When eventlog tool is run as user (such as in a command prompt without sudo, or in an IDE which is run as the user), the vendor-table.json file is not accessible, and so valid GUID lookups return "unknown GUID reference". In some cases the code needs this GUID reference to determine the next piece of code that executes. If the GUID is valid but the code thinks it is invalid, it will not process the next chunk of data properly.
Changes needed:
Part 1:
do not process code with an unknown SignatureType in EFI_SIGNATURE_TYPE, and annotate this in the toString method
add output to indicate how many signature lists there are, and how many certs or hashes in each list
Part 2:
move the resource vendor-table.json from HIRS_AttestationCA to HIRS_Utils
update the reference in these 3 places as well:
HIRS_AttestationCAPortal/build.gradle, 127: from '../HIRS_AttestationCA/src/main/resources/vendor-table.json'
in UefiGuid.java, when grabbing the file vendor-table.json from /etc/hirs/aca/default-properties/vendor-table.json, if the file is not accessible, then grab the file from code: /HIRS_Utils/src/main/resources/vendor-table.json
if the vendor-table.json is not accessible, then in eventlog_tool's Main, print a msg noting this and warning that not all Secure Boot PCR 7 data will be processed
if the vendor-table.json from code was used, then in eventlog_tool's Main, print a msg noting that the file was not found, and the code file was used
Note for testing purposes:
Typical file permissions for the path to vendor
/etc/ drwxr-xr-x.
/hirs/ drwxr-xr-x
/aca/ drwxr-x---
/default-properties/ drwxr-xr-x
vendor-table.json -rw-r--r--
For testing purposes, to render the file vendor-table.json acessible to user, the permissions for /aca/ need to be changed from 750 to 751.
When eventlog tool is run as user (such as in a command prompt without sudo, or in an IDE which is run as the user), the vendor-table.json file is not accessible, and so valid GUID lookups return "unknown GUID reference". In some cases the code needs this GUID reference to determine the next piece of code that executes. If the GUID is valid but the code thinks it is invalid, it will not process the next chunk of data properly.
Changes needed:
Part 1:
Part 2:
Note for testing purposes: Typical file permissions for the path to vendor