You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When eventlog tool is run as user (such as in a command prompt without sudo, or in an IDE which is run as the user), the vendor-table.json file is not accessible, and so valid GUID lookups return "unknown GUID reference". In some cases the code needs this GUID reference to determine the next piece of code that executes. If the GUID is valid but the code thinks it is invalid, it will not process the next chunk of data properly.
Changes needed:
Part 1:
do not process code with an unknown SignatureType in EFI_SIGNATURE_TYPE
add output to indicate how many signature lists there are, and how many certs or hashes in each list
Part 2:
when grabbing the file vendor-table.json from /etc/hirs/aca/default-properties/vendor-table.json, if the file is not accessible, then grab the file from code: /HIRS_AttestationCA/src/main/resources/vendor-table.json
if the vendor-table.json is not accessible, print a msg noting this and warning that not all Secure Boot PCR 7 data will be processed
if the vendor-table.json from code was used, print a msg noting that the file was not found, and the code file was used
Note for testing purposes:
Typical file permissions for the path to vendor
/etc/ drwxr-xr-x.
/hirs/ drwxr-xr-x
/aca/ drwxr-x---
/default-properties/ drwxr-xr-x
vendor-table.json -rw-r--r--
For testing purposes, to render the file vendor-table.json acessible to user, the permissions for /aca/ need to be changed from 750 to 751.
The text was updated successfully, but these errors were encountered:
iadgovuser58
changed the title
Eventlog Tool root access
Event processing when no access to vendor-table.json Part 1/2
May 9, 2024
iadgovuser58
changed the title
Event processing when no access to vendor-table.json Part 1/2
Event processing when no access to vendor-table.json
May 9, 2024
When eventlog tool is run as user (such as in a command prompt without sudo, or in an IDE which is run as the user), the vendor-table.json file is not accessible, and so valid GUID lookups return "unknown GUID reference". In some cases the code needs this GUID reference to determine the next piece of code that executes. If the GUID is valid but the code thinks it is invalid, it will not process the next chunk of data properly.
Changes needed:
Part 1:
Part 2:
Note for testing purposes:
Typical file permissions for the path to vendor
For testing purposes, to render the file vendor-table.json acessible to user, the permissions for /aca/ need to be changed from 750 to 751.
The text was updated successfully, but these errors were encountered: