Defined BIOS and EFI event types and log event info
[strongswan.git] / src / libpts / pts / pts_ima_bios_list.c
index 18c41f2..38ec1a7 100644 (file)
 
 typedef struct private_pts_ima_bios_list_t private_pts_ima_bios_list_t;
 typedef struct bios_entry_t bios_entry_t;
+typedef enum event_type_t event_type_t;
+
+enum event_type_t {
+       /* BIOS Events (TCG PC Client Specification for Convential BIOS 1.21) */
+       EV_PREBOOT_CERT =                  0x00000000,
+       EV_POST_CODE =                     0x00000001,
+       EV_UNUSED =                        0x00000002,
+       EV_NO_ACTION =                     0x00000003,
+       EV_SEPARATOR =                     0x00000004,
+       EV_ACTION =                        0x00000005,
+       EV_EVENT_TAG =                     0x00000006,
+       EV_S_CRTM_CONTENTS =               0x00000007,
+       EV_S_CRTM_VERSION =                0x00000008,
+       EV_CPU_MICROCODE =                 0x00000009,
+       EV_PLATFORM_CONFIG_FLAGS =         0x0000000A,
+       EV_TABLE_OF_DEVICES =              0x0000000B,
+       EV_COMPACT_HASH =                  0x0000000C,
+       EV_IPL =                           0x0000000D,
+       EV_IPL_PARTITION_DATA =            0x0000000E,
+       EV_NONHOST_CODE =                  0x0000000F,
+       EV_NONHOST_CONFIG =                0x00000010,
+       EV_NONHOST_INFO =                  0x00000011,
+       EV_OMIT_BOOT_DEVICE_EVENTS =       0x00000012,
+
+       /* EFI Events (TCG EFI Platform Specification 1.22) */
+       EV_EFI_EVENT_BASE =                0x80000000,
+       EV_EFI_VARIABLE_DRIVER_CONFIG =    0x80000001,
+       EV_EFI_VARIABLE_BOOT =             0x80000002,
+       EV_EFI_BOOT_SERVICES_APPLICATION = 0x80000003,
+       EV_EFI_BOOT_SERVICES_DRIVER =      0x80000004,
+       EV_EFI_RUNTIME_SERVICES_DRIVER =   0x80000005,
+       EV_EFI_GPT_EVENT =                 0x80000006,
+       EV_EFI_ACTION =                    0x80000007,
+       EV_EFI_PLATFORM_FIRMWARE_BLOB =    0x80000008,
+       EV_EFI_HANDOFF_TABLES =            0x80000009,
+
+       EV_EFI_VARIABLE_AUTHORITY =        0x800000E0
+};
+
+ENUM_BEGIN(event_type_names, EV_PREBOOT_CERT, EV_OMIT_BOOT_DEVICE_EVENTS,
+       "Preboot Cert",
+       "POST Code",
+       "Unused",
+       "No Action",
+       "Separator",
+       "Action",
+       "Event Tag",
+       "S-CRTM Contents",
+       "S-CRTM Version",
+       "CPU Microcode",
+       "Platform Config Flags",
+       "Table of Devices",
+       "Compact Hash",
+       "IPL",
+       "IPL Partition Data",
+       "Nonhost Code",
+       "Nonhost Config",
+       "Nonhost Info",
+       "Omit Boot Device Events"
+);
+
+ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES,
+                                                       EV_OMIT_BOOT_DEVICE_EVENTS,
+       "EFI Event Base",
+       "EFI Variable Driver Config",
+       "EFI Variable Boot",
+       "EFI Boot Services Application",
+       "EFI Boot Services Driver",
+       "EFI Runtime Services Driver",
+       "EFI GPT Event",
+       "EFI Action",
+       "EFI Platform Firmware Blob",
+       "EFI Handoff Tables"
+);
+ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY,
+                                                       EV_EFI_HANDOFF_TABLES,
+       "EFI Variable Authority"
+);
+ENUM_END(event_type_names, EV_EFI_VARIABLE_AUTHORITY);
 
 /**
  * Private data of a pts_ima_bios_list_t object.
@@ -113,7 +192,10 @@ METHOD(pts_ima_bios_list_t, destroy, void,
 pts_ima_bios_list_t* pts_ima_bios_list_create(char *file)
 {
        private_pts_ima_bios_list_t *this;
-       uint32_t pcr, num, len;
+       uint32_t pcr, event_type, event_len, seek_len;
+       uint32_t buf_len = 2048;
+       uint8_t event_buf[buf_len];
+       chunk_t event;
        bios_entry_t *entry;
        struct stat st;
        ssize_t res;
@@ -145,6 +227,7 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file)
                .list = linked_list_create(),
        );
 
+       DBG2(DBG_PTS, "PCR Event Type  (Size)");
        while (TRUE)
        {
                res = read(fd, &pcr, 4);
@@ -164,7 +247,7 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file)
                {
                        break;
                }
-               if (read(fd, &num, 4) != 4)
+               if (read(fd, &event_type, 4) != 4)
                {
                        break;
                }
@@ -172,14 +255,32 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file)
                {
                        break;
                }
-               if (read(fd, &len, 4) != 4)
+               if (read(fd, &event_len, 4) != 4)
                {
                        break;
                }
-               if (lseek(fd, len, SEEK_CUR) == -1)
+               DBG2(DBG_PTS, "%2u  %N  (%u bytes)", pcr, event_type_names, event_type,
+                                                                                        event_len);
+
+               seek_len = (event_len > buf_len) ? event_len - buf_len : 0;
+               event_len -= seek_len;
+
+               if (read(fd, event_buf, event_len) != event_len)
                {
                        break;
                }
+               event = chunk_create(event_buf, event_len);
+               DBG3(DBG_PTS,"%B", &event);
+
+               if (event_type == EV_ACTION || event_type == EV_EFI_ACTION)
+               {
+                       DBG2(DBG_PTS, "     '%.*s'", event_len, event_buf);
+               }
+
+               if (seek_len > 0 && lseek(fd, seek_len, SEEK_CUR) == -1)
+               {
+                               break;
+               }
                this->list->insert_last(this->list, entry);
        }