aboutsummaryrefslogtreecommitdiffstats
path: root/src/libpts/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libpts/plugins')
-rw-r--r--src/libpts/plugins/imv_attestation/attest.c38
-rw-r--r--src/libpts/plugins/imv_attestation/attest_db.c672
-rw-r--r--src/libpts/plugins/imv_attestation/attest_db.h69
-rw-r--r--src/libpts/plugins/imv_attestation/attest_usage.c32
-rw-r--r--src/libpts/plugins/imv_attestation/data.sql608
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_build.c17
-rw-r--r--src/libpts/plugins/imv_attestation/imv_attestation_process.c12
-rw-r--r--src/libpts/plugins/imv_attestation/tables.sql55
8 files changed, 932 insertions, 571 deletions
diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c
index ca9efab10..ac91b5aa7 100644
--- a/src/libpts/plugins/imv_attestation/attest.c
+++ b/src/libpts/plugins/imv_attestation/attest.c
@@ -97,10 +97,12 @@ static void do_args(int argc, char *argv[])
enum {
OP_UNDEF,
OP_USAGE,
- OP_FILES,
+ OP_KEYS,
OP_COMPONENTS,
- OP_PRODUCTS,
+ OP_FILES,
OP_HASHES,
+ OP_MEASUREMENTS,
+ OP_PRODUCTS,
OP_ADD,
OP_DEL,
} op = OP_UNDEF;
@@ -116,8 +118,10 @@ static void do_args(int argc, char *argv[])
{ "help", no_argument, NULL, 'h' },
{ "components", no_argument, NULL, 'c' },
{ "files", no_argument, NULL, 'f' },
+ { "keys", no_argument, NULL, 'k' },
{ "products", no_argument, NULL, 'p' },
{ "hashes", no_argument, NULL, 'H' },
+ { "measurements", no_argument, NULL, 'M' },
{ "add", no_argument, NULL, 'a' },
{ "delete", no_argument, NULL, 'd' },
{ "del", no_argument, NULL, 'd' },
@@ -129,6 +133,8 @@ static void do_args(int argc, char *argv[])
{ "directory", required_argument, NULL, 'D' },
{ "dir", required_argument, NULL, 'D' },
{ "file", required_argument, NULL, 'F' },
+ { "key", required_argument, NULL, 'K' },
+ { "owner", required_argument, NULL, 'O' },
{ "product", required_argument, NULL, 'P' },
{ "sha1", no_argument, NULL, '1' },
{ "sha256", no_argument, NULL, '2' },
@@ -137,6 +143,7 @@ static void do_args(int argc, char *argv[])
{ "fid", required_argument, NULL, '5' },
{ "pid", required_argument, NULL, '6' },
{ "cid", required_argument, NULL, '7' },
+ { "kid", required_argument, NULL, '8' },
{ 0,0,0,0 }
};
@@ -154,12 +161,18 @@ static void do_args(int argc, char *argv[])
case 'f':
op = OP_FILES;
continue;
+ case 'k':
+ op = OP_KEYS;
+ continue;
case 'p':
op = OP_PRODUCTS;
continue;
case 'H':
op = OP_HASHES;
continue;
+ case 'M':
+ op = OP_MEASUREMENTS;
+ continue;
case 'a':
op = OP_ADD;
continue;
@@ -199,6 +212,15 @@ static void do_args(int argc, char *argv[])
exit(EXIT_FAILURE);
}
continue;
+ case 'K':
+ if (!attest->set_key(attest, optarg, op == OP_ADD))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
+ case 'O':
+ attest->set_owner(attest, optarg);
+ continue;
case 'P':
if (!attest->set_product(attest, optarg, op == OP_ADD))
{
@@ -238,6 +260,12 @@ static void do_args(int argc, char *argv[])
exit(EXIT_FAILURE);
}
continue;
+ case '8':
+ if (!attest->set_kid(attest, atoi(optarg)))
+ {
+ exit(EXIT_FAILURE);
+ }
+ continue;
}
break;
}
@@ -250,6 +278,9 @@ static void do_args(int argc, char *argv[])
case OP_PRODUCTS:
attest->list_products(attest);
break;
+ case OP_KEYS:
+ attest->list_keys(attest);
+ break;
case OP_COMPONENTS:
attest->list_components(attest);
break;
@@ -259,6 +290,9 @@ static void do_args(int argc, char *argv[])
case OP_HASHES:
attest->list_hashes(attest);
break;
+ case OP_MEASUREMENTS:
+ attest->list_measurements(attest);
+ break;
case OP_ADD:
attest->add(attest);
break;
diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c
index a9f1f710d..10c719bff 100644
--- a/src/libpts/plugins/imv_attestation/attest_db.c
+++ b/src/libpts/plugins/imv_attestation/attest_db.c
@@ -31,19 +31,34 @@ struct private_attest_db_t {
attest_db_t public;
/**
- * Software product to be queried
+ * Component Functional Name to be queried
*/
- char *product;
+ pts_comp_func_name_t *cfn;
/**
- * Primary key of software product to be queried
+ * Primary key of the Component Functional Name to be queried
*/
- int pid;
+ int cid;
/**
- * TRUE if product has been set
+ * TRUE if Component Functional Name has been set
*/
- bool product_set;
+ bool comp_set;
+
+ /**
+ * Directory containing the Measurement file to be queried
+ */
+ char *dir;
+
+ /**
+ * Primary key of the directory to be queried
+ */
+ int did;
+
+ /**
+ * TRUE if directory has been set
+ */
+ bool dir_set;
/**
* Measurement file to be queried
@@ -61,34 +76,34 @@ struct private_attest_db_t {
bool file_set;
/**
- * Directory containing the Measurement file to be queried
+ * AIK to be queried
*/
- char *dir;
+ chunk_t key;
/**
- * Primary key of the directory to be queried
+ * Primary key of the AIK to be queried
*/
- int did;
+ int kid;
/**
- * TRUE if directory has been set
+ * TRUE if AIK has been set
*/
- bool dir_set;
+ bool key_set;
/**
- * Component Functional Name to be queried
+ * Software product to be queried
*/
- pts_comp_func_name_t *cfn;
+ char *product;
/**
- * Primary key of the Component Functional Name to be queried
+ * Primary key of software product to be queried
*/
- int cid;
+ int pid;
/**
- * TRUE if Component Functional Name has been set
+ * TRUE if product has been set
*/
- bool comp_set;
+ bool product_set;
/**
* File measurement hash algorithm
@@ -96,6 +111,11 @@ struct private_attest_db_t {
pts_meas_algorithms_t algo;
/**
+ * Optional owner (user/host name)
+ */
+ char *owner;
+
+ /**
* Attestation database
*/
database_t *db;
@@ -125,79 +145,185 @@ char* print_cfn(pts_comp_func_name_t *cfn)
return buf;
}
-METHOD(attest_db_t, set_product, bool,
- private_attest_db_t *this, char *product, bool create)
+METHOD(attest_db_t, set_component, bool,
+ private_attest_db_t *this, char *comp, bool create)
{
enumerator_t *e;
+ char *pos1, *pos2;
+ int vid, name, qualifier;
+ pts_comp_func_name_t *cfn;
- if (this->product_set)
+ if (this->comp_set)
{
- printf("product has already been set\n");
+ printf("component has already been set\n");
return FALSE;
}
- this->product = strdup(product);
- e = this->db->query(this->db, "SELECT id FROM products WHERE name = ?",
- DB_TEXT, product, DB_INT);
+ /* parse component string */
+ pos1 = strchr(comp, '/');
+ pos2 = strchr(comp, '-');
+ if (!pos1 || !pos2)
+ {
+ printf("component string must have the form \"vendor_id/name-qualifier\"\n");
+ return FALSE;
+ }
+ vid = atoi(comp);
+ name = atoi(pos1 + 1);
+ qualifier = atoi(pos2 + 1);
+ cfn = pts_comp_func_name_create(vid, name, qualifier);
+
+ e = this->db->query(this->db,
+ "SELECT id FROM components "
+ "WHERE vendor_id = ? AND name = ? AND qualifier = ?",
+ DB_INT, vid, DB_INT, name, DB_INT, qualifier, DB_INT);
if (e)
{
- if (e->enumerate(e, &this->pid))
+ if (e->enumerate(e, &this->cid))
{
- this->product_set = TRUE;
+ this->comp_set = TRUE;
+ this->cfn = cfn;
}
e->destroy(e);
}
- if (this->product_set)
+ if (this->comp_set)
{
return TRUE;
}
if (!create)
{
- printf("product '%s' not found in database\n", product);
+ printf("component '%s' not found in database\n", print_cfn(cfn));
+ cfn->destroy(cfn);
return FALSE;
}
/* Add a new database entry */
- this->product_set = this->db->execute(this->db, &this->pid,
- "INSERT INTO products (name) VALUES (?)",
- DB_TEXT, product) == 1;
+ this->comp_set = this->db->execute(this->db, &this->cid,
+ "INSERT INTO components (vendor_id, name, qualifier) "
+ "VALUES (?, ?, ?)",
+ DB_INT, vid, DB_INT, name, DB_INT, qualifier) == 1;
- printf("product '%s' %sinserted into database\n", product,
- this->product_set ? "" : "could not be ");
+ printf("component '%s' %sinserted into database\n", print_cfn(cfn),
+ this->comp_set ? "" : "could not be ");
+ if (this->comp_set)
+ {
+ this->cfn = cfn;
+ }
+ else
+ {
+ cfn->destroy(cfn);
+ }
+ return this->comp_set;
+}
- return this->product_set;
