diff --git a/cmd/txt-suite/TESTPLAN.md b/cmd/txt-suite/TESTPLAN.md
index 50ea9765..2dab7d48 100644
--- a/cmd/txt-suite/TESTPLAN.md
+++ b/cmd/txt-suite/TESTPLAN.md
@@ -13,69 +13,65 @@ Id | Test | Implemented | Document | Chapter
10 | TXT registers are locked | :white_check_mark: | |
11 | IA32 debug interface is disabled | :white_check_mark: | |
12 | TPM connection | :white_check_mark: | |
-13 | TPM 1.2 present | :white_check_mark: | |
-14 | TPM 2.0 is present | :white_check_mark: | |
-15 | TPM is present | :white_check_mark: | |
-16 | TPM NVRAM is locked | :white_check_mark: | Document 558294 Revision 2.0 | 5.6.3.1 Failsafe Hash
-17 | PS Index has correct config | :white_check_mark: | Document 315168-016 | I TPM NV
-18 | AUX Index has correct config | :white_check_mark: | Document 315168-016 | I TPM NV
-19 | AUX Index has the correct hash | :white_check_mark: | Document 315168-016 | I TPM NV
-20 | PO Index has correct config | :white_check_mark: | Document 315168-016 | I TPM NV
-21 | PS index has valid LCP Policy | :white_check_mark: | Document 315168-016 | D.3 LCP_POLICY_LIST
-22 | PO index has valid LCP Policy | :white_check_mark: | Document 315168-016 | D.3 LCP_POLICY_LIST
-23 | PCR 0 is set correctly | :white_check_mark: | Document 558294 Revision 2.0 | BIOS Startup Module (Type 0x07) Entry
-24 | NPW mode is deactivated in PS policy | :white_check_mark: | Document 558294 Revision 2.0 | 4.1.4 Supported Platform Configurations
-25 | Auto-promotion mode is active | :white_check_mark: | Document 558294 Revision 2.0 | 5.6.2 Autopromotion Hash and Signed BIOS Policy
-26 | Signed policy mode is active | :white_check_mark: | Document 558294 Revision 2.0 | 5.6.2 Autopromotion Hash and Signed BIOS Policy
-27 | Valid FIT vector | :white_check_mark: | Document 599500 Revision 1.2 | 3.0 FIT Pointer
-28 | Valid FIT | :white_check_mark: | Document 599500 Revision 1.2 | 4.0 Firmware Interface Table
-29 | Microcode update entry in FIT | :white_check_mark: | Document 599500 Revision 1.2 | 4.4 Startup ACM (Type 2) Rules
-30 | BIOS ACM entry in FIT | :white_check_mark: | Document 599500 Revision 1.2 | 4.4 Startup ACM (Type 2) Rules
-31 | IBB entry in FIT | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
-32 | BIOS Policy entry in FIT | :white_check_mark: | |
-33 | IBB covers reset vector | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
-34 | IBB covers FIT vector | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
-35 | IBB covers FIT | :white_check_mark: | |
-36 | IBBs doesn't overlap each other | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
-37 | BIOS ACM does not overlap IBBs | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
-38 | IBB and BIOS ACM below 4GiB | :white_check_mark: | Document 558294 Revision 2.0 | 2.2 FIT Pointer Rules
-39 | TXT not disabled by LCP Policy | :white_check_mark: | Document 315168-016 | B.1.6 TXT.SPAD – BOOTSTATUS
-40 | BIOSACM header valid | :white_check_mark: | Document 315168-016 | A.1 Authenticated Code Module Format
-41 | BIOSACM size check | :white_check_mark: | Document 315168-016 | A.1 Authenticated Code Module Format
-42 | BIOSACM alignment check | :white_check_mark: | Document 315168-016 | A.1.1 Memory Type Cacheability Restrictions
