diff --git a/cmd/pcr0tool/commands/pcrread/command.go b/cmd/pcr0tool/commands/pcrread/command.go new file mode 100644 index 00000000..7fa16396 --- /dev/null +++ b/cmd/pcr0tool/commands/pcrread/command.go @@ -0,0 +1,79 @@ +package pcrread + +import ( + "context" + "flag" + "fmt" + "log" + "os" + "strconv" + "strings" + + "github.com/google/go-tpm/tpm2" + + "github.com/9elements/converged-security-suite/v2/pkg/bootflow/subsystems/trustchains/tpm/pcr" + "github.com/9elements/converged-security-suite/v2/pkg/tpm" +) + +func assertNoError(err error) { + if err != nil { + log.Fatal(err) + } +} + +func usageAndExit() { + flag.Usage() + os.Exit(2) +} + +// Command is the implementation of `commands.Command`. +type Command struct { + hashAlgo *string +} + +// Usage prints the syntax of arguments for this command +func (cmd Command) Usage() string { + return "" +} + +// Description explains what this verb commands to do +func (cmd Command) Description() string { + return "read the PCR value" +} + +// SetupFlagSet is called to allow the command implementation +// to setup which option flags it has. +func (cmd *Command) SetupFlagSet(flag *flag.FlagSet) { + cmd.hashAlgo = flag.String("hash-algo", tpm2.AlgSHA1.String(), "") +} + +// Execute is the main function here. It is responsible to +// start the execution of the command. +// +// `args` are the arguments left unused by verb itself and options. +func (cmd Command) Execute(ctx context.Context, args []string) { + if len(args) < 1 { + _, _ = fmt.Fprintf(flag.CommandLine.Output(), "error: no PCR index is specified\n") + usageAndExit() + } + if len(args) > 1 { + _, _ = fmt.Fprintf(flag.CommandLine.Output(), "error: too many parameters\n") + usageAndExit() + } + pcrIndexString := args[0] + pcrIndex, err := strconv.ParseUint(pcrIndexString, 10, 64) + assertNoError(err) + + hashAlgo := tpm2.AlgUnknown + for _, alg := range []tpm2.Algorithm{tpm2.AlgSHA1, tpm2.AlgSHA256} { + if strings.EqualFold(*cmd.hashAlgo, alg.String()) { + hashAlgo = alg + } + } + if hashAlgo == tpm2.AlgUnknown { + log.Fatalf("algo '%s' is unknown", *cmd.hashAlgo) + } + pcr, err := tpm.ReadPCRFromTPM(pcr.ID(pcrIndex), hashAlgo) + assertNoError(err) + fmt.Printf("%X\n", pcr) +} diff --git a/cmd/pcr0tool/main.go b/cmd/pcr0tool/main.go index 81488163..2228ebf6 100644 --- a/cmd/pcr0tool/main.go +++ b/cmd/pcr0tool/main.go @@ -14,6 +14,7 @@ import ( "github.com/9elements/converged-security-suite/v2/cmd/pcr0tool/commands/displayfwinfo" "github.com/9elements/converged-security-suite/v2/cmd/pcr0tool/commands/dumpfit" "github.com/9elements/converged-security-suite/v2/cmd/pcr0tool/commands/dumpregisters" + "github.com/9elements/converged-security-suite/v2/cmd/pcr0tool/commands/pcrread" "github.com/9elements/converged-security-suite/v2/cmd/pcr0tool/commands/printnodes" "github.com/9elements/converged-security-suite/v2/cmd/pcr0tool/commands/sum" validatesecurity "github.com/9elements/converged-security-suite/v2/cmd/pcr0tool/commands/validate_security" @@ -31,6 +32,7 @@ var knownCommands = map[string]commands.Command{ "display_fwinfo": &displayfwinfo.Command{}, "dump_fit": &dumpfit.Command{}, "dump_registers": &dumpregisters.Command{}, + "pcrread": &pcrread.Command{}, "printnodes": &printnodes.Command{}, "validate_security": &validatesecurity.Command{}, "sum": &sum.Command{},