Skip to content

Commit

Permalink
TpmTestingPkg: Enhance decode of PCR7 vars (#602)
Browse files Browse the repository at this point in the history
## Description

This patch enhances the decode of PCR7 variables in TpmReplay.py.
This allows for certs and hashes from PCR7 events to be displayed in a
human readable format.

- [X] Impacts functionality?
- [ ] Impacts security?
- [ ] Breaking change?
- [ ] Includes tests?
- [ ] Includes documentation?

## How This Was Tested

Tested against a measured boot log

EV_EFI_VARIABLE_DRIVER_CONFIG Example
```yaml
- type: EV_EFI_VARIABLE_DRIVER_CONFIG
  pcr: 7
  prehash:
    sha256: '0x4313e43de720194a0eabf4d6415d42b5a03a34fdc47bb1fc924cc4e665e6893d'
  data:
    type: variable
    variable_name: '{0xD719B2CB, 0x3D3A, 0x4596, {0xA3, 0xBC, 0xDA, 0xD0, 0x0E, 0x67,
      0x65, 0x6F}}'
    variable_unicode_name_length: 2
    variable_data_length: 6133
    variable_unicode_name: db
    decode:
      <Name(C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft Windows Production PCA 2011)>:
        fingerprint: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
        issuer: <Name(C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft
          Root Certificate Authority 2010)>
        not_valid_after_utc: '2026-10-19 18:51:42+00:00'
      <Name(C=US,O=Microsoft Corporation,CN=Windows UEFI CA 2023)>:
        fingerprint: 45:a0:fa:32:60:47:73:c8:24:33:c3:b7:d5:9e:74:66:b3:ac:0c:67
        issuer: <Name(C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft
          Root Certificate Authority 2010)>
        not_valid_after_utc: '2035-06-13 19:08:29+00:00'
      <Name(C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft Corporation UEFI CA 2011)>:
        fingerprint: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
        issuer: <Name(C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft
          Corporation Third Party Marketplace Root)>
        not_valid_after_utc: '2026-06-27 21:32:45+00:00'
      <Name(C=US,O=Microsoft Corporation,CN=Microsoft UEFI CA 2023)>:
        fingerprint: b5:ee:b4:a6:70:60:48:07:3f:0e:d2:96:e7:f5:80:a7:90:b5:9e:aa
        issuer: <Name(C=US,O=Microsoft Corporation,CN=Microsoft RSA Devices Root CA
          2021)>
        not_valid_after_utc: '2038-06-13 19:31:47+00:00'
    value: oVnApeSUp0qHtasVXCvwcgcGAAAAAAAA6wUAAL2a+ndZAzJNvWAo9OePeEswggXXMIIDv6ADAgECAgphB3ZWAAAAAAAIMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0xMTEwMTkxODQxNDJaFw0yNjEwMTkxODUxNDJaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS4wLAYDVQQDEyVNaWNyb3NvZnQgV2luZG93cyBQcm9kdWN0aW9uIFBDQSAyMDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qy7ouQuCePnxfeWabwAIb1pMzPvrQTLVIDuBoO7xSCE2ffSi/M4sKukrS18YnkF/+NKPwQ1IHDjxOdr4JzANnXpijHdjXDl3De1dEaWKFuHYCMsv9xHpWf3USeecusHpsm5HjtTNXzl0+wnuYcc/rnJIwlvqEaRwW6WPEHTy6M/XQJqTexpHyUoXDb//UMVCpTgGbTP38IS4sJbJ+4neDCLWyoJayKJU2AWLMBoHVO67EnznWGMhWgJc0RdfaJUK9159xXPNV1sHCtczrycI4tvbrUm2TYTw0/WJ665MjtBkizhx8136KpUTvdcCwSHZbRDGKiy4G0Zd+xaJPpIAwIDAQABo4IBQzCCAT8wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFKkpAjmOFsSXeM2Q+Z5PmuF8Va9TMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQAU/HxxUaV5wm6y7zk+vDxSD24rPxATc/6oaNBIpjRNipYFJu4xRpBhedb/OC5Fa/TA5Si42h2PitsJ1xrHTAo2ZmqM7BvXBJCoGBekm7niQDI2dsTBWsa/5ATA6hbTrMNo72Ks3VRsUDBYput8/pSnTo707HyGc1fCUiFzNFrzo4pWyATaBwnt+IvjzvR+jq7w9guKCPs/yR1yf1O4675j4OM9MWWwgeXyrM0WpJ89qLGbwkLQkIRfVB3/ieq6HUeQb7BzTkGfQJ9f5aEqshGRc4ohKPDO3nM5Xz6rXGDs3wMQqNMJ6fT2loW2f1GIZkcZjaKwEj2BKmgFd7uRTGJ7tsEHx7p6hzQDDktiepnpyvzOSjfJLaRXfBz+Pdy4D1r61sSzAoUCOuqz2W7kaSE33oHR9nUZBWfTk1deKRs5yO4t4c3kRXNb0NLOeqsWGYJGWNBenYGzZ69sNfK85T8k4jWiCnUG9hhWmdR4LNEFG+vQiAGdqhDxBd+6fixjtwabIyHE+Xhs4lgXBjYrkRIDzKTZ8i26+ZSdQO0YRfHOilxrPqsD03AYKgpq4F9H0dVjCjLyr9c2HypwWuVCWQhxS1e6foOB8CE89BzBxbmQkw6IRZOG6bEgmb6Yy8WVpF1i1qBjCCC9dRB3fT3zRbmfl5/LV4BvM6kEz3ekYhxZfqFZwKXklKdKh7WrFVwr8HLaBQAAAAAAAL4FAAC9mvp3WQMyTb1gKPTnj3hLMIIFqjCCA5KgAwIBAgITMwAAABqIi5gAViKEwQAAAAAAGjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjMwNjEzMTg1ODI5WhcNMzUwNjEzMTkwODI5WjBMMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR0wGwYDVQQDExRXaW5kb3dzIFVFRkkgQ0EgMjAyMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyyNdFUebSPzIEqbrMS1pOXMHw4XL95khkKDy0K/r/gqNgyP9Krb2+BwU0XaUXPhYAno3yzMcylp035Q9BaL9cYG9JYlgU5o5W3vN15waDPj+JTHismYqgcrjYeT6HfuRO6DCW7JGVnAaodQRC3NsFrLrVsENNOltCfKqHx7aEVC4KVxf9jihO1kjQeMV5hEa5dzPEQ5kx5yXKyNIqCVi2rD3zAT5OOWXVBhqwJEAnyUWVQtfUhsyY5jarEkbPcrGQjBs01Xw1CSZxPDc6Ag4JZ/t9LROFAyD1jts+0Qg05XNJCEAwIwnTrHNxuvAqsmLvM+h48p4MWxdsC2tmW32sCAwEAAaOCAUYwggFCMA4GA1UdDwEB/wQEAwIBhjAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQUrvxfu74FXY+NqlhUc0mUF6taUnIwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAn8m2/27hnDtV9v6LOd1hBG/QrWPNF3ZKqEOJjfjG8oxekOHkaKUV7LjTYAxAVx/7XjVyYd6XMWx5oPUWrksc7QEM7/dXD0IwGGn4oaMul5K4vhv+K4ZeQkIRj45wTZCn/QFj8mS/m+J7CIHPSfI3F9/x+XLTwx3DkEVN5oAGvf3lamnOs35OMVuEc6jocj8nNcl8IM4Am0/gTLQ2acv3NBERdBJ6qIwugWymUK0Z+qhGRW+xZ3PDa+NA6CppjyQQ4SlujRaI7o5/ZpMCb1ueBIzMgRytl1TxGC5+UpC8Ud4qDq5m6rxkbqCRZOQvEqi852u6xxubeRpkZvFDtNHDRiE4gXlM+vAxDdN5/3oSpR3Z3ayiD3GC95P/XKFhrmXyFIHteVqah+pge8uzT3U0yrqh76L2ooBFoYsngc3Vdzg+yk7dKOpYusWgKd6GjIj8lSdR3avT0FsNd8dsj1XX1KIOW+Q0RhQWHeMc1m2ZrUzscXMvq86ytCneVTBTOToyi/DqnIgSOwVoGb/Ph1IQ+9YTYPNBZPQIV4HLnRGljvTlJ/WjOuzkPUq3zvmIDZ+9ym3SSrxYdo4yBJRu3fTPbUdtwtdq3Idx6qS/72eXnLjHgDYqKlnJwAynRKBztYzPOFqu+LuGlfBErWZ6M+1x5EWHg+WnzqJA0HLSSAD6+RqhWcCl5JSnSoe1qxVcK/ByQAYAAAAAAAAkBgAAvZr6d1kDMk29YCj05494SzCCBhAwggP4oAMCAQICCmEI08QAAAAAAAQwDQYJKoZIhvcNAQELBQAwgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xOzA5BgNVBAMTMk1pY3Jvc29mdCBDb3Jwb3JhdGlvbiBUaGlyZCBQYXJ0eSBNYXJrZXRwbGFjZSBSb290MB4XDTExMDYyNzIxMjI0NVoXDTI2MDYyNzIxMzI0NVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBDb3Jwb3JhdGlvbiBVRUZJIENBIDIwMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClCGxMx0UJaksMpMCHfwZ1DEMBVGTgFn8H7ZJ9C7JzvwwKxkpFYaDFFi2W0/UroPtNSZtBgJA8uVT95rzRncSkGIp/QYpcWYNoMruMR8nucbwhT5qKfP9EP42PMrImSK51te7JTB5KGX7kgpodeHdNDLC99g/TFtO8+iulUThd9fu623gC2//sChuW1YO4GRPptsB7QHvhHygnyfrvVl4c5n6UfsDwRLJ5OeXasmKLTb84cOJoJBTJM6QIN9VYaV7TfO3BBFMI506wKodjCGFvYxVZ6rIredcMYWeKW/1erYd/uoZnT3FYEiIEIiLOi+9UcQDOUDVYdpUI7mqxogHVAgMBAAGjggF2MIIBcjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBT4wWu3f3dTSvMlNx1OoSZ7DyBwgDAdBgNVHQ4EFgQUE62/Qwm9gnCcjNVPMW7VIpiKG9QwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAURWZSQ+F+WBG/1k6eI1UIOzoiaqgwXAYDVR0fBFUwUzBRoE+gTYZLaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljQ29yVGhpUGFyTWFyUm9vXzIwMTAtMTAtMDUuY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNDb3JUaGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcnQwDQYJKoZIhvcNAQELBQADggIBADUIQv8wzM73dgytEGhYNSlGMnYnfO8SQSdCG0qqbYE4SFkTVfPpWDSmFguCql2tgtqAg0EGj7Qd8gO58xpdG/FQkPmzVYRCKBwgvbKuURTFwKyXlSEckNsP/HeelXORiMq9vVK5BVAN31eeoGHtDeVtJdlADxdAyM6jSsJNr5oSHQhUj73HvLkrPUkrHzL8aiFpT5vIfkI0/DYGF4uPIEDAs5oldSfNyQOj9l3R5zZUerlQtdMS0Qe/u3Tf3B6PgNXtGPQvFBZrL95mjLAj5ceE2O3qwTOCrVZLGC3xaJUHzc/wcvCuu92GhZgsIUwzK/APSvBoh7WSVTJ1oWqCajyjJRGk7a3XBK7L2EBZoITRlUxikSIadB2MPUcORKbksJs0NbH6tlOoLIHspAVxyJ24uugbRGbkR1QOjlZ/s58WmLKG0Gg+kCO1L16PUIWNxo2CX0Gh9C4N4JnSbHXktmm1IYb6B9H24k3R2q0sd1MeJTI3x2xScpWGsPE1YWoZ9bI7gVBWpjIt/qKJ+UKGJxhVoYLKWpv4MJhUFKZHliUvyCbkQZQaXAI/5ZbjhVs8Pj+7RxZyVeIlIrHZe+cDBiqj9x6QRsMADdYZieMONSdiA3EVpu/QJ6CgWTdg+DiUuOB4cPi6TIaHlPbgrgJF7mXCtqN+aRZ1B5Kb9aa8WYNYoVnApeSUp0qHtasVXCvwctQFAAAAAAAAuAUAAL2a+ndZAzJNvWAo9OePeEswggWkMIIDjKADAgECAhMzAAAAFja/NomfFXXMAAAAAAAWMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBSU0EgRGV2aWNlcyBSb290IENBIDIwMjEwHhcNMjMwNjEzMTkyMTQ3WhcNMzgwNjEzMTkzMTQ3WjBOMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR8wHQYDVQQDExZNaWNyb3NvZnQgVUVGSSBDQSAyMDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSIqru8aMYUTeFGnm/38eNFjuBqbY/USBttLQTVqb6v1agTMl8+71AgJGmE6DeazoEb/Ca3egCTcEoDyX9kW7eJCnc0vTWECYYocSx0YYjmGl3GtPn9dcRNL6SoAwb7VtwCfXmWyLBr/dO3qg9I5iTM1c32govpA5GZQWKr8h+hcIIM07KviC8VfPv9IKxGRJu8YblfFnxhzme/hanQruy9/UI4d2j12tgTlzC4Qx4Mbg6PkpRMTcW4zeKOoPOxIJl7Hxl4Nh5qqzFU0ga2dkPXmlmOm6AcgF8iTHtKupNyufVm/iF5iDK5b8ilAVh0mQN6Fpq1W0c9VR3ZfnDnbAwIDAQABo4IBbTCCAWkwDgYDVR0PAQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBSBqmsyRMk1vODWYorzmCdCHjJJfTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFIREhgYAmD8sqrPFifOsLsnmnQkDMGUGA1UdHwReMFwwWqBYoFaGVGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFJTQSUyMERldmljZXMlMjBSb290JTIwQ0ElMjAyMDIxLmNybDByBggrBgEFBQcBAQRmMGQwYgYIKwYBBQUHMAKGVmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwUlNBJTIwRGV2aWNlcyUyMFJvb3QlMjBDQSUyMDIwMjEuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQAHYBMqU4cSDxrzWhSVF+XY15VUm4sO3ZGl7cddR1CTRbeViF8XGUFjdrWCsKjFnZkVNolJvhLCZvuDDLCBzuWkq8Kgmuv