-43 | BIOSACM matches chipset | :white_check_mark: | Document 315168-016 | 2.2.3.1 Matching an AC Module to the Platform
-44 | BIOSACM matches processor | :white_check_mark: | Document 315168-016 | 2.2.3.1 Matching an AC Module to the Platform
-45 | SINIT/BIOS ACM has no NPW flag set | :white_check_mark: | Document 558294 Revision 2.0 | 4.1.4 Supported Platform Configurations
-46 | SINIT ACM supports used TPM | :white_check_mark: | Document 315168-016 | 4.1.4 Supported Platform Configurations
-47 | TXT memory ranges valid | :white_check_mark: | Document 315168-016 | B.1
-48 | TXT public area reserved in e820 | :white_check_mark: | Document 558294 Revision 2.0 | 5.5.3 Intel TXT Public Space
-49 | TXT private area reserved in e820 | :white_check_mark: | Document 558294 Revision 2.0 | 5.5.2 Intel TXT Private Space
-50 | TXT memory reserved in e820 | :white_check_mark: | Document 558294 Revision 2.0 | 5.5.4 Intel TPM Decode Area
-51 | MMIO TPMDecode space reserved in e820 | :white_check_mark: | Document 558294 Revision 2.0 | 5.5.4 TPM Decode Area
-52 | TXT memory in a DMA protected range | :white_check_mark: | Document 315168-016 | 1.11.1 DMA Protected Range (DPR)
-53 | TXT DPR register locked | :white_check_mark: | Document 315168-016 | 1.11.1 DMA Protected Range (DPR)
-54 | CPU DPR equals hostbridge DPR | :white_check_mark: | Document 315168-016 | B 1.15 TXT.DPR – DMA Protected Range
-55 | CPU hostbridge DPR register locked | :white_check_mark: | Document 315168-016 | B 1.15 TXT.DPR – DMA Protected Range
-56 | TXT region contains SINIT ACM | :white_check_mark: | Document 315168-016 | B 1.10 TXT.SINIT.BASE – SINIT Base Address
-57 | SINIT ACM matches chipset | :white_check_mark: | Document 315168-016 | 2.2.3.1 Matching an AC Module to the Platform
-58 | SINIT ACM matches CPU | :white_check_mark: | Document 315168-016 | 2.2.3.1 Matching an AC Module to the Platform
-59 | SINIT ACM startup successful | :white_check_mark: | |
-60 | BIOS DATA REGION present | :white_check_mark: | Document 315168-016 | C.2 BIOS Data Format
-61 | BIOS DATA REGION valid | :white_check_mark: | Document 315168-016 | C.2 BIOS Data Format
-62 | CPU supports MTRRs | :white_check_mark: | Document 315168-016 | 2.2.5.1 MTRR Setup Prior to GETSEC[SENTER] Execution
-63 | CPU supports SMRRs | :white_check_mark: | |
-64 | SMRR covers SMM memory | :white_check_mark: | |
-65 | SMRR protection active | :white_check_mark: | |
-66 | IOMMU/VT-d active | :white_check_mark: | Document 315168-016 | 1.11.2 Protected Memory Regions (PMRs)
-67 | TXT server mode enabled | :white_check_mark: | |
-68 | ACPI RSDP exists and has valid checksum | :white_check_mark: | | SINIT Class 0xC Major 1
-69 | ACPI MCFG is present | :white_check_mark: | | SINIT Class 0xC Major 0xa
-70 | ACPI DMAR is present | :white_check_mark: | | SINIT Class 0xC Major 4
-71 | ACPI DMAR is valid | :white_check_mark: | | SINIT Class 0xC Major 5
-72 | ACPI MADT is present | :white_check_mark: | | SINIT Class 0xC Major 16
-73 | ACPI MADT is valid | :white_check_mark: | | SINIT Class 0xC Major 7
-74 | ACPI RSDT present | :x: | | SINIT Class 0xC Major 2
-75 | ACPI RSDT is valid | :white_check_mark: | | SINIT Class 0xC Major 3
-76 | ACPI XSDT present | :white_check_mark: | | SINIT Class 0xC Major 9