+METHOD(attest_db_t, set_cid, bool,
+ private_attest_db_t *this, int cid)
+{
+ enumerator_t *e;
+ int vid, name, qualifier;
+
+ if (this->comp_set)
+ {
+ printf("component has already been set\n");
+ return FALSE;
+ }
+ this->cid = cid;
+
+ e = this->db->query(this->db, "SELECT vendor_id, name, qualifier "
+ "FROM components WHERE id = ?",
+ DB_INT, cid, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ if (e->enumerate(e, &vid, &name, &qualifier))
+ {
+ this->cfn = pts_comp_func_name_create(vid, name, qualifier);
+ this->comp_set = TRUE;
+ }
+ else
+ {
+ printf("no component found with cid %d\n", cid);
+ }
+ e->destroy(e);
+ }
+ return this->comp_set;
}
-METHOD(attest_db_t, set_pid, bool,
- private_attest_db_t *this, int pid)
+METHOD(attest_db_t, set_directory, bool,
+ private_attest_db_t *this, char *dir, bool create)
{
enumerator_t *e;
- char *product;
- if (this->product_set)
+ if (this->dir_set)
{
- printf("product has already been set\n");
+ printf("directory has already been set\n");
return FALSE;
}
- this->pid = pid;
+ free(this->dir);
+ this->dir = strdup(dir);
- e = this->db->query(this->db, "SELECT name FROM products WHERE id = ?",
- DB_INT, pid, DB_TEXT);
+ e = this->db->query(this->db,
+ "SELECT id FROM files WHERE type = 1 AND path = ?",
+ DB_TEXT, dir, DB_INT);
if (e)
{
- if (e->enumerate(e, &product))
+ if (e->enumerate(e, &this->did))
{
- this->product = strdup(product);
- this->product_set = TRUE;
+ this->dir_set = TRUE;
+ }
+ e->destroy(e);
+ }
+ if (this->dir_set)
+ {
+ return TRUE;
+ }
+
+ if (!create)
+ {
+ printf("directory '%s' not found in database\n", dir);
+ return FALSE;
+ }
+
+ /* Add a new database entry */
+ this->dir_set = this->db->execute(this->db, &this->did,
+ "INSERT INTO files (type, path) VALUES (1, ?)",
+ DB_TEXT, dir) == 1;
+
+ printf("directory '%s' %sinserted into database\n", dir,
+ this->dir_set ? "" : "could not be ");
+
+ return this->dir_set;
+}
+
+METHOD(attest_db_t, set_did, bool,
+ private_attest_db_t *this, int did)
+{
+ enumerator_t *e;
+ char *dir;
+
+ if (this->dir_set)
+ {
+ printf("directory has already been set\n");
+ return FALSE;
+ }
+ this->did = did;
+
+ e = this->db->query(this->db, "SELECT path FROM files WHERE id = ?",
+ DB_INT, did, DB_TEXT);
+ if (e)
+ {
+ if (e->enumerate(e, &dir))
+ {
+ free(this->dir);
+ this->dir = strdup(dir);
+ this->dir_set = TRUE;
}
else
{
- printf("no product found with pid %d in database\n", pid);
+ printf("no directory found with did %d\n", did);
}
e->destroy(e);
}
- return this->product_set;
+ return this->dir_set;
}
METHOD(attest_db_t, set_file, bool,
@@ -275,185 +401,164 @@ METHOD(attest_db_t, set_fid, bool,
return this->file_set;
}
-METHOD(attest_db_t, set_directory, bool,
- private_attest_db_t *this, char *dir, bool create)
+METHOD(attest_db_t, set_key, bool,
+ private_attest_db_t *this, char *key, bool create)
{
enumerator_t *e;
+ char *owner;
- if (this->dir_set)
+ if (this->key_set)
{
- printf("directory has already been set\n");
+ printf("key has already been set\n");
return FALSE;
}
- free(this->dir);
- this->dir = strdup(dir);
+ this->key = chunk_from_hex(chunk_create(key, strlen(key)), NULL);
- e = this->db->query(this->db,
- "SELECT id FROM files WHERE type = 1 AND path = ?",
- DB_TEXT, dir, DB_INT);
+ e = this->db->query(this->db, "SELECT id, owner FROM keys WHERE keyid= ?",
+ DB_BLOB, this->key, DB_INT, DB_TEXT);
if (e)
{
- if (e->enumerate(e, &this->did))
+ if (e->enumerate(e, &this->kid, &owner))
{
- this->dir_set = TRUE;
+ this->owner = strdup(owner);
+ this->key_set = TRUE;
}
e->destroy(e);
}
- if (this->dir_set)
+ if (this->key_set)
{
return TRUE;
}
if (!create)
{
- printf("directory '%s' not found in database\n", dir);
+ printf("key '%#B' not found in database\n", &this->key);
return FALSE;
}
/* Add a new database entry */
- this->dir_set = this->db->execute(this->db, &this->did,
- "INSERT INTO files (type, path) VALUES (1, ?)",
- DB_TEXT, dir) == 1;
+ if (!this->owner)
+ {
+ this->owner = strdup("");
+ }
+ this->key_set = this->db->execute(this->db, &this->kid,
+ "INSERT INTO keys (keyid, owner) VALUES (?, ?)",
+ DB_BLOB, this->key, DB_TEXT, this->owner) == 1;
- printf("directory '%s' %sinserted into database\n", dir,
- this->dir_set ? "" : "could not be ");
+ printf("key '%#B' %sinserted into database\n", &this->key,
+ this->key_set ? "" : "could not be ");
- return this->dir_set;
-}
+ return this->key_set;
-METHOD(attest_db_t, set_did, bool,
- private_attest_db_t *this, int did)
+};
+
+METHOD(attest_db_t, set_kid, bool,
+ private_attest_db_t *this, int kid)
{
enumerator_t *e;
- char *dir;
+ chunk_t key;
+ char *owner;
- if (this->dir_set)
+ if (this->key_set)
{
- printf("directory has already been set\n");
+ printf("key has already been set\n");
return FALSE;
}
- this->did = did;
+ this->kid = kid;
- e = this->db->query(this->db, "SELECT path FROM files WHERE id = ?",
- DB_INT, did, DB_TEXT);
+ e = this->db->query(this->db, "SELECT keyid, owner FROM keys WHERE id = ?",
+ DB_INT, kid, DB_BLOB, DB_TEXT);
if (e)
{
- if (e->enumerate(e, &dir))
+ if (e->enumerate(e, &key, &owner))
{
- free(this->dir);
- this->dir = strdup(dir);
- this->dir_set = TRUE;
+ this->owner = strdup(owner);
+ this->key = chunk_clone(key);
+ this->key_set = TRUE;
}
else
{
- printf("no directory found with did %d\n", did);
+ printf("no key found with kid %d\n", kid);
}
e->destroy(e);
}
- return this->dir_set;
-}
+ return this->key_set;
-METHOD(attest_db_t, set_component, bool,
- private_attest_db_t *this, char *comp, bool create)
+};
+
+METHOD(attest_db_t, set_product, bool,
+ private_attest_db_t *this, char *product, bool create)
{
enumerator_t *e;
- char *pos1, *pos2;
- int vid, name, qualifier;
- pts_comp_func_name_t *cfn;
- if (this->comp_set)
- {
- printf("component has already been set\n");
- return FALSE;
- }
-
- /* parse component string */
- pos1 = strchr(comp, '/');
- pos2 = strchr(comp, '-');
- if (!pos1 || !pos2)
+ if (this->product_set)
{
- printf("component string must have the form \"vendor_id/name-qualifier\"\n");
+ printf("product has already been set\n");
return FALSE;
}
- vid = atoi(comp);
- name = atoi(pos1 + 1);
- qualifier = atoi(pos2 + 1);
- cfn = pts_comp_func_name_create(vid, name, qualifier);
+ this->product = strdup(product);
- e = this->db->query(this->db,
- "SELECT id FROM components "
- "WHERE vendor_id = ? AND name = ? AND qualifier = ?",
- DB_INT, vid, DB_INT, name, DB_INT, qualifier, DB_INT);
+ e = this->db->query(this->db, "SELECT id FROM products WHERE name = ?",
+ DB_TEXT, product, DB_INT);
if (e)
{
- if (e->enumerate(e, &this->cid))
+ if (e->enumerate(e, &this->pid))
{
- this->comp_set = TRUE;
- this->cfn = cfn;
+ this->product_set = TRUE;
}
e->destroy(e);
}
- if (this->comp_set)
+ if (this->product_set)
{
return TRUE;
}
if (!create)
{
- printf("component '%s' not found in database\n", print_cfn(cfn));
- cfn->destroy(cfn);
+ printf("product '%s' not found in database\n", product);
return FALSE;
}
/* Add a new database entry */
- this->comp_set = this->db->execute(this->db, &this->cid,
- "INSERT INTO components (vendor_id, name, qualifier) "
- "VALUES (?, ?, ?)",
- DB_INT, vid, DB_INT, name, DB_INT, qualifier) == 1;
+ this->product_set = this->db->execute(this->db, &this->pid,
+ "INSERT INTO products (name) VALUES (?)",
+ DB_TEXT, product) == 1;
- printf("component '%s' %sinserted into database\n", print_cfn(cfn),
- this->comp_set ? "" : "could not be ");
- if (this->comp_set)
- {
- this->cfn = cfn;
- }
- else
- {
- cfn->destroy(cfn);
- }
- return this->comp_set;
+ printf("product '%s' %sinserted into database\n", product,
+ this->product_set ? "" : "could not be ");
+
+ return this->product_set;
}
-METHOD(attest_db_t, set_cid, bool,
- private_attest_db_t *this, int cid)
+METHOD(attest_db_t, set_pid, bool,
