pcr

package
v2.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2023 License: BSD-3-Clause Imports: 33 Imported by: 23

Documentation

Index

Constants

View Source 
const (
	// FlowAuto means to guess the flow.
	FlowAuto = Flow(iota)

	// FlowIntelLegacyTXTDisabled means a pre-CBnT flow with disabled TXT.
	FlowIntelLegacyTXTDisabled

	// FlowIntelLegacyTXTEnabled means a pre-CBnT flow with enabled TXT.
	FlowIntelLegacyTXTEnabled

	// FlowIntelCBnT0T means CBnT flow with profile "0T".
	FlowIntelCBnT0T

	// FlowIntelLegacyTXTEnabledTPM12 means a pre-CBnT flow with enabled TXT for TPM 1.2
	FlowIntelLegacyTXTEnabledTPM12

	// FlowLegacyAMDLocality0 means an AMD flow with TPM locality 0 initialisation of TPM and with legacy set of measurements
	FlowLegacyAMDLocality0

	// FlowLegacyAMDLocality3 means an AMD flow with TPM locality 3 initialisation of TPM and with legacy set of measurements
	FlowLegacyAMDLocality3

	// FlowAMDLocality0 means an AMD flow with TPM locality 0 initialisation of TPM
	FlowAMDLocality0

	// FlowAMDLocality3 means an AMD flow with TPM locality 0 initialisation of TPM
	FlowAMDLocality3
)
View Source 
const (
	MeasurementIDUndefined = MeasurementID(iota)
	MeasurementIDInit
	MeasurementIDPCR0DATA
	MeasurementIDACM
	MeasurementIDACMDate
	MeasurementIDKeyManifest
	MeasurementIDBootPolicyManifest
	MeasurementIDIBBFake
	MeasurementIDBIOSStartupModule
	MeasurementIDSCRTMSeparator
	MeasurementIDPCDFirmwareVendorVersionData
	MeasurementIDPCDFirmwareVendorVersionCode
	MeasurementIDDXE
	MeasurementIDSeparator
	MeasurementIDFITPointer
	MeasurementIDFITHeaders
	MeasurementIDDeepAnalysis
	MeasurementIDACMDateInPlace
	MeasurementIDBIOSDirectoryLevel1
	MeasurementIDBIOSDirectoryLevel1Entries
	MeasurementIDBIOSDirectoryLevel1Header
	MeasurementIDBIOSDirectoryLevel2
	MeasurementIDBIOSDirectoryLevel2Entries
	MeasurementIDBIOSDirectoryLevel2Header
	MeasurementIDPSPDirectoryLevel1
	MeasurementIDPSPDirectoryLevel1Entries
	MeasurementIDPSPDirectoryLevel1Header
	MeasurementIDPSPDirectoryLevel2
	MeasurementIDPSPDirectoryLevel2Entries
	MeasurementIDPSPDirectoryLevel2Header
	MeasurementIDMP0C2PMsgRegisters
	MeasurementIDEmbeddedFirmwareStructure
	MeasurementIDPSPVersion
	MeasurementIDBIOSRTMVolume
	MeasurementIDPMUFirmwareInstructions
	MeasurementIDPMUFirmwareData
	MeasurementIDMicrocodePatch
	MeasurementIDVideoImageInterpreter
	MeasurementIDUnknown
	EndOfMeasurementID
)

List of available MeasurementID-s

View Source 
const (
	DataChunkIDUndefined = DataChunkID(iota)
	DataChunkIDBIOSStartup0
	DataChunkIDBIOSStartup1
	DataChunkIDBIOSStartup2
	DataChunkIDBIOSStartup3
	DataChunkIDBIOSStartup4
	DataChunkIDBIOSStartup5
	DataChunkIDACMPolicyStatus
	DataChunkIDACMHeaderSVN
	DataChunkIDACMSignature
	DataChunkIDKeyManifestSignature
	DataChunkIDBootPolicyManifestSignature
	DataChunkIDIBBDigest
	DataChunkIDUnknown
	EndOfDataChunkID
)

The list of available DataChunkID-s

Variables

View Source 
var DefaultMeasurementConfig = MeasurementConfig{
	Flow: FlowAuto,
}

DefaultMeasurementConfig defines the default values for MeasurementConfig.