-77 | ACPI XSDT is valid | :white_check_mark: | | SINIT Class 0xC Major 9
-78 | ACPI RSDT or XSDT is valid | :white_check_mark: | | 5.2.8 Extended System Description Table (XSDT)
+13 | TPM is present | :white_check_mark: | |
+14 | TPM NVRAM is locked | :white_check_mark: | Document 558294 Revision 2.0 | 5.6.3.1 Failsafe Hash
+15 | PS Index has correct config | :white_check_mark: | Document 315168-016 | I TPM NV
+16 | AUX Index has correct config | :white_check_mark: | Document 315168-016 | I TPM NV
+17 | AUX Index has the correct hash | :white_check_mark: | Document 315168-016 | I TPM NV
+18 | PO Index has correct config | :white_check_mark: | Document 315168-016 | I TPM NV
+19 | PS index has valid LCP Policy | :white_check_mark: | Document 315168-016 | D.3 LCP_POLICY_LIST
+20 | PO index has valid LCP Policy | :white_check_mark: | Document 315168-016 | D.3 LCP_POLICY_LIST
+21 | PCR 0 is set correctly | :white_check_mark: | Document 558294 Revision 2.0 | BIOS Startup Module (Type 0x07) Entry
+22 | NPW mode is deactivated in PS policy | :white_check_mark: | Document 558294 Revision 2.0 | 4.1.4 Supported Platform Configurations
+23 | TXT Mode is set | :white_check_mark: | Document 558294 Revision 2.0 | 5.6.2 Autopromotion Hash and Signed BIOS Policy
+24 | Valid FIT vector | :white_check_mark: | Document 599500 Revision 1.2 | 3.0 FIT Pointer
+25 | Valid FIT | :white_check_mark: | Document 599500 Revision 1.2 | 4.0 Firmware Interface Table
+26 | Microcode update entry in FIT | :white_check_mark: | Document 599500 Revision 1.2 | 4.4 Startup ACM (Type 2) Rules
+27 | BIOS ACM entry in FIT | :white_check_mark: | Document 599500 Revision 1.2 | 4.4 Startup ACM (Type 2) Rules
+28 | IBB entry in FIT | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
+29 | BIOS Policy entry in FIT | :x: | |
+30 | IBB covers reset vector | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
+31 | IBB covers FIT vector | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
+32 | IBB covers FIT | :white_check_mark: | |
+33 | IBBs doesn't overlap each other | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
+34 | BIOS ACM does not overlap IBBs | :white_check_mark: | Document 599500 Revision 1.2 | 4.6 BIOS Startup Module (Type 7) Rules
+35 | IBB and BIOS ACM below 4GiB | :white_check_mark: | Document 558294 Revision 2.0 | 2.2 FIT Pointer Rules
+36 | TXT not disabled by LCP Policy | :white_check_mark: | Document 315168-016 | B.1.6 TXT.SPAD – BOOTSTATUS
+37 | BIOSACM header valid | :white_check_mark: | Document 315168-016 | A.1 Authenticated Code Module Format
+38 | BIOSACM size check | :white_check_mark: | Document 315168-016 | A.1 Authenticated Code Module Format
+39 | BIOSACM alignment check | :white_check_mark: | Document 315168-016 | A.1.1 Memory Type Cacheability Restrictions
+40 | BIOSACM matches chipset | :white_check_mark: | Document 315168-016 | 2.2.3.1 Matching an AC Module to the Platform
+41 | BIOSACM matches processor | :white_check_mark: | Document 315168-016 | 2.2.3.1 Matching an AC Module to the Platform
+42 | SINIT/BIOS ACM has no NPW flag set | :white_check_mark: | Document 558294 Revision 2.0 | 4.1.4 Supported Platform Configurations
+43 | SINIT ACM supports used TPM | :white_check_mark: | Document 315168-016 | 4.1.4 Supported Platform Configurations