+ private_attest_db_t *this, int pid)
{
enumerator_t *e;
- int vid, name, qualifier;
+ char *product;
- if (this->comp_set)
+ if (this->product_set)
{
- printf("component has already been set\n");
+ printf("product has already been set\n");
return FALSE;
}
- this->cid = cid;
+ this->pid = pid;
- e = this->db->query(this->db, "SELECT vendor_id, name, qualifier "
- "FROM components WHERE id = ?",
- DB_INT, cid, DB_INT, DB_INT, DB_INT);
+ e = this->db->query(this->db, "SELECT name FROM products WHERE id = ?",
+ DB_INT, pid, DB_TEXT);
if (e)
{
- if (e->enumerate(e, &vid, &name, &qualifier))
+ if (e->enumerate(e, &product))
{
- this->cfn = pts_comp_func_name_create(vid, name, qualifier);
- this->comp_set = TRUE;
+ this->product = strdup(product);
+ this->product_set = TRUE;
}
else
{
- printf("no component found with cid %d\n", cid);
+ printf("no product found with pid %d in database\n", pid);
}
e->destroy(e);
}
- return this->comp_set;
+ return this->product_set;
}
METHOD(attest_db_t, set_algo, void,
@@ -462,6 +567,13 @@ METHOD(attest_db_t, set_algo, void,
this->algo = algo;
}
+METHOD(attest_db_t, set_owner, void,
+ private_attest_db_t *this, char *owner)
+{
+ free(this->owner);
+ this->owner = strdup(owner);
+}
+
METHOD(attest_db_t, list_components, void,
private_attest_db_t *this)
{
@@ -469,14 +581,14 @@ METHOD(attest_db_t, list_components, void,
pts_comp_func_name_t *cfn;
int cid, vid, name, qualifier, count = 0;
- if (this->pid)
+ if (this->kid)
{
e = this->db->query(this->db,
"SELECT c.id, c.vendor_id, c.name, c.qualifier "
"FROM components AS c "
- "JOIN product_component AS pc ON c.id = pc.component "
- "WHERE pc.product = ? ORDER BY c.vendor_id, c.name, c.qualifier",
- DB_INT, this->pid, DB_INT, DB_INT, DB_INT, DB_INT);
+ "JOIN key_component AS kc ON c.id = kc.component "
+ "WHERE kc.key = ? ORDER BY c.vendor_id, c.name, c.qualifier",
+ DB_INT, this->kid, DB_INT, DB_INT, DB_INT, DB_INT);
}
else
{
@@ -497,14 +609,63 @@ METHOD(attest_db_t, list_components, void,
e->destroy(e);
printf("%d component%s found", count, (count == 1) ? "" : "s");
- if (this->product_set)
+ if (this->key_set)
{
- printf(" for product '%s'", this->product);
+ printf(" for key %#B", &this->key);
}
printf("\n");
}
}
+METHOD(attest_db_t, list_keys, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ chunk_t keyid;
+ char *owner;
+ int kid, count = 0;
+
+ if (this->cid)
+ {
+ e = this->db->query(this->db,
+ "SELECT k.id, k.keyid, k.owner FROM keys AS k "
+ "JOIN key_component AS kc ON k.id = kc.key "
+ "WHERE kc.component = ? ORDER BY k.keyid",
+ DB_INT, this->cid, DB_INT, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &kid, &keyid, &owner))
+ {
+ printf("%3d: %#B '%s'\n", kid, &keyid, owner);
+ count++;
+ }
+ e->destroy(e);
+ }
+ }
+ else
+ {
+ e = this->db->query(this->db, "SELECT id, keyid, owner FROM keys "
+ "ORDER BY keyid",
+ DB_INT, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &kid, &keyid, &owner))
+ {
+ printf("%3d: %#B '%s'\n", kid, &keyid, owner);
+ count++;
+ }
+ e->destroy(e);
+ }
+ }
+
+ printf("%d key%s found", count, (count == 1) ? "" : "s");
+ if (this->comp_set)
+ {
+ printf(" for component '%s'", print_cfn(this->cfn));
+ }
+ printf("\n");
+}
+
METHOD(attest_db_t, list_files, void,
private_attest_db_t *this)
{
@@ -584,23 +745,6 @@ METHOD(attest_db_t, list_products, void,
e->destroy(e);
}
}
- else if (this->cid)
- {
- e = this->db->query(this->db,
- "SELECT p.id, p.name FROM products AS p "
- "JOIN product_component AS pc ON p.id = pc.product "
- "WHERE pc.component = ? ORDER BY p.name",
- DB_INT, this->cid, DB_INT, DB_TEXT);
- if (e)
- {
- while (e->enumerate(e, &pid, &product, &meas, &meta))
- {
- printf("%3d: %s\n", pid, product);
- count++;
- }
- e->destroy(e);
- }
- }
else
{
e = this->db->query(this->db, "SELECT id, name FROM products "
@@ -622,10 +766,6 @@ METHOD(attest_db_t, list_products, void,
{
printf(" for file '%s'", this->file);
}
- else if (this->comp_set)
- {
- printf(" for component '%s'", print_cfn(this->cfn));
- }
printf("\n");
}
@@ -672,34 +812,7 @@ METHOD(attest_db_t, list_hashes, void,
dir = strdup("");
- if (this->pid && this->fid && this->cid)
- {
- e = this->db->query(this->db,
- "SELECT hash FROM file_hashes "
- "WHERE algo = ? AND file = ? AND component = ? AND product = ?",
- DB_INT, this->algo, DB_INT, this->fid, DB_INT, this->cid,
- DB_INT, this->pid, DB_BLOB);
- if (e)
- {
- while (e->enumerate(e, &hash))
- {
- if (this->fid != fid_old)
- {
- printf("%3d: %s%s%s\n", this->fid, this->dir,
- slash(this->dir, this->file) ? "/" : "", this->file);
- fid_old = this->fid;
- }
- printf(" %#B '%s'\n", &hash, this->product);
- count++;
- }
- e->destroy(e);
-
- printf("%d %N value%s found for component '%s'\n", count,
- hash_algorithm_names, pts_meas_algo_to_hash(this->algo),
- (count == 1) ? "" : "s", print_cfn(this->cfn));
- }
- }
- else if (this->pid && this->fid)
+ if (this->pid && this->fid)
{
e = this->db->query(this->db,
"SELECT hash FROM file_hashes "
@@ -824,6 +937,110 @@ METHOD(attest_db_t, list_hashes, void,
free(dir);
}
+METHOD(attest_db_t, list_measurements, void,
+ private_attest_db_t *this)
+{
+ enumerator_t *e;
+ chunk_t hash, keyid;
+ pts_comp_func_name_t *cfn;
+ char *owner;
+ int seq_no, pcr, vid, name, qualifier;
+ int cid, cid_old = 0, kid, kid_old = 0, count = 0;
+
+ if (this->kid && this->cid)
+ {
+ e = this->db->query(this->db,
+ "SELECT ch.seq_no, ch.pcr, ch.hash, k.owner "
+ "FROM component_hashes AS ch "
+ "JOIN keys AS k ON k.id = ch.key "
+ "WHERE ch.algo = ? AND ch.key = ? AND ch.component = ? "
+ "ORDER BY seq_no",
+ DB_INT, this->algo, DB_INT, this->kid, DB_INT, this->cid,
+ DB_INT, DB_INT, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &seq_no, &pcr, &hash, &owner))
+ {
+ if (this->kid != kid_old)
+ {
+ printf("%3d: %#B '%s'\n", this->kid, &this->key, owner);
+ kid_old = this->kid;
+ }
+ printf("%5d %02d %#B\n", seq_no, pcr, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for component '%s'\n", count,
+ hash_algorithm_names, pts_meas_algo_to_hash(this->algo),
+ (count == 1) ? "" : "s", print_cfn(this->cfn));
+ }
+ }
+ else if (this->cid)
+ {
+ e = this->db->query(this->db,
+ "SELECT ch.seq_no, ch.pcr, ch.hash, k.id, k.keyid, k.owner "
+ "FROM component_hashes AS ch "
+ "JOIN keys AS k ON k.id = ch.key "
+ "WHERE ch.algo = ? AND ch.component = ? "
+ "ORDER BY keyid, seq_no",
+ DB_INT, this->algo, DB_INT, this->cid,
+ DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, DB_TEXT);
+ if (e)
+ {
+ while (e->enumerate(e, &seq_no, &pcr, &hash, &kid, &keyid, &owner))
+ {
+ if (kid != kid_old)
+ {
+ printf("%3d: %#B '%s'\n", kid, &keyid, owner);
+ kid_old = kid;
+ }
+ printf("%5d %02d %#B\n", seq_no, pcr, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for component '%s'\n", count,
+ hash_algorithm_names, pts_meas_algo_to_hash(this->algo),
+ (count == 1) ? "" : "s", print_cfn(this->cfn));
+ }
+
+ }
+ else if (this->kid)
+ {
+ e = this->db->query(this->db,
+ "SELECT ch.seq_no, ch.pcr, ch.hash, "
+ "c.id, c.vendor_id, c.name, c.qualifier "
+ "FROM component_hashes AS ch "
+ "JOIN components AS c ON c.id = ch.component "
+ "WHERE ch.algo = ? AND ch.key = ? "
+ "ORDER BY vendor_id, name, qualifier, seq_no",
+ DB_INT, this->algo, DB_INT, this->kid, DB_INT, DB_INT, DB_BLOB,
+ DB_TEXT, DB_INT, DB_INT, DB_INT, DB_INT);
+ if (e)
+ {
+ while (e->enumerate(e, &seq_no, &pcr, &hash, &cid, &vid, &name,
+ &qualifier))
+ {
+ if (cid != cid_old)
+ {
+ cfn = pts_comp_func_name_create(vid, name, qualifier);
+ printf("%3d: %s\n", cid, print_cfn(cfn));
+ cfn->destroy(cfn);
+ cid_old = cid;
+ }
+ printf("%5d %02d %#B\n", seq_no, pcr, &hash);
+ count++;
+ }
+ e->destroy(e);
+
+ printf("%d %N value%s found for key %#B '%s'\n", count,
+ hash_algorithm_names, pts_meas_algo_to_hash(this->algo),
