Merge pull request #148 from nokia/ian2

fixed nasty ta10 error of returning anything - usually as root.
nokia · Jan 20, 2024 · 1efe109 · 1efe109
2 parents 7311739 + ea50e6f
commit 1efe109
Show file tree

Hide file tree

Showing 10 changed files with 127 additions and 51 deletions.
diff --git a/ga10/a10 b/ga10/a10
diff --git a/ga10/go.mod b/ga10/go.mod
@@ -4,11 +4,11 @@ go 1.20
 
 require (
 	github.com/eclipse/paho.mqtt.golang v1.4.3
-	github.com/google/uuid v1.4.0
-	github.com/labstack/echo/v4 v4.11.3
+	github.com/google/uuid v1.5.0
+	github.com/labstack/echo/v4 v4.11.4
 	github.com/racingmars/go3270 v0.0.0-20231111230320-21f273b327b8
-	go.mongodb.org/mongo-driver v1.13.0
-	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
+	go.mongodb.org/mongo-driver v1.13.1
+	golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -21,8 +21,8 @@ require (
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-tpm v0.9.0
 	github.com/gorilla/websocket v1.5.1 // indirect
-	github.com/klauspost/compress v1.17.3 // indirect
-	github.com/labstack/gommon v0.4.1 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/labstack/gommon v0.4.2 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/montanaflynn/stats v0.7.1 // indirect
@@ -32,10 +32,10 @@ require (
 	github.com/xdg-go/scram v1.1.2 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
-	golang.org/x/crypto v0.15.0 // indirect
-	golang.org/x/net v0.18.0 // indirect
-	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.14.0 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.4.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
 )
diff --git a/ga10/go.sum b/ga10/go.sum
@@ -13,17 +13,17 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=
 github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU=
-github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
-github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
+github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
 github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA=
-github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
-github.com/labstack/echo/v4 v4.11.3 h1:Upyu3olaqSHkCjs1EJJwQ3WId8b8b1hxbogyommKktM=
-github.com/labstack/echo/v4 v4.11.3/go.mod h1:UcGuQ8V6ZNRmSweBIJkPvGfwCMIlFmiqrPqiEBfPYws=
-github.com/labstack/gommon v0.4.1 h1:gqEff0p/hTENGMABzezPoPSRtIh1Cvw0ueMOe0/dfOk=
-github.com/labstack/gommon v0.4.1/go.mod h1:TyTrpPqxR5KMk8LKVtLmfMjeQ5FEkBYdxLYPw/WfrOM=
+github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
+github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/labstack/echo/v4 v4.11.4 h1:vDZmA+qNeh1pd/cCkEicDMrjtrnMGQ1QFI9gWN1zGq8=
+github.com/labstack/echo/v4 v4.11.4/go.mod h1:noh7EvLwqDsmh/X/HWKPUl1AjzJrhyptRyEbQJfxen8=
+github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0=
+github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
@@ -52,28 +52,28 @@ github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7Jul
 github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk=
 github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.mongodb.org/mongo-driver v1.13.0 h1:67DgFFjYOCMWdtTEmKFpV3ffWlFnh+CYZ8ZS/tXWUfY=
-go.mongodb.org/mongo-driver v1.13.0/go.mod h1:/rGBTebI3XYboVmgz+Wv3Bcbl3aD0QF9zl6kDDw18rQ=
+go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk=
+go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
-golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
-golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o=
+golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
-golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -83,8 +83,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -95,8 +95,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY=
-golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=

diff --git a/ta10/common/identifiers.go b/ta10/common/identifiers.go
@@ -4,6 +4,7 @@ import(
         "github.com/google/uuid"
 )
 
+
 func MakeID() string {
 	return uuid.New().String()
-}
+}
diff --git a/ta10/common/unsafemode.go b/ta10/common/unsafemode.go
@@ -0,0 +1,12 @@
+package utilities
+
+
+var unsafemode bool = false
+
+func SetUnsafeMode() {
+	unsafemode = true
+}
+
+func IsUnsafe() bool {
+	return unsafemode
+}
diff --git a/ta10/ima/endpoints.go b/ta10/ima/endpoints.go
@@ -6,16 +6,32 @@ import(
 	"io/ioutil"
 	"encoding/base64"
 
+	"ta10/common"
+
 	"github.com/labstack/echo/v4"
 )
 
