diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-05-12 15:24:55 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-05-13 06:21:28 +0200 |
| commit | 7207e3a7eaf2c6e88e11fa9fce9814aa43a7526c (patch) | |
| tree | 653cbe12dc5c6e1b2e48bf93c41797f03a8f7f1b /src | |
| parent | f1a272a0d0d490cbb3ffc740336b357d21d1eecf (diff) | |
| download | strongswan-7207e3a7eaf2c6e88e11fa9fce9814aa43a7526c.tar.bz2 strongswan-7207e3a7eaf2c6e88e11fa9fce9814aa43a7526c.tar.xz | |
Defined BIOS and EFI event types and log event info
On debug level 2 log EV_ACTION and EV_EFI_ACTION strings
and on level 3 dump raw event information
Diffstat (limited to 'src')
| -rw-r--r-- | src/libpts/pts/pts_ima_bios_list.c | 109 |
1 files changed, 105 insertions, 4 deletions
diff --git a/src/libpts/pts/pts_ima_bios_list.c b/src/libpts/pts/pts_ima_bios_list.c index 18c41f227..38ec1a742 100644 --- a/src/libpts/pts/pts_ima_bios_list.c +++ b/src/libpts/pts/pts_ima_bios_list.c @@ -25,6 +25,85 @@ typedef struct private_pts_ima_bios_list_t private_pts_ima_bios_list_t; typedef struct bios_entry_t bios_entry_t; +typedef enum event_type_t event_type_t; + +enum event_type_t { + /* BIOS Events (TCG PC Client Specification for Convential BIOS 1.21) */ + EV_PREBOOT_CERT = 0x00000000, + EV_POST_CODE = 0x00000001, + EV_UNUSED = 0x00000002, + EV_NO_ACTION = 0x00000003, + EV_SEPARATOR = 0x00000004, + EV_ACTION = 0x00000005, + EV_EVENT_TAG = 0x00000006, + EV_S_CRTM_CONTENTS = 0x00000007, + EV_S_CRTM_VERSION = 0x00000008, + EV_CPU_MICROCODE = 0x00000009, + EV_PLATFORM_CONFIG_FLAGS = 0x0000000A, + EV_TABLE_OF_DEVICES = 0x0000000B, + EV_COMPACT_HASH = 0x0000000C, + EV_IPL = 0x0000000D, + EV_IPL_PARTITION_DATA = 0x0000000E, + EV_NONHOST_CODE = 0x0000000F, + EV_NONHOST_CONFIG = 0x00000010, + EV_NONHOST_INFO = 0x00000011, + EV_OMIT_BOOT_DEVICE_EVENTS = 0x00000012, + + /* EFI Events (TCG EFI Platform Specification 1.22) */ + EV_EFI_EVENT_BASE = 0x80000000, + EV_EFI_VARIABLE_DRIVER_CONFIG = 0x80000001, + EV_EFI_VARIABLE_BOOT = 0x80000002, + EV_EFI_BOOT_SERVICES_APPLICATION = 0x80000003, + EV_EFI_BOOT_SERVICES_DRIVER = 0x80000004, + EV_EFI_RUNTIME_SERVICES_DRIVER = 0x80000005, + EV_EFI_GPT_EVENT = 0x80000006, + EV_EFI_ACTION = 0x80000007, + EV_EFI_PLATFORM_FIRMWARE_BLOB = 0x80000008, + EV_EFI_HANDOFF_TABLES = 0x80000009, + + EV_EFI_VARIABLE_AUTHORITY = 0x800000E0 +}; + +ENUM_BEGIN(event_type_names, EV_PREBOOT_CERT, EV_OMIT_BOOT_DEVICE_EVENTS, + "Preboot Cert", + "POST Code", + "Unused", + "No Action", + "Separator", + "Action", + "Event Tag", + "S-CRTM Contents", + "S-CRTM Version", + "CPU Microcode", + "Platform Config Flags", + "Table of Devices", + "Compact Hash", + "IPL", + "IPL Partition Data", + "Nonhost Code", + "Nonhost Config", + "Nonhost Info", + "Omit Boot Device Events" +); + +ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES, + EV_OMIT_BOOT_DEVICE_EVENTS, + "EFI Event Base", + "EFI Variable Driver Config", + "EFI Variable Boot", + "EFI Boot Services Application", + "EFI Boot Services Driver", + "EFI Runtime Services Driver", + "EFI GPT Event", + "EFI Action", + "EFI Platform Firmware Blob", + "EFI Handoff Tables" +); +ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY, + EV_EFI_HANDOFF_TABLES, + "EFI Variable Authority" +); +ENUM_END(event_type_names, EV_EFI_VARIABLE_AUTHORITY); /** * Private data of a pts_ima_bios_list_t object. @@ -113,7 +192,10 @@ METHOD(pts_ima_bios_list_t, destroy, void, pts_ima_bios_list_t* pts_ima_bios_list_create(char *file) { private_pts_ima_bios_list_t *this; - uint32_t pcr, num, len; + uint32_t pcr, event_type, event_len, seek_len; + uint32_t buf_len = 2048; + uint8_t event_buf[buf_len]; + chunk_t event; bios_entry_t *entry; struct stat st; ssize_t res; @@ -145,6 +227,7 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file) .list = linked_list_create(), ); + DBG2(DBG_PTS, "PCR Event Type (Size)"); while (TRUE) { res = read(fd, &pcr, 4); @@ -164,7 +247,7 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file) { break; } - if (read(fd, &num, 4) != 4) + if (read(fd, &event_type, 4) != 4) { break; } @@ -172,14 +255,32 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file) { break; } - if (read(fd, &len, 4) != 4) + if (read(fd, &event_len, 4) != 4) { break; } - if (lseek(fd, len, SEEK_CUR) == -1) + DBG2(DBG_PTS, "%2u %N (%u bytes)", pcr, event_type_names, event_type, + event_len); + + seek_len = (event_len > buf_len) ? event_len - buf_len : 0; + event_len -= seek_len; + + if (read(fd, event_buf, event_len) != event_len) { break; } + event = chunk_create(event_buf, event_len); + DBG3(DBG_PTS,"%B", &event); + + if (event_type == EV_ACTION || event_type == EV_EFI_ACTION) + { + DBG2(DBG_PTS, " '%.*s'", event_len, event_buf); + } + + if (seek_len > 0 && lseek(fd, seek_len, SEEK_CUR) == -1) + { + break; + } this->list->insert_last(this->list, entry); } |