Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

txt-tpm1-evt-log-parser.awk: support log setup by SKL #10

Merged
merged 1 commit into from
Apr 8, 2024
Merged

txt-tpm1-evt-log-parser.awk: support log setup by SKL #10

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 34 additions & 2 deletions sbin/txt-tpm1-evt-log-parser.awk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,41 @@ function string_or_hex(str, len)

BEGIN {
PROCINFO["readfile"]
FIELDWIDTHS = "20 12 1 1 1 1 4 4 4 *"
# Start by assuming presence of a TCG-compatible header
FIELDWIDTHS = "4 4 20 4 16 4 1 1 1 1 1 *"
ord_init()
}
{
# TCG header is not present on Intel systems, so do nothing if it's not
# there (is "Spec ID Event01\0" value possible too?)
tcg_prefix_size = 0
if ($5 == "Spec ID Event00\0" || $5 == "Spec ID Event02\0") {
# TXT length field includes length of TCG header
tcg_prefix_size = 4+4+20+4+16+4+1+1+1+1+1

# TCG header sanity checks
assert($1 == "\0\0\0\0", "Bad PCR index for log header")
assert($2 == "\3\0\0\0", "Bad event type for log header")
assert(match($3, "\0{20}"), "Bad digest for log header")
assert(x2n($4, 4) >= (16+4+1+1+1+1+4+2+2+1), "Bad SpecIDEvent length")
assert($6 == "\1\0\0\0" || $6 == "\0\0\0\0", "Bad platform class")
assert($7 == "\2", "Bad spec minor version")
assert($8 == "\1", "Bad spec major version")
# Revision 2 turned reserved field into a UINT field, both are versions
# are handled. There should be no new revisions.
assert(x2n($9, 1) <= 2, "Bad spec errata")
# This field is reversed in 1.21, but UINTN in 1.22
assert($10 == "\0" || $10 == "\1" || $10 == "\2", "Bad UINTN size")
assert($11 == "\060", "Bad TXT header size")

$0 = $12
}

# Assume TXT header now
FIELDWIDTHS = "20 12 1 1 1 1 4 4 4 *"
# Make AWK apply the new value of FIELDWIDTHS
$0 = $0
}
{
# Header sanity checks
assert($1 == "TXT Event Container\0", "Bad TXT Event Container signature")
Expand All @@ -70,7 +102,7 @@ BEGIN {
# There is no field that would specify size of whole event structure,
# any new fields added to it would break this parser.
assert($6 == "\0", "Bad event structure minor version")
assert(x2n($7, 4) == length(), "Bad container size")
assert(x2n($7, 4) == length() + tcg_prefix_size, "Bad container size")
assert(x2n($8, 4) >= (20+12+1+1+1+1+4+4+4), "PCR Event offset too small")
assert(x2n($9, 4) > x2n($8, 4), "Next Event offset too small")
FIELDWIDTHS="4 4 20 4 *"
Expand Down
Loading