talm
60 строк · 1.7 Кб
1// This Source Code Form is subject to the terms of the Mozilla Public
2// License, v. 2.0. If a copy of the MPL was not distributed with this
3// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4
5// Package measure contains Go implementation of 'systemd-measure' command.
6//
7// This implements TPM PCR emulation, UKI signature measurement, signing the measured values.
8package measure
9
10import (
11"crypto"
12"crypto/rsa"
13
14"github.com/google/go-tpm/tpm2"
15
16"github.com/aenix-io/talm/internal/pkg/secureboot"
17"github.com/aenix-io/talm/internal/pkg/secureboot/measure/internal/pcr"
18tpm2internal "github.com/aenix-io/talm/internal/pkg/secureboot/tpm2"
19)
20
21// SectionsData holds a map of Section to file path to the corresponding section.
22type SectionsData map[secureboot.Section]string
23
24// RSAKey is the input for the CalculateBankData function.
25type RSAKey interface {
26crypto.Signer
27PublicRSAKey() *rsa.PublicKey
28}
29
30// GenerateSignedPCR generates the PCR signed data for a given set of UKI file sections.
31func GenerateSignedPCR(sectionsData SectionsData, rsaKey RSAKey) (*tpm2internal.PCRData, error) {
32data := &tpm2internal.PCRData{}
33
34for _, algo := range []struct {
35alg tpm2.TPMAlgID
36bankDataSetter *[]tpm2internal.BankData
37}{
38{
39alg: tpm2.TPMAlgSHA256,
40bankDataSetter: &data.SHA256,
41},
42{
43alg: tpm2.TPMAlgSHA384,
44bankDataSetter: &data.SHA384,
45},
46{
47alg: tpm2.TPMAlgSHA512,
48bankDataSetter: &data.SHA512,
49},
50} {
51bankData, err := pcr.CalculateBankData(secureboot.UKIPCR, algo.alg, sectionsData, rsaKey)
52if err != nil {
53return nil, err
54}
55
56*algo.bankDataSetter = bankData
57}
58
59return data, nil
60}
61