+44 | TXT memory ranges valid | :white_check_mark: | Document 315168-016 | B.1
+45 | TXT public area reserved in e820 | :white_check_mark: | Document 558294 Revision 2.0 | 5.5.3 Intel TXT Public Space
+46 | TXT private area reserved in e820 | :white_check_mark: | Document 558294 Revision 2.0 | 5.5.2 Intel TXT Private Space
+47 | TXT memory reserved in e820 | :white_check_mark: | Document 558294 Revision 2.0 | 5.5.4 Intel TPM Decode Area
+48 | MMIO TPMDecode space reserved in e820 | :white_check_mark: | Document 558294 Revision 2.0 | 5.5.4 TPM Decode Area
+49 | TXT memory in a DMA protected range | :white_check_mark: | Document 315168-016 | 1.11.1 DMA Protected Range (DPR)
+50 | TXT DPR register locked | :white_check_mark: | Document 315168-016 | 1.11.1 DMA Protected Range (DPR)
+51 | CPU DPR equals hostbridge DPR | :white_check_mark: | Document 315168-016 | B 1.15 TXT.DPR – DMA Protected Range
+52 | CPU hostbridge DPR register locked | :white_check_mark: | Document 315168-016 | B 1.15 TXT.DPR – DMA Protected Range
+53 | TXT region contains SINIT ACM | :white_check_mark: | Document 315168-016 | B 1.10 TXT.SINIT.BASE – SINIT Base Address
+54 | SINIT ACM matches chipset | :white_check_mark: | Document 315168-016 | 2.2.3.1 Matching an AC Module to the Platform
+55 | SINIT ACM matches CPU | :white_check_mark: | Document 315168-016 | 2.2.3.1 Matching an AC Module to the Platform
+56 | BIOS DATA REGION present | :white_check_mark: | Document 315168-016 | C.2 BIOS Data Format
+57 | BIOS DATA REGION valid | :white_check_mark: | Document 315168-016 | C.2 BIOS Data Format
+58 | CPU supports MTRRs | :white_check_mark: | Document 315168-016 | 2.2.5.1 MTRR Setup Prior to GETSEC[SENTER] Execution
+59 | CPU supports SMRRs | :white_check_mark: | |
+60 | SMRR covers SMM memory | :white_check_mark: | |
+61 | SMRR protection active | :white_check_mark: | |
+62 | IOMMU/VT-d active | :white_check_mark: | Document 315168-016 | 1.11.2 Protected Memory Regions (PMRs)
+63 | TXT server mode enabled | :white_check_mark: | |
+64 | ACPI RSDP exists and has valid checksum | :white_check_mark: | | SINIT Class 0xC Major 1
+65 | ACPI MCFG is present | :white_check_mark: | | SINIT Class 0xC Major 0xa
+66 | ACPI DMAR is present | :white_check_mark: | | SINIT Class 0xC Major 4
+67 | ACPI DMAR is valid | :white_check_mark: | | SINIT Class 0xC Major 5
+68 | ACPI MADT is present | :white_check_mark: | | SINIT Class 0xC Major 16
+69 | ACPI MADT is valid | :white_check_mark: | | SINIT Class 0xC Major 7
+70 | ACPI RSDT present | :x: | | SINIT Class 0xC Major 2
+71 | ACPI RSDT is valid | :white_check_mark: | | SINIT Class 0xC Major 3
+72 | ACPI XSDT present | :white_check_mark: | | SINIT Class 0xC Major 9
+73 | ACPI XSDT is valid | :white_check_mark: | | SINIT Class 0xC Major 9
+74 | ACPI RSDT or XSDT is valid | :white_check_mark: | | 5.2.8 Extended System Description Table (XSDT)
diff --git a/cmd/txt-suite/cmd.go b/cmd/txt-suite/cmd.go
index 1fd85f77..d64f2c2a 100644
--- a/cmd/txt-suite/cmd.go
+++ b/cmd/txt-suite/cmd.go
@@ -8,6 +8,7 @@ import (
"strings"
"github.com/9elements/converged-security-suite/pkg/test"
+ "github.com/9elements/converged-security-suite/pkg/tools"
)
var testno = flag.String("t", "", "Select test number 1 - 50. e.g.: -t=1,2,3,4,...")
