-
Notifications
You must be signed in to change notification settings - Fork 13
add boot transparency support #6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
danbia
wants to merge
66
commits into
usbarmory:development
Choose a base branch
from
danbia:boot-transparency
base: development
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
66 commits
Select commit
Hold shift + click to select a range
b2dbdbf
add boot transparency support
danbia d31a7ff
update documentation
danbia 2f42c9d
tyding
danbia 8623013
address PR comments
danbia bd2b1ed
replace online/offline nomenclature
danbia 40b0cbd
move back transparency code to a dedicated pkg, add btCmd under cmd/a…
danbia fd40723
tyding
danbia 117a3dc
add to bt validation artifacts hash check
danbia b2f1ea2
improves godoc and comments
danbia 8602fe6
tyding
danbia 10733ef
fix per-entry path construction
danbia fa75081
remove uneccessary const type + improve godoc comments
danbia 9169926
tyding
danbia 83de386
uses idiomatic errors where applicable
danbia 6e41fb7
use path.Join to assemble configuration paths
danbia dca10be
better usage of BtStatus type
danbia a9b37f2
move configuration loading to transparency.go
danbia 2227596
better code organization in cmd/linux and add configuration methods
danbia 3fca8d7
improves configuration path construction
danbia 13cfbf8
define BootEntry type for better code organization
danbia ead2d21
tyding
danbia d293f00
more idiomatic code re-organization
danbia 2afa5f2
more consistent proof hash validation names
danbia 07720d1
fix code repetition in load config
danbia b7bad2a
add support for external pkg usage
danbia 967e784
automatically detect if operating externally to a UEFI bootloader
danbia 518e7be
tyding
danbia 6f43b79
tyding
danbia 299e394
add protections against invalid hash and root fs
danbia 33f0ce0
add test files for transparency pkg
danbia a182d68
fix Offline vs Online tests
danbia ae5685b
returns error if online mode is selected and network is unavailable
danbia 9ea8cae
improve cmd help consistency
danbia a67ce20
limit returns in the bt config function
danbia bc17134
documentation tyiding
danbia b67c30e
moves btValidate function to auth.go
danbia cc56a74
better usage of const to store test values
danbia efb36e8
avoid func definition on *BootEntry -> use BootEntry
danbia 6a2fee3
moves entirely btValidate function to auth.go btValidateLinux
danbia 7a0b4ed
tyding
danbia 107027d
function renaming hasValidHash -> validHash
danbia 7697446
makes engine a Config property and align the codebase to the latest b…
danbia 5ead986
improves error messages
danbia 82b9a5b
revert cmd/auth.go
danbia 2146afe
move hash validation function comment
danbia a79b5a8
fix error detection boot_entry test
danbia a26554b
updates SetKey to use []byte as argument
danbia a771b1a
improve comments on config key fields
danbia a69663b
improve comments and error messages
danbia bba9774
uses fmt.Errorf instead of errors.New as fmt is already imported
danbia 7f3e20c
more idomatic error check
danbia 03b54ae
improves error checks
danbia 74c8947
change Status code resolution function name Resove -> String
danbia 2e16529
simplifies error message on bt validation
danbia cccd427
change Hash(*[]byte) (string) -> Sum(b []byte) ([]byte)
danbia cbc5c14
align test files to Sum()
danbia a83ab5a
uses artifact.Sum() and artifact.HashSize const from boot-transparenc…
danbia 766688e
moves artifact hash verification to boot-transparency library
danbia 3f6cef2
Merge branch 'development' into boot-transparency
danbia 447c09d
update dependencies
danbia a9a68ea
replace UEFI specific loading code
danbia 83d80ce
tyding
danbia 775721e
exports PathPrefix to allow configuring the asset store directory
danbia 9d9e1f8
expand testcases
danbia e5f5144
removes Metadata from BootArtifact until they will be fully supported
danbia 4b86329
exports default path prefix
danbia File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Some comments aren't visible on the classic Files Changed page.
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| // Copyright (c) The go-boot authors. All Rights Reserved. | ||
| // | ||
| // Use of this source code is governed by the license | ||
| // that can be found in the LICENSE file. | ||
|
|
||
| package cmd | ||
|
|
||
| import ( | ||
| "errors" | ||
| "fmt" | ||
| "io/fs" | ||
| "net" | ||
| "regexp" | ||
| "strings" | ||
|
|
||
| "github.com/usbarmory/go-boot/shell" | ||
| "github.com/usbarmory/go-boot/transparency" | ||
| "github.com/usbarmory/go-boot/uapi" | ||
|
|
||
| "github.com/usbarmory/boot-transparency/artifact" | ||
| "github.com/usbarmory/boot-transparency/policy" | ||
| _ "github.com/usbarmory/boot-transparency/engine/sigsum" | ||
| _ "github.com/usbarmory/boot-transparency/engine/tessera" | ||
| bt_transparency "github.com/usbarmory/boot-transparency/transparency" | ||
| ) | ||
|
|
||
| var btConfig transparency.Config | ||
|
|
||
| func init() { | ||
| shell.Add(shell.Cmd{ | ||
| Name: "bt", | ||
| Args: 2, | ||
| Pattern: regexp.MustCompile(`^(?:bt)( none| offline| online)?( sigsum| tessera)?$`), | ||
| Syntax: "(none|offline|online)? (sigsum|tessera)?", | ||
| Help: "show/change boot-transparency configuration", | ||