1Bzz+Ifia3BkhDJ4kLNFcohYKS+vsSJyxW3TbAWTC44BqqxrNdxtqOZq3unBE/2eUxYEG8MuBBJMnIZm9h4gUnCJxDgsvXL64kFR8wB68K5ujVhdLl+fjfxM0+rA0a5v2si332HvYINNcp5VMTyr55x5or/xsj8iGPZ/I0e9NGsjR9v0tfOPoQcHqJ8H7jiWGWommEL7O44+le8QaoOh1kP0hsMGjxRYjXjzOL/6MmL8IXPa5xbI8tszI7H/Sd3TL7fOWyYuNHCqJD6OPvc4qhUaaI6KPQsCZ1uqFH2EZvhY1t3WglYBlBofUCzXIxKoOzqIKY2DKSytcJwSCrz5Yg3pa2Gc/EFP1DBb3JkuKgLnFH6De2NNhRBRFp/WrmogX/beUVAKL5LdToT6NnlCCqADgeJQbvrPEMB+yDtvwRpDB5lf+fMFwshxLZNkQAxs0+2bPgm6eQKgRN/JliyEJrzyTYj3zvIPdP1WQFdIxrxHn+MqgguG5z7NXk8dVN6x/Qb8fljzzJpT52NJVJIqKtkHw4BbAI5KMcQpMag0ZVfc6nJIhlqHV+AqMnb/J68qIQvxLtO//JzAhYQ==
- type: EV_EFI_VARIABLE_DRIVER_CONFIG
  pcr: 7
  prehash:
    sha256: '0xfe3b6eb942e7fe26ebfc37800fd9d4ee3f49f04cee81ab9b51541160a9362255'
  data:
    type: variable
    variable_name: '{0xD719B2CB, 0x3D3A, 0x4596, {0xA3, 0xBC, 0xDA, 0xD0, 0x0E, 0x67,
      0x65, 0x6F}}'
    variable_unicode_name_length: 3
    variable_data_length: 508
    variable_unicode_name: dbx
    decode:
      62b79fb4a04052fcb498a97f22a3567642d4bc47d1c2ff9a06311c8c6148e907: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      339c2bcf0445baa7345a02cde505e172d24cc9cea29a92ebee3f3901693fd2c8: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      a48b5e31477da248680a8935d1e5e630e6fde22277f9635da7d6f7f9aa17e34a: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      3e828ef5e880fe62b33d36b78f2235f1a314153899ac80469597297b9a9dd22d: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      b133de42a37376f5d91439af3d61d38201f10377c36dacd9c2610f52aa124a91: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      f4dc5a40d2a9dbdab210bae0c508e053ae986c4da42d68760a1655d6fbaec051: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      a1a59cc2784246ad693b1df151454642324e89c898566a59906891f48089ece9: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      c0530badc4d066d5c4b8b955023e9efa7fb9337ecb7e1298e7cba172d8680485: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      d465d63b0384f16a1610b0a86c5d73b36a33709828de8fe26dbac6dc6efa007d: 77fa9abd-0359-4d32-bd60-28f4e78f784b
      ab311e737112e4d34abf545836bc671637663e93738cefa37405214ce8c92a58: 77fa9abd-0359-4d32-bd60-28f4e78f784b
    value: JhbEwUxQkkCsqUH5NpNDKPwBAAAAAAAAMAAAAL2a+ndZAzJNvWAo9OePeEtit5+0oEBS/LSYqX8io1Z2QtS8R9HC/5oGMRyMYUjpB72a+ndZAzJNvWAo9OePeEsznCvPBEW6pzRaAs3lBeFy0kzJzqKakuvuPzkBaT/SyL2a+ndZAzJNvWAo9OePeEuki14xR32iSGgKiTXR5eYw5v3iInf5Y12n1vf5qhfjSr2a+ndZAzJNvWAo9OePeEs+go716ID+YrM9NrePIjXxoxQVOJmsgEaVlyl7mp3SLb2a+ndZAzJNvWAo9OePeEuxM95Co3N29dkUOa89YdOCAfEDd8NtrNnCYQ9SqhJKkb2a+ndZAzJNvWAo9OePeEv03FpA0qnb2rIQuuDFCOBTrphsTaQtaHYKFlXW+67AUb2a+ndZAzJNvWAo9OePeEuhpZzCeEJGrWk7HfFRRUZCMk6JyJhWalmQaJH0gIns6b2a+ndZAzJNvWAo9OePeEvAUwutxNBm1cS4uVUCPp76f7kzfst+Epjny6Fy2GgEhb2a+ndZAzJNvWAo9OePeEvUZdY7A4TxahYQsKhsXXOzajNwmCjej+JtusbcbvoAfb2a+ndZAzJNvWAo9OePeEurMR5zcRLk00q/VFg2vGcWN2Y+k3OM76N0BSFM6MkqWA==
```