View Source 
var Flows = []Flow{
	FlowAuto,
	FlowIntelLegacyTXTDisabled,
	FlowIntelLegacyTXTEnabled,
	FlowIntelLegacyTXTEnabledTPM12,
	FlowIntelCBnT0T,
	FlowLegacyAMDLocality0,
	FlowLegacyAMDLocality3,
	FlowAMDLocality0,
	FlowAMDLocality3,
}

Flows contains all supported PCR measurements flows

View Source 
var (
	// LoggingDataLimit is a limit of how many bytes of a measured data
	// to write per measurement. It is takes arbitrary (feel free to change it):
	LoggingDataLimit = uint(20)
)
View Source 
var (
	// Separator is used to separate different chains of measurements.
	//
	// This value is also known by it's SHA1 value "9069CA78E7450A285173431B3E52C5C25299E473"
	Separator = []byte("\000\000\000\000")
)

Functions

func CalculatePCR 

func CalculatePCR(image []byte, initialValue uint8, measureEvents []MeasureEvent, hasher hash.Hash, logger Printfer) ([]byte, error)

CalculatePCR performs the calculation of the PCR value using image `uefi`.

func DetectTPM 

func DetectTPM(firmware Firmware, regs registers.Registers) (tpmdetection.Type, error)

DetectTPM returns which TPM type is used on a machine, given it has defined BIOS firmware and registers.

func GetMeasurements 

func GetMeasurements(
	firmware Firmware,
	pcrID ID,
	opts ...MeasureOption,
) (
	measurements Measurements,
	flow Flow,
	debugInfo map[string]interface{},
	err error,
)

GetMeasurements returns the measurements which should be performed to calculate the requested PCR value based on this `firmware`.

func IsAMDPSPFirmware 

func IsAMDPSPFirmware(firmware Firmware) bool

IsAMDPSPFirmware checks if firmware belongs to AMD Platform security

func IsCBnTFirmware 

func IsCBnTFirmware(firmware Firmware) bool

IsCBnTFirmware checks if firmware supports CBnT

func Replay 

func Replay(eventLog *tpmeventlog.TPMEventLog, pcrIndex pcr.ID, hashAlgo tpmeventlog.TPMAlgorithm, logOut io.Writer) ([]byte, error)

Replay reproduces a PCR value given events, PCR index and hash algorithm.

Types

type CachedMeasurement 

type CachedMeasurement struct {
	Measurement
	// contains filtered or unexported fields
}

CachedMeasurement is a Measurement with hash value computed at creation time

func (CachedMeasurement) Calculate 

func (m CachedMeasurement) Calculate(image []byte, hasher hash.Hash) ([]byte, error)

func (CachedMeasurement) CompileMeasurableData 

func (m CachedMeasurement) CompileMeasurableData(image []byte) []byte

type DataChunk 

type DataChunk struct {
	ID DataChunkID `json:",omitempty"`

	// Range contains byte range of the firmware to be measured
	Range bytes.Range `json:",omitempty"`

	// ForceData is used to define hard-coded values.
	ForceData []byte `json:",omitempty"`
}

DataChunk contains a chunk of data that is measured during one measurement. It could be a range of bytes inside firmware placed in `Range` or if `ForceData` is not nil, then it is used as the measurable data instead of `Range`.

func NewRangeDataChunk 

func NewRangeDataChunk(id DataChunkID, offset uint64, length uint64) *DataChunk

NewRangeDataChunk returns a DataChunk based on image data.

func NewStaticDataChunk 

func NewStaticDataChunk(id DataChunkID, data []byte) *DataChunk

NewStaticDataChunk returns a DataChunk based on a predefined value.