@@ -49,21 +50,48 @@ func showHelp() {
fmt.Println("\t-legacyboot : Test if platform is TXT Legacy boot enabled")
}
+func systemRunsCoreboot() (bool, error) {
+ firmware, err := tools.SMBIOSGetVendor()
+ if err != nil {
+ return false, err
+ }
+ if strings.Contains(*firmware, string(test.FWCoreboot)) {
+ return true, nil
+ }
+ return false, nil
+}
+
func getTests() []*test.Test {
var tests []*test.Test
+ coreboot, _ := systemRunsCoreboot()
for i := range test.TestsCPU {
+ if test.TestsCPU[i].Firmware == test.FWNoCoreboot && coreboot {
+ continue
+ }
tests = append(tests, test.TestsCPU[i])
}
for i := range test.TestsTPM {
+ if test.TestsTPM[i].Firmware == test.FWNoCoreboot && coreboot {
+ continue
+ }
tests = append(tests, test.TestsTPM[i])
}
for i := range test.TestsFIT {
+ if test.TestsFIT[i].Firmware == test.FWNoCoreboot && coreboot {
+ continue
+ }
tests = append(tests, test.TestsFIT[i])
}
for i := range test.TestsMemory {
+ if test.TestsMemory[i].Firmware == test.FWNoCoreboot && coreboot {
+ continue
+ }
tests = append(tests, test.TestsMemory[i])
}
for i := range test.TestsACPI {
+ if test.TestsACPI[i].Firmware == test.FWNoCoreboot && coreboot {
+ continue
+ }
tests = append(tests, test.TestsACPI[i])
}
return tests
@@ -108,8 +136,8 @@ func deconstructFlag() ([]int, error) {
var err error
tmpstrings = strings.Split(*testno, ",")
for _, item := range tmpstrings {
- if strings.Contains(*testno, "-") {
- testrange = strings.Split(*testno, "-")
+ if strings.Contains(item, "-") {
+ testrange = strings.Split(item, "-")
testmin, err = strconv.Atoi(testrange[0])
if err != nil {
return nil, err
@@ -119,7 +147,7 @@ func deconstructFlag() ([]int, error) {
return nil, err
}
- for i := testmin; i < testmax; i++ {
+ for i := testmin; i <= testmax; i++ {
testnos = append(testnos, i)
}
diff --git a/cmd/txt-suite/main.go b/cmd/txt-suite/main.go
index 687c669d..30bb426e 100644
--- a/cmd/txt-suite/main.go
+++ b/cmd/txt-suite/main.go
@@ -66,6 +66,7 @@ func run(tests []*test.Test) bool {
ioutil.WriteFile(logfile, data, 0664)
}
+ fmt.Printf("For more information about the documents and chapters, run: txt-suite -m\n\n")
for index := range tests {
if tests[index].Status == test.NotImplemented {
continue
@@ -73,21 +74,17 @@ func run(tests []*test.Test) bool {
if tests[index].Result == test.ResultNotRun {
continue
}
+ fmt.Printf("%02d - ", index)
fmt.Printf("%-40s: ", a.Bold(tests[index].Name))
f.Flush()
if tests[index].Result == test.ResultPass {
- fmt.Printf("%-20s\n", a.Bold(a.Green(tests[index].Result)))
- } else if tests[index].Result == test.ResultWarn {
- fmt.Printf("%-20s\n", a.Bold(a.Yellow(tests[index].Result)))
+ fmt.Printf("%-20s", a.Bold(a.Green(tests[index].Result)))
} else {
- fmt.Printf("%-20s\n", a.Bold(a.Red(tests[index].Result)))
+ fmt.Printf("%-20s", a.Bold(a.Red(tests[index].Result)))
}
if tests[index].ErrorText != "" {
- fmt.Printf(" %s\n", tests[index].ErrorText)
- }
- if tests[index].ErrorTextSpec != "" {
- fmt.Printf(" %s\n", tests[index].ErrorTextSpec)
+ fmt.Printf(" (%s)", tests[index].ErrorText)
}
fmt.Printf("\n")
diff --git a/go.mod b/go.mod
index 36adafca..317be73a 100644
--- a/go.mod
+++ b/go.mod
@@ -4,9 +4,20 @@ go 1.11
require (
github.com/9elements/go-tss v0.0.0-20200703054618-83e8814aec2a
