Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(pcr0tool): Add support of a logger #347

Closed
wants to merge 1 commit into from
Closed

feat(pcr0tool): Add support of a logger #347

wants to merge 1 commit into from

Conversation

xaionaro
Copy link
Collaborator

Adding basic support of a Logger to pcr0tool.

Test Plan

Ran:

go run ./cmd/pcr0tool/ -log-level=trace sum -hash-func sha256 -registers ~/firmware/northdome.registers ~/firmware/northdome.fd

Output:

DEBU[0000] FindEmbeddedFirmwareStructure err-result: <nil>
debugInfo: {
  "config_orig": {
    "Flow": 0,
    "FindMissingFakeMeasurements": false,
    "Registers": [
      {
        "id": "MP0_C2P_MSG_37",
        "value": "jRAAEQ=="
      },
      {
        "id": "MP0_C2P_MSG_38",
        "value": "AAAAUA=="
      }
    ],
    "PCR0DataIbbDigestHashAlgorithm": 11,
    "TPMDevice": 0
  },
  "config_result": {
    "Flow": 6,
    "FindMissingFakeMeasurements": false,
    "Registers": [
      {
        "id": "MP0_C2P_MSG_37",
        "value": "jRAAEQ=="
      },
      {
        "id": "MP0_C2P_MSG_38",
        "value": "AAAAUA=="
      }
    ],
    "PCR0DataIbbDigestHashAlgorithm": 11,
    "TPMDevice": 0
  },
  "detectedAttestationFlow": "LegacyAMDLocality3",
  "warnings": "errors: unable to collect measurement 'pcdFirmwareVendor_measured_data' (is_fake:false): unable to find the source of firmware vendor version"
}
measurements: [
  {
    "ID": "PSP firmware version",
    "Data": [
      {
        "Range": {
          "Offset": 1778784,
          "Length": 4
        }
      }
    ]
  },
  {
    "ID": "BIOS RTM Volume",
    "Data": [
      {
        "Range": {
          "Offset": 13041664,
          "Length": 3735552
        }
      }
    ]
  },
  {
    "ID": "pcdFirmwareVendor_measured_data",
    "Data": [
      {
        "Range": {
          "Offset": 0,
          "Length": 0
        },
        "ForceData": "HvtrVAwdVUCkrU70vxe4Og=="
      }
    ]
  },
  {
    "ID": "DXE",
    "Data": [
      {
        "Range": {
          "Offset": 5644288,
          "Length": 7397376
        }
      }
    ]
  },
  {
    "ID": "separator",
    "Data": [
      {
        "Range": {
          "Offset": 0,
          "Length": 0
        },
        "ForceData": "AAAAAA=="
      }
    ]
  }
]
Set 0x -> 0x0000000000000000000000000000000000000000000000000000000000000003

Event 'PSP firmware version': 6e001300 (*sha256.digest)
*sha256.digest(0x 0000000000000000000000000000000000000000000000000000000000000003 625C8E327941BDFB9099E21223DA6A76506A53F78150731CC15A46C5A69B5F49) == 0xA64E77E3E58BE712166AAD6094EDADB54835C700C287BF824FEDDC211F058C93

Event 'BIOS RTM Volume': 0000000000000000000000000000000078e58c8c... (len: 3735552) (*sha256.digest)
*sha256.digest(0x A64E77E3E58BE712166AAD6094EDADB54835C700C287BF824FEDDC211F058C93 B03975AC0D62E52C907CA1B219FB17847F54D33F49088C45BBEC19FF7662B8B7) == 0x82AA886E4FCC39440AFF481E743FF3D7F1EC8A254264147AC554B40F7243901C

Event 'pcdFirmwareVendor_measured_data': 1efb6b540c1d5540a4ad4ef4bf17b83a (*sha256.digest)
*sha256.digest(0x 82AA886E4FCC39440AFF481E743FF3D7F1EC8A254264147AC554B40F7243901C D4720B4009438213B803568017F903093F6BEA8AB47D283DB32B6EABEDBBF155) == 0x69422284A65D8494AF6A2F1EDC597759DE77B055EDD59E115D807A9B86D04E96

Event 'DXE': 000000000000000000000000000000007ac07354... (len: 7397376) (*sha256.digest)
*sha256.digest(0x 69422284A65D8494AF6A2F1EDC597759DE77B055EDD59E115D807A9B86D04E96 327885A92725B24F36664245B79517F7C2E1EB8DEDE90489540508250821A430) == 0x12E7B33F7160E7AFDE19A1D8A1BB3CC7F42615228B1FA706DAD88A2FCE701393

Event 'separator': 00000000 (*sha256.digest)
*sha256.digest(0x 12E7B33F7160E7AFDE19A1D8A1BB3CC7F42615228B1FA706DAD88A2FCE701393 DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119) == 0x64C87B9C60B73B405A8E21323D7BFFB67A8FF39D8B095DF1FEBE2988FF9CA4CC

Resulting PCR0: 64C87B9C60B73B405A8E21323D7BFFB67A8FF39D8B095DF1FEBE2988FF9CA4CC

The first line is:

DEBU[0000] FindEmbeddedFirmwareStructure err-result: <nil>

(as expected)

u1f35c
u1f35c reviewed Jan 24, 2023
View reviewed changes
pkg/log/fiano_logger.go Outdated

var _ fianoLog.Logger = FianoLogger{}

// FianoLogger is just a placeholder for a logger, which does nothing
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't true? We've gone from it doing nothing to being a wrapper around a logger. Also should the methods below not be checking if Backend is nil?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, replaced DummyLogger with FianoLogger, but forgot to update the comments. Fixed.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about the nil checks? You do fianoLog.DefaultLogger = log.FianoLogger{} in various places, which I think means if Fiano tries to log it's going to try to call a function on Backend which will be nil?

Copy link
Collaborator Author

@xaionaro xaionaro Jan 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IDE replaced it everywhere (I used the smart renaming function of IDE) and I just didn't know about these use cases in the code :(

Thanks for noticing! Fixed.

I just made FianoLogger safe using:

	if l.Backend == nil {
		return
	}

pkg/log/fiano_logger.go Outdated
// FianoLogger is just a placeholder for a logger, which does nothing
type FianoLogger struct {
Backend logger.Logger
LogAsLevel logger.Level
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these need to be exported? I don't see them used outside this package?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason to hide it? :)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I generally lean towards not exporting things that aren't needed so interface boundaries are kept to only the required pieces, but no strong push towards that here given it's all internal.

Copy link
Collaborator Author

@xaionaro xaionaro Jan 24, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems to me C++-y approach. I'd prefer in Go to export by default if there are no explicit safety concerns. In my opinion in Go we need to protect fields only if there are hidden assumptions about these fields, which does not seem the case here. But this is not a strong opinion, feel free to insist.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not insisting here, but let's have a conversation about it when I'm back after PTO.

@xaionaro xaionaro force-pushed the pcr_enable_logging branch 2 times, most recently from 3eb3375 to 5660f02 Compare January 26, 2023 14:03
@xaionaro xaionaro force-pushed the pcr_enable_logging branch 2 times, most recently from 77e09bc to 73796eb Compare March 2, 2023 23:11
xaionaro added a commit that referenced this pull request May 9, 2023
@xaionaro
[third-part-go] Update github.com/9elements/converged-security-suite
698f0b6 
This Diff imports these changes (they are not reviewed yet, go to GitHub to review them):
* #343 -- [pcrbruteforcer] Eradicate xcontext
* #347 -- feat(pcr0tool): Add support of a logger
* #348 -- feat(pcr0tool): SHA256 bruteforcer for TPMEventLog
* #349 -- Adjustments for a new AMD platform
@xaionaro xaionaro force-pushed the pcr_enable_logging branch from 2fefce6 to e29df8b Compare May 15, 2023 15:15
@ChriMarMe
Copy link
Collaborator

I know this took way too long on my side, sorry for that.

Can you rebase and fix, push and i will happily review and merge this week.

ChriMarMe
ChriMarMe approved these changes Jan 29, 2024
View reviewed changes
Copy link
Collaborator

@ChriMarMe ChriMarMe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Can be merged when rebased :)

@xaionaro
Copy link
Collaborator Author

xaionaro commented Jan 29, 2024
edited
Loading

The PR is beyond recovery by now.

I know this took way too long on my side, sorry for that.

No worries. A lot of stuff changes since then, and logger was basically introduced as a side effect of other PRs anyway.

@xaionaro xaionaro closed this Jan 29, 2024
@ChriMarMe ChriMarMe deleted the pcr_enable_logging branch January 30, 2024 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@u1f35c u1f35c u1f35c approved these changes

@ChriMarMe ChriMarMe ChriMarMe approved these changes

@rihter007 rihter007 Awaiting requested review from rihter007

@trynity trynity Awaiting requested review from trynity

@marcoguerri marcoguerri Awaiting requested review from marcoguerri

@zaolin zaolin Awaiting requested review from zaolin zaolin is a code owner

@walterchris walterchris Awaiting requested review from walterchris walterchris is a code owner

@flanfly flanfly Awaiting requested review from flanfly

@PatrickRudolph PatrickRudolph Awaiting requested review from PatrickRudolph PatrickRudolph is a code owner

@ArthurHeymans ArthurHeymans Awaiting requested review from ArthurHeymans ArthurHeymans is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xaionaro @ChriMarMe @u1f35c