EV_EFI_VARIABLE_AUTHORITY Example
```yaml
- type: EV_EFI_VARIABLE_AUTHORITY
  pcr: 7
  prehash:
    sha256: '0x30bf464ee37f1bc0c7b1a5bf25eced275347c3ab1492d5623ae9f7663be07dd5'
  data:
    type: variable
    variable_name: '{0xD719B2CB, 0x3D3A, 0x4596, {0xA3, 0xBC, 0xDA, 0xD0, 0x0E, 0x67,
      0x65, 0x6F}}'
    variable_unicode_name_length: 2
    variable_data_length: 1515
    variable_unicode_name: db
    decode:
      <Name(C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft Windows Production PCA 2011)>:
        fingerprint: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
        issuer: <Name(C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=Microsoft
          Root Certificate Authority 2010)>
        not_valid_after_utc: '2026-10-19 18:51:42+00:00'
    value: vZr6d1kDMk29YCj05494SzCCBdcwggO/oAMCAQICCmEHdlYAAAAAAAgwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTExMTAxOTE4NDE0MloXDTI2MTAxOTE4NTE0MlowgYQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLjAsBgNVBAMTJU1pY3Jvc29mdCBXaW5kb3dzIFByb2R1Y3Rpb24gUENBIDIwMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdDLui5C4J4+fF95ZpvAAhvWkzM++tBMtUgO4Gg7vFIITZ99KL8ziwq6StLXxieQX/40o/BDUgcOPE52vgnMA2demKMd2NcOXcN7V0RpYoW4dgIyy/3EelZ/dRJ55y6wemybkeO1M1fOXT7Ce5hxz+uckjCW+oRpHBbpY8QdPLoz9dAmpN7GkfJShcNv/9QxUKlOAZtM/fwhLiwlsn7id4MItbKglrIolTYBYswGgdU7rsSfOdYYyFaAlzRF19olQr3Xn3Fc81XWwcK1zOvJwji29utSbZNhPDT9YnrrkyO0GSLOHHzXfoqlRO91wLBIdltEMYqLLgbRl37Fok+kgDAgMBAAGjggFDMIIBPzAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQUqSkCOY4WxJd4zZD5nk+a4XxVr1MwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBABT8fHFRpXnCbrLvOT68PFIPbis/EBNz/qho0EimNE2KlgUm7jFGkGF51v84LkVr9MDlKLjaHY+K2wnXGsdMCjZmaozsG9cEkKgYF6SbueJAMjZ2xMFaxr/kBMDqFtOsw2jvYqzdVGxQMFim63z+lKdOjvTsfIZzV8JSIXM0WvOjilbIBNoHCe34i+PO9H6OrvD2C4oI+z/JHXJ/U7jrvmPg4z0xZbCB5fKszRaknz2osZvCQtCQhF9UHf+J6rodR5BvsHNOQZ9An1/loSqyEZFziiEo8M7eczlfPqtcYOzfAxCo0wnp9PaWhbZ/UYhmRxmNorASPYEqaAV3u5FMYnu2wQfHunqHNAMOS2J6menK/M5KN8ktpFd8HP493LgPWvrWxLMChQI66rPZbuRpITfegdH2dRkFZ9OTV14pGznI7i3hzeRFc1vQ0s56qxYZgkZY0F6dgbNnr2w18rzlPyTiNaIKdQb2GFaZ1Hgs0QUb69CIAZ2qEPEF37p+LGO3BpsjIcT5eGziWBcGNiuREgPMpNnyLbr5lJ1A7RhF8c6KXGs+qwPTcBgqCmrgX0fR1WMKMvKv1zYfKnBa5UJZCHFLV7p+g4HwITz0HMHFuZCTDohFk4bpsSCZvpjLxZWkXWLWoGMIIL11EHd9PfNFuZ+Xn8tXgG8zqQTPd6RiHFl+