+ (count == 1) ? "" : "s", &this->key, this->owner);
+ }
+ }
+}
+
METHOD(attest_db_t, add, bool,
private_attest_db_t *this)
{
@@ -841,13 +1058,30 @@ METHOD(attest_db_t, delete, bool,
return FALSE;
}
- if (this->pid)
+ if (this->kid && this->did)
+ {
+ printf("deletion of key/component entries not supported yet\n");
+ return FALSE;
+ }
+
+ if (this->cid)
{
success = this->db->execute(this->db, NULL,
- "DELETE FROM products WHERE id = ?",
- DB_UINT, this->pid) > 0;
+ "DELETE FROM components WHERE id = ?",
+ DB_UINT, this->cid) > 0;
- printf("product '%s' %sdeleted from database\n", this->product,
+ printf("component '%s' %sdeleted from database\n", print_cfn(this->cfn),
+ success ? "" : "could not be ");
+ return success;
+ }
+
+ if (this->did)
+ {
+ success = this->db->execute(this->db, NULL,
+ "DELETE FROM files WHERE type = 1 AND id = ?",
+ DB_UINT, this->did) > 0;
+
+ printf("directory '%s' %sdeleted from database\n", this->dir,
success ? "" : "could not be ");
return success;
}
@@ -863,24 +1097,23 @@ METHOD(attest_db_t, delete, bool,
return success;
}
- if (this->did)
+ if (this->kid)
{
success = this->db->execute(this->db, NULL,
- "DELETE FROM files WHERE type = 1 AND id = ?",
- DB_UINT, this->did) > 0;
+ "DELETE FROM keys WHERE id = ?",
+ DB_UINT, this->kid) > 0;
- printf("directory '%s' %sdeleted from database\n", this->dir,
+ printf("key %#B %sdeleted from database\n", &this->key,
success ? "" : "could not be ");
return success;
}
-
- if (this->cid)
+ if (this->pid)
{
success = this->db->execute(this->db, NULL,
- "DELETE FROM components WHERE id = ?",
- DB_UINT, this->cid) > 0;
+ "DELETE FROM products WHERE id = ?",
+ DB_UINT, this->pid) > 0;
- printf("component '%s' %sdeleted from database\n", print_cfn(this->cfn),
+ printf("product '%s' %sdeleted from database\n", this->product,
success ? "" : "could not be ");
return success;
}
@@ -897,6 +1130,8 @@ METHOD(attest_db_t, destroy, void,
free(this->product);
free(this->file);
free(this->dir);
+ free(this->owner);
+ free(this->key.ptr);
free(this);
}
@@ -909,19 +1144,24 @@ attest_db_t *attest_db_create(char *uri)
INIT(this,
.public = {
- .set_product = _set_product,
- .set_pid = _set_pid,
- .set_file = _set_file,
- .set_fid = _set_fid,
- .set_directory = _set_directory,
- .set_did = _set_did,
.set_component = _set_component,
.set_cid = _set_cid,
+ .set_directory = _set_directory,
+ .set_did = _set_did,
+ .set_file = _set_file,
+ .set_fid = _set_fid,
+ .set_key = _set_key,
+ .set_kid = _set_kid,
+ .set_product = _set_product,
+ .set_pid = _set_pid,
.set_algo = _set_algo,
+ .set_owner = _set_owner,
.list_products = _list_products,
.list_files = _list_files,
.list_components = _list_components,
+ .list_keys = _list_keys,
.list_hashes = _list_hashes,
+ .list_measurements = _list_measurements,
.add = _add,
.delete = _delete,
.destroy = _destroy,
diff --git a/src/libpts/plugins/imv_attestation/attest_db.h b/src/libpts/plugins/imv_attestation/attest_db.h
index 6669a76a7..80a8f4cd4 100644
--- a/src/libpts/plugins/imv_attestation/attest_db.h
+++ b/src/libpts/plugins/imv_attestation/attest_db.h
@@ -34,21 +34,38 @@ typedef struct attest_db_t attest_db_t;
struct attest_db_t {
/**
- * Set software product to be queried
+ * Set functional component to be queried
*
- * @param product software product
+ * @param comp functional component
* @param create if TRUE create database entry if it doesn't exist
* @return TRUE if successful
*/
- bool (*set_product)(attest_db_t *this, char *product, bool create);
+ bool (*set_component)(attest_db_t *this, char *comp, bool create);
/**
- * Set primary key of the software product to be queried
+ * Set primary key of the functional component to be queried
*
- * @param pid primary key of software product
+ * @param fid primary key of functional component
* @return TRUE if successful
*/
- bool (*set_pid)(attest_db_t *this, int pid);
+ bool (*set_cid)(attest_db_t *this, int fid);
+
+ /**
+ * Set directory to be queried
+ *
+ * @param dir directory
+ * @param create if TRUE create database entry if it doesn't exist
+ * @return TRUE if successful
+ */
+ bool (*set_directory)(attest_db_t *this, char *dir, bool create);
+
+ /**
+ * Set primary key of the directory to be queried
+ *
+ * @param did primary key of directory
+ * @return TRUE if successful
+ */
+ bool (*set_did)(attest_db_t *this, int did);
/**
* Set measurement file to be queried
@@ -70,36 +87,36 @@ struct attest_db_t {
/**
* Set functional component to be queried
*
- * @param comp functional component
+ * @param key AIK
* @param create if TRUE create database entry if it doesn't exist
* @return TRUE if successful
*/
- bool (*set_component)(attest_db_t *this, char *comp, bool create);
+ bool (*set_key)(attest_db_t *this, char *key, bool create);
/**
- * Set primary key of the functional component to be queried
+ * Set primary key of the AIK to be queried
*
- * @param fid primary key of functional component
+ * @param kid primary key of AIK
* @return TRUE if successful
*/
- bool (*set_cid)(attest_db_t *this, int fid);
+ bool (*set_kid)(attest_db_t *this, int kid);
/**
- * Set directory to be queried
+ * Set software product to be queried
*
- * @param dir directory
+ * @param product software product
* @param create if TRUE create database entry if it doesn't exist
* @return TRUE if successful
*/
- bool (*set_directory)(attest_db_t *this, char *dir, bool create);
+ bool (*set_product)(attest_db_t *this, char *product, bool create);
/**
- * Set primary key of the directory to be queried
+ * Set primary key of the software product to be queried
*
- * @param did primary key of directory
+ * @param pid primary key of software product
* @return TRUE if successful
*/
- bool (*set_did)(attest_db_t *this, int did);
+ bool (*set_pid)(attest_db_t *this, int pid);
/**
* Set measurement hash algorithm
@@ -109,6 +126,14 @@ struct attest_db_t {
void (*set_algo)(attest_db_t *this, pts_meas_algorithms_t algo);
/**
+ * Set owner [user/host] of an AIK
+ *
+ * @param owner user/host name
+ * @return TRUE if successful
+ */
+ void (*set_owner)(attest_db_t *this, char *owner);
+
+ /**
* List all products stored in the database
*/
void (*list_products)(attest_db_t *this);
@@ -124,11 +149,21 @@ struct attest_db_t {
void (*list_components)(attest_db_t *this);
/**
+ * List all AIKs stored in the database
+ */
+ void (*list_keys)(attest_db_t *this);
+
+ /**
* List selected measurement hashes stored in the database
*/
void (*list_hashes)(attest_db_t *this);
/**
+ * List selected component measurement stored in the database
+ */
+ void (*list_measurements)(attest_db_t *this);
+
+ /**
* Add an entry to the database
*/
bool (*add)(attest_db_t *this);
diff --git a/src/libpts/plugins/imv_attestation/attest_usage.c b/src/libpts/plugins/imv_attestation/attest_usage.c
index 964e10084..952b88b89 100644
--- a/src/libpts/plugins/imv_attestation/attest_usage.c
+++ b/src/libpts/plugins/imv_attestation/attest_usage.c
@@ -24,16 +24,14 @@ void usage(void)
{
printf("\
Usage:\n\
- ipsec attest --files|--components|--products|--hashes|--add|--del [options]\n\
+ ipsec attest --files|--products|--keys|--hashes [options]\n\
+ \n\
+ ipsec attest --components|-keys|--measurements|--add|--del [options]\n\
\n\
ipsec attest --files [--product <name>|--pid <id>]\n\
Show a list of files with a software product name or\n\
its primary key as an optional selector.\n\
\n\
- ipsec attest --components [--product <name>|--pid <id>]\n\
- Show a list of components with a software product name or\n\
- its primary key as an optional selector.\n\
- \n\
ipsec attest --products [--file <path>|--fid <id>]\n\
Show a list of supported software products with a file path or\n\
its primary key as an optional selector.\n\
@@ -46,15 +44,37 @@ Usage:\n\
