diff --git a/cmd/amd-suite/cmd.go b/cmd/amd-suite/cmd.go index 2b6e7f27..750eb0e7 100644 --- a/cmd/amd-suite/cmd.go +++ b/cmd/amd-suite/cmd.go @@ -11,6 +11,7 @@ import ( "github.com/linuxboot/fiano/pkg/amd/psb" amd_manifest "github.com/linuxboot/fiano/pkg/amd/manifest" + log "github.com/sirupsen/logrus" ) // Context for kong command line parser @@ -129,7 +130,7 @@ func (s *showKeysCmd) Run(ctx *context) error { return fmt.Errorf("could not extract keys from the firmware image: %w", err) } - fmt.Println(keySet.String()) + log.Infof("%s", keySet.String()) return nil } @@ -164,7 +165,7 @@ func (v *validatePSPEntriesCmd) Run(ctx *context) error { } for _, validation := range signatureValidations { - fmt.Println(validation.String()) + log.Infof("%s", validation.String()) } return nil } @@ -179,7 +180,7 @@ func (v *validateRTMCmd) Run(ctx *context) error { if err != nil { return err } - fmt.Println(signatureValidation.String()) + log.Infof("%s", signatureValidation.String()) return nil } @@ -203,7 +204,7 @@ func dumpHelper(fwPath string, entry string, resultFile string, defer func() { err := f.Close() if err != nil { - fmt.Printf("could not close file %s after dumping entry %x", resultFile, id) + log.Errorf("could not close file %s after dumping entry %x", resultFile, id) } }() @@ -211,7 +212,7 @@ func dumpHelper(fwPath string, entry string, resultFile string, if err != nil { return err } - fmt.Println("Entry size / Number of written bytes ", n) + log.Infof("Entry size / Number of written bytes %d", n) return nil } @@ -246,7 +247,7 @@ func patchHelper(fwPath string, entry string, entryFile string, resultFile strin } defer func() { if err := inFile.Close(); err != nil { - fmt.Printf("could not close modified entry file %s: %v", entryFile, err) + log.Errorf("could not close modified entry file %s: %v", entryFile, err) } }() @@ -257,7 +258,7 @@ func patchHelper(fwPath string, entry string, entryFile string, resultFile strin defer func() { err := outFile.Close() if err != nil { - fmt.Printf("could not close file %s after dumping entry %x", resultFile, id) + log.Errorf("could not close file %s after dumping entry %x", resultFile, id) } }() @@ -266,7 +267,7 @@ func patchHelper(fwPath string, entry string, entryFile string, resultFile strin return err } - fmt.Println("Firmware size / Number of written bytes ", n) + log.Infof("Firmware size / Number of written bytes %d", n) return nil } @@ -321,12 +322,12 @@ func (v *outputAPCBSecurityTokensCmd) Run(ctx *context) error { tokenID = fmt.Sprintf("0x%X", token.ID) } - fmt.Println("============") - fmt.Printf("Token ID: %s\n", tokenID) - fmt.Printf("Priority Mask: %s\n", token.PriorityMask) - fmt.Printf("Board Mask: 0x%X\n", token.BoardMask) - fmt.Printf("Value: 0x%X\n", token.NumValue()) - fmt.Println("============") + log.Info("============") + log.Infof("Token ID: %s", tokenID) + log.Infof("Priority Mask: %s", token.PriorityMask) + log.Infof("Board Mask: 0x%X", token.BoardMask) + log.Infof("Value: 0x%X", token.NumValue()) + log.Info("============") } } return nil @@ -355,10 +356,10 @@ func (v *setAPCBSecurityTokenCmd) Run(ctx *context) error { if err != nil { return fmt.Errorf("unable to UpsertToken: %w", err) } - fmt.Printf("successfully UPSERT-ed to %#+v\n", entry) + log.Infof("successfully UPSERT-ed to %#+v", entry) } - err = ioutil.WriteFile(v.FwPath, b, 0) + err = os.WriteFile(v.FwPath, b, 0) if err != nil { return fmt.Errorf("unable to write to file '%s': %w", v.FwPath, err) } diff --git a/cmd/bg-prov/cmd.go b/cmd/bg-prov/cmd.go index 7c4ce023..e5e15f35 100644 --- a/cmd/bg-prov/cmd.go +++ b/cmd/bg-prov/cmd.go @@ -14,6 +14,7 @@ import ( "github.com/linuxboot/fiano/pkg/intel/metadata/cbnt/cbntkey" "github.com/linuxboot/fiano/pkg/intel/metadata/common/bgheader" "github.com/linuxboot/fiano/pkg/intel/metadata/fit" + log "github.com/sirupsen/logrus" "github.com/linuxboot/fiano/pkg/uefi" @@ -357,7 +358,7 @@ func (biosp *biosPrintCmd) Run(ctx *context) error { if err != nil { return err } - fmt.Printf("%s", table.String()) + log.Infof("%s", table.String()) err = bootguard.PrintStructures(data) if err != nil { return err @@ -1189,7 +1190,7 @@ func (p printFITCmd) Run(ctx *context) error { if err != nil { return err } - fmt.Printf("%s", table.String()) + log.Infof("%s", table.String()) return nil } diff --git a/cmd/bg-prov/main.go b/cmd/bg-prov/main.go index 4371995a..34224384 100644 --- a/cmd/bg-prov/main.go +++ b/cmd/bg-prov/main.go @@ -1,10 +1,10 @@ package main import ( - "github.com/9elements/converged-security-suite/v2/pkg/log" "github.com/alecthomas/kong" "github.com/linuxboot/fiano/pkg/intel/metadata/cbnt" fianoLog "github.com/linuxboot/fiano/pkg/log" + log "github.com/sirupsen/logrus" ) const ( @@ -27,7 +27,14 @@ func main() { Summary: true, })) cbnt.StrictOrderCheck = cli.ManifestStrictOrderCheck - fianoLog.DefaultLogger = log.FianoLogger{} + + if cli.Debug { + log.SetLevel(log.DebugLevel) + } + + fianologger := log.StandardLogger() + + fianoLog.DefaultLogger = fianologger err := ctx.Run(&context{Debug: cli.Debug}) ctx.FatalIfErrorf(err) } diff --git a/cmd/bg-suite/cmd.go b/cmd/bg-suite/cmd.go index 39891f29..9a943c4a 100644 --- a/cmd/bg-suite/cmd.go +++ b/cmd/bg-suite/cmd.go @@ -1,7 +1,6 @@ package main import ( - "bufio" "encoding/json" "fmt" "os" @@ -12,6 +11,7 @@ import ( "github.com/9elements/converged-security-suite/v2/pkg/test" "github.com/9elements/converged-security-suite/v2/pkg/tools" + log "github.com/sirupsen/logrus" "github.com/9elements/go-linux-lowlevel-hw/pkg/hwapi" @@ -60,7 +60,7 @@ func (e *execTestsCmd) Run(ctx *context) error { } switch e.Set { case "all": - fmt.Println("For more information about the documents and chapters, run: bg-suite -m") + log.Info("For more information about the documents and chapters, run: bg-suite -m") ret = run("All", getTests(), &preset, e.Interactive) case "static": ret = run("Static", getStaticTest(), &preset, e.Interactive) @@ -98,7 +98,7 @@ func (e *execTestsCmd) Run(ctx *context) error { func (l *listCmd) Run(ctx *context) error { tests := getTests() for i := range tests { - fmt.Printf("Test No: %v, %v\n", i, tests[i].Name) + log.Infof("Test No: %v, %v", i, tests[i].Name) } return nil } @@ -107,8 +107,9 @@ func (m *markdownCmd) Run(ctx *context) error { var teststate string tests := getTests() - fmt.Println("Id | Test | Implemented | Document | Chapter") - fmt.Println("------------|------------|------------|------------|------------") + log.Info("Id | Test | Implemented | Document | Chapter") + log.Info("------------|------------|------------|------------|------------") + for i := range tests { if tests[i].Status == test.Implemented { teststate = ":white_check_mark:" @@ -121,7 +122,7 @@ func (m *markdownCmd) Run(ctx *context) error { if docID != "" { docID = "Document " + docID } - fmt.Printf("%02d | %-48s | %-22s | %-28s | %-56s\n", i, tests[i].Name, teststate, docID, tests[i].SpecificationChapter) + log.Infof("%02d | %-48s | %-22s | %-28s | %-56s", i, tests[i].Name, teststate, docID, tests[i].SpecificationChapter) } return nil } @@ -161,16 +162,11 @@ func getRuntimeTest() []*test.Test { func run(testGroup string, tests []*test.Test, preset *test.PreSet, interactive bool) bool { result := false - f := bufio.NewWriter(os.Stdout) hwAPI := hwapi.GetAPI() - fmt.Printf("\n%s tests\n", a.Bold(a.Gray(20-1, testGroup).BgGray(4-1))) - var i int - for i = 0; i < len(testGroup)+6; i++ { - fmt.Print("_") - } - fmt.Println() + log.Infof("%s tests", a.Bold(a.Gray(20-1, testGroup).BgGray(4-1))) + log.Info("--------------------------------------------------") for idx := range tests { if len(testnos) > 0 { // SearchInt returns an index where to "insert" idx @@ -202,7 +198,7 @@ func run(testGroup string, tests []*test.Test, preset *test.PreSet, interactive data, _ := json.MarshalIndent(t, "", "") err := os.WriteFile(logfile, data, 0o664) if err != nil { - fmt.Println("Error writing log file") + log.Errorf("Error writing log file: %v", err) } // If not interactive, we just print the results and return @@ -210,30 +206,30 @@ func run(testGroup string, tests []*test.Test, preset *test.PreSet, interactive } for index := range tests { + var s string + if tests[index].Status == test.NotImplemented { continue } if tests[index].Result == test.ResultNotRun { continue } - fmt.Printf("%02d - ", index) - fmt.Printf("%-40s: ", a.Bold(tests[index].Name)) - f.Flush() + s += fmt.Sprintf("%02d - ", index) + s += fmt.Sprintf("%-40s: ", a.Bold(tests[index].Name)) if tests[index].Result == test.ResultPass { - fmt.Printf("%-20s", a.Bold(a.Green(tests[index].Result))) + s += fmt.Sprintf("%-20s", a.Bold(a.Green(tests[index].Result))) } else { - fmt.Printf("%-20s", a.Bold(a.Red(tests[index].Result))) + s += fmt.Sprintf("%-20s", a.Bold(a.Red(tests[index].Result))) result = false } if tests[index].ErrorText != "" { - fmt.Printf(" (%s)", tests[index].ErrorText) + s += fmt.Sprintf(" (%s)", tests[index].ErrorText) } else if len(tests[index].ErrorText) == 0 && tests[index].Result == test.ResultFail { - fmt.Print(" (No error text given)") + s += fmt.Sprintf(" (No error text given)") } - fmt.Printf("\n") + log.Infof("%s", s) - f.Flush() } return result diff --git a/cmd/txt-prov/tools.go b/cmd/txt-prov/tools.go index ffb2b74c..97f298c9 100644 --- a/cmd/txt-prov/tools.go +++ b/cmd/txt-prov/tools.go @@ -12,20 +12,18 @@ import ( "github.com/9elements/go-linux-lowlevel-hw/pkg/hwapi" "github.com/google/go-tpm/tpm" "github.com/google/go-tpm/tpm2" - "golang.org/x/crypto/ssh/terminal" + log "github.com/sirupsen/logrus" + "golang.org/x/term" ) -var ( - tpm2LockedResult = "error code 0x22" -) +var tpm2LockedResult = "error code 0x22" func readPassphraseHashTPM20() ([]byte, error) { - fmt.Printf("Now, please type in the password (mandatory): ") - password, err := terminal.ReadPassword(0) + log.Info("Now, please type in the password (mandatory): ") + password, err := term.ReadPassword(0) if err != nil { return []byte{}, err } - fmt.Println() hash := sha256.Sum256([]byte(password)) return hash[:], nil } @@ -37,7 +35,7 @@ func writePSPolicy2file(policy *tools.LCPPolicy2, filename string) error { if err != nil { return err } - if err = os.WriteFile(filename, buf.Bytes(), 0600); err != nil { + if err = os.WriteFile(filename, buf.Bytes(), 0o600); err != nil { return err } return nil diff --git a/cmd/txt-suite/cmd.go b/cmd/txt-suite/cmd.go index 86a2188b..a3252deb 100644 --- a/cmd/txt-suite/cmd.go +++ b/cmd/txt-suite/cmd.go @@ -14,6 +14,7 @@ import ( "github.com/9elements/go-linux-lowlevel-hw/pkg/hwapi" a "github.com/logrusorgru/aurora" + log "github.com/sirupsen/logrus" ) type context struct { @@ -22,14 +23,11 @@ type context struct { logpath string } -type listCmd struct { -} +type listCmd struct{} -type markdownCmd struct { -} +type markdownCmd struct{} -type versionCmd struct { -} +type versionCmd struct{} type execTestsCmd struct { Set string `required:"" default:"all" help:"Select subset of tests. Options: all, uefi, txtready, tboot, cbnt, legacy"` @@ -67,12 +65,12 @@ func (e *execTestsCmd) Run(ctx *context) error { switch e.Set { case "all": - fmt.Println("For more information about the documents and chapters, run: txt-suite -m") + log.Info("For more information about the documents and chapters, run: txt-suite -m") ret = run("All", getTests(), preset, e.Interactive) case "uefi": ret = run("UEFI", test.TestsTXTUEFI, preset, e.Interactive) case "txtready": - fmt.Println("For more information about the documents and chapters, run: txt-suite -m") + log.Info("For more information about the documents and chapters, run: txt-suite -m") ret = run("TXT Ready", test.TestsTXTReady, preset, e.Interactive) case "tboot": ret = run("Tboot", test.TestsTXTTBoot, preset, e.Interactive) @@ -92,7 +90,7 @@ func (e *execTestsCmd) Run(ctx *context) error { func (l *listCmd) Run(ctx *context) error { tests := getTests() for i := range tests { - fmt.Printf("Test No: %v, %v\n", i, tests[i].Name) + log.Infof("Test No: %v, %v", i, tests[i].Name) } return nil } @@ -101,8 +99,8 @@ func (m *markdownCmd) Run(ctx *context) error { var teststate string tests := getTests() - fmt.Println("Id | Test | Implemented | Document | Chapter") - fmt.Println("------------|------------|------------|------------|------------") + log.Info("Id | Test | Implemented | Document | Chapter") + log.Info("------------|------------|------------|------------|------------") for i := range tests { if tests[i].Status == test.Implemented { teststate = ":white_check_mark:" @@ -115,7 +113,7 @@ func (m *markdownCmd) Run(ctx *context) error { if docID != "" { docID = "Document " + docID } - fmt.Printf("%02d | %-48s | %-22s | %-28s | %-56s\n", i, tests[i].Name, teststate, docID, tests[i].SpecificationChapter) + log.Infof("%02d | %-48s | %-22s | %-28s | %-56s\n", i, tests[i].Name, teststate, docID, tests[i].SpecificationChapter) } return nil } @@ -146,17 +144,13 @@ func getTests() []*test.Test { } func run(testGroup string, tests []*test.Test, preset *test.PreSet, interactive bool) bool { - var result = false + result := false f := bufio.NewWriter(os.Stdout) hwAPI := hwapi.GetAPI() - fmt.Printf("\n%s tests\n", a.Bold(a.Gray(20-1, testGroup).BgGray(4-1))) - var i int - for i = 0; i < len(testGroup)+6; i++ { - fmt.Print("_") - } - fmt.Println() + log.Infof("%s tests", a.Bold(a.Gray(20-1, testGroup).BgGray(4-1))) + log.Info("--------------------------------------------------") for idx := range tests { if len(testnos) > 0 { // SearchInt returns an index where to "insert" idx @@ -186,33 +180,32 @@ func run(testGroup string, tests []*test.Test, preset *test.PreSet, interactive } } data, _ := json.MarshalIndent(t, "", "") - os.WriteFile(logfile, data, 0664) + os.WriteFile(logfile, data, 0o664) } for index := range tests { + var s string + if tests[index].Status == test.NotImplemented { continue } if tests[index].Result == test.ResultNotRun { continue } - fmt.Printf("%02d - ", index) - fmt.Printf("%-40s: ", a.Bold(tests[index].Name)) - f.Flush() + s += fmt.Sprintf("%02d - ", index) + s += fmt.Sprintf("%-40s: ", a.Bold(tests[index].Name)) if tests[index].Result == test.ResultPass { - fmt.Printf("%-20s", a.Bold(a.Green(tests[index].Result))) + s += fmt.Sprintf("%-20s", a.Bold(a.Green(tests[index].Result))) } else { - fmt.Printf("%-20s", a.Bold(a.Red(tests[index].Result))) + s += fmt.Sprintf("%-20s", a.Bold(a.Red(tests[index].Result))) } if tests[index].ErrorText != "" { - fmt.Printf(" (%s)", tests[index].ErrorText) + s += fmt.Sprintf(" (%s)", tests[index].ErrorText) } else if len(tests[index].ErrorText) == 0 && tests[index].Result == test.ResultFail { - fmt.Print(" (No error text given)") + s += fmt.Sprintf(" (No error text given)") } - fmt.Printf("\n") - - f.Flush() + log.Infof("%s", s) } return result diff --git a/pkg/provisioning/bootguard/bootguard.go b/pkg/provisioning/bootguard/bootguard.go index 3d2902b9..c8f6484c 100644 --- a/pkg/provisioning/bootguard/bootguard.go +++ b/pkg/provisioning/bootguard/bootguard.go @@ -22,6 +22,8 @@ import ( "github.com/linuxboot/fiano/pkg/intel/metadata/fit" "github.com/linuxboot/fiano/pkg/uefi" "github.com/tidwall/pretty" + + log "github.com/sirupsen/logrus" ) // Everything more secure than SHA-1 @@ -291,7 +293,7 @@ func (b *BootGuard) PrintBPM() { case bgheader.Version20: b.VData.CBNTbpm.Print() default: - fmt.Println("PrintBPM: can't identify bootguard header") + log.Error("PrintBPM: can't identify bootguard header") } } @@ -303,7 +305,7 @@ func (b *BootGuard) PrintKM() { case bgheader.Version20: b.VData.CBNTkm.Print() default: - fmt.Println("PrintKM: can't identify bootguard header") + log.Error("PrintKM: can't identify bootguard header") } } @@ -317,7 +319,7 @@ func (b *BootGuard) WriteKM() ([]byte, error) { case bgheader.Version20: _, err = b.VData.CBNTkm.WriteTo(buf) default: - fmt.Println("WriteKM: can't identify bootguard header") + log.Error("WriteKM: can't identify bootguard header") } return buf.Bytes(), err } @@ -332,7 +334,7 @@ func (b *BootGuard) WriteBPM() ([]byte, error) { case bgheader.Version20: _, err = b.VData.CBNTbpm.WriteTo(buf) default: - fmt.Println("WriteBPM: can't identify bootguard header") + log.Error("WriteBPM: can't identify bootguard header") } return buf.Bytes(), err } @@ -382,7 +384,7 @@ func (b *BootGuard) StitchKM(pubKey crypto.PublicKey, signature []byte) ([]byte, return nil, err } default: - fmt.Println("StitchKM: can't identify bootguard header") + log.Error("StitchKM: can't identify bootguard header") } return b.WriteKM() } @@ -411,7 +413,7 @@ func (b *BootGuard) StitchBPM(pubKey crypto.PublicKey, signature []byte) ([]byte return nil, err } default: - fmt.Println("StitchBPM: can't identify bootguard header") + log.Error("StitchBPM: can't identify bootguard header") } return b.WriteBPM() } @@ -449,7 +451,7 @@ func (b *BootGuard) SignKM(signAlgo string, privkey crypto.PrivateKey) ([]byte, return nil, err } default: - fmt.Println("SignKM: can't identify bootguard header") + log.Error("SignKM: can't identify bootguard header") } return b.WriteKM() } @@ -493,7 +495,7 @@ func (b *BootGuard) SignBPM(signAlgo, hashAlgo string, privkey crypto.PrivateKey return nil, err } default: - fmt.Println("SignBPM: can't identify bootguard header") + log.Error("SignBPM: can't identify bootguard header") } return b.WriteBPM() } @@ -519,7 +521,7 @@ func (b *BootGuard) VerifyKM() error { return err } default: - fmt.Println("VerifyKM: can't identify bootguard header") + log.Error("VerifyKM: can't identify bootguard header") } return nil } @@ -545,7 +547,7 @@ func (b *BootGuard) VerifyBPM() error { return err } default: - fmt.Println("VerifyBPM: can't identify bootguard header") + log.Error("VerifyBPM: can't identify bootguard header") } return nil } @@ -679,7 +681,7 @@ func (b *BootGuard) GetBPMPubHash(pubkey crypto.PublicKey, hashAlgo string) erro } b.VData.CBNTkm.Hash = append(keyHashes, kH) default: - fmt.Println("can't identify bootguard header") + log.Error("can't identify bootguard header") } return nil } @@ -763,7 +765,7 @@ func (b *BootGuard) GetIBBsDigest(image []byte, hashAlgo string) (digest []byte, } digest = hash.Sum(nil) default: - fmt.Println("can't identify bootguard header") + log.Error("can't identify bootguard header") } return digest, nil } @@ -793,7 +795,7 @@ func (b *BootGuard) CreateIBBDigest(biosFilepath string) error { copy(b.VData.CBNTbpm.SE[0].DigestList.List[iterator].HashBuffer, d) } default: - fmt.Println("can't identify bootguard header") + log.Error("can't identify bootguard header") } return nil } diff --git a/pkg/provisioning/txt/auxdefine.go b/pkg/provisioning/txt/auxdefine.go index 8c58fea1..0a70507b 100644 --- a/pkg/provisioning/txt/auxdefine.go +++ b/pkg/provisioning/txt/auxdefine.go @@ -5,6 +5,8 @@ import ( "io" tpm2 "github.com/google/go-tpm/tpm2" + + log "github.com/sirupsen/logrus" ) // DefineAUXIndexTPM20 defines the AUX index on TPM 2.0 @@ -18,7 +20,7 @@ func DefineAUXIndexTPM20(rw io.ReadWriter) error { if err != nil { return fmt.Errorf("NVDefineSpaceEx() failed: %v", err) } - fmt.Println("AUX index defined successfully") + log.Info("AUX index defined successfully") return nil } diff --git a/pkg/provisioning/txt/auxdelete.go b/pkg/provisioning/txt/auxdelete.go index 918d7206..6c79bf05 100644 --- a/pkg/provisioning/txt/auxdelete.go +++ b/pkg/provisioning/txt/auxdelete.go @@ -5,6 +5,8 @@ import ( "io" tools "github.com/9elements/converged-security-suite/v2/pkg/tools" + + log "github.com/sirupsen/logrus" ) // DeleteAUXindexTPM20 deletes the AUX index on TPM 2.0 @@ -16,7 +18,7 @@ func DeleteAUXindexTPM20(rw io.ReadWriter, pol *tools.LCPPolicy2, passHash []byt if err != nil { return err } - fmt.Println("AUX index deletion in progress, please reboot machine") + log.Info("AUX index deletion in progress, please reboot machine") return nil } diff --git a/pkg/provisioning/txt/psdefine.go b/pkg/provisioning/txt/psdefine.go index 9c198d4a..80e7ce79 100644 --- a/pkg/provisioning/txt/psdefine.go +++ b/pkg/provisioning/txt/psdefine.go @@ -5,6 +5,8 @@ import ( "io" tpm2 "github.com/google/go-tpm/tpm2" + + log "github.com/sirupsen/logrus" ) // DefinePSIndexTPM20 creates the PS index for TPM 2.0 @@ -23,7 +25,7 @@ func DefinePSIndexTPM20(rw io.ReadWriter, passHash []byte) error { if err != nil { return fmt.Errorf("NVDefineSpaceEx() failed: %v", err) } - fmt.Println("PS index defined successfully") + log.Info("PS index defined successfully") return nil } diff --git a/pkg/provisioning/txt/psdelete.go b/pkg/provisioning/txt/psdelete.go index 6d098fb7..f6c8e974 100644 --- a/pkg/provisioning/txt/psdelete.go +++ b/pkg/provisioning/txt/psdelete.go @@ -7,6 +7,8 @@ import ( "github.com/google/go-tpm/tpmutil" "github.com/google/go-tpm/tpm2" + + log "github.com/sirupsen/logrus" ) // DeletePSIndexTPM20 deletes the PS index on TPM 2.0 @@ -52,7 +54,7 @@ func DeletePSIndexTPM20(rw io.ReadWriter, passHash []byte) error { if err != nil { return fmt.Errorf("NVUndefineSpaceSpecial() failed: %v", err) } - fmt.Println("PS index deleted successfully") + log.Info("PS index deleted successfully") return nil } diff --git a/pkg/provisioning/txt/pswrite.go b/pkg/provisioning/txt/pswrite.go index b51111e9..ae8f37d4 100644 --- a/pkg/provisioning/txt/pswrite.go +++ b/pkg/provisioning/txt/pswrite.go @@ -9,6 +9,8 @@ import ( "github.com/9elements/converged-security-suite/v2/pkg/tools" "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpmutil" + + log "github.com/sirupsen/logrus" ) // WritePSIndexTPM20 writes the LCP Policy2 into the PS index of TPM 2.0 @@ -55,7 +57,7 @@ func WritePSIndexTPM20(rw io.ReadWriter, lcppol *tools.LCPPolicy2, passHash []by if err != nil { return fmt.Errorf("NVWrite in writePSPolicy failed: %v", err) } - fmt.Println("PS index updated successfully") + log.Info("PS index updated successfully") return nil } diff --git a/pkg/provisioning/txt/show.go b/pkg/provisioning/txt/show.go index ceea7f45..78a04a52 100644 --- a/pkg/provisioning/txt/show.go +++ b/pkg/provisioning/txt/show.go @@ -6,37 +6,39 @@ import ( tools "github.com/9elements/converged-security-suite/v2/pkg/tools" tpm2 "github.com/google/go-tpm/tpm2" + log "github.com/sirupsen/logrus" ) func printNVIndex(nv tpm2.NVPublic) { - fmt.Printf(" Index: 0x%x\n", nv.NVIndex) - fmt.Printf(" Attributes: %s\n", nv.Attributes.String()) - fmt.Printf(" Size: %d\n", nv.DataSize) - fmt.Printf(" AuthPolicy: 0x%x\n", nv.AuthPolicy) - fmt.Println() + var s string + s += fmt.Sprintf(" Index: 0x%x\n", nv.NVIndex) + s += fmt.Sprintf(" Attributes: %s\n", nv.Attributes.String()) + s += fmt.Sprintf(" Size: %d\n", nv.DataSize) + s += fmt.Sprintf(" AuthPolicy: 0x%x\n", nv.AuthPolicy) + log.Info(s) } // PrintProvisioningTPM20 outputs PS and AUX index on console for TPM 2.0 func PrintProvisioningTPM20(rw io.ReadWriter) { - fmt.Println("NV index overview") - fmt.Println() + log.Info("NV index overview") + log.Info("") ps, psErr := tpm2.NVReadPublic(rw, tpm2PSNVIndex) if psErr == nil { - fmt.Println("PS NV index") + log.Info("PS NV index") printNVIndex(ps) } aux, err := tpm2.NVReadPublic(rw, tpm2AUXNVIndex) if err == nil { - fmt.Println("AUX NV index") + log.Info("AUX NV index") printNVIndex(aux) } - fmt.Println("PS index LCP Policy") + log.Info("PS index LCP Policy") lcp, err := tpm2.NVRead(rw, tpm2PSNVIndex) if err == nil && psErr == nil { lcp, lcp2, err := tools.ParsePolicy(lcp) if err == nil { if lcp != nil { - fmt.Println("Not implemented yet") + log.Error("Not implemented yet") return } if lcp2 != nil { @@ -45,10 +47,10 @@ func PrintProvisioningTPM20(rw io.ReadWriter) { } } } - fmt.Println("Couldn't read/parse LCP config from NVRAM") + log.Error("Couldn't read/parse LCP config from NVRAM") } // PrintProvisioningTPM12 outputs PS and AUX index on console for TPM 1.2 func PrintProvisioningTPM12(rw io.ReadWriter) { - fmt.Println("Not implemented yet") + log.Error("Not implemented yet") } diff --git a/pkg/tools/acm.go b/pkg/tools/acm.go index f95ef922..56555130 100644 --- a/pkg/tools/acm.go +++ b/pkg/tools/acm.go @@ -8,57 +8,59 @@ import ( "github.com/google/go-tpm/tpm2" "github.com/linuxboot/fiano/pkg/intel/metadata/fit" + + log "github.com/sirupsen/logrus" ) const ( - //ACMChipsetTypeBios as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format + // ACMChipsetTypeBios as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format ACMChipsetTypeBios uint8 = 0x00 - //ACMChipsetTypeSinit as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format + // ACMChipsetTypeSinit as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format ACMChipsetTypeSinit uint8 = 0x01 - //ACMChipsetTypeBiosRevoc as defined in Document 315168-016 Chapter A.1 Table 10. Chipset AC Module Information Table + // ACMChipsetTypeBiosRevoc as defined in Document 315168-016 Chapter A.1 Table 10. Chipset AC Module Information Table ACMChipsetTypeBiosRevoc uint8 = 0x08 - //ACMChipsetTypeSinitRevoc as defined in Document 315168-016 Chapter A.1 Table 10. Chipset AC Module Information Table + // ACMChipsetTypeSinitRevoc as defined in Document 315168-016 Chapter A.1 Table 10. Chipset AC Module Information Table ACMChipsetTypeSinitRevoc uint8 = 0x09 - //ACMTypeChipset as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format + // ACMTypeChipset as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format ACMTypeChipset fit.ACModuleType = 0x02 - //ACMSubTypeReset FIXME + // ACMSubTypeReset FIXME ACMSubTypeReset uint16 = 0x01 - //ACMVendorIntel as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format + // ACMVendorIntel as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format ACMVendorIntel fit.ACModuleVendor = 0x8086 - //TPMExtPolicyIllegal as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field + // TPMExtPolicyIllegal as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field TPMExtPolicyIllegal uint8 = 0x00 - //TPMExtPolicyAlgAgile as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field + // TPMExtPolicyAlgAgile as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field TPMExtPolicyAlgAgile uint8 = 0x01 - //TPMExtPolicyEmbeddedAlgs as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field + // TPMExtPolicyEmbeddedAlgs as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field TPMExtPolicyEmbeddedAlgs uint8 = 0x10 - //TPMExtPolicyBoth as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field + // TPMExtPolicyBoth as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field TPMExtPolicyBoth uint8 = 0x11 - //TPMFamilyIllegal as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field + // TPMFamilyIllegal as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field TPMFamilyIllegal uint16 = 0x0000 - //TPMFamilyDTPM12 as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field + // TPMFamilyDTPM12 as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field TPMFamilyDTPM12 uint16 = 0x0001 - //TPMFamilyDTPM20 as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field + // TPMFamilyDTPM20 as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field TPMFamilyDTPM20 uint16 = 0x0010 - //TPMFamilyDTPMBoth combination out of TPMFamilyDTPM12 and TPMFamilyDTPM20 + // TPMFamilyDTPMBoth combination out of TPMFamilyDTPM12 and TPMFamilyDTPM20 TPMFamilyDTPMBoth uint16 = 0x0011 - //TPMFamilyPTT20 as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field + // TPMFamilyPTT20 as defined in Document 315168-016 Chapter A.1 Table 16. TPM Capabilities Field TPMFamilyPTT20 uint16 = 0x1000 - //ACMUUIDV3 as defined in Document 315168-016 Chapter A.1 Table 10. Chipset AC Module Information Table + // ACMUUIDV3 as defined in Document 315168-016 Chapter A.1 Table 10. Chipset AC Module