Comments (8)
Yes, we have a pretty complete parser that will be landing shortly.
from go-attestation.
FYI #64
from go-attestation.
If you have any feedback on if this is useful for you or how it could be improved, it would be appreciated!
from go-attestation.
@brandonweeks @ericchiang Just look at my feature set. I guess the current implementation isn't complete.
from go-attestation.
Yep, #64 is work to prove an event log correctly replays against a set of PCR values, and that the PCRs are validated by a signed AIK quote. For now, I actually don't want package users to be able to parse a log without validating it.
Once that PR is merged, I'll submit a followup to parse platform information from Windows and Linux logs. We'll continue to expose the validated but un-parsed events for users that want to parse non-standard event types or types that we haven't got around to implementing yet.
from go-attestation.
#108 is a shot at this.
from go-attestation.
@ericchiang I think we are mixing stuff here. PCR precalculation should have a separate package aside from the TCPA eventlog IMHO. @mjg59 great work.
from go-attestation.
Closing this out as event log parsing & replay is implemented: https://pkg.go.dev/github.com/google/go-attestation/attest?tab=doc#ParseEventLog
Due to complexities with extracting trustable values from the event log, and a desire to only expose an API which is hard to use incorrectly, I don't expect we will expose parsing methods for common primitives like UEFI variables. Instead we aim to expose safer APIs where we verify the authenticity of returned values. For instance, here's our parser/verifier for secure-boot state.
EDIT: I dont expect we will expose such parsing methods in the attest package.
from go-attestation.
Related Issues (20)
- Implicit platform attestation (question) HOT 2
- A question about EK,SRK HOT 5
- rhshim introduced a MokListTrusted event, leading to failed parsing of the SecureBootState
- error code 0x04: value is out of range or is not for the correct context when Activating credentials HOT 11
- OSS-Fuzz issue 52044 HOT 1
- Wrong decoding of ints in win_events.go HOT 1
- OSS-Fuzz issue 52520 HOT 1
- OSS-Fuzz issue 53008 HOT 1
- [Windows] Guidance around access management for key-attestation on TPMs via the Windows PCP library HOT 4
- OSS-Fuzz issue 54576
- EC Nist P521 key size too short? HOT 2
- suggest go.mod version bump HOT 1
- Proposal to add tpm_event package in an experimental directory HOT 2
- Handle "AttestedCertifyInfo" in ActivationParameter checks for TPM2.0 Challenges HOT 3
- Make AttestationParameters.CreateData an optional field HOT 3
- Support using AK from NV
- Fails to parse malformed Nuvoton EK certs with leading 0s in serial number HOT 1
- MarshalSubjectAltName should support specificing if the extension is critical.
- ECDSA Support on Windows HOT 3
- Getting wrapped private key after certificate generation HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-attestation.