diff --git a/ga10/a10 b/ga10/a10 index 9cae4863..80a55e47 100755 Binary files a/ga10/a10 and b/ga10/a10 differ diff --git a/ga10/go.mod b/ga10/go.mod index dd348ba5..8b8defb9 100644 --- a/ga10/go.mod +++ b/ga10/go.mod @@ -4,11 +4,11 @@ go 1.20 require ( github.com/eclipse/paho.mqtt.golang v1.4.3 - github.com/google/uuid v1.4.0 - github.com/labstack/echo/v4 v4.11.3 + github.com/google/uuid v1.5.0 + github.com/labstack/echo/v4 v4.11.4 github.com/racingmars/go3270 v0.0.0-20231111230320-21f273b327b8 - go.mongodb.org/mongo-driver v1.13.0 - golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa + go.mongodb.org/mongo-driver v1.13.1 + golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 gopkg.in/yaml.v3 v3.0.1 ) @@ -21,8 +21,8 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/go-tpm v0.9.0 github.com/gorilla/websocket v1.5.1 // indirect - github.com/klauspost/compress v1.17.3 // indirect - github.com/labstack/gommon v0.4.1 // indirect + github.com/klauspost/compress v1.17.4 // indirect + github.com/labstack/gommon v0.4.2 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/montanaflynn/stats v0.7.1 // indirect @@ -32,10 +32,10 @@ require ( github.com/xdg-go/scram v1.1.2 // indirect github.com/xdg-go/stringprep v1.0.4 // indirect github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect - golang.org/x/crypto v0.15.0 // indirect - golang.org/x/net v0.18.0 // indirect - golang.org/x/sync v0.5.0 // indirect - golang.org/x/sys v0.14.0 // indirect + golang.org/x/crypto v0.18.0 // indirect + golang.org/x/net v0.20.0 // indirect + golang.org/x/sync v0.6.0 // indirect + golang.org/x/sys v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.4.0 // indirect + golang.org/x/time v0.5.0 // indirect ) diff --git a/ga10/go.sum b/ga10/go.sum index a0900564..191f2855 100644 --- a/ga10/go.sum +++ b/ga10/go.sum @@ -13,17 +13,17 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk= github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= +github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA= -github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= -github.com/labstack/echo/v4 v4.11.3 h1:Upyu3olaqSHkCjs1EJJwQ3WId8b8b1hxbogyommKktM= -github.com/labstack/echo/v4 v4.11.3/go.mod h1:UcGuQ8V6ZNRmSweBIJkPvGfwCMIlFmiqrPqiEBfPYws= -github.com/labstack/gommon v0.4.1 h1:gqEff0p/hTENGMABzezPoPSRtIh1Cvw0ueMOe0/dfOk= -github.com/labstack/gommon v0.4.1/go.mod h1:TyTrpPqxR5KMk8LKVtLmfMjeQ5FEkBYdxLYPw/WfrOM= +github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= +github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/labstack/echo/v4 v4.11.4 h1:vDZmA+qNeh1pd/cCkEicDMrjtrnMGQ1QFI9gWN1zGq8= +github.com/labstack/echo/v4 v4.11.4/go.mod h1:noh7EvLwqDsmh/X/HWKPUl1AjzJrhyptRyEbQJfxen8= +github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= +github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= @@ -52,28 +52,28 @@ github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7Jul github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk= github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.mongodb.org/mongo-driver v1.13.0 h1:67DgFFjYOCMWdtTEmKFpV3ffWlFnh+CYZ8ZS/tXWUfY= -go.mongodb.org/mongo-driver v1.13.0/go.mod h1:/rGBTebI3XYboVmgz+Wv3Bcbl3aD0QF9zl6kDDw18rQ= +go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk= +go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= -golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= -golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= +golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= -golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -83,8 +83,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -95,8 +95,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY= -golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= diff --git a/ta10/common/identifiers.go b/ta10/common/identifiers.go