Information Table ACMUUIDV3 string = "7fc03aaa-46a7-18db-ac2e-698f8d417f5a" - //ACMSizeOffset as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format + // ACMSizeOffset as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format ACMSizeOffset int64 = 24 - //ACMheaderLen as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format (Version 0.0) + // ACMheaderLen as defined in Document 315168-016 Chapter A.1 Table 8. Authenticated Code Module Format (Version 0.0) ACMheaderLen uint32 = 161 - //ACMModuleSubtypeSinitACM is an enum + // ACMModuleSubtypeSinitACM is an enum ACMModuleSubtypeSinitACM fit.ACModuleSubType = 0 - //ACMModuleSubtypeCapableOfExecuteAtReset is a flag and enum Based on EDK2 Silicon/Intel/Tools/FitGen/FitGen.c + // ACMModuleSubtypeCapableOfExecuteAtReset is a flag and enum Based on EDK2 Silicon/Intel/Tools/FitGen/FitGen.c ACMModuleSubtypeCapableOfExecuteAtReset fit.ACModuleSubType = 1 - //ACMModuleSubtypeAncModule is a flag Based on EDK2 Silicon/Intel/Tools/FitGen/FitGen.c + // ACMModuleSubtypeAncModule is a flag Based on EDK2 Silicon/Intel/Tools/FitGen/FitGen.c ACMModuleSubtypeAncModule fit.ACModuleSubType = 2 ) @@ -282,102 +284,102 @@ func LookupACMSize(header []byte) (int64, error) { // PrettyPrint prints a human readable representation of the ACMHeader func (a *ACM) PrettyPrintHeader() { - fmt.Println("----Authenticated Code Module----") - fmt.Println() + log.Info("----Authenticated Code Module----") + log.Infoln() if a.Header.GetModuleVendor() == ACMVendorIntel { - fmt.Println(" Module Vendor: Intel") + log.Info(" Module Vendor: Intel") } else { - fmt.Println(" Module Vendor: Unknown") + log.Info(" Module Vendor: Unknown") } if a.Header.GetModuleType() == ACMTypeChipset { - fmt.Println(" Module Type: ACM_TYPE_CHIPSET") + log.Info(" Module Type: ACM_TYPE_CHIPSET") } else { - fmt.Println(" Module Type: UNKNOWN") + log.Info(" Module Type: UNKNOWN") } if uint16(a.Header.GetModuleSubType()) == ACMSubTypeReset { - fmt.Println(" Module Subtype: Execute at Reset") + log.Info(" Module Subtype: Execute at Reset") } else if uint16(a.Header.GetModuleSubType()) == 0 { - fmt.Println(" Module Subtype: 0x0") + log.Info(" Module Subtype: 0x0") } else { - fmt.Println(" Module Subtype: Unknown") + log.Info(" Module Subtype: Unknown") } flags := a.ParseACMFlags() - fmt.Println(" Flags:") - fmt.Printf(" Production: %t\n", flags.Production) - fmt.Printf(" Pre-Production: %t\n", flags.PreProduction) - fmt.Printf(" Debug Signed: %t\n", flags.DebugSigned) - fmt.Printf(" Module Date: 0x%02x\n", a.Header.GetDate()) - fmt.Printf(" Module Size: 0x%x (%d)\n", a.Header.GetSize().Size(), a.Header.GetSize().Size()) - - fmt.Printf(" Header Length: 0x%x (%d)\n", a.Header.GetHeaderLen(), a.Header.GetHeaderLen()) - fmt.Printf(" Header Version: %d\n", a.Header.GetHeaderVersion()) - fmt.Printf(" Chipset ID: 0x%02x\n", a.Header.GetChipsetID()) - fmt.Printf(" Flags: 0x%02x\n", a.Header.GetFlags()) - fmt.Printf(" TXT SVN: 0x%08x\n", a.Header.GetTXTSVN()) - fmt.Printf(" SE SVN: 0x%08x\n", a.Header.GetSESVN()) - fmt.Printf(" Code Control: 0x%02x\n", a.Header.GetCodeControl()) - fmt.Printf(" Entry Point: 0x%08x:%08x\n", a.Header.GetSegSel(), a.Header.GetEntryPoint()) - fmt.Printf(" Scratch Size: 0x%x (%d)\n", a.Header.GetScratchSize(), a.Header.GetScratchSize()) - fmt.Println() + log.Info(" Flags:") + log.Infof(" Production: %t", flags.Production) + log.Infof(" Pre-Production: %t", flags.PreProduction) + log.Infof(" Debug Signed: %t", flags.DebugSigned) + log.Infof(" Module Date: 0x%02x", a.Header.GetDate()) + log.Infof(" Module Size: 0x%x (%d)", a.Header.GetSize().Size(), a.Header.GetSize().Size()) + + log.Infof(" Header Length: 0x%x (%d)", a.Header.GetHeaderLen(), a.Header.GetHeaderLen()) + log.Infof(" Header Version: %d", a.Header.GetHeaderVersion()) + log.Infof(" Chipset ID: 0x%02x", a.Header.GetChipsetID()) + log.Infof(" Flags: 0x%02x", a.Header.GetFlags()) + log.Infof(" TXT SVN: 0x%08x", a.Header.GetTXTSVN()) + log.Infof(" SE SVN: 0x%08x", a.Header.GetSESVN()) + log.Infof(" Code Control: 0x%02x", a.Header.GetCodeControl()) + log.Infof(" Entry Point: 0x%08x:%08x", a.Header.GetSegSel(), a.Header.GetEntryPoint()) + log.Infof(" Scratch Size: 0x%x (%d)", a.Header.GetScratchSize(), a.Header.GetScratchSize()) + log.Infoln() } // PrettyPrint prints a human readable representation of the Chipsets func (c Chipsets) PrettyPrint() { - fmt.Println(" --Chipset List--") - fmt.Printf(" Entries: %d\n", c.Count) + log.Info(" --Chipset List--") + log.Infof(" Entries: %d", c.Count) for idx, chipset := range c.IDList { - fmt.Printf(" Entry %d:\n", idx) - fmt.Printf(" Flags: 0x%02x\n", chipset.Flags) - fmt.Printf(" Vendor: 0x%02x\n", chipset.VendorID) - fmt.Printf(" Device: 0x%02x\n", chipset.DeviceID) - fmt.Printf(" Revision: 0x%02x\n", chipset.RevisionID) + log.Infof(" Entry %d:", idx) + log.Infof(" Flags: 0x%02x", chipset.Flags) + log.Infof(" Vendor: 0x%02x", chipset.VendorID) + log.Infof(" Device: 0x%02x", chipset.DeviceID) + log.Infof(" Revision: 0x%02x", chipset.RevisionID) } - fmt.Println() + log.Infoln() } // PrettyPrint prints a human readable representation of the Processors func (p Processors) PrettyPrint() { - fmt.Println(" --Processor List--") - fmt.Printf(" Entries: %d\n", p.Count) + log.Info(" --Processor List--") + log.Infof(" Entries: %d", p.Count) for idx, processor := range p.IDList { - fmt.Printf(" Entry %d:\n", idx) - fmt.Printf(" FMS: 0x%02x\n", processor.FMS) - fmt.Printf(" FMS Maks: 0x%02x\n", processor.FMSMask) - fmt.Printf(" Platform ID: 0x%02x\n", processor.PlatformID) - fmt.Printf(" Platform Mask: 0x%02x\n", processor.PlatformMask) + log.Infof(" Entry %d:", idx) + log.Infof(" FMS: 0x%02x", processor.FMS) + log.Infof(" FMS Maks: 0x%02x", processor.FMSMask) + log.Infof(" Platform ID: 0x%02x", processor.PlatformID) + log.Infof(" Platform Mask: 0x%02x", processor.PlatformMask) } - fmt.Println() + log.Infoln() } // PrettyPrint prints a human readable representation of the TPMs func (t TPMs) PrettyPrint() { - fmt.Println(" --TPM Info List--") - fmt.Println(" Capabilities:") - fmt.Printf(" External Policy: %02x\n", t.Capabilities) - fmt.Printf(" Algorithms: %d\n", t.Count) + log.Info(" --TPM Info List--") + log.Info(" Capabilities:") + log.Infof(" External Policy: %02x", t.Capabilities) + log.Infof(" Algorithms: %d", t.Count) for _, algo := range t.AlgID { - fmt.Printf(" %v\n", algo.String()) + log.Infof(" %v", algo.String()) } - fmt.Println() + log.Infoln() } // PrettyPrint prints a human readable representation of the ACM func (a *ACM) PrettyPrint() { a.PrettyPrintHeader() - fmt.Println(" --Info Table--") + log.Info(" --Info Table--") switch a.Info.ChipsetACMType { case ACMChipsetTypeBios: - fmt.Println(" Chipset ACM: BIOS") + log.Info(" Chipset ACM: BIOS") case ACMChipsetTypeBiosRevoc: - fmt.Println(" Chipset ACM: BIOS Revocation") + log.Info(" Chipset ACM: BIOS