+ github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e
+ github.com/dsnet/compress v0.0.1 // indirect
github.com/fearful-symmetry/gomsr v0.0.1
+ github.com/golang/protobuf v1.4.2 // indirect
+ github.com/golang/snappy v0.0.1 // indirect
github.com/google/go-tpm v0.3.1-0.20200725052042-df638858bece
github.com/intel-go/cpuid v0.0.0-20181003105527-1a4a6f06a1c6
- github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381
- golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a // indirect
+ github.com/logrusorgru/aurora v2.0.3+incompatible
+ github.com/mholt/archiver v3.1.1+incompatible
+ github.com/nwaples/rardecode v1.1.0 // indirect
+ github.com/pierrec/lz4 v2.5.2+incompatible // indirect
+ github.com/spf13/pflag v1.0.5
+ github.com/ulikunitz/xz v0.5.7 // indirect
+ github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
+ golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1 // indirect
+ google.golang.org/protobuf v1.25.0 // indirect
)
diff --git a/go.sum b/go.sum
index a3bdbd8f..e5aa4af3 100644
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,4 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/9elements/go-tss v0.0.0-20200629055722-becddcff0042 h1:dXNI7wmv/VXysS5lh4YmE4FC4G6oFgB3A3mJZTqWEXc=
github.com/9elements/go-tss v0.0.0-20200629055722-becddcff0042/go.mod h1:pEyHqkvznGT1Zk1zYr1p96m5sCkru89gdh8XuyddP4U=
github.com/9elements/go-tss v0.0.0-20200703051206-b6b15a96e75e h1:hgsw3yHYW2jFcNrGYwcu052QLMuV3pSZGojoNMA8ToY=
@@ -8,54 +9,147 @@ github.com/9elements/go-tss v0.0.0-20200703054618-83e8814aec2a h1:QXvqjNu+/IxP9k
github.com/9elements/go-tss v0.0.0-20200703054618-83e8814aec2a/go.mod h1:pEyHqkvznGT1Zk1zYr1p96m5sCkru89gdh8XuyddP4U=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e h1:vUmf0yezR0y7jJ5pceLHthLaYf4bA5T14B6q39S4q2Q=
+github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e/go.mod h1:YTIHhz/QFSYnu/EhlF2SpU2Uk+32abacUYA5ZPljz1A=
+github.com/dsnet/compress v0.0.1 h1:PlZu0n3Tuv04TzpfPbrnI0HW/YwodEXDS+oPKahKF0Q=
+github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo=
+github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/fearful-symmetry/gomsr v0.0.1 h1:m208RzdTApWVbv8a9kf78rdPLQe+BY9AxRb/nSbHxSA=
github.com/fearful-symmetry/gomsr v0.0.1/go.mod h1:Qb/0Y7zwobP7v8Sji+M5mlL4N7Voyz5WaKXXRFPnLio=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4/go.mod h1:H9HbmUG2YgV/PHITkO7p6wxEEj/v5nlsVWIwumwH2NI=
github.com/google/go-tpm v0.2.0 h1:3Z5ZjNRQ0CsUj3yWXtbbx4Vfb/sQapdSeZJvuaKuQzc=
+github.com/google/go-tpm v0.2.1-0.20191106030929-f0607eac7f8a/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
github.com/google/go-tpm v0.2.1-0.20200624183331-16766ac45214/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
github.com/google/go-tpm v0.2.1-0.20200625152350-5f97f2956697/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
github.com/google/go-tpm v0.2.1-0.20200701210658-e06fe77d4428 h1:FxKQsvo2wttLJb5z8FOoxMmUUkLoCY7TksIEHPiJxdY=
github.com/google/go-tpm v0.2.1-0.20200701210658-e06fe77d4428/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
github.com/google/go-tpm v0.2.1-0.20200720074827-d2c518baf720 h1:RsvoS9X2YFocbmIWtQw7jMUAj7fKcefaYWMiusv1B6M=
github.com/google/go-tpm v0.2.1-0.20200720074827-d2c518baf720/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
