2 * This file is part of the OpenPTS project.
4 * The Initial Developer of the Original Code is International
5 * Business Machines Corporation. Portions created by IBM
6 * Corporation are Copyright (C) 2010 International Business
7 * Machines Corporation. All Rights Reserved.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the Common Public License as published by
11 * IBM Corporation; either version 1 of the License, or (at your option)
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * Common Public License for more details.
19 * You should have received a copy of the Common Public License
20 * along with this program; if not, a copy can be viewed at
21 * http://www.opensource.org/licenses/cpl1.0.php.
27 * @author Seiji Munetoh <munetoh@users.sourceforge.jp>
29 * cleanup 2011-07-20 SM
31 * FSM Action (UML2 doActivity)
33 * functions executed at the state.
34 * setAssertion(ipl.integrity, valid)
36 * TODO need generic way to support platform specific actions
39 * vendor action => table
47 #include <tss/platform.h>
48 #include <tss/tss_defines.h>
49 #include <tss/tss_typedef.h>
50 #include <tss/tss_structs.h>
51 #include <tss/tss_error.h>
54 #include <openssl/sha.h>
62 int (*func_1)(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper);
63 int (*func_2)(OPENPTS_CONTEXT *ctx, char *name, char* b64digest, char *integrity); // TODO NA?
64 int (*func_3)(OPENPTS_CONTEXT *ctx);
65 int (*func_4)(OPENPTS_CONTEXT *ctx, char *name);
67 int (*func_5)(OPENPTS_CONTEXT *ctx, char *name, char *value, char *action);
69 int (*func_6)(OPENPTS_CONTEXT *ctx, char *name, char *value, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper);
70 int (*func_7)(OPENPTS_CONTEXT *ctx, char *value, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper);
72 } OPENPTS_ACTION_TABLE;
80 * action - reset PCR[pcr_index]
81 * location - startup of the FSM
83 * value - string of pcr index value, 0-23
85 int resetPCR(OPENPTS_CONTEXT *ctx, char *value) {
89 pcr_index = atoi(value);
91 DEBUG_FSM("resetPCR(%d)\n", pcr_index);
92 rc = resetTpmPcr(&ctx->tpm, pcr_index);
93 if (rc != PTS_SUCCESS) {
94 ERROR("reset PCR[%d] was failed, check the model");
95 return PTS_INTERNAL_ERROR;
98 /* Also, reset the action counter */
99 ctx->bios_action_count = 0;
109 * EventData(string) => Properties
111 * bios.pcr.N.action.C=eventdata[]
115 int addBIOSAction(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
116 TSS_PCR_EVENT *event;
121 if (eventWrapper == NULL) {
122 // TODO do not care for dummy EW
123 DEBUG("addBIOSAction() - eventWrapper is NULL\n"); // TODO is this OK?
124 // TODO define RC <-> fsm.c >> INFO:(TODO) fsm.c:986 updateFsm() - rc = 58, call updateFsm() again
125 return PTS_INTERNAL_ERROR;
128 event = eventWrapper->event;
130 ERROR("event is NULL\n");
131 return PTS_INTERNAL_ERROR;
134 /* value = eventdata */
135 value = snmalloc((char *)event->rgbEvent, event->ulEventLength);
137 ERROR("no memory\n");
138 return PTS_INTERNAL_ERROR;
142 // ctx->bios_action_count is reset by resetPCR()
143 snprintf(name, BUF_SIZE, "bios.pcr.%d.action.%d", event->ulPcrIndex, ctx->bios_action_count);
144 ctx->bios_action_count++;
147 DEBUG_FSM("[FSM] addBIOSAction() - '%s' = '%s'\n", name, value);
149 updateProperty(ctx, name, value);
158 * addBIOSSpecificProperty
163 * EventID Descriptions PTS structure Properties
164 * -----------------------------------------------------------------------------------------
165 * 0x0001 SMBIOS structure # => conf->smbios bios.smbios=base64
166 * 0x0003 POST BIOS ROM Strings # => conf->post_bios_rom_string bios.post.rom.string=string
167 * 0x0004 ESCD, hash of ESCD data # => conf->
