Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Any plans for a TCPA log parser? #9

Closed
zaolin opened this issue Apr 5, 2019 · 8 comments
Closed

Any plans for a TCPA log parser? #9

zaolin opened this issue Apr 5, 2019 · 8 comments
Assignees
@ericchiang

Comments

@zaolin
Copy link

zaolin commented Apr 5, 2019

Otherwise, I wrote an incomplete parser:

https://github.com/systemboot/tpmtool/blob/master/pkg/tpm/tcpa_log.go
@mjg59
Copy link
Collaborator

mjg59 commented Apr 5, 2019

Yes, we have a pretty complete parser that will be landing shortly.

@zaolin zaolin closed this as completed Apr 8, 2019
@ericchiang ericchiang reopened this Aug 6, 2019
@ericchiang
Copy link
Member

FYI #64

@ericchiang ericchiang mentioned this issue Aug 6, 2019
Merged
2 tasks
@brandonweeks
Copy link
Member

If you have any feedback on if this is useful for you or how it could be improved, it would be appreciated!

@zaolin
Copy link
Author

zaolin commented Aug 12, 2019

@brandonweeks @ericchiang Just look at my feature set. I guess the current implementation isn't complete.

@ericchiang
Copy link
Member

Yep, #64 is work to prove an event log correctly replays against a set of PCR values, and that the PCRs are validated by a signed AIK quote. For now, I actually don't want package users to be able to parse a log without validating it.

Once that PR is merged, I'll submit a followup to parse platform information from Windows and Linux logs. We'll continue to expose the validated but un-parsed events for users that want to parse non-standard event types or types that we haven't got around to implementing yet.

@ericchiang ericchiang self-assigned this Aug 30, 2019
This was referenced Aug 30, 2019
Open
Merged
@mjg59
Copy link
Collaborator

mjg59 commented Oct 11, 2019

#108 is a shot at this.

@zaolin
Copy link
Author

zaolin commented Apr 6, 2020
edited
Loading

@ericchiang I think we are mixing stuff here. PCR precalculation should have a separate package aside from the TCPA eventlog IMHO. @mjg59 great work.

@twitchy-jsonp
Copy link
Contributor

twitchy-jsonp commented May 4, 2020
edited
Loading

Closing this out as event log parsing & replay is implemented: https://pkg.go.dev/github.com/google/go-attestation/attest?tab=doc#ParseEventLog

Due to complexities with extracting trustable values from the event log, and a desire to only expose an API which is hard to use incorrectly, I don't expect we will expose parsing methods for common primitives like UEFI variables. Instead we aim to expose safer APIs where we verify the authenticity of returned values. For instance, here's our parser/verifier for secure-boot state.

EDIT: I dont expect we will expose such parsing methods in the attest package.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ericchiang ericchiang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@brandonweeks @mjg59 @ericchiang @zaolin @twitchy-jsonp