adding variable in each subsequent file to track pciids file status

nsacyber · Sep 9, 2024 · bc85403 · bc85403
1 parent 6e9cb4b
commit bc85403
Show file tree

Hide file tree

Showing 6 changed files with 82 additions and 24 deletions.
diff --git a/HIRS_Utils/src/main/java/hirs/utils/PciIds.java b/HIRS_Utils/src/main/java/hirs/utils/PciIds.java
@@ -21,8 +21,6 @@
 import java.util.Collections;
 import java.util.List;
 
-import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
-
 /**
  * Provide Java access to PCI IDs.
  */
@@ -33,7 +31,7 @@ public final class PciIds {
      * Track status of pciids file.
      */
     @Getter
-    private static String pciidsFileStatus = FILESTATUS_NOT_ACCESSIBLE;
+    private static String pciidsFileStatus = UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
 
     /**
      * Name of pciids file in code.
@@ -59,16 +57,12 @@ public final class PciIds {
 
     /**
      * The PCI IDs Database object.
-     *
      * This only needs to be loaded one time.
-     *
      * The pci ids library protects the data inside the object by making it immutable.
      */
     public static final PciIdsDatabase DB = new PciIdsDatabase();
 
-    /**
-     * Configure the PCI IDs Database object.
-     */
+    //Configure the PCI IDs Database object.
     static {
         if (!DB.isReady()) {
             String dbFile = null;
@@ -87,7 +81,7 @@ public final class PciIds {
                 dbFile = PciIds.class.getResource(PCIIDS_FILENAME).getPath();
             }
             if (dbFile != null) {
-                if (pciidsFileStatus != UefiConstants.FILESTATUS_FROM_FILESYSTEM) {
+                if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_FROM_FILESYSTEM)) {
                     pciidsFileStatus = UefiConstants.FILESTATUS_FROM_CODE;
                 }
                 InputStream is = null;
@@ -126,7 +120,7 @@ private PciIds() { }
      */
     public static ASN1UTF8String translateVendor(final ASN1UTF8String refManufacturer) {
         ASN1UTF8String manufacturer = refManufacturer;
-        if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
+        if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
                 && manufacturer != null
                 && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")) {
             Vendor ven = DB.findVendor(manufacturer.getString().toLowerCase());
@@ -145,7 +139,7 @@ public static ASN1UTF8String translateVendor(final ASN1UTF8String refManufacture
      */
     public static String translateVendor(final String refManufacturer) {
         String manufacturer = refManufacturer;
-        if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
+        if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
                 && manufacturer != null
                 && manufacturer.trim().matches("^[0-9A-Fa-f]{4}$")) {
             Vendor ven = DB.findVendor(manufacturer.toLowerCase());
@@ -168,7 +162,7 @@ public static ASN1UTF8String translateDevice(final ASN1UTF8String refManufacture
                                                  final ASN1UTF8String refModel) {
         ASN1UTF8String manufacturer = refManufacturer;
         ASN1UTF8String model = refModel;
-        if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
+        if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
                 && manufacturer != null
                 && model != null
                 && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")
@@ -193,7 +187,7 @@ public static ASN1UTF8String translateDevice(final ASN1UTF8String refManufacture
     public static String translateDevice(final String refManufacturer,
                                          final String refModel) {
         String model = refModel;
-        if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
+        if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
                 && refManufacturer != null
                 && model != null
                 && refManufacturer.trim().matches("^[0-9A-Fa-f]{4}$")
@@ -224,7 +218,7 @@ public static List<String> translateDeviceClass(final String refClassCode) {
         List<String> translatedClassCode = new ArrayList<>();
 
         String classCode = refClassCode;
-        if (pciidsFileStatus != FILESTATUS_NOT_ACCESSIBLE
+        if (!pciidsFileStatus.equals(UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
                 && classCode != null
                 && classCode.trim().matches("^[0-9A-Fa-f]{6}$")) {
             String deviceClass = classCode.substring(0, 2).toLowerCase();

diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java
@@ -20,9 +20,6 @@
 import java.util.Collection;
 import java.util.LinkedHashMap;
 