| Fn: btCmd, | ||
| }) | ||
| } | ||
|
|
||
| func btCmd(_ *shell.Interface, arg []string) (res string, err error) { | ||
| if len(arg[0]) > 0 { | ||
| switch strings.TrimSpace(arg[0]) { | ||
| case "none": | ||
| btConfig.Status = transparency.None | ||
| case "offline": | ||
| btConfig.Status = transparency.Offline | ||
| case "online": | ||
| if net.SocketFunc == nil { | ||
| return "", errors.New("network unavailable") | ||
| } | ||
| btConfig.Status = transparency.Online | ||
| } | ||
|
|
||
| if btConfig.Status != transparency.None && len(arg[1]) == 0 { | ||
| return "", errors.New("invalid transparency engine") | ||
| } | ||
|
|
||
| if len(arg[1]) > 0 { | ||
| e := bt_transparency.EngineCodeFromString[strings.TrimSpace(arg[1])] | ||
| if _, err = bt_transparency.GetEngine(e); err != nil { | ||
| return "", fmt.Errorf("unable to configure the transparency engine, %v", err) | ||
| } | ||
| btConfig.Engine = e | ||
| } | ||
| } | ||
|
|
||
| switch btConfig.Status { | ||
| case transparency.None: | ||
| res = fmt.Sprintf("boot-transparency is disabled\n") | ||
| case transparency.Offline, transparency.Online: | ||
| res = fmt.Sprintf("boot-transparency is enabled in %s mode, %s engine selected\n", btConfig.Status, btConfig.Engine) | ||
| } | ||
|
|
||
| return | ||
| } | ||
|
|
||
| func btValidateLinux(entry *uapi.Entry, root fs.FS) (err error) { | ||
| if entry == nil || len(entry.Linux) == 0 { | ||
| return errors.New("invalid kernel entry") | ||
| } | ||
|
|
||
| btConfig.Root = root | ||
|
|
||
| btEntry := policy.BootEntry{ | ||
| policy.BootArtifact{ | ||
| Category: artifact.LinuxKernel, | ||
| Data: entry.Linux, | ||
| }, | ||
| policy.BootArtifact{ | ||
| Category: artifact.Initrd, | ||
| Data: entry.Initrd, | ||
| }, | ||
| } | ||
|
|
||
| return transparency.Validate(&btConfig, &btEntry) | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| // Copyright (c) The go-boot authors. All Rights Reserved. | ||
| // | ||
| // Use of this source code is governed by the license | ||
| // that can be found in the LICENSE file. | ||
|
|
||
| // Package transparency implements an interface to the | ||
| // boot-transparency library functions to ease boot bundle | ||
| // validation. | ||
| package transparency | ||
|
|
||
| import ( | ||
| "fmt" | ||
|
|
||
| "github.com/usbarmory/boot-transparency/policy" | ||
| "github.com/usbarmory/boot-transparency/transparency" | ||
| ) | ||
|
|
||
| // Validate applies boot-transparency validation (e.g. inclusion proof, | ||
| // boot policy and claims consistency) for the argument [Config] representing | ||
| // the boot transparency configuration. | ||
| // Returns error if the boot artifacts are not passing the validation. | ||
| func Validate(c *Config, b *policy.BootEntry) (err error) { | ||
| if c.Status == None { | ||
| return | ||
| } | ||
|
|
||
| if len(*b) == 0 { | ||
| return fmt.Errorf("invalid boot entry") | ||
| } | ||
|
|
||
| // Automatically load the configuration from the configured root filesystem. | ||
| if c.Root != nil { | ||
| entryPath, err := c.Path(b) | ||
| if err != nil { | ||
| return fmt.Errorf("cannot load boot-transparency configuration, %v", err) | ||
| } | ||
|
|
||
| if err = c.loadFromRoot(entryPath); err != nil { | ||
| return fmt.Errorf("cannot load boot-transparency configuration, %v", err) | ||
| } | ||
| } | ||
|
|
||
| te, err := transparency.GetEngine(c.Engine) | ||
| if err != nil { | ||
| return fmt.Errorf("unable to get transparency engine, %v", err) | ||
| } | ||
|
|
||
| if err = te.SetKey(c.LogKey, c.SubmitKey); err != nil { | ||
| return fmt.Errorf("unable to set log and submitter keys, %v", err) | ||
| } | ||
|
|
||
| if err = te.SetWitnessPolicy(c.WitnessPolicy); err != nil { | ||
| return fmt.Errorf("unable to set witness policy, %v", err) | ||
| } | ||
|
|
||
| format, statement, proof, probe, _, err := transparency.ParseProofBundle(c.ProofBundle) | ||
| if err != nil { | ||
| return fmt.Errorf("unable to parse the proof bundle, %v", err) | ||
| } | ||
|
|
||
| if format != c.Engine { | ||
| return fmt.Errorf("proof bundle format doesn't match the transparency engine.") | ||
| } | ||
|
|
||
| // If network access is available the inclusion proof verification | ||
| // is performed using the proof fetched from the log. | ||
| if c.Status == Online { | ||
| proof, err = te.GetProof(statement, probe) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| } | ||
|
|
||
| if err = te.VerifyProof(statement, proof, nil); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| requirements, err := policy.ParseRequirements(c.BootPolicy) | ||
| if err != nil { | ||
| return | ||
| } | ||
|
|
||
| claims, err := policy.ParseStatement(statement) | ||
| if err != nil { | ||
| return | ||
| } | ||
|
|
||
| // Validate the matching between the logged claims and the policy requirements, | ||
| // fot the given set of boot artifacts. | ||
| if err = policy.Validate(requirements, claims, b); err != nil { | ||
| // The boot bundle is NOT authorized. | ||
| return | ||
| } | ||
|
|
||
| // boot-transparency validation passed, boot bundle is authorized. | ||
| return | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.