PCR: 0, DataSource: PCDVariable("FirmwareVendorVersion"), Type: EV_S_CRTM_VERSION (0x8))}:
    MeasuredData:
        0. TPM <- RawBytes:[0:10] (PCDVariable("FirmwareVendorVersion")) [actors.PEI]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: PCDVariable("FirmwareVendorVersion"), Type: EV_S_CRTM_VERSION (0x8))
17. if IsOCPv0{} then if ManifestPresent{} then MergeSteps{types.StaticStep{(*tpmactions.TPMEvent)(0xe67a40)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67c40)}} else MergeSteps{types.StaticStep{(*tpmactions.TPMEvent)(0xe67940)}} else if ManifestPresent{} then MergeSteps{types.StaticStep{(*tpmactions.TPMEvent)(0xe679c0)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67a00)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67a80)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67ac0)}} else MergeSteps{types.StaticStep{(*tpmactions.TPMEvent)(0xe67b00)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67b40)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67b80)}, types.StaticStep{(*tpmactions.TPMEvent)(0xe67bc0)}}:
    MeasuredData:
        0. TPM <- BIOSImage:PhysMemMapper:[FFB30000:FFB90000] (UEFIGUIDFirst(1638673D-EFE6-400B-951F-ABAC2CB31C60)) [actors.PEI]
        1. TPM <- BIOSImage:PhysMemMapper:[FFAC0000:FFB30000] (UEFIGUIDFirst(14E428FA-1A12-4875-B637-8B3CC87FDF07)) [actors.PEI]
        2. TPM <- BIOSImage:PhysMemMapper:[FF9BF000:FF9FF000] (UEFIGUIDFirst(013B9639-D6D5-410F-B7A9-F9173C56ECDA)) [actors.PEI]
        3. TPM <- BIOSImage:PhysMemMapper:[FF110000:FF77F000] (UEFIGUIDFirst(4F1C52D3-D824-4D2A-A2F0-EC40C23C5916, 5C60F367-A505-419A-859E-2A4FF6CA6FE5)) [actors.PEI]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: UEFIGUIDFirst(1638673D-EFE6-400B-951F-ABAC2CB31C60), Type: EV_EFI_PLATFORM_FIRMWARE_BLOB2 (0x8000000A))
        1. TPMEvent(PCR: 0, DataSource: UEFIGUIDFirst(14E428FA-1A12-4875-B637-8B3CC87FDF07), Type: EV_EFI_PLATFORM_FIRMWARE_BLOB2 (0x8000000A))
        2. TPMEvent(PCR: 0, DataSource: UEFIGUIDFirst(013B9639-D6D5-410F-B7A9-F9173C56ECDA), Type: EV_EFI_PLATFORM_FIRMWARE_BLOB2 (0x8000000A))
        3. TPMEvent(PCR: 0, DataSource: UEFIGUIDFirst(4F1C52D3-D824-4D2A-A2F0-EC40C23C5916, 5C60F367-A505-419A-859E-2A4FF6CA6FE5), Type: EV_EFI_PLATFORM_FIRMWARE_BLOB2 (0x8000000A))
18. StaticStep{TPMEvent(PCR: 0, DataSource: Bytes{00000000}, Type: EV_SEPARATOR (0x4))}:
    MeasuredData:
        0. TPM <- RawBytes:[0:4] (Bytes{00000000}) [actors.PEI]
    Actions:
        0. TPMEvent(PCR: 0, DataSource: Bytes{00000000}, Type: EV_SEPARATOR (0x4))
19. SetFlow({SetActor(DXE{})}):
    Actions:
        0. SetFlow({SetActor(DXE{})})
20. SetActor(DXE{}):
    Actions:
        0. SetActor(DXE{})
COMBINATION: [0 2]
RESULT: 0x81C4100002000000