168 * 0x0005 CMOS, raw CMOS data # => conf->
169 * 0x0006 NVRAM, raw NVRAM data # =>
170 * 0x0007 Option ROM execute # =>
173 int addBIOSSpecificProperty(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
174 TSS_PCR_EVENT *event;
179 if (eventWrapper == NULL) {
180 ERROR("addBIOSSpecificProperty- eventWrapper is NULL\n");
181 return PTS_INTERNAL_ERROR; // -1
183 event = eventWrapper->event;
185 if (event->eventType != 0x06) {
186 ERROR("addBIOSSpecificProperty - bad event type 0x%x !- 0x06\n", event->eventType);
187 return PTS_INTERNAL_ERROR; // -1
190 // DEBUG("event data size = %d\n", event->ulEventLength);
191 // printHex("", event->rgbEvent, event->ulEventLength, "\n");
193 event_id = byte2uint32(&event->rgbEvent[0]);
194 event_length = byte2uint32(&event->rgbEvent[4]);
196 // DEBUG("event data size = %d, id = 0x%x, len %d,\n", event->ulEventLength, event_id, event_length);
204 // bios.smbios=base64()
205 ctx->conf->smbios_length = event_length;
206 ctx->conf->smbios = &event->rgbEvent[8];
209 b64 = malloc(base64size(ctx->conf->smbios_length));
212 (unsigned char *)b64,
213 (unsigned char *)ctx->conf->smbios,
214 ctx->conf->smbios_length);
216 if (len > BUF_SIZE) {
217 ERROR("SMBIOS size = %d\n", len); // Thinkpad X200 => 3324
218 updateProperty(ctx, "bios.smbios", "too big");
220 updateProperty(ctx, "bios.smbios", b64);
227 // DEBUG("EventID 0x%x TBD\n", event_id);
228 // DEBUG("event data size = %d, id = 0x%x, len %d,\n", event->ulEventLength, event_id, event_length);
232 return PTS_SUCCESS; // -1;
243 int validateMBR(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
244 TSS_PCR_EVENT *event;
246 if (eventWrapper == NULL) {
247 ERROR("eventWrapper is NULL\n");
248 return PTS_INTERNAL_ERROR; // -1;
251 event = eventWrapper->event;
254 ERROR("event is NULL\n");
255 return PTS_INTERNAL_ERROR; // -1;
258 TODO("validateMBR - NA\n");
265 * validate Eltorito Boot Image
267 * IPL measurement is deffent by BIOS
269 * 1) 512 bytes of BootImage(stage2_eltorito) - Panasonic?
270 * 2) 2048 bytes of BootImage(stage2_eltorito) - HP?
271 * 3) Unknown method by IBM/Lenovo (bug)
273 * IntegrationTest - check_ir check_rm
274 * Data - ThinkpadX31_Knoppix511 - IBM/Lenovo
276 int validateEltoritoBootImage(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
277 TSS_PCR_EVENT *event;
279 // DEBUG("validateEltoritoBootImage - NA\n");
281 if (eventWrapper == NULL) {
282 ERROR("eventWrapper is NULL\n");
283 return PTS_INTERNAL_ERROR; // -1;
286 event = eventWrapper->event;
288 ERROR("event is NULL\n");
289 return PTS_INTERNAL_ERROR; // -1;
292 updateProperty(ctx, "ipl.eltorito.integrity", "unknown");
294 return PTS_SUCCESS; // -1;
298 * set Module Property
305 * linux.initrd.digest
307 int setModuleProperty(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
308 TSS_PCR_EVENT *event;
309 char b64digest[SHA1_BASE64_DIGEST_SIZE + 1];
312 // DEBUG("setModuleProperty - NA\n");
315 if (eventWrapper == NULL) {
316 ERROR("eventWrapper is NULL\n");
317 return PTS_INTERNAL_ERROR; // -1;
320 event = eventWrapper->event;
323 ERROR("event is NULL\n");
324 return PTS_INTERNAL_ERROR; // -1;
327 /* kernel.initrd.digest = PCR => B64 digest */
328 encodeBase64((unsigned char *)b64digest, (unsigned char *)event->rgbPcrValue, SHA1_DIGEST_SIZE);
329 b64digest[SHA1_BASE64_DIGEST_SIZE] = 0;
331 updateProperty(ctx, "kernel.initrd.digest", b64digest);
333 // updateProperty(ctx, "kernel.initrd.filename", (char*)event->rgbEvent);
335 buf = malloc(event->ulEventLength + 1);
337 ERROR("no memory\n");
339 memcpy(buf, event->rgbEvent, event->ulEventLength);
