Parse EFI App state from the TCG event log #277
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@brandonweeks mind giving this a review for security issues? |
jkl73
reviewed
Mar 9, 2023
brandonweeks
approved these changes
Mar 9, 2023
EfiState will contain all the PE/COFF digests of EFI applications measured by UEFI. These are typically bootloaders. UEFI measures these values in PCR4.
The TCG PCClient firmware event log contains digests of all EFI
applications. These are measured by UEFI whenever launching an
application prior to handing off control to the boot loader or OS after
ExitBootServices().
This introduces a change to pull those EFI measurements out of the event
log so that VerifyAttestation users can validate the PCR4 values are
exactly what they expect. This may be useful in cases where the Secure
Boot hierarchy does not provide enough trust (e.g., a vulnerability in a
signed component that requires a Secure Boot update).
The Arch Linux event log does not extend the "Calling EFI Application" event before extending EFI Application digests. Update tests to handle (aka, ignore) this bad event log.
jkl73
approved these changes
Mar 16, 2023
To be conservative, we should early exit and prevent accidentally adding cases to the switch statement.
alexmwu
added a commit
to alexmwu/go-tpm-tools
that referenced
this pull request
Apr 7, 2023
Use region in spec to create attestation service rest client google#281 Parse EFI App state from the TCG event log google#277 Increase default systemd wait timeout to 900s google#276 Use same env var formatting logic on the launcher as server google#253 Fix image pulling in launcher google#282 Bump version and fix a kernel cmd issue google#291 Return the actual number of bytes written to through command buffer google#287 Fix lint issues after using golangci-lint-1.52.2 google#296 Add image tests and test automation google#275 Update go-sev-guest to v0.4.2 google#278 Update to go-sev-guest v0.4.5 google#279 Add proper debug license and logging to launcher google#280 Upgrade to go-sev-guest v0.5.0 google#283 Import go-sev-guest v0.5.2 google#284 Add override test for workload env vars and cmd google#286 Add test workload code, check OIDC claims, and validate launch policy checks google#288 Bump golang.org/x/net in /launcher google#290 Add RELEASING instructions google#187 https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
alexmwu
added a commit
to alexmwu/go-tpm-tools
that referenced
this pull request
Apr 7, 2023
Breaking Changes: New Features: Use region in spec to create attestation service rest client google#281 Parse EFI App state from the TCG event log google#277 Bug Fixes: Increase default systemd wait timeout to 900s google#276 Use same env var formatting logic on the launcher as server google#253 Fix image pulling in launcher google#282 Bump version and fix a kernel cmd issue google#291 Return the actual number of bytes written to through command buffer google#287 Fix lint issues after using golangci-lint-1.52.2 google#296 Other Changes: Add image tests and test automation google#275 Update go-sev-guest to v0.4.2 google#278 Update to go-sev-guest v0.4.5 google#279 Add proper debug license and logging to launcher google#280 Upgrade to go-sev-guest v0.5.0 google#283 Import go-sev-guest v0.5.2 google#284 Add override test for workload env vars and cmd google#286 Add test workload code, check OIDC claims, and validate launch policy checks google#288 Bump golang.org/x/net in /launcher google#290 Add RELEASING instructions google#187 https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
Merged
alexmwu
added a commit
that referenced
this pull request
Apr 7, 2023
Breaking Changes: New Features: Use region in spec to create attestation service rest client #281 Parse EFI App state from the TCG event log #277 Bug Fixes: Increase default systemd wait timeout to 900s #276 Use same env var formatting logic on the launcher as server #253 Fix image pulling in launcher #282 Bump version and fix a kernel cmd issue #291 Return the actual number of bytes written to through command buffer #287 Fix lint issues after using golangci-lint-1.52.2 #296 Other Changes: Add image tests and test automation #275 Update go-sev-guest to v0.4.2 #278 Update to go-sev-guest v0.4.5 #279 Add proper debug license and logging to launcher #280 Upgrade to go-sev-guest v0.5.0 #283 Import go-sev-guest v0.5.2 #284 Add override test for workload env vars and cmd #286 Add test workload code, check OIDC claims, and validate launch policy checks #288 Bump golang.org/x/net in /launcher #290 Add RELEASING instructions #187 https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
alexmwu
added a commit
to alexmwu/go-tpm-tools
that referenced
this pull request
Apr 7, 2023
