From 2cda9788812bcdb2531f3314f705a916997c71ae Mon Sep 17 00:00:00 2001
From: Krystian Hebel <krystian.hebel@3mdeb.com>
Date: Tue, 16 Apr 2024 13:55:52 +0200
Subject: [PATCH] sbin/tpm-evt-log-utils.awk: add functions to replay PCR
 operations

Expected PCRs 17 and 18 values are now printed at the end of dump for
easier comparison with real values. The latter can be read with:

cat /sys/class/tpm/tpm0/pcr-sha{1,256}/1[78]

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
---
 sbin/tpm-evt-log-utils.awk       | 29 +++++++++++++++++++++++++++++
 sbin/tpm2-evt-log-parser.awk     | 13 +++++++++++++
 sbin/txt-tpm1-evt-log-parser.awk |  7 +++++++
 3 files changed, 49 insertions(+)

diff --git a/sbin/tpm-evt-log-utils.awk b/sbin/tpm-evt-log-utils.awk
index b96b7e4..b45327f 100644
--- a/sbin/tpm-evt-log-utils.awk
+++ b/sbin/tpm-evt-log-utils.awk
@@ -72,3 +72,32 @@ function string_or_hex(str, len)
 	if (_len != len)
 		printf("... (event truncated to %d first bytes, was %d)\n", _len, len)
 }
+
+function replay_sha(vals, len, c,    val, _i, n, arr, cmd)
+{
+	val = sprintf("%0" len "." len "x", 0)
+	n = split(vals, arr, "\n")
+	for (_i = 1; _i < n; _i++) {
+		cmd = "echo " val arr[_i] " | xxd -r -p | " c " > /tmp/sha"
+		system(cmd)
+		getline val <"/tmp/sha"
+		close("/tmp/sha")
+		close(cmd)
+		# Drop trailing file name and newline character
+		val = substr(val, 1, len)
+	}
+	system("rm /tmp/sha")
+	print val
+}
+
+function replay_sha1(pcr)
+{
+	printf "    %d: ", pcr
+	replay_sha(SYMTAB["SHA1_" pcr], 40, "sha1sum")
+}
+
+function replay_sha256(pcr)
+{
+	printf "    %d: ", pcr
+	replay_sha(SYMTAB["SHA256_" pcr], 64, "sha256sum")
+}
diff --git a/sbin/tpm2-evt-log-parser.awk b/sbin/tpm2-evt-log-parser.awk
index 542a990..b4ff3e7 100755
--- a/sbin/tpm2-evt-log-parser.awk
+++ b/sbin/tpm2-evt-log-parser.awk
@@ -6,6 +6,10 @@ BEGIN {
 	PROCINFO["readfile"]
 	FIELDWIDTHS = "4 4 20 4 16 4 1 1 1 1 4 *"
 	ord_init()
+	SHA1_17 = ""
+	SHA1_18 = ""
+	SHA256_17 = ""
+	SHA256_18 = ""
 }
 {
 	# Header sanity checks
@@ -59,6 +63,8 @@ BEGIN {
 			$4 = substr($4, 3)
 			printf("      %s: ", alg_name(a[1]))
 			hexdump($4, a[2])
+			sym = alg_name(a[1]) "_" x2n($1, 4)
+			SYMTAB[sym] = SYMTAB[sym] hex_noprint($4, a[2]) "\n"
 			$4 = substr($4, a[2]+1)
 		}
 		printf("    Event: ")
@@ -66,4 +72,11 @@ BEGIN {
 		printf("\n\n")
 		$0 = substr($6, x2n($5, 4) + 1)
 	}
+	print "Expected PCR values:"
+	print "  SHA1:"
+	replay_sha1(17)
+	replay_sha1(18)
+	print "  SHA256:"
+	replay_sha256(17)
+	replay_sha256(18)
 }
diff --git a/sbin/txt-tpm1-evt-log-parser.awk b/sbin/txt-tpm1-evt-log-parser.awk
index 9b9f86d..1d5aa8c 100755
--- a/sbin/txt-tpm1-evt-log-parser.awk
+++ b/sbin/txt-tpm1-evt-log-parser.awk
@@ -7,6 +7,8 @@ BEGIN {
 	# Start by assuming presence of a TCG-compatible header
 	FIELDWIDTHS = "4 4 20 4 16 4 1 1 1 1 1 *"
 	ord_init()
+	SHA1_17 = ""
+	SHA1_18 = ""
 }
 {
 	# TCG header is not present on Intel systems, so do nothing if it's not
@@ -69,9 +71,14 @@ BEGIN {
 		printf("    Digests:\n")
 		printf("      SHA1: ")
 		hexdump($3, 20)
+		sym = "SHA1_" x2n($1, 4)
+		SYMTAB[sym] = SYMTAB[sym] hex_noprint($3, 20) "\n"
 		printf("    Event: ")
 		string_or_hex($5, x2n($4, 4))
 		printf("\n")
 		$0 = substr($5, x2n($4, 4) + 1)
 	}
+	print "Expected PCR values:"
+	replay_sha1(17)
+	replay_sha1(18)
 }