8000 Add CEL replay and TPM extension in AppendEvent by alexmwu · Pull Request #148 · google/go-tpm-tools · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add CEL replay and TPM extension in AppendEvent #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Dec 10, 2021
Merged

Add CEL replay and TPM extension in AppendEvent #148

merged 6 commits into from
Dec 10, 2021

Conversation

alexmwu
Copy link
Contributor
@alexmwu alexmwu commented Dec 9, 2021

No description provided.

@alexmwu
proto: Add canonical_event_log to Attestation
e355b5c
@alexmwu
cel: Extend the PCR when adding an event to CEL
86504d3 
When calling AppendEvent, extend the target TPM's PCR for the event.
Also update the tests with a TPM handle and style and add helper method
for appending to a CEL.
Finally, change PCRs to use Debug and Application because test.GetTPM
can use a real TPM. This would clobber the values of 13 and 14 as the
test stands.
@alexmwu alexmwu requested review from iKevinY, josephlr and jkl73 December 9, 2021 01:42
jkl73
jkl73 reviewed Dec 9, 2021
View reviewed changes
iKevinY
iKevinY approved these changes Dec 9, 2021
View reviewed changes
Copy link
@iKevinY iKevinY left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM pending resolving @jkl73's comments.

@alexmwu
cel: Add replay support for CELs
ab7e0b4 
cel.replay takes a CEL's records and attempts to extend all of the record's
digests for the given bank's hash algorithm. Finally, it compares the
replay PCRs with the bank PCRs.
@alexmwu
cel: Add success and failure tests for replay
dbfbda3 
Test empty CEL, extending and replaying against two PCRs, replay
failure on tampering with the CEL, and superset/subset testing on
input PCR bank to verify against.
@alexmwu
client: Add CanonicalEventLog to AttestOpts
596d875 
Allows client.Attest users to pass in TCG Canonical Event Logs and use
them in the output Attestation message.
jkl73
jkl73 approved these changes Dec 10, 2021
View reviewed changes
@alexmwu alexmwu merged commit bc3fe1e into google:master Dec 10, 2021
@alexmwu alexmwu deleted the cel-replay branch December 10, 2021 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkl73 jkl73 jkl73 approved these changes

@iKevinY iKevinY iKevinY approved these changes

@josephlr josephlr Awaiting requested review from josephlr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexmwu @iKevinY @jkl73
0