340 buf[event->ulEventLength] = 0;
341 updateProperty(ctx, "kernel.initrd.filename", buf);
345 return PTS_SUCCESS; // -1;
350 * kernel comnand line -> properties
353 * kernel /vmlinuz-2.6.32.12-115.fc12.x86_64
354 * ro root=UUID=5c6fdd8c-eec9-45d6-8a51-0223fac9e153 noiswmd LANG=en_US.UTF-8
355 * SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=jp106 intel_iommu=off
356 * rhgb quiet tpm_tis.itpm=1 tpm_tis.force=1 tpm_tis.interrupts=0 ima_tcb=1
359 * linux.kernel.cmdline.ro=""
360 * linux.kernel.cmdline.ima_tcb="1"
363 * UnitTest - tests/check_action.c
366 int setLinuxKernelCmdlineAssertion(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
367 TSS_PCR_EVENT *event;
372 char value[BUF_SIZE];
374 char *saveptr = NULL;
377 DEBUG_CAL("setLinuxKernelCmdlineAssertion - start\n");
380 if (eventWrapper == NULL) {
381 ERROR("eventWrapper is NULL\n");
382 return PTS_INTERNAL_ERROR; // -1;
385 event = eventWrapper->event;
388 ERROR("event is NULL\n");
389 return PTS_INTERNAL_ERROR; // -1;
392 /* copy(malloc) strings */
393 cmdline = snmalloc((char *)event->rgbEvent, event->ulEventLength);
395 /* first string = kernel filename */
396 tp = strtok_r(cmdline, " ", &saveptr);
399 tp = strtok_r(NULL, " ", &saveptr); // TODO strtok_r
402 ep = strchr(tp, '=');
406 snprintf(name, BUF_SIZE, "linux.kernel.cmdline.%s", tp);
407 snprintf(value, BUF_SIZE, "%s", ep);
408 addProperty(ctx, name, value);
411 snprintf(name, BUF_SIZE, "linux.kernel.cmdline.%s", tp);
412 addProperty(ctx, name, "");
418 DEBUG_CAL("setLinuxKernelCmdlineAssertion - done, %d options\n", cnt);
419 // DEBUG("setLinuxKernelCmdlineAssertion event data[%d] = %s\n", event->ulEventLength, event->rgbEvent);
433 int validateKernelCmdline(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
434 TODO("validateKernelCmdline - NA\n");
435 updateProperty(ctx, "kernel.commandline", "TBD");
443 * validate IMA boot aggregate v2 (kernel 2.6.30-)
445 * aggregate = SHA1(PCR[0]+PCR[1]+..PCR[7])
447 * IntegrationTest - check_ir.c check_rm.c
448 * Data - ThinkpadX200_Fedora12 - w/ policy
451 int validateImaAggregate(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
452 TSS_PCR_EVENT *event;
455 BYTE digest[SHA1_DIGEST_SIZE];
457 // DEBUG("validateImaAggregate - NA\n");
460 if (eventWrapper == NULL) {
461 ERROR("eventWrapper is NULL\n");
462 return PTS_INTERNAL_ERROR; // -1;
465 event = eventWrapper->event;
468 ERROR("event is NULL\n");
469 return PTS_INTERNAL_ERROR; // -1;
475 /* update with PCR 0 - 7 */
476 for (i = 0; i < 8; i++) {
477 getTpmPcrValue(&ctx->tpm, i, digest);
478 SHA1_Update(&sha_ctx, digest, SHA1_DIGEST_SIZE);
482 SHA1_Final(digest, &sha_ctx);
484 /* check aggregate */
485 if (memcmp(event->rgbEvent, digest, SHA1_DIGEST_SIZE) == 0) {
487 // DEBUG("Good IMA aggregete\n");
488 updateProperty(ctx, "ima.aggregate", "valid");
491 updateProperty(ctx, "ima.aggregate", "invalid");
493 if (verbose && DEBUG_FLAG) {
495 BYTE pcr[SHA1_DIGEST_SIZE];
496 TODO("validateImaAggregate - "
497 "Wrong IMA aggregete - check FSM, "
498 "maybe it should use validateOldImaAggregate()\n");
500 for (j = 0; j < (int) event->ulPcrValueLength; j ++) {
501 printf("%02x", event->rgbPcrValue[j]);
505 for (i = 0; i < 8; i++) {
506 printf("PCR[%d] = ", i);
507 getTpmPcrValue(&ctx->tpm, i, pcr);
508 for (j = 0; j < SHA1_DIGEST_SIZE; j ++) {
509 printf("%02x", pcr[j]);
515 for (j = 0; j < SHA1_DIGEST_SIZE; j ++) {
516 printf("%02x", event->rgbEvent[j]);
518 printf(" (extended value)\n");
521 for (j = 0; j < SHA1_DIGEST_SIZE; j ++) {
522 printf("%02x", digest[j]);
524 printf(" (cal value)\n");
528 // TODO(munetoh) also check the template and pcr?