```

## Integration Instructions

N/A
Flickdm authored Oct 17, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 432cf23 commit 94ad770
Showing 1 changed file with 133 additions and 7 deletions.
140 changes: 133 additions & 7 deletions TpmTestingPkg/TpmReplayPei/Tool/TpmReplay.py
Original file line number Diff line number Diff line change
@@ -23,7 +23,6 @@
import timeit
import yaml

from edk2toollib.tpm.tpm2_defs import TPM_ALG_SHA256
from tcg_platform import (
PCR_0,
PCR_7,
@@ -37,11 +36,31 @@
VALUE_FROM_EVENT,
ALG_FROM_VALUE,
EVENT_FROM_VALUE,
EV_EFI_VARIABLE_DRIVER_CONFIG,
EV_EFI_VARIABLE_BOOT,
EV_EFI_VARIABLE_BOOT2,
EV_EFI_VARIABLE_AUTHORITY
)

from edk2toollib.tpm.tpm2_defs import (
TPM_ALG_SHA256
)

from edk2toollib.uefi.authenticated_variables_structure_support import (
EfiSignatureDatabase,
EfiSignatureDataFactory,
EfiSignatureDataEfiCertX509,
)

from cryptography import x509
from cryptography.hazmat.primitives import hashes

from io import BytesIO

from enum import IntEnum
from pathlib import PurePath
from typing import Dict, Iterable, List, Union
from collections import defaultdict

PROGRAM_NAME = "TPM Replay"

@@ -579,6 +598,113 @@ def _add_digest(pcr: int, alg: int, digest: bytes, prehashed: bool = False) -> N

return replay_event_log

def _decode_efi_signature_data_x509(data: bytes) -> Dict[str: Dict[str, str, str]]:
"""Decodes an EFI signature data containing an X.509 certificate.
Args:
data (bytes): The DER-encoded X.509 certificate data.
Returns:
Dict[str: Dict[str, str, str]]: A dictionary containing the certificate's
subject, fingerprint, issuer, and not valid after date.
"""
cert = x509.load_der_x509_certificate(data)
cert_info = {
str(cert.subject): {
"fingerprint": cert.fingerprint(hashes.SHA1()).hex(":"),
"issuer": str(cert.issuer),
"not_valid_after_utc": str(cert.not_valid_after_utc),
}
}

return cert_info

def _decode_efi_signature_data_sha256(signature: EfiSignatureDatabase) -> Dict[str: str]:
"""Decodes an EFI signature data containing a SHA256 hash.
Args:
signature (EfiSignatureData): The EFI signature data.
Returns:
Dict[str: str]: A dictionary containing the SHA256 hash and the signature owner.
"""
return {signature.signature_data.hex(): str(signature.signature_owner)}

def _decode_variable_driver_config(data: bytes) -> Dict[str: Dict]:
"""Decodes an EFI variable boot event.
Args:
data (bytes): The binary data of the boot event.
Returns:
Dict[str: Dict]: A dictionary containing the boot variable data.
"""
driver_config = {}

