-
Notifications
You must be signed in to change notification settings - Fork 13
/
se.go
141 lines (115 loc) · 3.69 KB
/
se.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
//go:generate manifestcodegen
package bootpolicy
import (
"fmt"
"math"
"time"
"github.com/9elements/converged-security-suite/v2/pkg/intel/metadata/manifest"
)
// PrettyString: IBB Segments Element
type SE struct {
StructInfo `id:"__IBBS__" version:"0x20" var0:"0" var1:"uint16(s.TotalSize())"`
Reserved0 [1]byte `require:"0" json:"se_Reserved0,omitempty"`
SetNumber uint8 `require:"0" json:"se_SetNumber,omitempty"`
Reserved1 [1]byte `require:"0" json:"se_Reserved1,omitempty"`
PBETValue PBETValue `json:"se_PBETValue"`
Flags SEFlags `json:"se_Flags"`
// PrettyString: IBB MCHBAR
IBBMCHBAR uint64 `json:"se_IBBMCHBAR"`
// PrettyString: VT-d BAR
VTdBAR uint64 `json:"se_VTdBAR"`
// PrettyString: DMA Protection 0 Base Address
DMAProtBase0 uint32 `json:"se_DMAProtBase0"`
// PrettyString: DMA Protection 0 Limit Address
DMAProtLimit0 uint32 `json:"se_DMAProtLimit0"`
// PrettyString: DMA Protection 1 Base Address
DMAProtBase1 uint64 `json:"se_DMAProtBase1"`
// PrettyString: DMA Protection 2 Limit Address
DMAProtLimit1 uint64 `json:"se_DMAProtLimit1"`
PostIBBHash manifest.HashStructure `json:"se_PostIBBHash"`
IBBEntryPoint uint32 `json:"se_IBBEntry"`
DigestList manifest.HashList `json:"se_DigestList"`
OBBHash manifest.HashStructure `json:"se_OBBHash"`
Reserved2 [3]byte `require:"0" json:"se_Reserved2,omitempty"`
IBBSegments []IBBSegment `countType:"uint8" json:"se_IBBSegments,omitempty"`
}
type PBETValue uint8
// PBETValue returns the raw value of the timer setting.
func (pbet PBETValue) PBETValue() uint8 {
return uint8(pbet) & 0x0f
}
// Duration returns the value as time.Duration.
func (pbet PBETValue) Duration() time.Duration {
v := pbet.PBETValue()
if v == 0 {
return math.MaxInt64
}
return time.Second * time.Duration(5+v)
}
func (pbet *PBETValue) SetDuration(duration time.Duration) time.Duration {
v := duration.Nanoseconds()/time.Second.Nanoseconds() - 5
if v <= 0 {
v = 1
}
if v >= 16 {
v = 0
}
*pbet = PBETValue(v)
return pbet.Duration()
}
type SEFlags uint32
func (flags SEFlags) Reserved0() uint32 {
return uint32(flags & 0xffffffe0)
}
// PrettyString-true: BIOS supports Top Swap remediation action
// PrettyString-false: BIOS does not support Top Swap remediation action
func (flags SEFlags) SupportsTopSwapRemediation() bool {
return flags&0x10 != 0
}
// PrettyString-true: Leave Hierarchies enabled. Cap all PCRs on failure.
// PrettyString-false: Do not leave enabled. Disable all Hierarchies or deactivate on failure.
func (flags SEFlags) TPMFailureLeavesHierarchiesEnabled() bool {
return flags&0x08 != 0
}
// PrettyString-true: Extend Authority Measurements into the Authority PCR 7
// PrettyString-false: Do not extend into the Authority PCR 7
func (flags SEFlags) AuthorityMeasure() bool {
return flags&0x04 != 0
}
// PrettyString-true: Issue TPM Start-up from Locality 3
// PrettyString-false: Disabled
func (flags SEFlags) Locality3Startup() bool {
return flags&0x02 != 0
}
// PrettyString-true: Enable DMA Protection
// PrettyString-false: Disable DMA Protection
func (flags SEFlags) DMAProtection() bool {
return flags&0x01 != 0
}
type IBBSegment struct {
Reserved [2]byte `require:"0"`
Flags uint16
Base uint32
Size uint32
}
type CachingType uint8
const (
CachingTypeWriteProtect = CachingType(iota)
CachingTypeWriteBack
CachingTypeReserved0
CachingTypeReserved1
)
// String implements fmt.Stringer.
func (c CachingType) String() string {
switch c {
case CachingTypeWriteProtect:
return "write_protect"
case CachingTypeWriteBack:
return "write_back"
case CachingTypeReserved0:
return "value_0x02"
case CachingTypeReserved1:
return "value_0x03"
}
return fmt.Sprintf("unexpected_value_0x%02X", uint8(c))
}