533 * validate IMA boot aggregate v1 (kernel -2.6.29)
535 * aggregate = SHA1(PCR[0]+PCR[1]+..PCR[7])
537 * IntegrationTest - check_ir.c check_rm.c
538 * Data - ThinkpadX31_Knoppix511
540 int validateOldImaAggregate(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
541 TSS_PCR_EVENT *event;
544 BYTE digest[SHA1_DIGEST_SIZE];
546 // DEBUG("validateOldImaAggregate - NA\n");
549 if (eventWrapper == NULL) {
550 ERROR("eventWrapper is NULL\n");
551 return PTS_INTERNAL_ERROR; // -1;
554 event = eventWrapper->event;
556 ERROR("event is NULL\n");
557 return PTS_INTERNAL_ERROR; // -1;
563 /* update with PCR 0 - 7 */
564 for (i = 0; i < 8; i++) {
565 getTpmPcrValue(&ctx->tpm, i, digest);
566 SHA1_Update(&sha_ctx, digest, SHA1_DIGEST_SIZE);
570 SHA1_Final(digest, &sha_ctx);
572 /* check aggregate */
573 if (memcmp(event->rgbPcrValue, digest, SHA1_DIGEST_SIZE) == 0) {
575 updateProperty(ctx, "ima.aggregate", "valid");
578 updateProperty(ctx, "ima.aggregate", "invalids");
580 // TODO(munetoh) also check the eventdata string?
586 * ima.0.name=/XX/XX/XX << AIDE or IMA
587 * ima.0.integrity=valid/invalid/unknown
588 * ima.0.digest=base64
590 int updateImaProperty(OPENPTS_CONTEXT *ctx, char* name, char* b64digest, char *integrity) {
594 snprintf(prop_name, sizeof(prop_name), "ima.%d.integrty", ctx->ima_count);
595 updateProperty(ctx, prop_name, integrity);
598 snprintf(prop_name, sizeof(prop_name), "ima.%d.name", ctx->ima_count);
599 updateProperty(ctx, prop_name, name);
602 snprintf(prop_name, sizeof(prop_name), "ima.%d.digest", ctx->ima_count);
603 updateProperty(ctx, prop_name, b64digest);
611 * Original IMA measurement
613 * --------------------------
624 int validateImaMeasurement(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
626 TSS_PCR_EVENT *event;
628 // char b64digest[SHA1_BASE64_DIGEST_SIZE+1];
630 DEBUG_CAL("validateImaMeasurement - start\n");
632 if (eventWrapper == NULL) {
633 /* Just ignore the NULL event */
634 // TODO(munetoh) Detect LOOP
635 // DEBUG("validateImaMeasurement - eventWrapper is NULL\n");
636 // DEBUG("validateImaMeasurement - eventWrapper is null\n");
637 // return 1; // => seg fault
638 return PTS_SUCCESS; // => green
645 event = eventWrapper->event;
646 if (ctx->conf->ima_validation_mode == OPENPTS_VALIDATION_MODE_AIDE) {
649 char b64digest[SHA1_BASE64_DIGEST_SIZE+1];
651 rc = checkEventByAide(ctx->aide_ctx, eventWrapper);
654 name = (char *)event->rgbEvent;
655 name += SHA1_DIGEST_SIZE;
656 name = snmalloc(name, (event->ulEventLength - SHA1_DIGEST_SIZE));
660 AIDE_METADATA *md = eventWrapper->aide_metadata;
661 DEBUG_FSM("validateImaMeasurement w/ AIDE - HIT, name=[%s]=[%s]\n",
668 encodeBase64((unsigned char *)b64digest, (unsigned char *)md->sha1, SHA1_DIGEST_SIZE);
669 b64digest[SHA1_BASE64_DIGEST_SIZE] = 0;
670 updateImaProperty(ctx, md->name, b64digest, "valid");
672 eventWrapper->status = OPENPTS_RESULT_VALID;