func (DataChunk) CompileMeasurableData 

func (chunk DataChunk) CompileMeasurableData(image []byte) []byte

CompileMeasurableData returns the data to be measured.

func (DataChunk) Copy 

func (chunk DataChunk) Copy() *DataChunk

Copy performs a deep copy.

func (DataChunk) String 

func (chunk DataChunk) String() string

String implements fmt.Stringer

type DataChunkID 

type DataChunkID int

DataChunkID is an unique identified of the measured data chunk

func DataChunkIDBIOSStartup 

func DataChunkIDBIOSStartup(entryIndex uint) (DataChunkID, error)

DataChunkIDBIOSStartup returns DataChunkID corresponding to entryIndex-th BIOS Startup entry (accordingly to FIT).

func (DataChunkID) MarshalJSON 

func (id DataChunkID) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (DataChunkID) String 

func (id DataChunkID) String() string

String implements fmt.Stringer

func (*DataChunkID) UnmarshalJSON 

func (id *DataChunkID) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler.

type DataChunks 

type DataChunks []DataChunk

DataChunks is a set of DataChunk-s.

func (DataChunks) Copy 

func (s DataChunks) Copy() DataChunks

Copy performs a deep copy.

func (DataChunks) Find 

func (s DataChunks) Find(id DataChunkID) *DataChunk

Find returns the chunk with the specified DataChunkID. Or returns nil if such data chunk was not found.

func (DataChunks) Ranges 

func (s DataChunks) Ranges() bytes.Ranges

Ranges returns a slice of all Range-s where ForceData is nil.

type DataProvider 

type DataProvider interface {
	Firmware() Firmware
	FITEntries() []fit.Entry
	PCDData() pcd.ParsedFirmware
	PSPFirmware() *amd.PSPFirmware
}

DataProvider provides input data for a MeasureFunc.

type ErrCollect 

type ErrCollect struct {
	MeasurementID MeasurementID
	Err           error
}

ErrCollect means it wasn't able to parse the construct PCR0_DATA structure.

func (ErrCollect) Error 

func (err ErrCollect) Error() string

func (ErrCollect) Unwrap 

func (err ErrCollect) Unwrap() error

type ErrGetFIT 

type ErrGetFIT struct {
	Err error
}

ErrGetFIT means it wasn't able to parse the FIT table.

func (ErrGetFIT) Error 

func (err ErrGetFIT) Error() string

func (ErrGetFIT) Unwrap 

func (err ErrGetFIT) Unwrap() error

type ErrNoSACM 

type ErrNoSACM struct{}

ErrNoSACM means no S-ACM was found.

func (ErrNoSACM) Error 

func (err ErrNoSACM) Error() string

Error implements interface `error`.

type ErrNoTXTPolicyRecord 

type ErrNoTXTPolicyRecord struct{}

ErrNoTXTPolicyRecord means there wasn't found any TXT Policy Record entries in the FIT.

func (*ErrNoTXTPolicyRecord) Error 

func (err *ErrNoTXTPolicyRecord) Error() string

type ErrNotSupportedIndex 

type ErrNotSupportedIndex struct {
	Index       ID
	Description string
}

ErrNotSupportedIndex means selected PCR index is not supported (yet?)

func (ErrNotSupportedIndex) Error 

func (err ErrNotSupportedIndex) Error() string

Error implements interface `error`.

type ErrPCDVendorVersion 

type ErrPCDVendorVersion struct{}

ErrPCDVendorVersion means it was unable to detect PCD Vendor Version.

func (ErrPCDVendorVersion) Error 

func (err ErrPCDVendorVersion) Error() string

type ErrUnexpectedEventType 

type ErrUnexpectedEventType struct {
	Event  tpmeventlog.Event
	Reason string
}

ErrUnexpectedEventType means there was received an unexpected event type

func (ErrUnexpectedEventType) Error 

func (err ErrUnexpectedEventType) Error() string

Error implements interface `error`.