+github.com/google/go-tpm v0.3.0/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
github.com/google/go-tpm v0.3.1-0.20200725052042-df638858bece h1:DGQXr/hP5635epUzrv1XfYWB8xSI7KeUguJOQ1R5hqQ=
github.com/google/go-tpm v0.3.1-0.20200725052042-df638858bece/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
github.com/google/go-tpm-tools v0.0.0-20190906225433-1614c142f845/go.mod h1:AVfHadzbdzHo54inR2x1v640jdi1YSi3NauM2DUsxk0=
+github.com/google/go-tpm-tools v0.1.2/go.mod h1:7P6l1Vpa84LrA4mT116MOOOLogA16bvo0SSE8020nkQ=
github.com/google/go-tpm-tools v0.1.3-0.20200626093744-11f284793aa8 h1:wNSpV8+LZMVdPGOZ9fLhjaI+AFbV7bk10zfJZKw9C8c=
github.com/google/go-tpm-tools v0.1.3-0.20200626093744-11f284793aa8/go.mod h1:43fCwoNawwJ3t2DQYH57tJvcRi8CF11ce01edlQBjqo=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/intel-go/cpuid v0.0.0-20181003105527-1a4a6f06a1c6 h1:XboatR7lasl05yel5hNXF7kQBw2oFUGdMztcgisfhNU=
github.com/intel-go/cpuid v0.0.0-20181003105527-1a4a6f06a1c6/go.mod h1:RmeVYf9XrPRbRc3XIx0gLYA8qOFvNoPOfaEZduRlEp4=
+github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
+github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs=
github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
+github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
+github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mholt/archiver v1.1.2 h1:xukR55YIrnhDHp10lrNtRSsAK5THpWrOCuviweNSBw4=
+github.com/mholt/archiver v3.1.1+incompatible h1:1dCVxuqs0dJseYEhi5pl7MYPH9zDa1wBi7mF09cbNkU=
+github.com/mholt/archiver v3.1.1+incompatible/go.mod h1:Dh2dOXnSdiLxRiPoVfIr/fI1TwETms9B8CTWfeh7ROU=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ=
+github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pierrec/lz4 v1.0.1 h1:w6GMGWSsCI04fTM8wQRdnW74MuJISakuUU0onU0TYB4=
+github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
+github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
+github.com/ulikunitz/xz v0.5.7 h1:YvTNdFzX6+W5m9msiYg/zpkSURPPtOlzbqYjrFn7Yt4=
+github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
+github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1 h1:sIky/MyNRSHTrdxfsiUSS4WIAMvInbeXljJz+jDjeYE=
+golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/pkg/test/acpi.go b/pkg/test/acpi.go
index a4d2102c..27a82875 100644
--- a/pkg/test/acpi.go
+++ b/pkg/test/acpi.go
@@ -19,6 +19,7 @@ var (
Required: true,
function: CheckRSDPValid,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 1",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -28,6 +29,7 @@ var (
Required: true,
function: CheckRSDTPresent,
Status: NotImplemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 2",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -38,6 +40,7 @@ var (
Required: false,
function: CheckRSDTValid,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 3",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -48,6 +51,7 @@ var (
Required: true,
function: CheckXSDTPresent,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 9",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -58,6 +62,7 @@ var (
Required: false,
function: CheckXSDTValid,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 9",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -68,6 +73,7 @@ var (
Required: true,
