types

package
v0.0.0-...-f44e450 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 11, 2023 License: BSD-3-Clause Imports: 11 Imported by: 0

Documentation

Overview

Copyright 2023 Meta Platforms, Inc. and affiliates.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright 2023 Meta Platforms, Inc. and affiliates.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright 2023 Meta Platforms, Inc. and affiliates.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright 2023 Meta Platforms, Inc. and affiliates.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright 2023 Meta Platforms, Inc. and affiliates.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Copyright 2023 Meta Platforms, Inc. and affiliates.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Index

Constants

View Source 
const (
	// AmdPSBMilan represents Platform Secure Boot for AMD Milan architecture
	AmdPSBMilan SecurityFeature = 0

	// IntelCBnT represents Intel Converged BootGuard for Intel architecture
	IntelCBnT = 1

	// IntelTXT represents legacy IntelTXT architecture
	IntelTXT = 2

	// UEFIMeasurements represents support for UEFI firmware which extends measurements into TPM
	UEFIMeasurements = 4
)
View Source 
const (
	// SeverityUndefined is just the zero-value of Severity.
	SeverityUndefined = Severity(iota)

	// SeverityInfo means a failed test should not be considered as a problem,
	// but it still worth to notify about findings.
	SeverityInfo

	// SeverityProblem means a failed test should be considered as
	// a non-blocking problem (which could be solved afterwards).
	SeverityProblem

	// SeverityBlocker means a failed test should be considered as a blocker
	// problem, and the flow should not be continued until the problem is fixed.
	SeverityBlocker
)

Variables

View Source 
var Architectures = map[cpuid.Vendor][]SecurityFeature{
	cpuid.Intel: {IntelCBnT, IntelTXT},
	cpuid.AMD:   {AmdPSBMilan},
}

Architectures is a map which associates CPU architectures to corresponding security feature checks. The architecture is identifier even if only one feature is supported

View Source 
var SecurityFeatureChecks = map[SecurityFeature]SecurityFeatureCheck{
	AmdPSBMilan:      AmdPSBMilanCheck,
	IntelCBnT:        IntelCBnTCheck,
	IntelTXT:         IntelTXTCheck,
	UEFIMeasurements: UEFIMeasurementsCheck,
}

SecurityFeatureChecks collects all the supported checks to determine if a platform supports a specific security feature

Functions

func AmdPSBMilanCheck 

func AmdPSBMilanCheck(p FirmwareInfoProvider) bool

AmdPSBMilanCheck verifies if the Platform supports AMD PSB for Milan architecture

func IntelCBnTCheck 

func IntelCBnTCheck(p FirmwareInfoProvider) bool

IntelCBnTCheck verifies if the Platform supports Intel CBnT

func IntelTXTCheck 

func IntelTXTCheck(p FirmwareInfoProvider) bool

IntelTXTCheck verifies if the Platform supports Intel TXT

func IsArchitecture 

func IsArchitecture(p FirmwareInfoProvider, v cpuid.Vendor) (bool, error)

IsArchitecture determines the architecture based on the known security features

func NameOf 

func NameOf(t TestCase) string

NameOf returns an unique name of a selected test case.

func SupportsFeature 

func SupportsFeature(p FirmwareInfoProvider, f SecurityFeature) (bool, error)

SupportsFeature determines if the platform supports a specific security feature

func UEFIMeasurementsCheck 

func UEFIMeasurementsCheck(p FirmwareInfoProvider) bool

UEFIMeasurementsCheck verifies if the Platform supports measurements for UEFI.

Types

type Config 

type Config struct {
	FlashromOptions              []flashrom.Option
	UseFirmwareExpectedAsCurrent bool
	UsePCR0ExpectedAsCurrent     bool
	ForceStatusRegisters         registers.Registers
	ForceEventLog                []*tpmeventlog.Event
	HostNotBooted                bool
	ForceSELEvents               []SEL
}

Config is the settings used to adjust the validation process.

type FirmwareInfoProvider 

type FirmwareInfoProvider interface {
	Firmware() *uefi.UEFI
	PSPFirmware() (*amd_manifest.AMDFirmware, error)
}

FirmwareInfoProvider is an easy access to common information about firmware

func NewFirmwareInfoProvider 

func NewFirmwareInfoProvider(image []byte) (FirmwareInfoProvider, error)

NewFirmwareInfoProvider creates a new FirmwareInfoProvider object

func NewFirmwareInfoProviderFromUEFI 

func NewFirmwareInfoProviderFromUEFI(fw *uefi.UEFI) (FirmwareInfoProvider, error)