type ErrUnknownPCRID 

type ErrUnknownPCRID struct {
	PCRID ID
}

ErrUnknownPCRID means we don't know how to perform the requested action for the selected PCR register.

func (*ErrUnknownPCRID) Error 

func (err *ErrUnknownPCRID) Error() string

type Firmware 

type Firmware = *uefi.UEFI

Firmware is a parsed firmware image

type Flow 

type Flow int

Flow defines which measurements are used to get the final PCR values.

func DetectAttestationFlow 

func DetectAttestationFlow(firmware Firmware, regs registers.Registers, tpmDevice tpmdetection.Type) (Flow, error)

DetectAttestationFlow return the PCR0 measurements flow.

For example CBnT-0T falls back to TXT-disabled if BPM signature is invalid.

func DetectMainAttestationFlow 

func DetectMainAttestationFlow(firmware Firmware, regs registers.Registers, tpmDevice tpmdetection.Type) (Flow, error)

DetectMainAttestationFlow returns the PCR0 measurements flow assuming no validation errors occurred.

func FlowFromString 

func FlowFromString(s string) (Flow, error)

FlowFromString parses Flow from a string.

func (Flow) CPUVendorID 

func (f Flow) CPUVendorID() cpuid.Vendor

CPUVendorID returns vendor ID of the CPU.

func (Flow) MeasurementIDs 

func (f Flow) MeasurementIDs() MeasurementIDs

MeasurementIDs returns which measurements should be performed for in flow.

func (Flow) PlatformSecurityID 

func (f Flow) PlatformSecurityID() platformsecurity.ID

PlatformSecurityID returns the ID of the platform security family (which combines CPU and RTM).

func (Flow) String 

func (f Flow) String() string

String implements fmt.Stringer

func (Flow) TPMLocality 

func (f Flow) TPMLocality() uint8

TPMLocality returns TPM initialization locality in this flow.

func (Flow) ValidateFlow 

func (f Flow) ValidateFlow() ValidateFlow

ValidateFlow returns a validator could be used if the flow will indeed be active on a real machine. For example CBnT flow works only on firmwares with valid manifests, otherwise it falls back to TXT-disabled flow.

type ID 

type ID = types.ID

ID is a numeric identifier of a PCR register. For example PCR0 has ID == 0 and PCR8 has ID == 8.

type MeasureEvent 

type MeasureEvent interface {
	// NOTE: this would normally be named ID() but it conflicts with Measurement.ID that
	// will implement this interface later on
	GetID() MeasurementID
	CompileMeasurableData(image []byte) []byte
	Calculate(image []byte, hasher hash.Hash) ([]byte, error)
}

MeasureEvent describes a measurement event that can calculate the hash given the data

type MeasureFunc 

type MeasureFunc func(MeasurementConfig, DataProvider) (Measurements, error)

MeasureFunc performs a measurement.

type MeasureOption 

type MeasureOption interface {
	Apply(*MeasurementConfig) error
}

MeasureOption is the interface of an option which may change the behavior of how PCR measurements are performed

type Measurement 

type Measurement struct {
	// ID is the unique identifier of the PCR measurement.
	ID MeasurementID

	// Data contains chunks of data to be measured as contiguous sequence of bytes
	Data DataChunks `json:",omitempty"`
}

Measurement is the key structure of all packages `pcr0/...`.

