attestationreport, cmc, cmcd, tpmdriver: added config for event log p…

…arsing Signed-off-by: Jeremias Giesecke <[email protected]>
Fraunhofer-AISEC · Dec 20, 2023 · a73ead6 · a73ead6
1 parent 8a7ad13
commit a73ead6
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 12 deletions.
diff --git a/attestationreport/attestationreport.go b/attestationreport/attestationreport.go
@@ -63,6 +63,7 @@ type DriverConfig struct {
 	UseIma      bool
 	ImaPcr      int32
 	Serializer  Serializer
+	EventData   bool
 }
 
 // Serializer is a generic interface providing methods for data serialization and
@@ -107,10 +108,11 @@ type Validity struct {
 // HashChainElem represents the attestation report
 // element of type 'Hash Chain' embedded in 'TPM Measurement'
 type HashChainElem struct {
-	Type    string    `json:"type" cbor:"0,keyasint"`
-	Pcr     int32     `json:"pcr" cbor:"1,keyasint"`
-	Sha256  []HexByte `json:"sha256" cbor:"2,keyasint"`
-	Summary bool      `json:"summary" cbor:"3,keyasint"` // Indicates if element represents final PCR value or single artifact
+	Type      string      `json:"type" cbor:"0,keyasint"`
+	Pcr       int32       `json:"pcr" cbor:"1,keyasint"`
+	Sha256    []HexByte   `json:"sha256" cbor:"2,keyasint"`
+	Summary   bool        `json:"summary" cbor:"3,keyasint"` // Indicates if element represents final PCR value or single artifact
+	EventData []EventData `json:"eventdata,omitempty" cbor:"4,keyasint,omitempty"`
 }
 
 // TpmMeasurement represents the attestation report
@@ -189,6 +191,7 @@ type ReferenceValue struct {
 	Pcr         *int        `json:"pcr,omitempty" cbor:"4,keyasint,omitempty"`
 	Snp         *SnpDetails `json:"snp,omitempty" cbor:"5,keyasint,omitempty"`
 	Description string      `json:"description,omitempty" cbor:"6,keyasint,omitempty"`
+	EventData   *EventData  `json:"eventdata,omitempty" cbor:"7,keyasint,omitempty"`
 }
 
 // AppDescription represents the attestation report

diff --git a/attestationreport/tpm.go b/attestationreport/tpm.go
@@ -175,10 +175,13 @@ func recalculatePcrs(tpmM *TpmMeasurement, referenceValues []ReferenceValue) (ma
 		for _, hce := range tpmM.HashChain {
 			if hce.Pcr == int32(*ref.Pcr) && !hce.Summary {
 				found := false
-				for _, sha256 := range hce.Sha256 {
+				for i, sha256 := range hce.Sha256 {
 					if bytes.Equal(sha256, ref.Sha256) {
 						found = true
 						refResult.Success = true
+						if hce.EventData != nil {
+							refResult.EventData = &hce.EventData[i]
+						}
 						break
 					}
 				}

diff --git a/attestationreport/validationreport.go b/attestationreport/validationreport.go
@@ -113,12 +113,13 @@ type PcrResult struct {
 // DigestResult represents a generic result for a digest that was processed
 // during attestation
 type DigestResult struct {
-	Pcr         *int   `json:"pcr,omitempty"`         // Number for the PCR if present (TPM)
-	Name        string `json:"name,omitempty"`        // Name of the software artifact
-	Digest      string `json:"digest"`                // Digest that was processed
-	Description string `json:"description,omitempty"` // Optional description
-	Success     bool   `json:"success"`               // Indicates whether match was found
-	Type        string `json:"type,omitempty"`        // On fail, indicates whether digest is reference or measurement
+	Pcr         *int       `json:"pcr,omitempty"`         // Number for the PCR if present (TPM)
+	Name        string     `json:"name,omitempty"`        // Name of the software artifact
+	Digest      string     `json:"digest"`                // Digest that was processed
+	Description string     `json:"description,omitempty"` // Optional description
+	Success     bool       `json:"success"`               // Indicates whether match was found
+	Type        string     `json:"type,omitempty"`        // On fail, indicates whether digest is reference or measurement
+	EventData   *EventData `json:"eventdata,omitempty"`   // data that was included from bioseventlog
 }
 