Show a list of measurement hashes for a given file or\n\
its primary key as an optional selector.\n\
\n\
+ ipsec attest --components [--key <digest>|--kid <id>]\n\
+ Show a list of components with an AIK digest or\n\
+ its primary key as an optional selector.\n\
+ \n\
+ ipsec attest --keys [--components <cfn>|--cid <id>]\n\
+ Show a list of AIK key digests with a component or\n\
+ its primary key as an optional selector.\n\
+ \n\
+ ipsec attest --measurements [--sha1|--sha256|--sha384] [--component <cfn>|--cid <id>]\n\
+ Show a list of component measurements for a given component or\n\
+ its primary key as an optional selector.\n\
+ \n\
+ ipsec attest --measurements [--sha1|--sha256|--sha384] [--key <digest>|--kid <id>]\n\
+ Show a list of component measurements for a given AIK or\n\
+ its primary key as an optional selector.\n\
+ \n\
ipsec attest --add --file <path>|--dir <path>|--product <name>|--component <cfn>\n\
Add a file, directory, product or component entry\n\
Component <cfn> entries must be of the form <vendor_id>/<name>-<qualifier>\n\
\n\
+ ipsec attest --add [--owner <name>] --key <digest>\n\
+ Add an AIK public key digest entry preceded by an optional owner name\n\
+ \n\
ipsec attest --del --file <path>|--fid <id>|--dir <path>|--did <id>\n\
- Delete a file or directoryentry referenced either by value or primary key\n\
+ Delete a file or directory entry referenced either by value or primary key\n\
\n\
ipsec attest --del --product <name>|--pid <id>|--component <cfn>|--cid <id>\n\
Delete a product or component entry referenced either by value or primary key\n\
+ \n\
+ ipsec attest --del --key <digest>|--kid <id>\n\
+ Delete an AIK entry referenced either by value or primary key\n\
\n");
}
diff --git a/src/libpts/plugins/imv_attestation/data.sql b/src/libpts/plugins/imv_attestation/data.sql
index cc580bce0..20a8e40f5 100644
--- a/src/libpts/plugins/imv_attestation/data.sql
+++ b/src/libpts/plugins/imv_attestation/data.sql
@@ -176,26 +176,6 @@ INSERT INTO files (
0, '/etc/tnc_config'
);
-/* Components */
-
-INSERT INTO components (
- vendor_id, name, qualifier
-) VALUES (
- 36906, 1, 33 /* ITA TGRUB */
-);
-
-INSERT INTO components (
- vendor_id, name, qualifier
-) VALUES (
- 36906, 2, 33 /* ITA TBOOT */
-);
-
-INSERT INTO components (
- vendor_id, name, qualifier
-) VALUES (
- 36906, 3, 33 /* ITA IMA */
-);
-
/* Product-File */
INSERT INTO product_file (
@@ -408,26 +388,6 @@ INSERT INTO product_file (
7, 22, 1
);
-/* Product Component */
-
-INSERT INTO product_component (
- product, component, depth, seq_no
-) VALUES (
- 4, 2, 0, 1
-);
-
-INSERT INTO product_component (
- product, component, depth, seq_no
-) VALUES (
- 7, 3, 0, 1
-);
-
-INSERT INTO product_component (
- product, component, depth, seq_no
-) VALUES (
- 7, 2, 0, 2
-);
-
/* File Hashes */
INSERT INTO file_hashes (
@@ -1295,789 +1255,837 @@ INSERT INTO file_hashes (
20, 7, 7, 8192, X'84200bd318bb022915150842ddf4002e061ef593604ad0d07021dc662cc40bfa749cce084ddf25d0e5137f6380f613d8'
);
+/* AIKs */
+
+INSERT INTO keys (
+ keyid, owner
+) VALUES (
+ X'b772a6730776b9f028e5adfccd40b55c320a13b6', 'Andreas, merthyr (Fujitsu Siemens Lifebook S6420)'
+);
+
+/* Components */
+
+INSERT INTO components (
+ vendor_id, name, qualifier
+) VALUES (
+ 36906, 1, 33 /* ITA TGRUB */
+);
+
+INSERT INTO components (
+ vendor_id, name, qualifier
+) VALUES (
+ 36906, 2, 33 /* ITA TBOOT */
+);
+
+INSERT INTO components (
+ vendor_id, name, qualifier
+) VALUES (
+ 36906, 3, 33 /* ITA IMA */
+);
+
+/* AIK Component */
+
+INSERT INTO key_component (
+ key, component, depth, seq_no
+) VALUES (
+ 2, 2, 0, 1
+);
+
+INSERT INTO key_component (
+ key, component, depth, seq_no
+) VALUES (
+ 1, 3, 0, 1
+);
+
+INSERT INTO key_component (
+ key, component, depth, seq_no
+) VALUES (
+ 1, 2, 0, 2
+);
+
/* Component Hashes */
/* ITA TBOOT Functional Component */
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 2, 4, 1, 17, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902'
+ 2, 2, 1, 17, 32768, X'9704353630674bfe21b86b64a7b0f99c297cf902'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 2, 4, 2, 18, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0'
+ 2, 2, 2, 18, 32768, X'8397d8048ee36d7955e38da16fc33e86ef61d6b0'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 2, 7, 1, 17, 32768, X'd537d437f058136eb3d7be517dbe7647b623c619'
+ 2, 1, 1, 17, 32768, X'd537d437f058136eb3d7be517dbe7647b623c619'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 2, 7, 2, 18, 32768, X'160d2b04d11eb225fb148615b699081869e15b6c'
+ 2, 1, 2, 18, 32768, X'160d2b04d11eb225fb148615b699081869e15b6c'
);
/* ITA IMA Functional Component */
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 1, 0, 32768, X'4d894eef0ae7cb124740df4f6c5c35aa0fe7dae8'
+ 3, 1, 1, 0, 32768, X'4d894eef0ae7cb124740df4f6c5c35aa0fe7dae8'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 2, 0, 32768, X'f2c846e7f335f7b9e9dd0a44f48c48e1986750c7'
+ 3, 1, 2, 0, 32768, X'f2c846e7f335f7b9e9dd0a44f48c48e1986750c7'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 3, 0, 32768, X'db0b68f3ad06b5c0c35deb56af22b8f0bc23ea50'
+ 3, 1, 3, 0, 32768, X'db0b68f3ad06b5c0c35deb56af22b8f0bc23ea50'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 4, 0, 32768, X'a662680c8564f92cf20c5857d781ed3f0806da5d'
+ 3, 1, 4, 0, 32768, X'a662680c8564f92cf20c5857d781ed3f0806da5d'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 5, 0, 32768, X'10bfa817da3a9e5760fbe78f216502e8ca4f94ef'
+ 3, 1, 5, 0, 32768, X'10bfa817da3a9e5760fbe78f216502e8ca4f94ef'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 6, 0, 32768, X'd0e1af1be845f570e44612613c4ddf3f08996151'
+ 3, 1, 6, 0, 32768, X'd0e1af1be845f570e44612613c4ddf3f08996151'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 7, 0, 32768, X'f05553c39e8130c7bb5db6cd6a6bf627311a9b01'
+ 3, 1, 7, 0, 32768, X'f05553c39e8130c7bb5db6cd6a6bf627311a9b01'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 8, 0, 32768, X'96ef1ad4efc5be2b894a12e5bffddcd496044a08'
+ 3, 1, 8, 0, 32768, X'96ef1ad4efc5be2b894a12e5bffddcd496044a08'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 9, 0, 32768, X'e9055f2050b99b9127b6feef3164cb8ead8eb2eb'
+ 3, 1, 9, 0, 32768, X'e9055f2050b99b9127b6feef3164cb8ead8eb2eb'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 10, 0, 32768, X'6f8150aa3423544ea59ea10025993e660568cc08'
+ 3, 1, 10, 0, 32768, X'6f8150aa3423544ea59ea10025993e660568cc08'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 11, 0, 32768, X'f843e55c9061fec89f2aeb369a74b73fe8eb09e4'
+ 3, 1, 11, 0, 32768, X'f843e55c9061fec89f2aeb369a74b73fe8eb09e4'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 12, 0, 32768, X'1d1efd1cb89be96f8fdf20ee0b67a89670659208'
+ 3, 1, 12, 0, 32768, X'1d1efd1cb89be96f8fdf20ee0b67a89670659208'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 13, 0, 32768, X'f907598ec6fcc5779ff9091ba0925c1d58500352'
+ 3, 1, 13, 0, 32768, X'f907598ec6fcc5779ff9091ba0925c1d58500352'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 14, 0, 32768, X'42f32d6fba099b0eea2e9a480dc8d4482e20412e'
+ 3, 1, 14, 0, 32768, X'42f32d6fba099b0eea2e9a480dc8d4482e20412e'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 15, 0, 32768, X'e8a7cd52522ebacf4637a2b875494cda1c26bd8c'
+ 3, 1, 15, 0, 32768, X'e8a7cd52522ebacf4637a2b875494cda1c26bd8c'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 16, 0, 32768, X'd62d2c550fd06cae76f3e9c4d63f5fc22e34d4fe'
+ 3, 1, 16, 0, 32768, X'd62d2c550fd06cae76f3e9c4d63f5fc22e34d4fe'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 17, 0, 32768, X'dc1293a87cab43024a4eaeb684a0186e33dacfe3'
+ 3, 1, 17, 0, 32768, X'dc1293a87cab43024a4eaeb684a0186e33dacfe3'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 18, 0, 32768, X'03df488f642a9614ed718bf149fb7289d124189a'