It defines one PCR measurement. Usually it means to extend the PCR value with a hash of bytes referenced by `DataChunk`.

func MeasureACM 

func MeasureACM(imageSize uint64, fitEntries []fit.Entry) (*Measurement, error)

MeasureACM returns a fake measurement of ACM.

func MeasureACMDate 

func MeasureACMDate(imageSize uint64, fitEntries []fit.Entry) (*Measurement, error)

MeasureACMDate returns a measurement of ACM date.

func MeasureACMDateInPlace 

func MeasureACMDateInPlace(hashAlg cbnt.Algorithm, imageSize uint64, fitEntries []fit.Entry) (*Measurement, error)

MeasureACMDateInPlace returns a measurement of ACM date, but without hashing it (it is used in obsolete TPM1.2 flows; a bug of the initial implementation?).

func MeasureBIOSDirectoryHeader 

func MeasureBIOSDirectoryHeader(table *amd.BIOSDirectoryTable, biosDirectoryTableRange pkgbytes.Range) (*Measurement, error)

MeasureBIOSDirectoryHeader constructs measurements of BIOS Directory table header

func MeasureBIOSDirectoryTable 

func MeasureBIOSDirectoryTable(table *amd.BIOSDirectoryTable, biosDirectoryTableRange pkgbytes.Range) (*Measurement, error)

MeasureBIOSDirectoryTable constructs measurements of BIOS Directory table

func MeasureBIOSDirectoryTableEntries 

func MeasureBIOSDirectoryTableEntries(table *amd.BIOSDirectoryTable) (*Measurement, error)

MeasureBIOSDirectoryTableEntries constructs measurements of AMD's BIOS directory table entries

func MeasureBIOSStartupModule 

func MeasureBIOSStartupModule(imageSize uint64, fitEntries []fit.Entry) (*Measurement, error)

MeasureBIOSStartupModule return the measurement of BIOS startup module.

func MeasureBootPolicy 

func MeasureBootPolicy(imageSize uint64, fitEntries []fit.Entry) (*Measurement, error)

MeasureBootPolicy returns a measurement containing CBnT key cbnt.

func MeasureDXE 

func MeasureDXE(firmware Firmware) (*Measurement, error)

MeasureDXE returns the DXE measurement.

func MeasureFITHeaders 

func MeasureFITHeaders(firmware Firmware) (*Measurement, error)

MeasureFITHeaders returns a fake measurement for FIT headers.

func MeasureFITPointer 

func MeasureFITPointer(firmware Firmware) *Measurement

MeasureFITPointer returns a fake measurement for FIT pointer.

func MeasureIBB 

func MeasureIBB(fitEntries []fit.Entry, firmwareSize uint64) (*Measurement, error)

MeasureIBB returns a measurement containing IBB according to BPM.

func MeasureInit 

func MeasureInit() *Measurement

MeasureInit returns the fake measurement for TPM initialization, it is used to match EventLog with expected measurements.

func MeasureKeyManifest 

func MeasureKeyManifest(imageSize uint64, fitEntries []fit.Entry) (*Measurement, error)

MeasureKeyManifest returns a measurement containing CBnT key cbnt.

func MeasureMP0C2PMsgRegisters 

func MeasureMP0C2PMsgRegisters(regs registers.Registers) (*Measurement, error)

MeasureMP0C2PMsgRegisters constructs measurement of AMD's MPO_CP2_MSG registers

func MeasurePCDFirmwareVendorVersionCode 

func MeasurePCDFirmwareVendorVersionCode(pcdData pcd.ParsedFirmware) (*Measurement, error)

MeasurePCDFirmwareVendorVersionCode returns a fake measurement which includes the executable containing the PCD firmware vendor version value.

func MeasurePCDFirmwareVendorVersionData 

func MeasurePCDFirmwareVendorVersionData(pcdData pcd.ParsedFirmware) (*Measurement, error)

MeasurePCDFirmwareVendorVersionData returns PCD firmware vendor version measurement.

func MeasurePCR0Data 

func MeasurePCR0Data(config MeasurementConfig, imageSize uint64, fitEntries []fit.Entry) (*Measurement, error)

MeasurePCR0Data returns a PCR0_DATA measurement.

func MeasurePSPDirectoryHeader 

func MeasurePSPDirectoryHeader(table *amd.PSPDirectoryTable, pspDirectoryTableRange pkgbytes.Range) (*Measurement, error)