 // SwMeasurementResult represents the results for the reference values of

diff --git a/cmc/cmc.go b/cmc/cmc.go
@@ -49,6 +49,7 @@ type Config struct {
 	LogLevel       string   `json:"logLevel,omitempty"`
 	Storage        string   `json:"storage,omitempty"`
 	Cache          string   `json:"cache,omitempty"`
+	EventData      bool     `json:"eventdata,omitempty"`
 }
 
 type Cmc struct {
@@ -81,6 +82,7 @@ func NewCmc(c *Config) (*Cmc, error) {
 		Metadata:    metadata,
 		UseIma:      c.UseIma,
 		ImaPcr:      c.ImaPcr,
+		EventData:   c.EventData,
 		Serializer:  s,
 	}
 

diff --git a/cmcd/config.go b/cmcd/config.go
@@ -63,6 +63,7 @@ const (
 	logFlag          = "log"
 	storageFlag      = "storage"
 	cacheFlag        = "cache"
+	eventDataFlag    = "eventData"
 )
 
 func getConfig() (*cmc.Config, error) {
@@ -93,6 +94,8 @@ func getConfig() (*cmc.Config, error) {
 		fmt.Sprintf("Possible logging: %v", strings.Join(maps.Keys(logLevels), ",")))
 	storage := flag.String(storageFlag, "", "Optional folder to store internal CMC data in")
 	cache := flag.String(cacheFlag, "", "Optional folder to cache metadata for offline backup")
+	eventData := flag.Bool(eventDataFlag, false, "Indicates whether to include detailed information about measured events in Measurement and Verification log")
+	//TODO add options
 	flag.Parse()
 
 	// Create default configuration
@@ -155,6 +158,9 @@ func getConfig() (*cmc.Config, error) {
 	if internal.FlagPassed(cacheFlag) {
 		c.Cache = *cache
 	}
+	if internal.FlagPassed(eventDataFlag) {
+		c.EventData = *eventData
+	}
 
 	// Configure the logger
 	l, ok := logLevels[strings.ToLower(c.LogLevel)]
@@ -226,6 +232,7 @@ func printConfig(c *cmc.Config) {
 	log.Debugf("\tKey Config               : %v", c.KeyConfig)
 	log.Debugf("\tLogging Level            : %v", c.LogLevel)
 	log.Debugf("\tDrivers                  : %v", strings.Join(c.Drivers, ","))
+	log.Debugf("\tEvent Information        : %v", c.EventData)
 	if c.Storage != "" {
 		log.Debugf("\tInternal storage path    : %v", c.Storage)
 	}

diff --git a/tpmdriver/tpmdriver.go b/tpmdriver/tpmdriver.go
@@ -53,6 +53,7 @@ type Tpm struct {
 	MeasuringCerts []*x509.Certificate
 	UseIma         bool
 	ImaPcr         int32
+	EventData      bool
 }
 
 const (
@@ -173,6 +174,7 @@ func (t *Tpm) Init(c *ar.DriverConfig) error {
 	t.ImaPcr = c.ImaPcr
 	t.SigningCerts = ikchain
 	t.MeasuringCerts = akchain
+	t.EventData = c.EventData
 
 	return nil
 }
@@ -201,7 +203,7 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) {
 	// and use these values, which represent the software artifacts that have been
 	// extended. Use the final PCR values only as a fallback, if the file cannot be read
 	useBiosMeasurements := true
-	biosMeasurements, err := GetBiosMeasurements("/sys/kernel/security/tpm0/binary_bios_measurements")
+	biosMeasurements, err := GetBiosMeasurements("/sys/kernel/security/tpm0/binary_bios_measurements", t.EventData)
 	if err != nil {
 		useBiosMeasurements = false
 		log.Warnf("failed to read binary bios measurements: %v. Using final PCR values as measurements",
@@ -211,10 +213,16 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) {
 	hashChain := make([]*ar.HashChainElem, len(t.Pcrs))
 	for i, num := range t.Pcrs {
 		sha256 := make([]ar.HexByte, 0)
+		eventDataArray := make([]ar.EventData, 0) //to capture additional EventData
+
 		if useBiosMeasurements {
 			for _, digest := range biosMeasurements {
 				if num == *digest.Pcr {
 					sha256 = append(sha256, digest.Sha256)
+
+					if t.EventData {
+						eventDataArray = append(eventDataArray, *digest.EventData)
+					}
 				}
 			}
 		} else {
@@ -227,6 +235,10 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) {
 			Sha256:  sha256,
 			Summary: !useBiosMeasurements,
 		}
+		//appending EventData
+		if t.EventData {
+			hashChain[i].EventData = eventDataArray
+		}
 	}
 
 	if t.UseIma {