+const IMALOGLOCATION string = "/sys/kernel/ima/ascii_runtime_measurements"
+
 type returnASCIILog struct {
 	ASCIILog    string       `json:"asciilog"`
 	Encoding   string        `json:"encoded"`
 	UnEncodedLength int    `json:"unencodedlength"`
 	EncodedLength int      `json:"encodedlength"`
 }
 
+func GetEventLogLocation(loc string) string {
+	fmt.Printf("IMA Log requested from %v, unsafe mode is %v, giving: ",loc,utilities.IsUnsafe())
+
+	if utilities.IsUnsafe()==true {
+		fmt.Printf("%v\n",loc)
+		return loc
+	} else {
+		fmt.Printf("%v\n",IMALOGLOCATION)
+		return IMALOGLOCATION
+	}
+}
+
 func ASCIILog(c echo.Context) error {
 	fmt.Println("ima ascii called")
 
@@ -27,8 +43,9 @@ func ASCIILog(c echo.Context) error {
 		return c.JSON(http.StatusBadRequest, rtnbody)
 	}
 
-	u := fmt.Sprintf("%v",postbody["ima/ASCIIlog"])
-
+	u := GetEventLogLocation(fmt.Sprintf("%v",postbody["ima/ASCIIlog"]))
+
+
 	fcontent,err := ioutil.ReadFile(u)
 	if err != nil {
 		rtnbody["file err"]=err.Error() 

diff --git a/ta10/ta10 b/ta10/ta10
diff --git a/ta10/ta10.go b/ta10/ta10.go
@@ -26,26 +26,20 @@ var RUNSESSION string = utilities.MakeID()
 
 const PREFIX=""
 
-var flagSYS = *flag.Bool("sys", true, "Expose the sys attestation API")
-var flagTPM = *flag.Bool("tpm", true, "Expose the tpm attesation API")
-var flagUEFI = *flag.Bool("uefi", true, "Expose the uefi attestation API")
-var flagIMA = *flag.Bool("ima", true, "Expose the ima attestation API")
-var flagTXT = *flag.Bool("txt", true, "Expose the txt attestation API")
 
-var flagPort = flag.String("port", "8530", "Run the TA on the given port. Defaults to 8530")
 
 
 
 
 // Provides the standard welcome message to stdout.
-func welcomeMessage() {
+func welcomeMessage(unsafe bool) {
 	fmt.Printf("\n")
 	fmt.Printf("+========================================================================================\n")
 	fmt.Printf("|  TA10 version - Starting\n",)
 	fmt.Printf("|   + %v O/S on %v\n",runtime.GOOS,runtime.GOARCH)
 	fmt.Printf("|   + version %v, build %v\n",VERSION,BUILD)	
 	fmt.Printf("|   + session identifier is %v\n",RUNSESSION)
-	fmt.Printf("|  (C)2023 Nokia\n")	
+	fmt.Printf("|   + unsafe mode? %v\n",unsafe)
 	fmt.Printf("+========================================================================================\n\n")
 }
 
@@ -54,20 +48,34 @@ func exitMessage() {
 	fmt.Printf("+========================================================================================\n")
 	fmt.Printf("|  TA10 version - Exiting\n",)
 	fmt.Printf("|   + session identifier was %v\n",RUNSESSION)
-	fmt.Printf("|  (C)2023 CeffylOpi\n")	
 	fmt.Printf("+========================================================================================\n\n")
 }
 
+func checkUnsafeMode(unsafe bool) {
+	if unsafe==true {
+		utilities.SetUnsafeMode()
+
+		fmt.Printf("\n")
+		fmt.Printf("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n")
+		fmt.Printf("TA10 is running in UNSAFE file access mode.  Unsafe is set to %v\n",utilities.IsUnsafe())
+		fmt.Printf("Requests for log files, eg: UEFI, IMA, that supply a non default location will happily read that file\n")
+		fmt.Printf("This is a HUGE security issue. YOU HAVE BEEN WARNED\n")
+		fmt.Printf("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n")		
+
+	}
+}
+
+
 // This function initialises the system by calling the configuration system to read the configuration
-func init() {
+func initialise() {
 	flag.Parse()
 }
 
 
 // These configure the rest API
 
 
-func startRESTInterface(sys,tpm,uef,ima,txt bool, p *string ) {
+func startRESTInterface(sys,tpm,uefi,ima,txt bool, p *string ) {
     router := echo.New()
     router.HideBanner = true
 
