Any plans for a TCPA log parser? about go-attestation HOT 8 CLOSED

Yes, we have a pretty complete parser that will be landing shortly.

from go-attestation.

FYI #64

from go-attestation.

If you have any feedback on if this is useful for you or how it could be improved, it would be appreciated!

from go-attestation.

@brandonweeks @ericchiang Just look at my feature set. I guess the current implementation isn't complete.

from go-attestation.

Yep, #64 is work to prove an event log correctly replays against a set of PCR values, and that the PCRs are validated by a signed AIK quote. For now, I actually don't want package users to be able to parse a log without validating it.

Once that PR is merged, I'll submit a followup to parse platform information from Windows and Linux logs. We'll continue to expose the validated but un-parsed events for users that want to parse non-standard event types or types that we haven't got around to implementing yet.

from go-attestation.

#108 is a shot at this.

from go-attestation.

@ericchiang I think we are mixing stuff here. PCR precalculation should have a separate package aside from the TCPA eventlog IMHO. @mjg59 great work.

from go-attestation.

Closing this out as event log parsing & replay is implemented: https://pkg.go.dev/github.com/google/go-attestation/attest?tab=doc#ParseEventLog

Due to complexities with extracting trustable values from the event log, and a desire to only expose an API which is hard to use incorrectly, I don't expect we will expose parsing methods for common primitives like UEFI variables. Instead we aim to expose safer APIs where we verify the authenticity of returned values. For instance, here's our parser/verifier for secure-boot state.

EDIT: I dont expect we will expose such parsing methods in the attest package.

from go-attestation.