Revocation") case ACMChipsetTypeSinit: - fmt.Println(" Chipset ACM: SINIT") + log.Info(" Chipset ACM: SINIT") case ACMChipsetTypeSinitRevoc: - fmt.Println(" Chipset ACM: SINIT Revocation") + log.Info(" Chipset ACM: SINIT Revocation") default: - fmt.Println(" Chipset ACM: Unknown") + log.Info(" Chipset ACM: Unknown") } uuidStr := fmt.Sprintf("%08x-%04x-%04x-%04x-%02x%02x%02x%02x%02x%02x", a.Info.UUID.Field1, @@ -391,23 +393,23 @@ func (a *ACM) PrettyPrint() { a.Info.UUID.Field5[4], a.Info.UUID.Field5[5]) if uuidStr == ACMUUIDV3 { - fmt.Println(" UUID: ACM_UUID_V3") - fmt.Printf(" Version: %d\n", a.Info.Version) - fmt.Printf(" Length: 0x%x (%d)\n", a.Info.Length, a.Info.Length) - fmt.Printf(" Chipset ID List: 0x%02x\n", a.Info.ChipsetIDList) - fmt.Printf(" OS SINIT Data Version: 0x%02x\n", a.Info.OSSinitDataVersion) - fmt.Printf(" Min. MLE Header Version: 0x%08x\n", a.Info.MinMleHeaderVersion) - fmt.Printf(" Capabilities: 0x%08x\n", a.Info.TxtCaps) - fmt.Printf(" ACM Version: %d\n", a.Info.ACMVersion) - fmt.Printf(" ACM Revision: %s\n", a.Info.ACMRevision) - fmt.Printf(" Processor ID List: 0x%02x\n", a.Info.ProcessorIDList) - fmt.Printf(" TPM ID List: 0x%02x\n", a.Info.TPMInfoList) - fmt.Println() + log.Info(" UUID: ACM_UUID_V3") + log.Infof(" Version: %d", a.Info.Version) + log.Infof(" Length: 0x%x (%d)", a.Info.Length, a.Info.Length) + log.Infof(" Chipset ID List: 0x%02x", a.Info.ChipsetIDList) + log.Infof(" OS SINIT Data Version: 0x%02x", a.Info.OSSinitDataVersion) + log.Infof(" Min. MLE Header Version: 0x%08x", a.Info.MinMleHeaderVersion) + log.Infof(" Capabilities: 0x%08x", a.Info.TxtCaps) + log.Infof(" ACM Version: %d", a.Info.ACMVersion) + log.Infof(" ACM Revision: %s", a.Info.ACMRevision) + log.Infof(" Processor ID List: 0x%02x", a.Info.ProcessorIDList) + log.Infof(" TPM ID List: 0x%02x", a.Info.TPMInfoList) + log.Infoln() a.Chipsets.PrettyPrint() a.Processors.PrettyPrint() a.TPMs.PrettyPrint() } else { - fmt.Println(" UUID: ACM_UUID_V0") - fmt.Println() + log.Info(" UUID: ACM_UUID_V0") + log.Infoln() } } diff --git a/pkg/tools/lcp.go b/pkg/tools/lcp.go index 83b8ba1e..81df243e 100644 --- a/pkg/tools/lcp.go +++ b/pkg/tools/lcp.go @@ -6,11 +6,12 @@ import ( "encoding/binary" "fmt" "io" - "log" "strconv" "strings" "github.com/google/go-tpm/tpm2" + + log "github.com/sirupsen/logrus" ) // HashAlgMap exports map from crypto.Hash to LCPPol2Hash for parsing manual input to LCPPolicy2 @@ -109,49 +110,49 @@ var HashMaskMap = map[string]uint16{ } const ( - //LCPPolicyVersion2 as defined in Document 315168-016 Chapter 3.2.1 LCP Policy + // LCPPolicyVersion2 as defined in Document 315168-016 Chapter 3.2.1 LCP Policy LCPPolicyVersion2 uint16 = 0x0204 - //LCPPolicyVersion3 as defined in Document 315168-016 Chapter 3.2.1 LCP Policy + // LCPPolicyVersion3 as defined in Document 315168-016 Chapter 3.2.1 LCP Policy LCPPolicyVersion3 uint16 = 0x0300 - //LCPPolicyTypeAny as defined in Document 315168-016 Chapter D LCP Data Structures + // LCPPolicyTypeAny as defined in Document 315168-016 Chapter D LCP Data Structures LCPPolicyTypeAny LCPPolicyType = 1 - //LCPPolicyTypeList as defined in Document 315168-016 Chapter D LCP Data Structures + // LCPPolicyTypeList as defined in Document 315168-016 Chapter D LCP Data Structures LCPPolicyTypeList LCPPolicyType = 0 - //LCPMaxLists as defined in Document 315168-016 Chapter D LCP Data Structures + // LCPMaxLists as defined in Document 315168-016 Chapter D LCP Data Structures LCPMaxLists uint = 8 - //SHA1DigestSize as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 + // SHA1DigestSize as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 SHA1DigestSize uint = 20 - //SHA256DigestSize as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 + // SHA256DigestSize as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 SHA256DigestSize uint = 32 - //SHA384DigestSize as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 + // SHA384DigestSize as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 SHA384DigestSize uint = 48 - //SHA512DigestSize FIXME + // SHA512DigestSize FIXME SHA512DigestSize uint = 64 - //SM3DigestSize as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 + // SM3DigestSize as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 SM3DigestSize uint = 32 - //LCPDataFileSignature as defined in Document 315168-016 Chapter D.2 LCP_POLICY_DATA + // LCPDataFileSignature as defined in Document 315168-016 Chapter D.2 LCP_POLICY_DATA LCPDataFileSignature string = "Intel(R) TXT LCP_POLICY_DATA\x00\x00\x00\x00" - //LCPSignatureAlgNone FIXME + // LCPSignatureAlgNone FIXME LCPSignatureAlgNone uint8 = 0 - //LCPSignatureAlgRSAPKCS15 FIXME + // LCPSignatureAlgRSAPKCS15 FIXME LCPSignatureAlgRSAPKCS15 uint8 = 1 - //LCPPolicyElementMLE as defined in Document 315168-016 Chapter D.4.4 LCP_MLE_ELEMENT + // LCPPolicyElementMLE as defined in Document 315168-016 Chapter D.4.4 LCP_MLE_ELEMENT LCPPolicyElementMLE uint32 = 0 - //LCPPolicyElementPCONF as defined in Document 315168-016 Chapter D.4.5 LCP_PCONF_ELEMENT + // LCPPolicyElementPCONF as defined in Document 315168-016 Chapter D.4.5 LCP_PCONF_ELEMENT LCPPolicyElementPCONF uint32 = 1 - //LCPPolicyElementSBIOS FIXME + // LCPPolicyElementSBIOS FIXME LCPPolicyElementSBIOS uint32 = 2 - //LCPPolicyElementCustom as defined in Document 315168-016 Chapter D.4.6 LCP_CUSTOM_ELEMENT + // LCPPolicyElementCustom as defined in Document 315168-016 Chapter D.4.6 LCP_CUSTOM_ELEMENT LCPPolicyElementCustom uint32 = 3 - //LCPPolicyElementMLE2 as defined in Document 315168-016 Chapter D.4.7 LCP_MLE_ELEMENT2 + // LCPPolicyElementMLE2 as defined in Document 315168-016 Chapter D.4.7 LCP_MLE_ELEMENT2 LCPPolicyElementMLE2 uint32 = 0x10 - //LCPPolicyElementPCONF2 as defined in Document 315168-016 Chapter D.4.8 LCP_PCONF_ELEMENT2 + // LCPPolicyElementPCONF2 as defined in Document 315168-016 Chapter D.4.8 LCP_PCONF_ELEMENT2 LCPPolicyElementPCONF2 uint32 = 0x11 - //LCPPolicyElementSBIOS2 FIXME + // LCPPolicyElementSBIOS2 FIXME LCPPolicyElementSBIOS2 uint32 = 0x12 - //LCPPolicyElementSTM2 as defined in Document 315168-016 Chapter D.4.9 LCP_STM_ELEMENT2 + // LCPPolicyElementSTM2 as defined in Document 315168-016 Chapter D.4.9 LCP_STM_ELEMENT2 LCPPolicyElementSTM2 uint32 = 0x14 // LCPPolHAlgSHA1 Document 315168-016 Chapter D.1 LCP_POLICY @@ -159,11 +160,11 @@ const ( // LCPPolicyControlNPW as defined in Document 315168-013 Chapter 3.2.2 PolicyControl Field for LCP_POLTYPE_LIST LCPPolicyControlNPW uint32 = 0x00000001 - //LCPPolicyControlSinitCaps as defined in Document 315168-013 Chapter 3.2.2 PolicyControl Field for LCP_POLTYPE_LIST + // LCPPolicyControlSinitCaps as defined in Document 315168-013 Chapter 3.2.2 PolicyControl Field for LCP_POLTYPE_LIST LCPPolicyControlSinitCaps uint32 = 0x00000002 - //LCPPolicyControlOwnerEnforced as defined in Document 315168-013 Chapter 3.2.2 PolicyControl Field for LCP_POLTYPE_LIST + // LCPPolicyControlOwnerEnforced as defined in Document 315168-013 Chapter 3.2.2 PolicyControl Field for LCP_POLTYPE_LIST LCPPolicyControlOwnerEnforced uint32 = 0x00000004 - //LCPPolicyControlAuxDelete as defined in Document 315168-013 Chapter 3.3.2 LCP Policy 2 + // LCPPolicyControlAuxDelete as defined in Document 315168-013 Chapter 3.3.2 LCP Policy 2 LCPPolicyControlAuxDelete uint32 = 0x80000000 ) @@ -175,7 +176,7 @@ var PolicyControlMap = map[string]uint32{ "AuxDelete": 0x80000000, } -//LCPHash holds one of the supported hashes +// LCPHash holds one of the supported hashes type LCPHash struct { Sha1 *[SHA1DigestSize]uint8 Sha256 *[SHA256DigestSize]uint8 @@ -184,7 +185,7 @@ type LCPHash struct { SM3 *[SM3DigestSize]uint8 } -//LCPPolicyElement represents a policy element as defined in Document 315168-016 Chapter D.4 LCP_POLICY_ELEMENT +// LCPPolicyElement represents a policy element as defined in Document 315168-016 Chapter D.4 LCP_POLICY_ELEMENT type LCPPolicyElement struct { Size uint32 Type uint32 @@ -195,7 +196,7 @@ type LCPPolicyElement struct { Custom *LCPPolicyCustom } -//LCPPolicyMLE represents a MLE policy element as defined in Document 315168-016 Chapter D.4.4 LCP_MLE_ELEMENT +// LCPPolicyMLE represents a MLE policy element as defined in Document 315168-016 Chapter D.4.4 LCP_MLE_ELEMENT type LCPPolicyMLE struct { SINITMinVersion uint8 HashAlg uint8 @@ -203,7 +204,7 @@ type LCPPolicyMLE struct { Hashes [][20]byte } -//LCPPolicySBIOS represents a SBIOS policy element +// LCPPolicySBIOS represents a SBIOS policy element type LCPPolicySBIOS struct { HashAlg uint8 Reserved1 [3]uint8 @@ -213,13 +214,13 @@ type LCPPolicySBIOS struct { Hashes []LCPHash } -//LCPPolicyPCONF represents a PCONF policy element +// LCPPolicyPCONF represents a PCONF policy element type LCPPolicyPCONF struct { NumPCRInfos uint16 PCRInfos []TPMPCRInfoShort } -//TPMPCRInfoShort rFIXME +// TPMPCRInfoShort rFIXME type TPMPCRInfoShort struct { // TPM_PCR_SELECTION PCRSelect []int @@ -229,13 +230,13 @@ type TPMPCRInfoShort struct { DigestAtRelease [20]byte } -//LCPPolicyCustom represents a custom policy element +// LCPPolicyCustom represents a custom policy element type LCPPolicyCustom struct { UUID LCPUUID Data []byte } -//LCPUUID represents an UUID +// LCPUUID represents an UUID type LCPUUID struct { data1 uint32 data2 uint16 @@ -244,7 +245,7 @@ type LCPUUID struct { data5 [6]uint8 } -//LCPPolicyList2 as defined in Document 315168-016 Chapter D.3.2.1 LCP_POLICY_LIST2 Structure +// LCPPolicyList2 as defined in Document 315168-016 Chapter D.3.2.1 LCP_POLICY_LIST2 Structure type LCPPolicyList2 struct { Version uint16 SignaturAlg uint16 @@ -252,7 +253,7 @@ type LCPPolicyList2 struct { PolicyElements []LCPPolicyElement } -//LCPSignature as defined in Document 315168-016 Chapter D.3.2.1 LCP_POLICY_LIST2 Structure +// LCPSignature as defined in Document 315168-016 Chapter D.3.2.1 LCP_POLICY_LIST2 Structure type LCPSignature struct { RevocationCounter uint16 PubkeySize uint16 @@ -260,7 +261,7 @@ type LCPSignature struct { SigBlock []byte } -//LCPPolicyList FIXME not in Document 315168-016 +// LCPPolicyList FIXME not in Document 315168-016 type LCPPolicyList struct { Version uint16 Reserved uint8 @@ -270,13 +271,13 @@ type LCPPolicyList struct { Signature *LCPSignature } -//LCPList as defined in Document 315168-016 Chapter D.3.2.3 LCP_LIST +// LCPList as defined in Document 315168-016 Chapter D.3.2.3 LCP_LIST type LCPList struct { TPM12PolicyList LCPPolicyList TPM20PolicyList LCPPolicyList2 } -//PolicyControl as defined in Document 315168-016 Chapter D.1.1 PolicyControl +// PolicyControl as defined in Document 315168-016 Chapter D.1.1 PolicyControl type PolicyControl struct { NPW bool OwnerEnforced bool @@ -284,7 +285,7 @@ type PolicyControl struct { SinitCaps bool } -//ApprovedHashAlgorithm as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 +// ApprovedHashAlgorithm as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 type ApprovedHashAlgorithm struct { SHA1 bool SHA256 bool @@ -292,7 +293,7 @@ type ApprovedHashAlgorithm struct { SM3 bool } -//ApprovedSignatureAlogrithm as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 +// ApprovedSignatureAlogrithm as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 type ApprovedSignatureAlogrithm struct { RSA2048SHA1 bool RSA2048SHA256 bool @@ -303,7 +304,7 @@ type ApprovedSignatureAlogrithm struct { SM2SM2CurveSM3 bool } -//LCPPolicy as defined in Document 315168-016 Chapter D.1.2 LCP_POLICY +// LCPPolicy as defined in Document 315168-016 Chapter D.1.2 LCP_POLICY type LCPPolicy struct { Version uint16 // < 0x0204 HashAlg uint8 @@ -319,7 +320,7 @@ type LCPPolicy struct { PolicyHash [20]byte } -//LCPPolicy2 as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 +// LCPPolicy2 as defined in Document 315168-016 Chapter D.1.3 LCP_POLICY2 type LCPPolicy2 struct { Version uint16 // < 0x0302 HashAlg tpm2.Algorithm @@ -335,7 +336,7 @@ type LCPPolicy2 struct { PolicyHash [32]byte } -//LCPPolicyData FIXME +// LCPPolicyData FIXME type LCPPolicyData struct { FileSignature [32]uint8 Reserved [3]uint8 @@ -503,7 +504,7 @@ func parsePolicy2(policy []byte) (*LCPPolicy2, error) { return &pol2, nil } -//ParsePolicy generates one of LCPPolicy or LCPPolicy2 +// ParsePolicy generates one of LCPPolicy or LCPPolicy2 func ParsePolicy(policy []byte) (*LCPPolicy, *LCPPolicy2, error) { var version uint16 buf := bytes.NewReader(policy) @@ -877,7 +878,6 @@ func parseLCPHash(buf *bytes.Reader, hash *LCPHash, alg uint8) error { } func parseLCPHash2(buf *bytes.Reader, hash *LCPHash, alg tpm2.Algorithm) error { - h, err := alg.Hash() if err != nil { return err @@ -905,8 +905,8 @@ func parseLCPHash2(buf *bytes.Reader, hash *LCPHash, alg tpm2.Algorithm) error { copy(tmp[:], hbyte[:]) hash.Sha512 = &tmp - //case tpm2.AlgSM3: - //copy(hash.sm3[:], hbyte[:h.Size()]) + // case tpm2.AlgSM3: + // copy(hash.sm3[:], hbyte[:h.Size()]) default: return fmt.Errorf("unsupported hash algorithm: %x", alg) @@ -915,7 +915,7 @@ func parseLCPHash2(buf *bytes.Reader, hash *LCPHash, alg tpm2.Algorithm) error { return nil } -//ParsePolicyData parses a raw copy of the LCP policy +// ParsePolicyData parses a raw copy of the LCP policy func ParsePolicyData(policyData []byte) (*LCPPolicyData, error) { var polData LCPPolicyData @@ -949,7 +949,7 @@ func ParsePolicyData(policyData []byte) (*LCPPolicyData, error) { return &polData, nil } -//PrettyPrint prints the LCPHash in a human readable format +// PrettyPrint prints the LCPHash in a human readable format func (p *LCPHash) PrettyPrint() string { if p.Sha1 != nil { return fmt.Sprintf("%02x [SHA-1]", *p.Sha1) @@ -966,9 +966,9 @@ func (p *LCPHash) PrettyPrint() string { } } -//PrettyPrint prints the LCPPolicyData in a human readable format +// PrettyPrint prints the LCPPolicyData in a human readable format func (pd *LCPPolicyData) PrettyPrint() { - log.Printf("Launch