-import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM;
-import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
-
 /**
  * Class for handling different formats of TCG Event logs.
  */
@@ -88,7 +85,16 @@ public final class TCGEventLog {
      * and if that event causes a different status.
      */
     @Getter
-    private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM;
+    private String vendorTableFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
+    /**
+     * Track status of pci.ids
+     * This is only used if there is an event that uses functions from the pciids class.
+     * Default is normal status (normal status is from-filesystem).
+     * Status will only change IF there is an event that uses pciids file, and the file
+     * causes a different status.
+     */
+    @Getter
+    private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
 
     /**
      * Default blank object constructor.
@@ -169,11 +175,18 @@ public TCGEventLog(final byte[] rawlog, final boolean bEventFlag,
             // the if statement is executed
             // [new event file status = eventList.get(eventNumber-1).getVendorTableFileStatus()]
             // (ie. if the new file status is not-accessible or from-code, then want to update)
-            if ((vendorTableFileStatus != FILESTATUS_NOT_ACCESSIBLE)
+            if ((vendorTableFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
                     && (eventList.get(eventNumber - 1).getVendorTableFileStatus()
-                    != FILESTATUS_FROM_FILESYSTEM)) {
+                    != UefiConstants.FILESTATUS_FROM_FILESYSTEM)) {
                 vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus();
             }
+            if ((vendorTableFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
+                    && (eventList.get(eventNumber - 1).getVendorTableFileStatus()
+                    != UefiConstants.FILESTATUS_FROM_FILESYSTEM)) {
+                vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus();
+            }
+
+            //add pci here
         }
         calculatePcrValues();
     }

diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java
@@ -127,6 +127,16 @@ public class TpmPcrEvent {
     @Getter
     private String vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM;
 
+    /**
+     * Track status of pci.ids
+     * This is only used for events that access the pci.ids file.
+     * Default is normal status (normal status is from-filesystem).
+     * Status will only change IF this is an event that uses this file,
+     * and if that event causes a different status.
+     */
+    @Getter
+    private String pciidsFileStatus = FILESTATUS_FROM_FILESYSTEM;
+
     /**
      * Constructor.
      *
@@ -523,7 +533,9 @@ public String processEvent(final byte[] eventData, final byte[] content,
                 break;
             case EvConstants.EV_EFI_SPDM_FIRMWARE_BLOB:
             case EvConstants.EV_EFI_SPDM_FIRMWARE_CONFIG:
-                description += "Event Content:\n" + new EvEfiSpdmDeviceSecurityEvent(content).toString();
+                EvEfiSpdmDeviceSecurityEvent efiSpdmDse = new EvEfiSpdmDeviceSecurityEvent(content);
+                description += "Event Content:\n" + efiSpdmDse.toString();
+                pciidsFileStatus = efiSpdmDse.getPciidsFileStatus();
                 break;
             default:
                 description += " Unknown Event found" + "\n";

diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java
@@ -1,5 +1,6 @@
 package hirs.utils.tpm.eventlog.events;
 
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
 import lombok.Getter;
 import lombok.Setter;
 
@@ -44,7 +45,7 @@ public abstract class DeviceSecurityEvent {
      * DeviceSecurityEventDataContext Object.
      */
     @Getter
-    private DeviceSecurityEventDataDeviceContext dsedDevContext = null;
+    private DeviceSecurityEventDataPciContext dsedPciContext = null;
 
     /**
      * Device type.
@@ -60,6 +61,13 @@ public abstract class DeviceSecurityEvent {
     @Getter
     private String deviceContextInfo = "";
 