index 3997ad6d..8a40edd4 100644 --- a/ta10/common/identifiers.go +++ b/ta10/common/identifiers.go @@ -4,6 +4,7 @@ import( "github.com/google/uuid" ) + func MakeID() string { return uuid.New().String() -} \ No newline at end of file +} diff --git a/ta10/common/unsafemode.go b/ta10/common/unsafemode.go new file mode 100644 index 00000000..23bc1295 --- /dev/null +++ b/ta10/common/unsafemode.go @@ -0,0 +1,12 @@ +package utilities + + +var unsafemode bool = false + +func SetUnsafeMode() { + unsafemode = true +} + +func IsUnsafe() bool { + return unsafemode +} \ No newline at end of file diff --git a/ta10/ima/endpoints.go b/ta10/ima/endpoints.go index 71e5bd4b..c1620241 100644 --- a/ta10/ima/endpoints.go +++ b/ta10/ima/endpoints.go @@ -6,9 +6,13 @@ import( "io/ioutil" "encoding/base64" + "ta10/common" + "github.com/labstack/echo/v4" ) +const IMALOGLOCATION string = "/sys/kernel/ima/ascii_runtime_measurements" + type returnASCIILog struct { ASCIILog string `json:"asciilog"` Encoding string `json:"encoded"` @@ -16,6 +20,18 @@ type returnASCIILog struct { EncodedLength int `json:"encodedlength"` } +func GetEventLogLocation(loc string) string { + fmt.Printf("IMA Log requested from %v, unsafe mode is %v, giving: ",loc,utilities.IsUnsafe()) + + if utilities.IsUnsafe()==true { + fmt.Printf("%v\n",loc) + return loc + } else { + fmt.Printf("%v\n",IMALOGLOCATION) + return IMALOGLOCATION + } +} + func ASCIILog(c echo.Context) error { fmt.Println("ima ascii called") @@ -27,8 +43,9 @@ func ASCIILog(c echo.Context) error { return c.JSON(http.StatusBadRequest, rtnbody) } - u := fmt.Sprintf("%v",postbody["ima/ASCIIlog"]) - + u := GetEventLogLocation(fmt.Sprintf("%v",postbody["ima/ASCIIlog"])) + + fcontent,err := ioutil.ReadFile(u) if err != nil { rtnbody["file err"]=err.Error() diff --git a/ta10/ta10 b/ta10/ta10 deleted file mode 100755 index 842d1668..00000000 Binary files a/ta10/ta10 and /dev/null differ diff --git a/ta10/ta10.go b/ta10/ta10.go index d454921e..78d04b3a 100644 --- a/ta10/ta10.go +++ b/ta10/ta10.go @@ -26,26 +26,20 @@ var RUNSESSION string = utilities.MakeID() const PREFIX="" -var flagSYS = *flag.Bool("sys", true, "Expose the sys attestation API") -var flagTPM = *flag.Bool("tpm", true, "Expose the tpm attesation API") -var flagUEFI = *flag.Bool("uefi", true, "Expose the uefi attestation API") -var flagIMA = *flag.Bool("ima", true, "Expose the ima attestation API") -var flagTXT = *flag.Bool("txt", true, "Expose the txt attestation API") -var flagPort = flag.String("port", "8530", "Run the TA on the given port. Defaults to 8530") // Provides the standard welcome message to stdout. -func welcomeMessage() { +func welcomeMessage(unsafe bool) { fmt.Printf("\n") fmt.Printf("+========================================================================================\n") fmt.Printf("| TA10 version - Starting\n",) fmt.Printf("| + %v O/S on %v\n",runtime.GOOS,runtime.GOARCH) fmt.Printf("| + version %v, build %v\n",VERSION,BUILD) fmt.Printf("| + session identifier is %v\n",RUNSESSION) - fmt.Printf("| (C)2023 Nokia\n") + fmt.Printf("| + unsafe mode? %v\n",unsafe) fmt.Printf("+========================================================================================\n\n") } @@ -54,12 +48,26 @@ func exitMessage() { fmt.Printf("+========================================================================================\n") fmt.Printf("| TA10 version - Exiting\n",) fmt.Printf("| + session identifier was %v\n",RUNSESSION) - fmt.Printf("| (C)2023 CeffylOpi\n") fmt.Printf("+========================================================================================\n\n") } +func checkUnsafeMode(unsafe bool) { + if unsafe==true { + utilities.SetUnsafeMode() + + fmt.Printf("\n") + fmt.Printf("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n") + fmt.Printf("TA10 is running in UNSAFE file access