675 } else if (rc == 1) {
677 eventWrapper->status = OPENPTS_RESULT_IGNORE; // TODO
680 } else if (rc == 2) {
682 // DEBUG("validateImaMeasurement w/ AIDE - MISS name=[%s]\n", name);
683 // updateProperty(ctx, buf, "invalid");
685 encodeBase64((unsigned char *)b64digest, (unsigned char *)event->rgbEvent, SHA1_DIGEST_SIZE);
686 b64digest[SHA1_BASE64_DIGEST_SIZE] = 0;
687 updateImaProperty(ctx, name, b64digest, "unknown"); // action.c
688 eventWrapper->status = OPENPTS_RESULT_UNKNOWN;
692 hex = getHexString(event->rgbEvent, SHA1_DIGEST_SIZE);
693 addReason(ctx, "[IMA-AIDE] missing, digest(hex) = %s, name = \"%s\"", hex, name);
700 ERROR("validateImaMeasurement - checkEventByAide fail, rc - %d\n", rc);
701 eventWrapper->status = PTS_INTERNAL_ERROR; // OPENPTS_RESULT_INT_ERROR;
703 return PTS_INTERNAL_ERROR; // -1;
706 // freeAideMetadata(md);
708 } else if (ctx->conf->ima_validation_mode == OPENPTS_VALIDATION_MODE_IIDB) {
709 ERROR("validateImaMeasurementNG w/ IIDB - NA\n");
711 #else // !CONFIG_AIDE
712 if (ctx->conf->ima_validation_mode == OPENPTS_VALIDATION_MODE_IIDB) {
713 ERROR("validateImaMeasurementNG w/ IIDB - NA\n");
720 ERROR("validateImaMeasurement - ERROR\n");
721 return PTS_INTERNAL_ERROR; // -1;
726 int validateImaAggregateNG(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
727 ERROR("validateImaAggregateNG - NA\n");
728 updateProperty(ctx, "ima.aggregate", "TBD");
729 return PTS_INTERNAL_ERROR; // -1;
732 int validateImaMeasurementNG(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
733 return PTS_INTERNAL_ERROR; // -1;
742 int resetCounter(OPENPTS_CONTEXT *ctx) {
745 // DEBUG("[FSM] resetCounter()");
752 int incrementCounter(OPENPTS_CONTEXT *ctx) {
755 // DEBUG("[FSM] incrementCounter() %d => %d\n", ctx->count -1, ctx->count);
763 * Collector Start - Verifier
767 int startCollector(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
768 int rc = PTS_SUCCESS;
769 TSS_PCR_EVENT *event;
770 OPENPTS_EVENT_COLLECTOR_START *start = NULL;
774 ERROR("startCollector() - ctx is null\n");
775 return PTS_INTERNAL_ERROR;
778 if (ctx->target_conf == NULL) {
780 ERROR("startCollector() - target_conf is NULL, collector side - skip\n");
784 if (ctx->target_conf->uuid == NULL) {
786 ERROR("startCollector() - uuid is NULL\n");
791 if (eventWrapper == NULL) {
792 ERROR("startCollector() - eventWrapper is NULL\n");
793 rc = PTS_INTERNAL_ERROR;
797 event = eventWrapper->event;
799 ERROR("startCollector() - event is NULL\n");
800 rc = PTS_INTERNAL_ERROR;
804 if (event->ulEventLength != sizeof(OPENPTS_EVENT_COLLECTOR_START)) {
805 ERROR("startCollector() - Bad eventData size %d != %d\n",
806 event->ulEventLength,
807 sizeof(OPENPTS_EVENT_COLLECTOR_START));
808 rc = PTS_INTERNAL_ERROR; // TODO
813 start = (OPENPTS_EVENT_COLLECTOR_START *)event->rgbEvent;
816 // TODO if TCDS was restart, the eventlog used by PTSCD was gone.