+ 3, 1, 18, 0, 32768, X'03df488f642a9614ed718bf149fb7289d124189a'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 19, 0, 32768, X'46f1426433c57ee44b5593584308f8b7ac414e17'
+ 3, 1, 19, 0, 32768, X'46f1426433c57ee44b5593584308f8b7ac414e17'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 20, 0, 32768, X'1a837850cff01cd311948abd611174fa5699804b'
+ 3, 1, 20, 0, 32768, X'1a837850cff01cd311948abd611174fa5699804b'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 21, 0, 32768, X'1c15052b28ac97e6e1cd0b4671fe75607c07de02'
+ 3, 1, 21, 0, 32768, X'1c15052b28ac97e6e1cd0b4671fe75607c07de02'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 22, 0, 32768, X'1839bc8b6cd9351565a6bacb57f0e35562962cba'
+ 3, 1, 22, 0, 32768, X'1839bc8b6cd9351565a6bacb57f0e35562962cba'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 23, 0, 32768, X'f428189580a77b142b3de6cd3c183cb0a24dba6f'
+ 3, 1, 23, 0, 32768, X'f428189580a77b142b3de6cd3c183cb0a24dba6f'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 24, 0, 32768, X'f9b7302c9212a5398057ddea9c7506b265c3276f'
+ 3, 1, 24, 0, 32768, X'f9b7302c9212a5398057ddea9c7506b265c3276f'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 25, 0, 32768, X'3af5d2929b9606b94b404a45deed9a9d673f49b7'
+ 3, 1, 25, 0, 32768, X'3af5d2929b9606b94b404a45deed9a9d673f49b7'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 26, 0, 32768, X'51a7df78bd7a23399b2824ec053f2abe5e4ee049'
+ 3, 1, 26, 0, 32768, X'51a7df78bd7a23399b2824ec053f2abe5e4ee049'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 27, 0, 32768, X'2a3675f5efce9151670e9d4ec41e2edf4708d336'
+ 3, 1, 27, 0, 32768, X'2a3675f5efce9151670e9d4ec41e2edf4708d336'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 28, 0, 32768, X'a0cc14b4fde29d7251673af434b2ab246e5acf5a'
+ 3, 1, 28, 0, 32768, X'a0cc14b4fde29d7251673af434b2ab246e5acf5a'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 29, 0, 32768, X'5932b35ba45894e65d6aa1afbe2101f677e17000'
+ 3, 1, 29, 0, 32768, X'5932b35ba45894e65d6aa1afbe2101f677e17000'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 30, 0, 32768, X'ee12ad673d19d8f436ea7832e64935a0ddf9930e'
+ 3, 1, 30, 0, 32768, X'ee12ad673d19d8f436ea7832e64935a0ddf9930e'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 31, 0, 32768, X'7bd9b4947ae9b600e6a2d61ead80104d878bb9d2'
+ 3, 1, 31, 0, 32768, X'7bd9b4947ae9b600e6a2d61ead80104d878bb9d2'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 32, 0, 32768, X'849c60fc7b366717aea2295a37b341e40626dd28'
+ 3, 1, 32, 0, 32768, X'849c60fc7b366717aea2295a37b341e40626dd28'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 33, 0, 32768, X'cdd448834760041cc30edd09f41ae36cbf9459ef'
+ 3, 1, 33, 0, 32768, X'cdd448834760041cc30edd09f41ae36cbf9459ef'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 34, 0, 32768, X'9471225809633ae61f2693711cd878ba2ac59ef9'
+ 3, 1, 34, 0, 32768, X'9471225809633ae61f2693711cd878ba2ac59ef9'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 35, 0, 32768, X'4aaa26a4d1389b2400138269d3415bb492cc4312'
+ 3, 1, 35, 0, 32768, X'4aaa26a4d1389b2400138269d3415bb492cc4312'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 36, 0, 32768, X'a08b0c957c8f741e273e8aa9a88d87b32b860228'
+ 3, 1, 36, 0, 32768, X'a08b0c957c8f741e273e8aa9a88d87b32b860228'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 37, 0, 32768, X'7ecbc26a2272256969e4c626998570c7e013be9c'
+ 3, 1, 37, 0, 32768, X'7ecbc26a2272256969e4c626998570c7e013be9c'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 38, 0, 32768, X'12dcf52c5a92b64dd5113031379f27b9f42d5c49'
+ 3, 1, 38, 0, 32768, X'12dcf52c5a92b64dd5113031379f27b9f42d5c49'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 39, 0, 32768, X'ca1b8cc8e8ee8b209fc7b55656c3f6ac0b8f86fd'
+ 3, 1, 39, 0, 32768, X'ca1b8cc8e8ee8b209fc7b55656c3f6ac0b8f86fd'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 40, 0, 32768, X'8566865ae43d19574e85f9f3b6376715ffb3c707'
+ 3, 1, 40, 0, 32768, X'8566865ae43d19574e85f9f3b6376715ffb3c707'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 41, 0, 32768, X'39c9fda07d57fc185b37bac70ba1068d6e7c41d3'
+ 3, 1, 41, 0, 32768, X'39c9fda07d57fc185b37bac70ba1068d6e7c41d3'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 42, 0, 32768, X'96a2c8b6caf11da5a37b41706217d4e94bb627c0'
+ 3, 1, 42, 0, 32768, X'96a2c8b6caf11da5a37b41706217d4e94bb627c0'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 43, 0, 32768, X'6ee8c5a500af82a1fdf42e5122196fad4f2bbc06'
+ 3, 1, 43, 0, 32768, X'6ee8c5a500af82a1fdf42e5122196fad4f2bbc06'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 44, 0, 32768, X'd2f71dff59d0ab86d0ada6ea288227602d6cf371'
+ 3, 1, 44, 0, 32768, X'd2f71dff59d0ab86d0ada6ea288227602d6cf371'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 45, 0, 32768, X'095c8df0b106947e2c62a4458b13f38c6fc4f982'
+ 3, 1, 45, 0, 32768, X'095c8df0b106947e2c62a4458b13f38c6fc4f982'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 46, 0, 32768, X'706071d37157e1030900df60e6efaf897fbab1ec'
+ 3, 1, 46, 0, 32768, X'706071d37157e1030900df60e6efaf897fbab1ec'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 47, 0, 32768, X'97f093c5ab5e2baf9b6f1473b631d3db2595fe99'
+ 3, 1, 47, 0, 32768, X'97f093c5ab5e2baf9b6f1473b631d3db2595fe99'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 48, 0, 32768, X'c12dd08ffbb4c09e3c282dd7f94cdcc9148ab866'
+ 3, 1, 48, 0, 32768, X'c12dd08ffbb4c09e3c282dd7f94cdcc9148ab866'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 49, 0, 32768, X'fb3df3be6d847db26e07eb61312bdc533bda53d2'
+ 3, 1, 49, 0, 32768, X'fb3df3be6d847db26e07eb61312bdc533bda53d2'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 50, 0, 32768, X'88195da5656b80c68bd3e131fb673b197281c2b0'
+ 3, 1, 50, 0, 32768, X'88195da5656b80c68bd3e131fb673b197281c2b0'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 51, 0, 32768, X'28353744f0fab757b1a870de007b6c8821d4723e'
+ 3, 1, 51, 0, 32768, X'28353744f0fab757b1a870de007b6c8821d4723e'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 52, 0, 32768, X'9338b619160d4fb1a844acc95b0556b3d6109a77'
+ 3, 1, 52, 0, 32768, X'9338b619160d4fb1a844acc95b0556b3d6109a77'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 53, 0, 32768, X'cd7f42895c6e4f9752f8b34184059d7ad4e5e6ce'
+ 3, 1, 53, 0, 32768, X'cd7f42895c6e4f9752f8b34184059d7ad4e5e6ce'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 54, 0, 32768, X'da5611278bf6855a44e5b1b5d62c76822a81674d'
+ 3, 1, 54, 0, 32768, X'da5611278bf6855a44e5b1b5d62c76822a81674d'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 55, 0, 32768, X'eb4148c57806114b755416ba96b282fcc99ac2d1'
+ 3, 1, 55, 0, 32768, X'eb4148c57806114b755416ba96b282fcc99ac2d1'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 56, 0, 32768, X'5e05f61508a391480dc83f741920a5de059546bc'
+ 3, 1, 56, 0, 32768, X'5e05f61508a391480dc83f741920a5de059546bc'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 57, 0, 32768, X'a23b279883915b0dc3313081924366ea5e75bdc1'
+ 3, 1, 57, 0, 32768, X'a23b279883915b0dc3313081924366ea5e75bdc1'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 58, 2, 32768, X'ef7511b5248557ae637f46b552f8af59020f2b00'
+ 3, 1, 58, 2, 32768, X'ef7511b5248557ae637f46b552f8af59020f2b00'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 59, 2, 32768, X'6240c588a2d7740f5c2c9523bff7d98334998d77'
+ 3, 1, 59, 2, 32768, X'6240c588a2d7740f5c2c9523bff7d98334998d77'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 60, 2, 32768, X'808ce28868d844d547e0c2cc4271c14be2a568b6'
+ 3, 1, 60, 2, 32768, X'808ce28868d844d547e0c2cc4271c14be2a568b6'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 61, 2, 32768, X'd736a206033ecbefc09e909f0d2d72c38d49d50b'
+ 3, 1, 61, 2, 32768, X'd736a206033ecbefc09e909f0d2d72c38d49d50b'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 62, 2, 32768, X'387a7087c3159f7d0a6388d722c200a599b4703b'
