Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

treewide: extend IMA support #175

Merged
merged 1 commit into from
Mar 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 24 additions & 27 deletions attestationreport/attestationreport.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ type DriverConfig struct {
KeyConfig string
Metadata [][]byte
UseIma bool
ImaPcr int32
ImaPcr int
Serializer Serializer
MeasurementLog bool
}
Expand Down Expand Up @@ -103,15 +103,21 @@ type Validity struct {
NotAfter string `json:"notAfter" cbor:"1,keyasint"`
}

// HashChainElem represents the attestation report
// element of type 'Hash Chain' embedded in 'TPM Measurement'
type HashChainElem struct {
Type string `json:"type" cbor:"0,keyasint"`
Pcr int32 `json:"pcr,omitempty" cbor:"1,keyasint,omitempty"`
Sha256 []HexByte `json:"sha256" cbor:"2,keyasint"`
Summary bool `json:"summary,omitempty" cbor:"3,keyasint,omitempty"` // Indicates if element represents final PCR value or single artifact
EventName []string `json:"eventname,omitempty" cbor:"4,keyasint,omitempty"`
EventData []EventData `json:"eventdata,omitempty" cbor:"5,keyasint,omitempty"`
// PcrMeasurement represents the measurements of a single PCR. If the type is 'PCR Summary',
// Sha256 is the final PCR value. If the type is 'PCR Eventlog', Sha256 is a list of the
// extends that leads to the final PCR value. The list is retrieved by the prover
// e.g. from the TPM binary bios measurements list or the IMA runtime measurements list.
type PcrMeasurement struct {
Type string `json:"type" cbor:"0,keyasint"`
Pcr int `json:"pcr" cbor:"1,keyasint"`
Summary HexByte `json:"summary,omitempty" cbor:"2,keyasint,omitempty"`
Events []PcrEvent `json:"events,omitempty" cbor:"3,keyasint,omitempty"`
}

type PcrEvent struct {
Sha256 HexByte `json:"sha256" cbor:"2,keyasint"`
EventName string `json:"eventname,omitempty" cbor:"4,keyasint,omitempty"`
EventData *EventData `json:"eventdata,omitempty" cbor:"5,keyasint,omitempty"`
}

// TpmMeasurement represents the attestation report
Expand All @@ -122,7 +128,7 @@ type Measurement struct {
Evidence []byte `json:"evidence" cbor:"1,keyasint"`
Certs [][]byte `json:"certs" cbor:"3,keyasint"`
Signature []byte `json:"signature,omitempty" cbor:"2,keyasint,omitempty"`
HashChain []*HashChainElem `json:"hashChain,omitempty" cbor:"4,keyasint,omitempty"`
Pcrs []PcrMeasurement `json:"pcrs,omitempty" cbor:"4,keyasint,omitempty"`
Sha256 HexByte `json:"sha256,omitempty" cbor:"5,keyasint,omitempty"`
Description string `json:"description,omitempty" cbor:"6,keyasint,omitempty"`
}
Expand Down Expand Up @@ -240,12 +246,13 @@ type ReferenceValue struct {
Sha256 HexByte `json:"sha256,omitempty" cbor:"1,keyasint,omitempty"`
Sha384 HexByte `json:"sha384,omitempty" cbor:"2,keyasint,omitempty"`
Name string `json:"name,omitempty" cbor:"3,keyasint,omitempty"`
Pcr *int `json:"pcr,omitempty" cbor:"4,keyasint,omitempty"`
Snp *SnpDetails `json:"snp,omitempty" cbor:"5,keyasint,omitempty"`
Tdx *TDXDetails `json:"tdx,omitempty" cbor:"8,keyasint,omitempty"`
Sgx *SGXDetails `json:"sgx,omitempty" cbor:"9,keyasint,omitempty"`
Description string `json:"description,omitempty" cbor:"6,keyasint,omitempty"`
EventData *EventData `json:"eventdata,omitempty" cbor:"7,keyasint,omitempty"`
Optional bool `json:"optional,omitempty" cbor:"4,keyasint,omitempty"`
Pcr *int `json:"pcr,omitempty" cbor:"5,keyasint,omitempty"`
Snp *SnpDetails `json:"snp,omitempty" cbor:"6,keyasint,omitempty"`
Tdx *TDXDetails `json:"tdx,omitempty" cbor:"7,keyasint,omitempty"`
Sgx *SGXDetails `json:"sgx,omitempty" cbor:"8,keyasint,omitempty"`
Description string `json:"description,omitempty" cbor:"9,keyasint,omitempty"`
EventData *EventData `json:"eventdata,omitempty" cbor:"10,keyasint,omitempty"`
}

// AppDescription represents the attestation report
Expand Down Expand Up @@ -953,16 +960,6 @@ func checkValidity(val Validity) Result {
return result
}

// Searches for a specific hash value in the reference values for RTM and OS
func getReferenceValue(hash []byte, refVals []ReferenceValue) *ReferenceValue {
for _, ver := range refVals {
if bytes.Equal(ver.Sha256, hash) {
return &ver
}
}
return nil
}

func collectReferenceValues(metadata *Metadata) (map[string][]ReferenceValue, error) {
// Gather a list of all reference values independent of the type
verList := append(metadata.RtmManifest.ReferenceValues, metadata.OsManifest.ReferenceValues...)
Expand Down
5 changes: 5 additions & 0 deletions attestationreport/bioseventdata.go
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,11 @@ func ParseEventData(eventBytes []uint8, eventName string) *EventData {
default:
exInfo.GenericData = (eventBytes)
}

if EmptyEventdata(exInfo) {
return nil
}

return exInfo

}
Expand Down
Loading
Loading