+    /**
+     * Track status of pci.ids file.
+     * This is only needed if DeviceSecurityEvent includes a DeviceSecurityEventDataPciContext
+     */
+    @Getter
+    private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
+
     /**
      * DeviceSecurityEventData Default Constructor.
      *
@@ -82,8 +90,9 @@ public void instantiateDeviceContext(final byte[] dsedDeviceContextBytes) {
             if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_NONE) {
                 deviceContextInfo = "\n    No Device Context (indicated by device type value of 0)";
             } else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_PCI) {
-                dsedDevContext = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
-                deviceContextInfo = dsedDevContext.toString();
+                dsedPciContext = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
+                deviceContextInfo = dsedPciContext.toString();
+                pciidsFileStatus = dsedPciContext.getPciidsFileStatus();
             } else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_USB) {
                 deviceContextInfo = "    Device Type: USB - To be implemented";
             } else {

diff --git a/...Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java b/...Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java
@@ -1,6 +1,8 @@
 package hirs.utils.tpm.eventlog.events;
 
 import hirs.utils.HexUtils;
+import hirs.utils.PciIds;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
 import lombok.Getter;
 
 import java.util.List;
@@ -69,6 +71,12 @@ public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDe
     @Getter
     private String subsystemId = "";
 
+    /**
+     * Track status of pci.ids file.
+     */
+    @Getter
+    private String pciidsFileStatus = UefiConstants.FILESTATUS_NOT_ACCESSIBLE;
+
     /**
      * DeviceSecurityEventDataPciContext Constructor.
      *
@@ -114,6 +122,13 @@ public String toString() {
         dSEDpciContextInfo += super.toString();
         dSEDpciContextInfo += "      Device Type = PCI\n";
         dSEDpciContextInfo += "      Vendor = " + translateVendor(vendorId) + "\n";
+
+        // the above call to translateVendor() is the first location in this class where
+        // a function in pciids class is called
+        // thus, if pciids db has not previously been set up, this call will trigger that setup
+        // the setup will look for the pciids file; need to check and store the status of that file
+        pciidsFileStatus = PciIds.getPciidsFileStatus();
+
         dSEDpciContextInfo += "      Device = " + translateDevice(vendorId, deviceId) + "\n";
         dSEDpciContextInfo += "      RevisionID = " + revisionId + "\n";
 

diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java
@@ -2,9 +2,12 @@
 
 import hirs.utils.HexUtils;
 import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
 
 import java.nio.charset.StandardCharsets;
 
+import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM;
+
 /**
  * Abstract class to process any SPDM event that is solely a DEVICE_SECURITY_EVENT_DATA or
  * DEVICE_SECURITY_EVENT_DATA2. The event field MUST be a
@@ -45,6 +48,16 @@ public class EvEfiSpdmDeviceSecurityEvent {
      */
     private String spdmInfo = "";
 
+    /**
+     * Track status of pci.ids
+     * This is only used for events that access the pci.ids file.
+     * Default is normal status (normal status is from-filesystem).
+     * Status will only change IF this is an event that uses this file,
+     * and if that event causes a different status.
+     */
+    @Getter
+    private String pciidsFileStatus = FILESTATUS_FROM_FILESYSTEM;
+
     /**
      * EvEfiSpdmFirmwareBlob constructor.
      *
@@ -72,6 +85,7 @@ public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) {
             if (dsedVersion.equals("0200")) {
                 dsed = new DeviceSecurityEventData2(eventData);
                 spdmInfo += dsed.toString();
+                pciidsFileStatus = dsed.getPciidsFileStatus();
             } else {
                 spdmInfo += "    Incompatible version for DeviceSecurityEventData2: " + dsedVersion + "\n";
             }
@@ -82,6 +96,7 @@ public EvEfiSpdmDeviceSecurityEvent(final byte[] eventData) {
             if (dsedVersion.equals("0100")) {
                 dsed = new DeviceSecurityEventData(eventData);
                 spdmInfo += dsed.toString();
+                pciidsFileStatus = dsed.getPciidsFileStatus();
             } else {
                 spdmInfo += "    Incompatible version for DeviceSecurityEventData: " + dsedVersion + "\n";
             }