Introduce TPM event log infrastructure
This adds support for reading the local TPM event log and for parsing the
resulting blob. Reading the log is implemented as part of our TPM library, but
for reading and processing the event log binary structure we rely on Google's
go-attestation. Since they don't separate their event log processing from the rest
of the package, I imported the relevant files here directly.
Since TPM event logs are really terrible (see included workarounds and
https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md)
it's probably a bad idea to use them for anything where we can avoid it.
So this will likely only be used for EFI boot / secure boot attestation and
everything we measure will be part of our TPM library with a much less insane format.
Test Plan:
Manually smoke-tested using a custom fixture on a Ryzen 3000 fTPM.
We cannot really test this until we have a way of generating and loading
secure boot keys since an empty secure boot setup generates no events.
X-Origin-Diff: phab/D622
GitOrigin-RevId: e730a3ea69c4055e411833c80530f630d77788e4
diff --git a/core/pkg/tpm/tpm.go b/core/pkg/tpm/tpm.go
index d659d3a..5914b35 100644
--- a/core/pkg/tpm/tpm.go
+++ b/core/pkg/tpm/tpm.go
@@ -24,6 +24,7 @@
"crypto/x509"
"fmt"
"io"
+ "io/ioutil"
"os"
"path/filepath"
"strconv"
@@ -141,6 +142,7 @@
return ErrNotExists
}
if len(tpms) > 1 {
+ // If this is changed GetMeasurementLog() needs to be updated too
logger.Warn("Found more than one TPM, using the first one")
}
tpmName := tpms[0]
@@ -546,3 +548,9 @@
return pcrs, nil
}
+
+// GetMeasurmentLog returns the binary log of all data hashed into PCRs. The result can be parsed by eventlog.
+// As this library currently doesn't support extending PCRs it just returns the log as supplied by the EFI interface.
+func GetMeasurementLog() ([]byte, error) {
+ return ioutil.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements")
+}