NewFirmwareInfoProviderFromUEFI creates a new FirmwareInfoProvider from a parsed UEFI firmware object

type Option 

type Option interface {
	Apply(cfg *Config)
}

Option is a single setting, see Config.

type OptionFlashrom 

type OptionFlashrom []flashrom.Option

OptionFlashrom sets options to "flashrom".

func (OptionFlashrom) Apply 

func (opt OptionFlashrom) Apply(cfg *Config)

Apply implements Option

type OptionForceEventLog 

type OptionForceEventLog []*tpmeventlog.Event

OptionForceEventLog avoids dumping real TPM EventLog and uses the defined one, instead.

func (OptionForceEventLog) Apply 

func (opt OptionForceEventLog) Apply(cfg *Config)

Apply implements Option

type OptionForceSELEvents 

type OptionForceSELEvents []SEL

OptionForceSELEvents provides SEL events to the test

func (OptionForceSELEvents) Apply 

func (opt OptionForceSELEvents) Apply(cfg *Config)

Apply implements Option

type OptionForceStatusRegisters 

type OptionForceStatusRegisters registers.Registers

OptionForceStatusRegisters avoids dumping real status registers and uses the defined ones, instead.

func (OptionForceStatusRegisters) Apply 

func (opt OptionForceStatusRegisters) Apply(cfg *Config)

Apply implements Option

type OptionHostNotBooted 

type OptionHostNotBooted struct{}

OptionHostNotBooted tells the underlying test that the host was not booted

func (OptionHostNotBooted) Apply 

func (opt OptionHostNotBooted) Apply(cfg *Config)

Apply implements Option

type OptionUseFirmwareExpectedAsCurrent 

type OptionUseFirmwareExpectedAsCurrent bool

OptionUseFirmwareExpectedAsCurrent avoids dumping real current firmware and assumes it is the same as expected, instead.

func (OptionUseFirmwareExpectedAsCurrent) Apply 

func (opt OptionUseFirmwareExpectedAsCurrent) Apply(cfg *Config)

Apply implements Option

type OptionUsePCR0ExpectedAsCurrent 

type OptionUsePCR0ExpectedAsCurrent bool

OptionUsePCR0ExpectedAsCurrent avoids dumping real current PCR0 values and assumes they are the same as expected, instead.

func (OptionUsePCR0ExpectedAsCurrent) Apply 

func (opt OptionUsePCR0ExpectedAsCurrent) Apply(cfg *Config)

Apply implements Option

type Options 

type Options []Option

Options is a set of Option-s.

func (Options) Config 

func (opts Options) Config() Config

Config converts Options to Config.

type SEL 

type SEL struct {
	// Timestamp is a timestamp of SEL event
	Timestamp int64 `json:"timestamp"`
	// Message is a message of SEL event
	Message string `json:"message"`
}

SEL represents a SEL event

type SecurityFeature 

type SecurityFeature int

SecurityFeature represents a generic security feature supported by the platform

func (SecurityFeature) String 

func (f SecurityFeature) String() string

String returns a string representation of the security feature

type SecurityFeatureCheck 

type SecurityFeatureCheck func(p FirmwareInfoProvider) bool

SecurityFeatureCheck verifies if a security feature is supported

type Severity 

type Severity uint

func (Severity) FailureDescription 

func (s Severity) FailureDescription() string

FailureDescription explains how to interpret the Severity.

func (Severity) FailureExitCode 

func (s Severity) FailureExitCode() int

type TestCase 

type TestCase interface {
	// Setup modifies firmware in argument `image` in-memory to inject specifics
	// of the selected test case. This modified firmware should be flashed to
	// the test target. Then it is required to reboot the target.
	//
	// Setup does not really affect the system, it only returns an image,
	// which is expected to be written to the systems firmware storage unit.
	Setup(ctx context.Context, image []byte) error

	// Matches tells if given testcase should be executed for provided platform
	Matches(fwInfo FirmwareInfoProvider) bool

	// Validate returns nil if the target is in the expected state, or it
	// returns non-nil if a problem is found.
	Validate(ctx context.Context, origImage []byte, opts ...Option) error

	// Severity returns the level of harshness/seriousness of a test failure.
	Severity() Severity
}

TestCase is a single test case.

type TestCases 

type TestCases []TestCase

TestCases is a set of TestCase-s

func (TestCases) Copy 

func (m TestCases) Copy() TestCases

Copy returns a copy of the map.

func (TestCases) Find 

func (m TestCases) Find(name string) TestCase

Find returns the TestCase with the specified name. Returns nil if the TestCase is not found.

func (TestCases) Names 

func (m TestCases) Names() []string

Names returns names of the test cases.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.