MeasurePSPDirectoryHeader constructs measurements of PSP Directory table header

func MeasurePSPDirectoryTable 

func MeasurePSPDirectoryTable(table *amd.PSPDirectoryTable, pspDirectoryTableRange pkgbytes.Range) (*Measurement, error)

MeasurePSPDirectoryTable constructs measurements of PSP Directory table

func MeasurePSPDirectoryTableEntries 

func MeasurePSPDirectoryTableEntries(table *amd.PSPDirectoryTable) (*Measurement, error)

MeasurePSPDirectoryTableEntries constructs measurements of AMD's PSP directory table entries

func MeasurePSPVersion 

func MeasurePSPVersion(image []byte, pspDirectoryLevel1, pspDirectoryLevel2 *amd.PSPDirectoryTable) (*Measurement, error)

MeasurePSPVersion constructs measurement of PSP version

func MeasureSCRTMSeparator 

func MeasureSCRTMSeparator() *Measurement

MeasureSCRTMSeparator return the measurement which separates hardware S-RTM measurements from the rest firmware measurements.

func MeasureSeparator 

func MeasureSeparator() *Measurement

MeasureSeparator returns the separator measurement.

func NewRangeMeasurement 

func NewRangeMeasurement(id MeasurementID, offset uint64, length uint64) *Measurement

NewRangeMeasurement returns a measurement of a single range of a firmware image

func NewRangesMeasurement 

func NewRangesMeasurement(id MeasurementID, r bytes.Ranges) *Measurement

NewRangesMeasurement returns a measurement of multiple ranges of the firmware image

func NewStaticDataMeasurement 

func NewStaticDataMeasurement(id MeasurementID, data []byte) *Measurement

NewStaticDataMeasurement returns a measurement of a pre-defined value.

func (Measurement) Cache 

func (m Measurement) Cache(image []byte, hasher hash.Hash) (*CachedMeasurement, error)

func (*Measurement) Calculate 

func (m *Measurement) Calculate(image []byte, hashFunc hash.Hash) ([]byte, error)

Calculate returns the hash from the gathered blocks from image

func (Measurement) CompileMeasurableData 

func (m Measurement) CompileMeasurableData(image []byte) []byte

CompileMeasurableData returns all the bytes used for a PCR value measurement, referenced by `Data` from the image `uefi`.

func (Measurement) Copy 

func (m Measurement) Copy() *Measurement

Copy performs a deep copy.

func (*Measurement) Equal 

func (m *Measurement) Equal(cmp *Measurement) bool

Equal performs a deep comparison of two measurements and returns true if they contain exactly the same information.

func (Measurement) EventLogEventTypes 

func (m Measurement) EventLogEventTypes() []*tpmeventlog.EventType

EventLogEventTypes returns multiple potential values of "Type" field of the EventLog entry associated with the measurement.

func (Measurement) GetID 

func (m Measurement) GetID() MeasurementID

GetID return the measurement ID

func (*Measurement) IsFake 

func (m *Measurement) IsFake() bool

IsFake forces to skip this measurement in real PCR value calculation

func (Measurement) NoHash 

func (m Measurement) NoHash() bool

NoHash forces to skip hashing of this measurement's data during PCR calculation

func (Measurement) Ranges 

func (m Measurement) Ranges() bytes.Ranges

Ranges returns a slice of all Range-s where ForceData is nil.

func (Measurement) String 

func (m Measurement) String() string

func (*Measurement) Validate 

func (m *Measurement) Validate(image []byte) error

Validate validates if this measurement could be safely applied to a given image.

type MeasurementConfig 

type MeasurementConfig struct {
	// Flow defines which measurements are used to get the final PCR values.
	Flow Flow

	// FindMissingFakeMeasurements defines if there should be performed an
	// additional slow check for ranges which are not added into
	// measurements by default, but may have effect on PCR calculation.
	// And if there were found such ranges they will be added to an
	// additional fake measurement.
	FindMissingFakeMeasurements bool

