From 7207e3a7eaf2c6e88e11fa9fce9814aa43a7526c Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 12 May 2014 15:24:55 +0200
Subject: [PATCH] Defined BIOS and EFI event types and log event info

On debug level 2 log EV_ACTION and EV_EFI_ACTION strings
and on level 3 dump raw event information
---
 src/libpts/pts/pts_ima_bios_list.c | 109 +++++++++++++++++++++++++++++++++++--
 1 file changed, 105 insertions(+), 4 deletions(-)

diff --git a/src/libpts/pts/pts_ima_bios_list.c b/src/libpts/pts/pts_ima_bios_list.c
index 18c41f2..38ec1a7 100644
--- a/src/libpts/pts/pts_ima_bios_list.c
+++ b/src/libpts/pts/pts_ima_bios_list.c
@@ -25,6 +25,85 @@
 
 typedef struct private_pts_ima_bios_list_t private_pts_ima_bios_list_t;
 typedef struct bios_entry_t bios_entry_t;
+typedef enum event_type_t event_type_t;
+
+enum event_type_t {
+	/* BIOS Events (TCG PC Client Specification for Convential BIOS 1.21) */
+	EV_PREBOOT_CERT =                  0x00000000,
+	EV_POST_CODE =                     0x00000001,
+	EV_UNUSED =                        0x00000002,
+	EV_NO_ACTION =                     0x00000003,
+	EV_SEPARATOR =                     0x00000004,
+	EV_ACTION =                        0x00000005,
+	EV_EVENT_TAG =                     0x00000006,
+	EV_S_CRTM_CONTENTS =               0x00000007,
+	EV_S_CRTM_VERSION =                0x00000008,
+	EV_CPU_MICROCODE =                 0x00000009,
+	EV_PLATFORM_CONFIG_FLAGS =         0x0000000A,
+	EV_TABLE_OF_DEVICES =              0x0000000B,
+	EV_COMPACT_HASH =                  0x0000000C,
+	EV_IPL =                           0x0000000D,
+	EV_IPL_PARTITION_DATA =            0x0000000E,
+	EV_NONHOST_CODE =                  0x0000000F,
+	EV_NONHOST_CONFIG =                0x00000010,
+	EV_NONHOST_INFO =                  0x00000011,
+	EV_OMIT_BOOT_DEVICE_EVENTS =       0x00000012,
+
+	/* EFI Events (TCG EFI Platform Specification 1.22) */
+	EV_EFI_EVENT_BASE =                0x80000000,
+	EV_EFI_VARIABLE_DRIVER_CONFIG =    0x80000001,
+	EV_EFI_VARIABLE_BOOT =             0x80000002,
+	EV_EFI_BOOT_SERVICES_APPLICATION = 0x80000003,
+	EV_EFI_BOOT_SERVICES_DRIVER =      0x80000004,
+	EV_EFI_RUNTIME_SERVICES_DRIVER =   0x80000005,
+	EV_EFI_GPT_EVENT =                 0x80000006,
+	EV_EFI_ACTION =                    0x80000007,
+	EV_EFI_PLATFORM_FIRMWARE_BLOB =    0x80000008,
+	EV_EFI_HANDOFF_TABLES =            0x80000009,
+
+	EV_EFI_VARIABLE_AUTHORITY =        0x800000E0
+};
+
+ENUM_BEGIN(event_type_names, EV_PREBOOT_CERT, EV_OMIT_BOOT_DEVICE_EVENTS,
+	"Preboot Cert",
+	"POST Code",
+	"Unused",
+	"No Action",
+	"Separator",
+	"Action",
+	"Event Tag",
+	"S-CRTM Contents",
+	"S-CRTM Version",
+	"CPU Microcode",
+	"Platform Config Flags",
+	"Table of Devices",
+	"Compact Hash",
+	"IPL",
+	"IPL Partition Data",
+	"Nonhost Code",
+	"Nonhost Config",
+	"Nonhost Info",
+	"Omit Boot Device Events"
+);
+
+ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES,
+							EV_OMIT_BOOT_DEVICE_EVENTS,
+	"EFI Event Base",
+	"EFI Variable Driver Config",
+	"EFI Variable Boot",
+	"EFI Boot Services Application",
+	"EFI Boot Services Driver",
+	"EFI Runtime Services Driver",
+	"EFI GPT Event",
+	"EFI Action",
+	"EFI Platform Firmware Blob",
+	"EFI Handoff Tables"
+);
+ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY,
+							EV_EFI_HANDOFF_TABLES,
+	"EFI Variable Authority"
+);
+ENUM_END(event_type_names, EV_EFI_VARIABLE_AUTHORITY);
 
 /**
  * Private data of a pts_ima_bios_list_t object.
@@ -113,7 +192,10 @@ METHOD(pts_ima_bios_list_t, destroy, void,
 pts_ima_bios_list_t* pts_ima_bios_list_create(char *file)
 {
 	private_pts_ima_bios_list_t *this;
-	uint32_t pcr, num, len;
+	uint32_t pcr, event_type, event_len, seek_len;
+	uint32_t buf_len = 2048;
+	uint8_t event_buf[buf_len];
+	chunk_t event;
 	bios_entry_t *entry;
 	struct stat st;
 	ssize_t res;
@@ -145,6 +227,7 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file)
 		.list = linked_list_create(),
 	);
 
+	DBG2(DBG_PTS, "PCR Event Type  (Size)");
 	while (TRUE)
 	{
 		res = read(fd, &pcr, 4);
@@ -164,7 +247,7 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file)
 		{
 			break;
 		}
-		if (read(fd, &num, 4) != 4)
+		if (read(fd, &event_type, 4) != 4)
 		{
 			break;
 		}
@@ -172,14 +255,32 @@ pts_ima_bios_list_t* pts_ima_bios_list_create(char *file)
 		{
 			break;
 		}
-		if (read(fd, &len, 4) != 4)
+		if (read(fd, &event_len, 4) != 4)
 		{
 			break;
 		}
-		if (lseek(fd, len, SEEK_CUR) == -1)
+		DBG2(DBG_PTS, "%2u  %N  (%u bytes)", pcr, event_type_names, event_type,
+											 event_len);
+
+		seek_len = (event_len > buf_len) ? event_len - buf_len : 0;
+		event_len -= seek_len;
+
+		if (read(fd, event_buf, event_len) != event_len)
 		{
 			break;
 		}
+		event = chunk_create(event_buf, event_len);
+		DBG3(DBG_PTS,"%B", &event);
+
+		if (event_type == EV_ACTION || event_type == EV_EFI_ACTION)
+		{
+			DBG2(DBG_PTS, "     '%.*s'", event_len, event_buf);
+		}
+
+		if (seek_len > 0 && lseek(fd, seek_len, SEEK_CUR) == -1)
+		{
+				break;
+		}
 		this->list->insert_last(this->list, entry);
 	}
 
-- 
2.7.4