818 /* validation - TSS version */
819 if (memcmp(&start->pts_version, &ctx->target_conf->pts_version, 4) != 0) {
820 DEBUG("startCollector() - Bad PTS version\n");
821 // rc = PTS_INTERNAL_ERROR; // TODO
825 /* validation - Collector UUID */
826 if (memcmp(&start->collector_uuid, ctx->target_conf->uuid->uuid, 16) != 0) {
827 DEBUG("startCollector() - Bad Collector UUID (Unit Testing?)\n");
828 // TODO test will stop. must be controlable?
829 // rc = PTS_INTERNAL_ERROR; // TODO
833 /* validation - Manifest UUID */
835 if (memcmp(&start->manifest_uuid, ctx->target_conf->rm_uuid->uuid, 16) != 0) {
836 // TODO in the test ptscd generate new RM UUID
837 DEBUG("startCollector() - Bad Manifest UUID (Unit Testing?)\n");
838 // rc = PTS_INTERNAL_ERROR; // TODO
847 // printout the example IR data to create the test case
849 unsigned char b64[256];
852 start = malloc(sizeof(OPENPTS_EVENT_COLLECTOR_START));
854 printHex("OPENPTS_EVENT_COLLECTOR_START",
855 (unsigned char*)start, sizeof(OPENPTS_EVENT_COLLECTOR_START), "\n");
856 encodeBase64(b64, (unsigned char *)start, sizeof(OPENPTS_EVENT_COLLECTOR_START));
857 ERROR("EventData: %s\n", b64);
859 memcpy(&start->pts_version, &ctx->target_conf->pts_version, 4);
860 memcpy(&start->collector_uuid, ctx->target_conf->uuid->uuid, 16);
861 memcpy(&start->manifest_uuid, ctx->target_conf->rm_uuid->uuid, 16);
863 printHex("OPENPTS_EVENT_COLLECTOR_START",
864 (unsigned char*)start, sizeof(OPENPTS_EVENT_COLLECTOR_START), "\n");
865 encodeBase64(b64, (unsigned char *)start, sizeof(OPENPTS_EVENT_COLLECTOR_START));
866 ERROR("EventData: %s\n", b64);
875 int addIntelTxtTbootProperty(OPENPTS_CONTEXT *ctx, OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
876 TSS_PCR_EVENT *event;
878 DEBUG_FSM("addIntelTxtTbootProperty - start\n");
881 if (eventWrapper == NULL) {
882 ERROR("addBIOSSpecificProperty- eventWrapper is NULL\n");
885 event = eventWrapper->event;
887 switch (event->eventType) {
888 case EV_TBOOT_SINIT_V6:
890 OPENPTS_EVENT_TBOOT_SINIT_V6 *data;
892 data = (OPENPTS_EVENT_TBOOT_SINIT_V6 *) event->rgbEvent;
893 buf = getHexString(data->sinit_hash, 20);
894 updateProperty(ctx, "intel.txt.tboot.sinit.hash.hex", buf);
899 case EV_TBOOT_SINIT_V7:
901 OPENPTS_EVENT_TBOOT_SINIT_V7 *data;
903 data = (OPENPTS_EVENT_TBOOT_SINIT_V7 *) event->rgbEvent;
904 buf = getHexString(data->sinit_hash, 32);
905 updateProperty(ctx, "intel.txt.tboot.sinit.hash.hex", buf);
910 case EV_TBOOT_STM_V6:
912 OPENPTS_EVENT_TBOOT_STM_V6 *data;
914 data = (OPENPTS_EVENT_TBOOT_STM_V6 *) event->rgbEvent;
915 buf = getHexString(data->bios_acm_id, 20);
916 updateProperty(ctx, "intel.txt.tboot.bios.acm.id.hex", buf);
921 case EV_TBOOT_POLCTL:
923 OPENPTS_EVENT_TBOOT_POLCTL *data;
925 data = (OPENPTS_EVENT_TBOOT_POLCTL *) event->rgbEvent;
926 buf = getHexString(data->pol_control, 4);
927 updateProperty(ctx, "intel.txt.tboot.pol.control.hex", buf);
929 buf = getHexString(data->pol_hash, 20);
930 updateProperty(ctx, "intel.txt.tboot.pol.hash.hex", buf);
935 case EV_TBOOT_MLE_HASH:
938 buf = getHexString(event->rgbPcrValue, 20);
939 updateProperty(ctx, "intel.txt.tboot.mle.hash.hex", buf);
944 case EV_TBOOT_MODULE:
946 OPENPTS_EVENT_TBOOT_MODULE *data;
952 if (event->ulEventLength < 48) {
954 TODO("addIntelTxtTbootProperty() bad eventdata, size = %d\n",
955 event->ulEventLength);
958 data = (OPENPTS_EVENT_TBOOT_MODULE *) event->rgbEvent;
960 snprintf(name, sizeof(name),
961 "intel.txt.tboot.pcr.%d.module.command.hash.hex",
963 value = getHexString(data->command_hash, 20);
964 updateProperty(ctx, name, value);
967 snprintf(name, sizeof(name),
968 "intel.txt.tboot.pcr.%d.module.file.hash.hex",
970 value = getHexString(data->file_hash, 20);
971 updateProperty(ctx, name, value);
974 snprintf(name, sizeof(name),
975 "intel.txt.tboot.pcr.%d.module.command",
977 ptr = (BYTE *)&event->rgbEvent[40];
978 size = *(UINT32*) ptr;
980 value = malloc(size + 1);
981 memcpy(value, (BYTE *)ptr, size);
983 updateProperty(ctx, name, value);
986 snprintf(name, sizeof(name),
987 "intel.txt.tboot.pcr.%d.module.filename",
990 size = *(UINT32*) ptr;
992 value = malloc(size + 1);
993 memcpy(value, (BYTE *)ptr, size);
995 updateProperty(ctx, name, value);
1002 ERROR("Unknown event tupe 0x%x\n", event->eventType);
1006 /* set DRTM flag => resetPcr(1) at writeIr() */
1010 // updateProperty(ctx, "kernel.commandline", "TBD");
1018 * save counter value to property
1020 int saveCounter(OPENPTS_CONTEXT *ctx, char * name) {
1021 char buf[128]; // TODO
1023 snprintf(buf, sizeof(buf), "%d", ctx->count);
1024 addProperty(ctx, name, buf);
1026 // DEBUG("[FSM] saveCounter() %s = %s\n", name, buf);
1032 static OPENPTS_ACTION_TABLE action_table[] = {
1033 { /* FSM control - 5 */
1034 .name = "transitFSM(",
1037 .rc = OPENPTS_FSM_TRANSIT
1039 .name = "flashFSM(",
1042 .rc = OPENPTS_FSM_FLASH
1049 .name = "validateProperty(",
1052 .func_5 = validateProperty
1054 .name = "setAssertion(",
1057 .func_6 = setEventProperty // setProperty
1058 }, { /* PC BIOS - 2 */
1059 .name = "addBIOSSpecificProperty(",
1062 .func_1 = addBIOSSpecificProperty
1064 .name = "addBIOSAction(",
1067 .func_1 = addBIOSAction
1068 }, { /* Grub Legacy - 2 */
1069 .name = "validateMBR(",
1072 .func_1 = validateMBR
1074 .name = "validateEltoritoBootImage(",
1077 .func_1 = validateEltoritoBootImage
1078 }, { /* Linux - 3 */
1079 .name = "setLinuxKernelCmdlineAssertion(",
1082 .func_1 = setLinuxKernelCmdlineAssertion
1084 .name = "setModuleProperty(",
1087 .func_1 = setModuleProperty
1089 .name = "validateKernelCmdline(",
1092 .func_1 = validateKernelCmdline
1093 }, { /* Linux-IMA +5*/
1094 .name = "validateOldImaAggregate(",
1097 .func_1 = validateOldImaAggregate
1099 .name = "validateImaAggregate(",
1102 .func_1 = validateImaAggregate
1104 .name = "validateImaMeasurement(",
1107 .func_1 = validateImaMeasurement
1109 .name = "validateImaAggregateNG(",
1112 .func_1 = validateImaAggregateNG
1114 .name = "validateImaMeasurementNG(",
1117 .func_1 = validateImaMeasurementNG
1118 }, { /* counter functions +3 */
1119 .name = "resetCounter",
1122 .func_3 = resetCounter
1124 .name = "incrementCounter",
1127 .func_3 = incrementCounter
1129 .name = "saveCounter",
1132 .func_4 = saveCounter
1135 #ifdef CONFIG_AUTO_RM_UPDATE
1136 /* update function 4 */
1138 .name = "startUpdate",
1141 .func_1 = startUpdate