	// Registers is the status registers. For example register ACM_POLICY_STATUS
	// affects PCR0 value in the CBnT-0T flow.
	Registers registers.Registers

	// PCR0DataIbbDigestHashAlgorithm defines hash algorithm that should be used for pcr0Data.ibbDigest
	// TPM_ALG_ERROR will use the first element (by default)
	PCR0DataIbbDigestHashAlgorithm cbnt.Algorithm

	// TPMDevice defines a TPM device version that performed the measurements.
	// Value TypeNoTPM means undefined
	TPMDevice tpmdetection.Type
}

MeasurementConfig is the structure used to store different gates about how the PCR value calculation is performed.

type MeasurementID 

type MeasurementID int

MeasurementID is the unique identifier of a PCR measurement.

func (MeasurementID) EventLogEventTypes 

func (id MeasurementID) EventLogEventTypes() []*tpmeventlog.EventType

EventLogEventTypes returns multiple potential values of "Type" field of the EventLog entry associated with the measurement.

func (MeasurementID) IsFake 

func (id MeasurementID) IsFake() bool

IsFake forces to skip this measurement in real PCR value calculation

func (MeasurementID) IsMultiple 

func (id MeasurementID) IsMultiple() bool

IsMultiple means that this MeasurementID describes multiple measurements

func (MeasurementID) MarshalJSON 

func (id MeasurementID) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (MeasurementID) MeasureFunc 

func (id MeasurementID) MeasureFunc() MeasureFunc

MeasureFunc returns the function to be used for the measurement.

func (MeasurementID) NoHash 

func (id MeasurementID) NoHash() bool

NoHash forces to skip hashing of this measurement's data during PCR calculation

func (MeasurementID) PCRIDs 

func (id MeasurementID) PCRIDs() []ID

PCRIDs returns in which PCRs the measurement is supposed to be used.

Currently we support only PCR0, so everything returns 0 or nil.

func (MeasurementID) String 

func (id MeasurementID) String() string

String implements fmt.Stringer

func (*MeasurementID) UnmarshalJSON 

func (id *MeasurementID) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler.

type MeasurementIDs 

type MeasurementIDs []MeasurementID

MeasurementIDs is a set of MeasurementID-s

func TPMEventTypeToMeasurementIDs 

func TPMEventTypeToMeasurementIDs(pcrID ID, tpmEventType tpmeventlog.EventType) MeasurementIDs

TPMEventTypeToMeasurementIDs returns all measurement ID-s which could be represented with specified EventType for a specified PCR index.

func (MeasurementIDs) Contains 

func (s MeasurementIDs) Contains(id MeasurementID) bool

Contains returns true if the slice contains measurement ID `id`.

func (MeasurementIDs) FilterByPCRIndex 

func (s MeasurementIDs) FilterByPCRIndex(pcrIndex ID) MeasurementIDs

FilterByPCRIndex returns a subset of measurement IDs only which corresponds to specified PCR index.

type Measurements 

type Measurements []*Measurement

Measurements is multiple Measurements. The order is important: PCR value will be calculated using the order this slice have (it won't be sorted in any way to do the calculation).

func MeasureEntryFromBIOSDirectory 

func MeasureEntryFromBIOSDirectory(entryType amd.BIOSDirectoryTableEntryType, optCountCheck *int,
	biosDirectoryLevel1, biosDirectoryLevel2 *amd.BIOSDirectoryTable,
	measurementID MeasurementID,
) (Measurements, error)

MeasureEntryFromBIOSDirectory returns measurements of BIOS directory items It also does an optional check items count if optCountCheck input arguments is provided

func (Measurements) AddOffset 

func (s Measurements) AddOffset(offset int64)

AddOffset adds offset to all `Offset`-s of all ranges of all measurements.