+ 3, 1, 62, 2, 32768, X'387a7087c3159f7d0a6388d722c200a599b4703b'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 63, 2, 32768, X'b6a679dda488042eee3cf9a525a9ae88b9514229'
+ 3, 1, 63, 2, 32768, X'b6a679dda488042eee3cf9a525a9ae88b9514229'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 64, 2, 32768, X'693b89dc96682f85b389208ec052f4853fd971eb'
+ 3, 1, 64, 2, 32768, X'693b89dc96682f85b389208ec052f4853fd971eb'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 65, 2, 32768, X'e4b83a6888c69eeb1c65c7ff50ee39897ca51008'
+ 3, 1, 65, 2, 32768, X'e4b83a6888c69eeb1c65c7ff50ee39897ca51008'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 66, 2, 32768, X'9e0735ad94f4d10faa43f75d02c4edb9b7eb91d4'
+ 3, 1, 66, 2, 32768, X'9e0735ad94f4d10faa43f75d02c4edb9b7eb91d4'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 67, 2, 32768, X'881dd3cb2f1f0e3323bf8c5586dfaba2ffcb1a55'
+ 3, 1, 67, 2, 32768, X'881dd3cb2f1f0e3323bf8c5586dfaba2ffcb1a55'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 68, 2, 32768, X'6461d3771999c3a4b3c15bf4e38da30b91bc1b17'
+ 3, 1, 68, 2, 32768, X'6461d3771999c3a4b3c15bf4e38da30b91bc1b17'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 69, 6, 32768, X'fcad787f7771637d659638d92b5eee9385b3d7b9'
+ 3, 1, 69, 6, 32768, X'fcad787f7771637d659638d92b5eee9385b3d7b9'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 70, 0, 32768, X'4b90d9178efc5cf9a9ddf4f8bcc49008785d76ec'
+ 3, 1, 70, 0, 32768, X'4b90d9178efc5cf9a9ddf4f8bcc49008785d76ec'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 71, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
+ 3, 1, 71, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 72, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
+ 3, 1, 72, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 73, 2, 32768, X'bc3a1d50aaffa207d2e6645228bb4f1cd40c88e0'
+ 3, 1, 73, 2, 32768, X'bc3a1d50aaffa207d2e6645228bb4f1cd40c88e0'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 74, 2, 32768, X'96ea8b0ccfb43fa6da4e98d8f51609cf8eabd91e'
+ 3, 1, 74, 2, 32768, X'96ea8b0ccfb43fa6da4e98d8f51609cf8eabd91e'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 75, 2, 32768, X'd05ef7250cc103540601fb8956c89c3ba1f47a4e'
+ 3, 1, 75, 2, 32768, X'd05ef7250cc103540601fb8956c89c3ba1f47a4e'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 76, 2, 32768, X'd5c28da6b58a66fba125e99c6b6d0e36a1b18315'
+ 3, 1, 76, 2, 32768, X'd5c28da6b58a66fba125e99c6b6d0e36a1b18315'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 77, 2, 32768, X'0ba611dd45de9acbe3d0da0d2e478e4aa77ff515'
+ 3, 1, 77, 2, 32768, X'0ba611dd45de9acbe3d0da0d2e478e4aa77ff515'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 78, 4, 32768, X'9b4d80cfefc7d5576c4d9f224872505896ef2798'
+ 3, 1, 78, 4, 32768, X'9b4d80cfefc7d5576c4d9f224872505896ef2798'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 79, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
+ 3, 1, 79, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 80, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
+ 3, 1, 80, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 81, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
+ 3, 1, 81, 2, 32768, X'e79e468b1921b2293a80c5917efa6a45c379e810'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 82, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
+ 3, 1, 82, 2, 32768, X'be1bdec0aa74b4dcb079943e70528096cca985f8'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 83, 1, 32768, X'230b3bf13c752834decf47f5a86a75582abee51c'
+ 3, 1, 83, 1, 32768, X'230b3bf13c752834decf47f5a86a75582abee51c'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 84, 1, 32768, X'61f59f7782bb39610dbb6b1f57033c161810a267'
+ 3, 1, 84, 1, 32768, X'61f59f7782bb39610dbb6b1f57033c161810a267'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 85, 1, 32768, X'c744cac6af7621524fc3a2b0a9a135a32b33c81b'
+ 3, 1, 85, 1, 32768, X'c744cac6af7621524fc3a2b0a9a135a32b33c81b'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 86, 1, 32768, X'8a7532af1862f9f61ed08d2b92b82a2ecc99c54f'
+ 3, 1, 86, 1, 32768, X'8a7532af1862f9f61ed08d2b92b82a2ecc99c54f'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 87, 1, 32768, X'ba8fa710d303b3b2a594cba1cb73797c970ffa0b'
+ 3, 1, 87, 1, 32768, X'ba8fa710d303b3b2a594cba1cb73797c970ffa0b'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 88, 1, 32768, X'a46c5c8b58e67fbe9d3203bae335c0e39f68eff9'
+ 3, 1, 88, 1, 32768, X'a46c5c8b58e67fbe9d3203bae335c0e39f68eff9'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 89, 1, 32768, X'67476198f63603b84afa235970611cd614560cf2'
+ 3, 1, 89, 1, 32768, X'67476198f63603b84afa235970611cd614560cf2'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 90, 2, 32768, X'cdf4d79ac0a10d46a1d9d7ec9642883c71f77fc7'
+ 3, 1, 90, 2, 32768, X'cdf4d79ac0a10d46a1d9d7ec9642883c71f77fc7'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 91, 2, 32768, X'436067385bf6cd43e2f65f8d70d264af8fca876d'
+ 3, 1, 91, 2, 32768, X'436067385bf6cd43e2f65f8d70d264af8fca876d'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 92, 2, 32768, X'4916c4e9f1e91b34bd8acef1f827f0b444bdb858'
+ 3, 1, 92, 2, 32768, X'4916c4e9f1e91b34bd8acef1f827f0b444bdb858'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 93, 2, 32768, X'c66007c47ea62816006d220bbb8fc9d5681c4cc6'
+ 3, 1, 93, 2, 32768, X'c66007c47ea62816006d220bbb8fc9d5681c4cc6'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 94, 2, 32768, X'85782c59534d3915298da3da35101891a84be99e'
+ 3, 1, 94, 2, 32768, X'85782c59534d3915298da3da35101891a84be99e'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 95, 2, 32768, X'335f1897c44fef511bed7eb4394375bc2a36dbc3'
+ 3, 1, 95, 2, 32768, X'335f1897c44fef511bed7eb4394375bc2a36dbc3'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 96, 2, 32768, X'82ca255a4c2655eca1516b4249dcdd1edb892eef'
+ 3, 1, 96, 2, 32768, X'82ca255a4c2655eca1516b4249dcdd1edb892eef'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 97, 2, 32768, X'1086445009abbad955b9e915be04ac9afc74567d'
+ 3, 1, 97, 2, 32768, X'1086445009abbad955b9e915be04ac9afc74567d'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 98, 2, 32768, X'18fe7ae42869e2b3b11bf67215ef4f1c2e260251'
+ 3, 1, 98, 2, 32768, X'18fe7ae42869e2b3b11bf67215ef4f1c2e260251'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 99, 2, 32768, X'061efe921cad309990e63ed35a7b833e2eabfd2f'
+ 3, 1, 99, 2, 32768, X'061efe921cad309990e63ed35a7b833e2eabfd2f'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 100, 2, 32768, X'aab5803005883807e91538fdc71968edf81f367c'
+ 3, 1, 100, 2, 32768, X'aab5803005883807e91538fdc71968edf81f367c'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 101, 2, 32768, X'aab5803005883807e91538fdc71968edf81f367c'
+ 3, 1, 101, 2, 32768, X'aab5803005883807e91538fdc71968edf81f367c'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 102, 2, 32768, X'0ba199b3cd6991a884fe30f40e89d3d603aa5cbd'
+ 3, 1, 102, 2, 32768, X'0ba199b3cd6991a884fe30f40e89d3d603aa5cbd'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 103, 2, 32768, X'0ba199b3cd6991a884fe30f40e89d3d603aa5cbd'
+ 3, 1, 103, 2, 32768, X'0ba199b3cd6991a884fe30f40e89d3d603aa5cbd'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 104, 2, 32768, X'2a5aa44e77a223d701a53b0f9af6d13cf8443b2a'
+ 3, 1, 104, 2, 32768, X'2a5aa44e77a223d701a53b0f9af6d13cf8443b2a'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 105, 2, 32768, X'2a5aa44e77a223d701a53b0f9af6d13cf8443b2a'
+ 3, 1, 105, 2, 32768, X'2a5aa44e77a223d701a53b0f9af6d13cf8443b2a'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 106, 2, 32768, X'c32ab71e81421207255b2665316a9049ddff3653'
+ 3, 1, 106, 2, 32768, X'c32ab71e81421207255b2665316a9049ddff3653'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 107, 2, 32768, X'c32ab71e81421207255b2665316a9049ddff3653'