Control Policy Data\n") + log.Infof("Launch Control Policy Data") var fileSig string if bytes.Equal(pd.FileSignature[:], []uint8(LCPDataFileSignature)) { @@ -976,74 +976,74 @@ func (pd *LCPPolicyData) PrettyPrint() { } else { fileSig = "invalid" } - log.Printf("File Signature % x (%s)\n", pd.FileSignature, fileSig) + log.Infof("File Signature % x (%s)", pd.FileSignature, fileSig) - log.Println("LCP Policy Lists:") - log.Printf("\tLists: %d\n", pd.NumLists) + log.Info("LCP Policy Lists:") + log.Infof("\tLists: %d", pd.NumLists) for idx, pol := range pd.PolicyLists { - log.Printf("\tList %d:\n", idx) - log.Printf("\t\tVersion: 0x%04x\n", pol.TPM12PolicyList.Version) - log.Printf("\t\tReserved: % 02x\n", pol.TPM12PolicyList.Reserved) - log.Printf("\t\tSignature Algorithm: 0x%02x\n", pol.TPM12PolicyList.SignaturAlg) - log.Printf("\t\tEntries: %d bytes\n", pol.TPM12PolicyList.PolicyElementSize) + log.Infof("\tList %d:", idx) + log.Infof("\t\tVersion: 0x%04x", pol.TPM12PolicyList.Version) + log.Infof("\t\tReserved: % 02x", pol.TPM12PolicyList.Reserved) + log.Infof("\t\tSignature Algorithm: 0x%02x", pol.TPM12PolicyList.SignaturAlg) + log.Infof("\t\tEntries: %d bytes", pol.TPM12PolicyList.PolicyElementSize) for jdx, ent := range pol.TPM12PolicyList.PolicyElements { - log.Printf("\t\tPolicy %d:\n", jdx) - log.Printf("\t\t\tSize: %d bytes\n", ent.Size) - log.Printf("\t\t\tType: %#v\n", ent.Type) - log.Printf("\t\t\tPolicyEltControl: %#v\n", ent.PolicyEltControl) + log.Infof("\t\tPolicy %d:", jdx) + log.Infof("\t\t\tSize: %d bytes", ent.Size) + log.Infof("\t\t\tType: %#v", ent.Type) + log.Infof("\t\t\tPolicyEltControl: %#v", ent.PolicyEltControl) if ent.MLE != nil { - log.Printf("\t\t\tSINITMinVersion: %d\n", ent.MLE.SINITMinVersion) - log.Printf("\t\t\tHashAlg: 0x%04x\n", ent.MLE.HashAlg) - log.Printf("\t\t\tNumHashes: %d\n", ent.MLE.NumHashes) + log.Infof("\t\t\tSINITMinVersion: %d", ent.MLE.SINITMinVersion) + log.Infof("\t\t\tHashAlg: 0x%04x", ent.MLE.HashAlg) + log.Infof("\t\t\tNumHashes: %d", ent.MLE.NumHashes) for kdx, h := range ent.MLE.Hashes { - log.Printf("\t\t\tHash %2d: %02x\n", kdx, h) + log.Infof("\t\t\tHash %2d: %02x", kdx, h) } } else if ent.SBIOS != nil { - log.Printf("\t\t\tHashAlg: 0x%04x\n", ent.SBIOS.HashAlg) - log.Printf("\t\t\tReserved1: % 02x\n", ent.SBIOS.Reserved1) - log.Printf("\t\t\tFallbackHash: %s\n", ent.SBIOS.FallbackHash.PrettyPrint()) - log.Printf("\t\t\tReserved2: % 02x\n", ent.SBIOS.Reserved2) - log.Printf("\t\t\tNumHashes: %d\n", ent.SBIOS.NumHashes) + log.Infof("\t\t\tHashAlg: 0x%04x", ent.SBIOS.HashAlg) + log.Infof("\t\t\tReserved1: % 02x", ent.SBIOS.Reserved1) + log.Infof("\t\t\tFallbackHash: %s", ent.SBIOS.FallbackHash.PrettyPrint()) + log.Infof("\t\t\tReserved2: % 02x", ent.SBIOS.Reserved2) + log.Infof("\t\t\tNumHashes: %d", ent.SBIOS.NumHashes) for kdx, h := range ent.SBIOS.Hashes { - log.Printf("\t\t\tHash %2d: %s\n", kdx, h.PrettyPrint()) + log.Infof("\t\t\tHash %2d: %s", kdx, h.PrettyPrint()) } } else if ent.PCONF != nil { - log.Printf("\t\t\tNumPCRInfos: %d\n", ent.PCONF.NumPCRInfos) + log.Infof("\t\t\tNumPCRInfos: %d", ent.PCONF.NumPCRInfos) for kdx, info := range ent.PCONF.PCRInfos { - log.Printf("\t\t\tPCR Info %d:\n", kdx) - log.Printf("\t\t\t\tPCR Select: %v\n", info.PCRSelect) - log.Printf("\t\t\t\tLocality: %d\n", info.LocalityAtRelease) - log.Printf("\t\t\t\tDigest: %02x\n", info.DigestAtRelease) + log.Infof("\t\t\tPCR Info %d:", kdx) + log.Infof("\t\t\t\tPCR Select: %v", info.PCRSelect) + log.Infof("\t\t\t\tLocality: %d", info.LocalityAtRelease) + log.Infof("\t\t\t\tDigest: %02x", info.DigestAtRelease) } } else if ent.Custom != nil { - log.Printf("\t\t\tUUID: %08x-%04x-%04x-%04x-%02x\n", ent.Custom.UUID.data1, ent.Custom.UUID.data2, ent.Custom.UUID.data3, ent.Custom.UUID.data4, ent.Custom.UUID.data5) - log.Printf("\t\t\tData: %02x\n", ent.Custom.Data) + log.Infof("\t\t\tUUID: %08x-%04x-%04x-%04x-%02x", ent.Custom.UUID.data1, ent.Custom.UUID.data2, ent.Custom.UUID.data3, ent.Custom.UUID.data4, ent.Custom.UUID.data5) + log.Infof("\t\t\tData: %02x", ent.Custom.Data) } else { - log.Printf("\t\t\tError: Unknown Policy Element type\n") + log.Infof("\t\t\tError: Unknown Policy Element type") } } if pol.TPM12PolicyList.Signature != nil { - log.Printf("\t\tSignature:\n") - log.Printf("\t\t\tRevocation Counter: %#v\n", pol.TPM12PolicyList.Signature.RevocationCounter) - log.Printf("\t\t\tPubkey Size: %d\n", pol.TPM12PolicyList.Signature.PubkeySize) - log.Printf("\t\t\tPubkey Value: %02x\n", pol.TPM12PolicyList.Signature.PubkeyValue) - log.Printf("\t\t\tSig Block: %02x\n", pol.TPM12PolicyList.Signature.SigBlock) + log.Infof("\t\tSignature:") + log.Infof("\t\t\tRevocation Counter: %#v", pol.TPM12PolicyList.Signature.RevocationCounter) + log.Infof("\t\t\tPubkey Size: %d", pol.TPM12PolicyList.Signature.PubkeySize) + log.Infof("\t\t\tPubkey Value: %02x", pol.TPM12PolicyList.Signature.PubkeyValue) + log.Infof("\t\t\tSig Block: %02x", pol.TPM12PolicyList.Signature.SigBlock) } else { - log.Printf("\t\tSignature: (None)\n") + log.Infof("\t\tSignature: (None)") } } } // GenLCPPolicyV2 generates a LCPPolicyV2 structure with given hash algorithm func GenLCPPolicyV2(version uint16, hashAlg crypto.Hash, hash []byte, sinitmin uint8, pc PolicyControl, - apprHashes ApprovedHashAlgorithm, apprSigs ApprovedSignatureAlogrithm) (*LCPPolicy2, error) { - + apprHashes ApprovedHashAlgorithm, apprSigs ApprovedSignatureAlogrithm, +) (*LCPPolicy2, error) { var v uint16 h, a := HashAlgMap[hashAlg] if !a { @@ -1187,8 +1187,8 @@ func (p *LCPPolicy2) PrettyPrint() { s.WriteString(" LcpHashAlgMask: " + PrintLcpHashAlgMask(p.LcpHashAlgMask) + "\n") s.WriteString(" LcpSignAlgMask: " + p.LcpSignAlgMask.String() + "\n") s.WriteString(" PolicyHash: " + fmt.Sprintf("%v", p.PolicyHash) + "\n") - fmt.Printf("%s", s.String()) - fmt.Println() + log.Infof("%s", s.String()) + log.Infoln() } // PrintLcpHashAlgMask prints LcpHashAlgMask in human readable format diff --git a/pkg/tools/version.go b/pkg/tools/version.go index ab359938..4ebb056c 100644 --- a/pkg/tools/version.go +++ b/pkg/tools/version.go @@ -1,15 +1,17 @@ package tools -import "fmt" +import ( + log "github.com/sirupsen/logrus" +) // ShowVersion shows progam version func ShowVersion(toolName, tag, commit string) { - fmt.Printf("%s %s\n", toolName, tag) - fmt.Println("") - fmt.Printf("Build Commit: %s\n", commit) - fmt.Println("License: BSD 3-Clause License") - fmt.Println("") - fmt.Println("Copyright (c) 2020, 9elements GmbH.") - fmt.Println("Copyright (c) 2020, facebook Inc.") - fmt.Println("All rights reserved.") + log.Infof("%s %s", toolName, tag) + log.Info("") + log.Infof("Build Commit: %s", commit) + log.Info("License: BSD 3-Clause License") + log.Info("") + log.Info("Copyright (c) 2020, 9elements GmbH.") + log.Info("Copyright (c) 2020, facebook Inc.") + log.Info("All rights reserved.") }