This could be used if the measurements are used against of a part of an UEFI image (instead of the whole image).

func (Measurements) Calculate 

func (s Measurements) Calculate(image []byte, initialValue uint8, hashFunc hash.Hash, logger Printfer) []byte

Calculate [deprecated since 1jul2021] performs the calculation of the PCR value using image `uefi`.

func (Measurements) CompileMeasurableData 

func (s Measurements) CompileMeasurableData(image []byte) []byte

CompileMeasurableData returns all the bytes used for a PCR value measurement, references by all measurements of `s` from the image `uefi`.

func (Measurements) Copy 

func (s Measurements) Copy() Measurements

Copy performs a deep copy.

func (Measurements) Data 

func (s Measurements) Data() DataChunks

Data returns all the data chunks of all measurements

func (Measurements) FilterByPCRIndex 

func (s Measurements) FilterByPCRIndex(pcrIndex ID) Measurements

FilterByPCRIndex returns a subset of measurements only which corresponds to specified PCR index.

func (Measurements) Find 

func (s Measurements) Find(id MeasurementID) *Measurement

Find returns the first measurement with the specified MeasurementID. Or returns nil, if such measurement was not found.

func (Measurements) FindOverlapping 

func (s Measurements) FindOverlapping(byteRange bytes.Range) Measurements

FindOverlapping returns those measurements which overlaps with byte range `byteRange`.

func (Measurements) Ranges 

func (s Measurements) Ranges() bytes.Ranges

Ranges returns a slice of all Range-s where ForceData is nil.

type Printfer 

type Printfer interface {
	Printf(fmt string, args ...interface{})
}

Printfer requires a method with signature of a standard Printf.

type SetFindMissingFakeMeasurements 

type SetFindMissingFakeMeasurements bool

SetFindMissingFakeMeasurements defines if there should be performed an additional slow check for ranges which are not added into measurements by default, but may have effect on PCR calculation. And if there were found such ranges they will be added to an additional fake measurement.

func (SetFindMissingFakeMeasurements) Apply 

func (opt SetFindMissingFakeMeasurements) Apply(config *MeasurementConfig) error

Apply implements `MeasureOption`

type SetFlow 

type SetFlow Flow

SetFlow overrides the measurements flow.

func (SetFlow) Apply 

func (opt SetFlow) Apply(config *MeasurementConfig) error

Apply implements `MeasureOption`

type SetIBBHashDigest 

type SetIBBHashDigest tpm2.Algorithm

SetIBBHashDigest allows to override IBBDigest that will be used for CBnT0T Pcr0Data.ibbDigest

func (SetIBBHashDigest) Apply 

func (opt SetIBBHashDigest) Apply(config *MeasurementConfig) error

Apply implements `MeasureOption`

type SetRegisters 

type SetRegisters registers.Registers

SetRegisters sets the status registers

func (SetRegisters) Apply 

func (opt SetRegisters) Apply(config *MeasurementConfig) error

Apply implements `MeasureOption`

type SetTPMDevice 

type SetTPMDevice tpmdetection.Type

SetTPMDevice sets the TPM type.

func (SetTPMDevice) Apply 

func (opt SetTPMDevice) Apply(config *MeasurementConfig) error

Apply implements `MeasureOption`

type ValidateFlow 

type ValidateFlow []Validator

ValidateFlow is a sequence of validators.

func (ValidateFlow) Validate 

func (s ValidateFlow) Validate(firmware Firmware) error

Validate sequentially executes all validators of the flow and returns an error on the first error returned by a validator. If no errors received, then no error is returned.

type ValidateManifests 

type ValidateManifests struct{}

ValidateManifests validates if boot policy manifest (BPM) and key manifest (KM) are correct.

func (ValidateManifests) Validate 

func (v ValidateManifests) Validate(firmware Firmware) error

Validate implements Validator.

type Validator 

type Validator interface {
	// Validate returns nil if firmware could be used in the measurement flow.
	Validate(firmware Firmware) error
}

Validator is the interface of a checker if specific measurement flow could be executed on a specific firmware.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.