+ 3, 1, 107, 2, 32768, X'c32ab71e81421207255b2665316a9049ddff3653'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 108, 2, 32768, X'cafaeff88886bf0d07b0a6527341da22c08b609d'
+ 3, 1, 108, 2, 32768, X'cafaeff88886bf0d07b0a6527341da22c08b609d'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 109, 2, 32768, X'cafaeff88886bf0d07b0a6527341da22c08b609d'
+ 3, 1, 109, 2, 32768, X'cafaeff88886bf0d07b0a6527341da22c08b609d'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 110, 2, 32768, X'68d74b6eacdc3360615744c6aaddb357df9bdbec'
+ 3, 1, 110, 2, 32768, X'68d74b6eacdc3360615744c6aaddb357df9bdbec'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 111, 2, 32768, X'68d74b6eacdc3360615744c6aaddb357df9bdbec'
+ 3, 1, 111, 2, 32768, X'68d74b6eacdc3360615744c6aaddb357df9bdbec'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 112, 2, 32768, X'ac254b04f277ca7e887a4141bf5ed0cf62600d10'
+ 3, 1, 112, 2, 32768, X'ac254b04f277ca7e887a4141bf5ed0cf62600d10'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 113, 2, 32768, X'ac254b04f277ca7e887a4141bf5ed0cf62600d10'
+ 3, 1, 113, 2, 32768, X'ac254b04f277ca7e887a4141bf5ed0cf62600d10'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 114, 1, 32768, X'4f135c9ee49ca7fbfea079e5d6714802f0405407'
+ 3, 1, 114, 1, 32768, X'4f135c9ee49ca7fbfea079e5d6714802f0405407'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 115, 0, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
+ 3, 1, 115, 0, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 116, 1, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
+ 3, 1, 116, 1, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 117, 2, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
+ 3, 1, 117, 2, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 118, 3, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
+ 3, 1, 118, 3, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 119, 4, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
+ 3, 1, 119, 4, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 120, 5, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
+ 3, 1, 120, 5, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 121, 6, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
+ 3, 1, 121, 6, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 122, 7, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
+ 3, 1, 122, 7, 32768, X'9069ca78e7450a285173431b3e52c5c25299e473'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 123, 4, 32768, X'c1e25c3f6b0dc78d57296aa2870ca6f782ccf80f'
+ 3, 1, 123, 4, 32768, X'c1e25c3f6b0dc78d57296aa2870ca6f782ccf80f'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 124, 4, 32768, X'67a0a98bc4d6321142895a4d938b342f6959c1a9'
+ 3, 1, 124, 4, 32768, X'67a0a98bc4d6321142895a4d938b342f6959c1a9'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 125, 4, 32768, X'06d60b3a0dee9bb9beb2f0b04aff2e75bd1d2860'
+ 3, 1, 125, 4, 32768, X'06d60b3a0dee9bb9beb2f0b04aff2e75bd1d2860'
);
INSERT INTO component_hashes (
- component, product, seq_no, pcr, algo, hash
+ component, key, seq_no, pcr, algo, hash
) VALUES (
- 3, 7, 126, 5, 32768, X'1b87003b6c7d90483713c90100cca3e62392b9bc'
+ 3, 1, 126, 5, 32768, X'1b87003b6c7d90483713c90100cca3e62392b9bc'
);
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
index fb04ee036..c2447cd9f 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.c
@@ -210,9 +210,9 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
{
tcg_pts_attr_req_func_comp_evid_t *attr_cast;
enumerator_t *enumerator;
- char *platform_info;
pts_component_t *comp;
pts_comp_func_name_t *comp_name;
+ chunk_t keyid;
int vid, name, qualifier;
u_int8_t flags;
u_int32_t depth;
@@ -221,18 +221,17 @@ bool imv_attestation_build(pa_tnc_msg_t *msg,
attestation_state->set_handshake_state(attestation_state,
IMV_ATTESTATION_STATE_END);
- /* Get Platform and OS of the PTS-IMC */
- platform_info = pts->get_platform_info(pts);
- if (!pts_db || !platform_info)
+ if (!pts->get_aik_keyid(pts, &keyid))
{
- DBG1(DBG_IMV, "%s%s%s not available",
- (pts_db) ? "" : "pts database",
- (!pts_db && !platform_info) ? "and" : "",
- (platform_info) ? "" : "platform info");
+ break;
+ }
+ if (!pts_db)
+ {
+ DBG1(DBG_PTS, "pts database not available");
break;
}
- enumerator = pts_db->create_comp_evid_enumerator(pts_db, platform_info);
+ enumerator = pts_db->create_comp_evid_enumerator(pts_db, keyid);
if (!enumerator)
{
break;
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
index 5fa76121b..a50810b67 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.c
@@ -146,6 +146,8 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
{
tcg_pts_attr_aik_t *attr_cast;
certificate_t *aik, *issuer;
+ public_key_t *public;
+ chunk_t keyid;
enumerator_t *e;
bool trusted = FALSE;
@@ -158,7 +160,11 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
}
if (aik->get_type(aik) == CERT_X509)
{
- DBG1(DBG_IMV, "verifying AIK certificate");
+ public = aik->get_public_key(aik);
+ public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid);
+ DBG1(DBG_IMV, "verifying AIK certificate with keyid %#B", &keyid);
+ public->destroy(public);
+
e = pts_credmgr->create_trusted_enumerator(pts_credmgr,
KEY_ANY, aik->get_issuer(aik), FALSE);
while (e->enumerate(e, &issuer))
@@ -285,8 +291,10 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, linked_list_t *attr_list,
default:
case FAILED:
attestation_state->set_measurement_error(attestation_state);
- /* fall through to next case */
+ comp->destroy(comp);
+ break;
case SUCCESS:
+ name->log(name, " successfully measured ");
comp->destroy(comp);
break;
case NEED_MORE:
diff --git a/src/libpts/plugins/imv_attestation/tables.sql b/src/libpts/plugins/imv_attestation/tables.sql
index 564914e78..703557a07 100644
--- a/src/libpts/plugins/imv_attestation/tables.sql
+++ b/src/libpts/plugins/imv_attestation/tables.sql
@@ -7,14 +7,6 @@ CREATE TABLE files (
path TEXT NOT NULL
);
-DROP TABLE IF EXISTS components;
-CREATE TABLE components (
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
- vendor_id INTEGER NOT NULL,
- name INTEGER NOT NULL,
- qualifier INTEGER DEFAULT 0
-);
-
DROP TABLE IF EXISTS products;
CREATE TABLE products (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
@@ -34,15 +26,6 @@ CREATE TABLE product_file (
PRIMARY KEY (product, file)
);
-DROP TABLE IF EXISTS product_component;
-CREATE TABLE product_component (
- product INTEGER NOT NULL,
- component INTEGER NOT NULL,
- depth INTEGER DEFAULT 0,
- seq_no INTEGER DEFAULT 0,
- PRIMARY KEY (product, component)
-);
-
DROP TABLE IF EXISTS file_hashes;
CREATE TABLE file_hashes (
file INTEGER NOT NULL,
@@ -53,13 +36,47 @@ CREATE TABLE file_hashes (
PRIMARY KEY(file, directory, product, algo)
);
+DROP TABLE IF EXISTS keys;
+CREATE TABLE keys (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ keyid BLOB NOT NULL,
+ owner TEXT NOT NULL
+);
+DROP INDEX IF EXISTS keys_keyid;
+CREATE INDEX keys_keyid ON keys (
+ keyid
+);
+DROP INDEX IF EXISTS keys_owner;
+CREATE INDEX keys_owner ON keys (
+ owner
+);
+
+DROP TABLE IF EXISTS components;
+CREATE TABLE components (
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+ vendor_id INTEGER NOT NULL,
+ name INTEGER NOT NULL,
+ qualifier INTEGER DEFAULT 0
+);
+
+
+DROP TABLE IF EXISTS key_component;
+CREATE TABLE key_component (
+ key INTEGER NOT NULL,
+ component INTEGER NOT NULL,
+ depth INTEGER DEFAULT 0,
+ seq_no INTEGER DEFAULT 0,
+ PRIMARY KEY (key, component)
+);
+
+
DROP TABLE IF EXISTS component_hashes;
CREATE TABLE component_hashes (
component INTEGER NOT NULL,
- product INTEGER NOT NULL,
+ key INTEGER NOT NULL,
seq_no INTEGER NOT NULL,
pcr INTEGER NOT NULL,
algo INTEGER NOT NULL,
hash BLOB NOT NULL,
- PRIMARY KEY(component, product, seq_no, algo)
+ PRIMARY KEY(component, key, seq_no, algo)
);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 18:11:18 +0000