1143 .name = "deputyEvent",
1146 .func_1 = deputyEvent
1148 .name = "endUpdate",
1153 .name = "updateCollector",
1156 .func_1 = updateCollector
1162 .name = "addIntelTxtTbootProperty",
1165 .func_1 = addIntelTxtTbootProperty
1169 .name = "startCollector",
1172 .func_1 = startCollector
1176 #ifdef CONFIG_AUTO_RM_UPDATE
1177 #define OPENPTS_ACTION_TABLE_ARU_SIZE 4
1179 #define OPENPTS_ACTION_TABLE_ARU_SIZE 0
1183 #define OPENPTS_ACTION_TABLE_TBOOT_SIZE 1
1185 #define OPENPTS_ACTION_TABLE_TBOOT_SIZE 0
1188 #define OPENPTS_ACTION_TABLE_SIZE (5 + 2 + 2 + 3 + 5 + 3 + OPENPTS_ACTION_TABLE_ARU_SIZE + OPENPTS_ACTION_TABLE_TBOOT_SIZE + 1)
1193 * fsmUpdate() call this function
1196 * OPENPTS_FSM_SUCCESS 0
1197 * OPENPTS_FSM_FLASH flash FSM
1198 * OPENPTS_FSM_TRANSIT transit FSM
1200 * OPENPTS_FSM_MIGRATE_EVENT
1202 // #define BUF_SIZE 256
1205 OPENPTS_CONTEXT *ctx,
1207 OPENPTS_PCR_EVENT_WRAPPER *eventWrapper) {
1211 char *buf = NULL; // char buf[BUF_SIZE];
1218 ERROR("doActivity - ctx is NULL\n");
1219 return PTS_INTERNAL_ERROR; // -1;
1222 if (action == NULL) {
1223 ERROR("doActivity - action is NULL\n");
1224 return PTS_INTERNAL_ERROR; // -1;
1227 if (eventWrapper == NULL) {
1228 /* NULL event, skip evaluation */
1229 // DEBUG("doActivity - eventWrapper is NULL\n");
1230 // return 1; //OPENPTS_FSM_SUCCESS;
1234 buf = smalloc(action);
1236 ERROR("doActivity - no memory\n");
1237 return PTS_FATAL; // -1;
1241 if (!strcmp((char *)action, "")) {
1245 /* check the action */
1246 for (i = 0; i < OPENPTS_ACTION_TABLE_SIZE; i++) {
1247 if (!strncmp((char *)action, action_table[i].name, action_table[i].name_len)) {
1248 // DEBUG("%s HIT, name_len=%d\n", action, action_table[i].name_len);
1249 switch (action_table[i].type) {
1251 rc = action_table[i].rc;
1255 rc = action_table[i].func_1(ctx, eventWrapper);
1260 /* Just call Action() */
1261 rc = action_table[i].func_3(ctx);
1265 // INFO("doActivity type 4 %s", action);
1266 name = &buf[action_table[i].name_len + 1]; // 11 ; 1 =
1267 name = strtok_r(name, ")", &saveptr);
1269 rc = action_table[i].func_4(ctx, name);
1272 /* Action(Name,Value,Action) */
1273 name = &buf[action_table[i].name_len];
1274 name = strtok_r(name, ", ", &saveptr);
1275 value = strtok_r(NULL, ")", &saveptr);
1278 value = trim(value);
1280 rc = action_table[i].func_5(ctx, name, value, action); // validateProperty
1283 /* Action(Name,Value,Event) */
1284 name = &buf[action_table[i].name_len];
1285 name = strtok_r(name, ", ", &saveptr);
1286 value = strtok_r(NULL, ")", &saveptr);
1289 value = trim(value);
1291 rc = action_table[i].func_6(ctx, name, value, eventWrapper); // setProperty
1294 /* Action(Value,Event) */
1295 value = &buf[action_table[i].name_len + 1]; // 11 ; 1 =
1296 value = strtok_r(value, ")", &saveptr);
1297 value = trim(value);
1298 rc = action_table[i].func_7(ctx, value, eventWrapper);
1301 ERROR("unknown OPENPTS_ACTION_TABLE func tyoe\n");
1308 ERROR("unknown action '%s'\n", action);
1309 addReason(ctx, "[FSM] Unknown action='%s'", action);
1310 rc = OPENPTS_FSM_ERROR;
1313 if (buf != NULL) free(buf);
1315 if (rc == OPENPTS_FSM_ERROR) {
1316 DEBUG("doActivity rc = %d\n", rc);