@@ -82,7 +90,7 @@ func startRESTInterface(sys,tpm,uef,ima,txt bool, p *string ) {
     if sys == true {
     	setupSYSendpoints(router)    
     }
-    if uef == true {
+    if uefi == true {
     	setupUEFIendpoints(router)    
     } 
  	 if ima == true {
@@ -139,7 +147,23 @@ func setupTPM2endpoints(router *echo.Echo) {
 
 // This starts everything...here we "go" :-)
 func main() {
-	welcomeMessage()
-	startRESTInterface(flagSYS, flagTPM, flagUEFI, flagIMA, flagTXT, flagPort )
+	flagSYS := flag.Bool("sys", true, "Expose the sys attestation API")
+ 	flagTPM := flag.Bool("tpm", true, "Expose the tpm attesation API")
+ 	flagUEFI := flag.Bool("uefi", true, "Expose the uefi attestation API")
+ 	flagIMA := flag.Bool("ima", true, "Expose the ima attestation API")
+ 	flagTXT := flag.Bool("txt", true, "Expose the txt attestation API")
+
+ 	flagUNSAFEFILEACCESS := flag.Bool("unsafe", false, "Allow caller to request ANY file instead of the default UEFI and IMA locations. THIS IS UNSAFE!")
+
+ 	flagPort := flag.String("port", "8530", "Run the TA on the given port. Defaults to 8530")	
+
+ 	flag.Parse()
+
+ 	fmt.Printf("\nsys %v, port %v , unsafe %v\n", flagSYS, flagPort, flagUNSAFEFILEACCESS)
+
+	welcomeMessage(*flagUNSAFEFILEACCESS)
+	checkUnsafeMode(*flagUNSAFEFILEACCESS)
+
+	startRESTInterface(*flagSYS, *flagTPM, *flagUEFI, *flagIMA, *flagTXT, flagPort  )
 	exitMessage()
 }
diff --git a/ta10/tpm2/endpointstpm2.go b/ta10/tpm2/endpointstpm2.go
@@ -74,13 +74,17 @@ func PCRs(c echo.Context) error {
 	}
 	defer rwc.Close()
 
+	fmt.Printf("TPM readwriteio object is %v\n",rwc)
+
 	banks := make(map[string]pcrValue)
 
 	for _, b := range pcrbanks {
 		pcrvs := make(map[int]string)
 
 		for i := 0; i <= 23; i++ {
+			fmt.Printf("Reading back %v, pcr %v --> ",b,i)
 			pcrv, pcre := tpm2.ReadPCR(rwc, i, b)
+			fmt.Printf(" hex %v err %w\n",pcrv,pcre)
 			if pcre == nil {
 				pcrvs[i] = hex.EncodeToString(pcrv)
 			}

diff --git a/ta10/uefi/endpoints.go b/ta10/uefi/endpoints.go
@@ -6,16 +6,34 @@ import(
 	"io/ioutil"
 	"encoding/base64"
 
+	"ta10/common"
+
 	"github.com/labstack/echo/v4"
 )
 
+
+const UEFIEVENTLOGLOCATION string = "/sys/kernel/ima/ascii_runtime_measurements"
+
+
 type returnEventLog struct {
 	EventLog    string       `json:"eventlog"`
 	Encoding   string        `json:"encoded"`
 	UnEncodedLength int    `json:"unencodedlength"`
 	EncodedLength int      `json:"encodedlength"`
 }
 
+func GetEventLogLocation(loc string) string {
+	fmt.Printf("UEFI Log requested from %v, unsafe mode is %v, giving: ",loc,utilities.IsUnsafe())
+
+	if utilities.IsUnsafe()==true {
+		fmt.Printf("%v\n",loc)
+		return loc
+	} else {
+		fmt.Printf("%v\n",UEFIEVENTLOGLOCATION)
+		return UEFIEVENTLOGLOCATION
+	}
+}
+
 func Eventlog(c echo.Context) error {
 	fmt.Println("eventlog called")
 
@@ -27,7 +45,7 @@ func Eventlog(c echo.Context) error {
 		return c.JSON(http.StatusUnprocessableEntity, rtnbody)
 	}
 
-	u := fmt.Sprintf("%v",postbody["uefi/eventlog"])
+	u := GetEventLogLocation(fmt.Sprintf("%v",postbody["uefi/eventlog"]))
 
 	fcontent,err := ioutil.ReadFile(u)
 	if err != nil {