with BytesIO(data) as fs:

for signature_list in EfiSignatureDatabase(filestream=fs).EslList:
if not signature_list.signature_data_list: # discard empty EfiSignatureLists
continue
if signature_list.signature_type == EfiSignatureDataFactory.EFI_CERT_SHA256_GUID:
for signature in signature_list.signature_data_list:
driver_config.update(_decode_efi_signature_data_sha256(signature))
elif signature_list.signature_type == EfiSignatureDataFactory.EFI_CERT_X509_GUID:
for sig_list in signature_list.signature_data_list:
driver_config.update(
_decode_efi_signature_data_x509(sig_list.signature_data))
else:
raise ValueError(f"Unsupported signature type {signature_list.signature_type}")

return driver_config

def _decode_variable_authority(data: bytes) -> Dict[str: Dict]:
"""Decodes an EFI variable authority event.
Args:
data (bytes): The binary data of the authority event.
Returns:
Dict[str: Dict]: A dictionary containing the authority variable data.
"""
authority_data = {}

with BytesIO(data) as fs:
sig_list = EfiSignatureDataEfiCertX509(
decodefs=fs, decodesize=len(data))
authority_data.update(
_decode_efi_signature_data_x509(sig_list.signature_data))

return authority_data

def _decode_is_enabled(data) -> Dict[str, str]:
"""
Decodes an driver config event for the variable SecureBoot.
Args:
data (bytes): The binary data of the driver config event.
Returns:
Dict[str: str] : "True" if enabled "False" is disabled
"""
return {"enabled": "True" if ord(data) == 1 else "False" }

def _decode_value_dispatch(event_type, name, data) -> Dict:

dispatch_map = defaultdict(lambda: lambda data: {}, {
("SecureBoot", EV_EFI_VARIABLE_DRIVER_CONFIG): _decode_is_enabled,
("PK", EV_EFI_VARIABLE_DRIVER_CONFIG): _decode_variable_driver_config,
("KEK", EV_EFI_VARIABLE_DRIVER_CONFIG): _decode_variable_driver_config,
("db", EV_EFI_VARIABLE_DRIVER_CONFIG): _decode_variable_driver_config,
("dbx", EV_EFI_VARIABLE_DRIVER_CONFIG): _decode_variable_driver_config,
("PK", EV_EFI_VARIABLE_AUTHORITY): _decode_variable_authority,
("KEK", EV_EFI_VARIABLE_AUTHORITY): _decode_variable_authority,
("db", EV_EFI_VARIABLE_AUTHORITY): _decode_variable_authority
})
func = dispatch_map[(name, event_type)]

return func(data)


def _build_yaml_from_event_log(
event_log: TpmReplayEventLog,
@@ -593,8 +719,6 @@ def _build_yaml_from_event_log(
a string or additional nested dictionaries.
"""
import tcg_platform

yaml_data = {"events": []}

logger.debug("Processing events...")
@@ -615,10 +739,10 @@ def _build_yaml_from_event_log(
event_data["data"] = {}

if event.event_type in (
tcg_platform.EV_EFI_VARIABLE_DRIVER_CONFIG,
tcg_platform.EV_EFI_VARIABLE_BOOT,
tcg_platform.EV_EFI_VARIABLE_BOOT2,
tcg_platform.EV_EFI_VARIABLE_AUTHORITY,
EV_EFI_VARIABLE_DRIVER_CONFIG,
EV_EFI_VARIABLE_BOOT,
EV_EFI_VARIABLE_BOOT2,
EV_EFI_VARIABLE_AUTHORITY,
):
event_data["data"]["type"] = "variable"
tcg_var = TcgUefiVariableData.from_binary(event.event)
@@ -628,6 +752,8 @@ def _build_yaml_from_event_log(
] = tcg_var.unicode_name_length
event_data["data"]["variable_data_length"] = tcg_var.variable_data_length
event_data["data"]["variable_unicode_name"] = tcg_var.unicode_name
event_data["data"]["decode"] = _decode_value_dispatch(
event.event_type, tcg_var.unicode_name, tcg_var.variable_data)
event_data["data"]["value"] = base64.b64encode(
tcg_var.variable_data
).decode("utf-8")

0 comments on commit 94ad770

Please sign in to comment.