Breaking Changes: New Features: Use region in spec to create attestation service rest client google#281 Parse EFI App state from the TCG event log google#277 Bug Fixes: Increase default systemd wait timeout to 900s google#276 Use same env var formatting logic on the launcher as server google#253 Fix image pulling in launcher google#282 Bump version and fix a kernel cmd issue google#291 Return the actual number of bytes written to through command buffer google#287 Fix lint issues after using golangci-lint-1.52.2 google#296 Other Changes: Add image tests and test automation google#275 Update go-sev-guest to v0.4.2 google#278 Update to go-sev-guest v0.4.5 google#279 Add proper debug license and logging to launcher google#280 Upgrade to go-sev-guest v0.5.0 google#283 Import go-sev-guest v0.5.2 google#284 Add override test for workload env vars and cmd google#286 Add test workload code, check OIDC claims, and validate launch policy checks google#288 Bump golang.org/x/net in /launcher google#290 Add RELEASING instructions google#187 https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
michael-pregman
pushed a commit
that referenced
this pull request
Apr 10, 2023
Breaking Changes: New Features: Use region in spec to create attestation service rest client #281 Parse EFI App state from the TCG event log #277 Bug Fixes: Increase default systemd wait timeout to 900s #276 Use same env var formatting logic on the launcher as server #253 Fix image pulling in launcher #282 Bump version and fix a kernel cmd issue #291 Return the actual number of bytes written to through command buffer #287 Fix lint issues after using golangci-lint-1.52.2 #296 Other Changes: Add image tests and test automation #275 Update go-sev-guest to v0.4.2 #278 Update to go-sev-guest v0.4.5 #279 Add proper debug license and logging to launcher #280 Upgrade to go-sev-guest v0.5.0 #283 Import go-sev-guest v0.5.2 #284 Add override test for workload env vars and cmd #286 Add test workload code, check OIDC claims, and validate launch policy checks #288 Bump golang.org/x/net in /launcher #290 Add RELEASING instructions #187 https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
michael-pregman
pushed a commit
that referenced
this pull request
Apr 11, 2023
Breaking Changes: New Features: Use region in spec to create attestation service rest client #281 Parse EFI App state from the TCG event log #277 Bug Fixes: Increase default systemd wait timeout to 900s #276 Use same env var formatting logic on the launcher as server #253 Fix image pulling in launcher #282 Bump version and fix a kernel cmd issue #291 Return the actual number of bytes written to through command buffer #287 Fix lint issues after using golangci-lint-1.52.2 #296 Other Changes: Add image tests and test automation #275 Update go-sev-guest to v0.4.2 #278 Update to go-sev-guest v0.4.5 #279 Add proper debug license and logging to launcher #280 Upgrade to go-sev-guest v0.5.0 #283 Import go-sev-guest v0.5.2 #284 Add override test for workload env vars and cmd #286 Add test workload code, check OIDC claims, and validate launch policy checks #288 Bump golang.org/x/net in /launcher #290 Add RELEASING instructions #187 https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
Pranjali-2501
pushed a commit
to Pranjali-2501/go-tpm-tools
that referenced
this pull request
Apr 13, 2023
Breaking Changes: New Features: Use region in spec to create attestation service rest client google#281 Parse EFI App state from the TCG event log google#277 Bug Fixes: Increase default systemd wait timeout to 900s google#276 Use same env var formatting logic on the launcher as server google#253 Fix image pulling in launcher google#282 Bump version and fix a kernel cmd issue google#291 Return the actual number of bytes written to through command buffer google#287 Fix lint issues after using golangci-lint-1.52.2 google#296 Other Changes: Add image tests and test automation google#275 Update go-sev-guest to v0.4.2 google#278 Update to go-sev-guest v0.4.5 google#279 Add proper debug license and logging to launcher google#280 Upgrade to go-sev-guest v0.5.0 google#283 Import go-sev-guest v0.5.2 google#284 Add override test for workload env vars and cmd google#286 Add test workload code, check OIDC claims, and validate launch policy checks google#288 Bump golang.org/x/net in /launcher google#290 Add RELEASING instructions google#187 https://github.com/google/go-tpm-tools/compare/53cab1a...5dd1056?expand=1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The TCG PCClient firmware event log contains digests of all EFI
applications. These are measured by UEFI whenever launching an
application prior to handing off control to the boot loader or OS after
ExitBootServices().
This change introduces MachineState.EfiState. EfiState will contain all the PE/COFF digests of EFI applications measured by UEFI. These are typically bootloaders but may be the Linux kernel in cases the EFI stub mode (https://lwn.net/Articles/632528/). UEFI measures these values in PCR4.
This introduces a change to pull those EFI measurements out of the event
log so that VerifyAttestation users can validate the PCR4 values are
exactly what they expect. This may be useful in cases where the Secure
Boot hierarchy does not provide enough trust (e.g., a vulnerability in a
signed component that requires a Secure Boot update).