mode. Unsafe is set to %v\n",utilities.IsUnsafe()) + fmt.Printf("Requests for log files, eg: UEFI, IMA, that supply a non default location will happily read that file\n") + fmt.Printf("This is a HUGE security issue. YOU HAVE BEEN WARNED\n") + fmt.Printf("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n") + + } +} + + // This function initialises the system by calling the configuration system to read the configuration -func init() { +func initialise() { flag.Parse() } @@ -67,7 +75,7 @@ func init() { // These configure the rest API -func startRESTInterface(sys,tpm,uef,ima,txt bool, p *string ) { +func startRESTInterface(sys,tpm,uefi,ima,txt bool, p *string ) { router := echo.New() router.HideBanner = true @@ -82,7 +90,7 @@ func startRESTInterface(sys,tpm,uef,ima,txt bool, p *string ) { if sys == true { setupSYSendpoints(router) } - if uef == true { + if uefi == true { setupUEFIendpoints(router) } if ima == true { @@ -139,7 +147,23 @@ func setupTPM2endpoints(router *echo.Echo) { // This starts everything...here we "go" :-) func main() { - welcomeMessage() - startRESTInterface(flagSYS, flagTPM, flagUEFI, flagIMA, flagTXT, flagPort ) + flagSYS := flag.Bool("sys", true, "Expose the sys attestation API") + flagTPM := flag.Bool("tpm", true, "Expose the tpm attesation API") + flagUEFI := flag.Bool("uefi", true, "Expose the uefi attestation API") + flagIMA := flag.Bool("ima", true, "Expose the ima attestation API") + flagTXT := flag.Bool("txt", true, "Expose the txt attestation API") + + flagUNSAFEFILEACCESS := flag.Bool("unsafe", false, "Allow caller to request ANY file instead of the default UEFI and IMA locations. THIS IS UNSAFE!") + + flagPort := flag.String("port", "8530", "Run the TA on the given port. Defaults to 8530") + + flag.Parse() + + fmt.Printf("\nsys %v, port %v , unsafe %v\n", flagSYS, flagPort, flagUNSAFEFILEACCESS) + + welcomeMessage(*flagUNSAFEFILEACCESS) + checkUnsafeMode(*flagUNSAFEFILEACCESS) + + startRESTInterface(*flagSYS, *flagTPM, *flagUEFI, *flagIMA, *flagTXT, flagPort ) exitMessage() } diff --git a/ta10/tpm2/endpointstpm2.go b/ta10/tpm2/endpointstpm2.go index 13cd753d..9b575b5c 100644 --- a/ta10/tpm2/endpointstpm2.go +++ b/ta10/tpm2/endpointstpm2.go @@ -74,13 +74,17 @@ func PCRs(c echo.Context) error { } defer rwc.Close() + fmt.Printf("TPM readwriteio object is %v\n",rwc) + banks := make(map[string]pcrValue) for _, b := range pcrbanks { pcrvs := make(map[int]string) for i := 0; i <= 23; i++ { + fmt.Printf("Reading back %v, pcr %v --> ",b,i) pcrv, pcre := tpm2.ReadPCR(rwc, i, b) + fmt.Printf(" hex %v err %w\n",pcrv,pcre) if pcre == nil { pcrvs[i] = hex.EncodeToString(pcrv) } diff --git a/ta10/uefi/endpoints.go b/ta10/uefi/endpoints.go index ae3056a8..3ac120fb 100644 --- a/ta10/uefi/endpoints.go +++ b/ta10/uefi/endpoints.go @@ -6,9 +6,15 @@ import( "io/ioutil" "encoding/base64" + "ta10/common" + "github.com/labstack/echo/v4" ) + +const UEFIEVENTLOGLOCATION string = "/sys/kernel/ima/ascii_runtime_measurements" + + type returnEventLog struct { EventLog string `json:"eventlog"` Encoding string `json:"encoded"` @@ -16,6 +22,18 @@ type returnEventLog struct { EncodedLength int `json:"encodedlength"` } +func GetEventLogLocation(loc string) string { + fmt.Printf("UEFI Log requested from %v, unsafe mode is %v, giving: ",loc,utilities.IsUnsafe()) + + if utilities.IsUnsafe()==true { + fmt.Printf("%v\n",loc) + return loc + } else { + fmt.Printf("%v\n",UEFIEVENTLOGLOCATION) + return UEFIEVENTLOGLOCATION + } +} + func Eventlog(c echo.Context) error { fmt.Println("eventlog called") @@ -27,7 +45,7 @@ func Eventlog(c echo.Context) error { return c.JSON(http.StatusUnprocessableEntity, rtnbody) } - u := fmt.Sprintf("%v",postbody["uefi/eventlog"]) + u := GetEventLogLocation(fmt.Sprintf("%v",postbody["uefi/eventlog"])) fcontent,err := ioutil.ReadFile(u) if err != nil {