function: CheckRSDTorXSDTValid,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "5.2.8 Extended System Description Table (XSDT)",
SpecificiationTitle: ACPISpecificationTitle,
SpecificationDocumentID: ACPISpecificationDocumentID,
@@ -78,6 +84,7 @@ var (
Required: true,
function: CheckDMARPresence,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 4",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -88,6 +95,7 @@ var (
Required: true,
function: CheckDMARValid,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 5",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -98,6 +106,7 @@ var (
Required: true,
function: CheckMADTPresence,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 16",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -108,6 +117,7 @@ var (
Required: true,
function: CheckMADTValid,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 7",
SpecificiationTitle: ServerGrantleyPlatformSpecificationTitle,
SpecificationDocumentID: ServerGrantleyPlatformDocumentID,
@@ -297,6 +307,7 @@ var (
Required: true,
function: CheckMCFGPresence,
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "SINIT Class 0xC Major 0xa",
SpecificiationTitle: CBtGTXTPlatformSpecificationTitle,
SpecificationDocumentID: CBtGTXTPlatformDocumentID,
diff --git a/pkg/test/cpu.go b/pkg/test/cpu.go
index 6932c8ab..0f2a1a4b 100644
--- a/pkg/test/cpu.go
+++ b/pkg/test/cpu.go
@@ -96,7 +96,6 @@ var (
Name: "IBB is trusted",
function: IBBIsTrusted,
Required: false,
- NonCritical: true,
dependencies: []*Test{&testtxtregisterspaceaccessible},
Status: Implemented,
SpecificationChapter: "B.1.6 TXT.SPAD – BOOTSTATUS",
@@ -287,7 +286,7 @@ func IBBIsTrusted(txtAPI hwapi.APIInterfaces) (bool, error, error) {
if regs.BootStatus&(1<<59) != 0 && regs.BootStatus&(1<<63) != 0 {
return true, nil, nil
}
- return false, fmt.Errorf("IBB not trusted"), err
+ return true, fmt.Errorf("IBB not trusted, MLE not running"), err
}
// TXTRegistersLocked Verify that the TXT register space is locked
diff --git a/pkg/test/fit.go b/pkg/test/fit.go
index 5ea272a3..ec27edb5 100644
--- a/pkg/test/fit.go
+++ b/pkg/test/fit.go
@@ -8,6 +8,7 @@ import (
"github.com/9elements/converged-security-suite/pkg/hwapi"
"github.com/9elements/converged-security-suite/pkg/tools"
+ tss "github.com/9elements/go-tss"
)
// FITSize 16MiB
@@ -54,7 +55,6 @@ var (
testhasmcupdate = Test{
Name: "Microcode update entry in FIT",
Required: true,
- NonCritical: true,
function: HasMicroCode,
dependencies: []*Test{&testhasfit},
Status: Implemented,
@@ -83,11 +83,10 @@ var (
SpecificationDocumentID: IntelFITSpecificationDocumentID,
}
testhaslcpTest = Test{
- Name: "BIOS Policy entry in FIT",
- Required: false,
- function: HasBIOSPolicy,
- dependencies: []*Test{&testhasfit, &testtxtmodesignedpolicy},
- Status: Implemented,
+ Name: "BIOS Policy entry in FIT",
+ Required: false,
+ function: HasBIOSPolicy,
+ Status: NotImplemented,
}
testibbcoversresetvector = Test{
Name: "IBB covers reset vector",
@@ -700,13 +699,17 @@ func SINITACMcomplyTPMSpec(txtAPI hwapi.APIInterfaces) (bool, error, error) {
if err != nil {
return false, err, nil
}
- res := (1 >> tpms.Capabilities & (uint32(tools.TPMFamilyDTPM12) | uint32(tools.TPMFamilyDTPMBoth)))
- if res == 0 && testtpm12present.Result == ResultPass {
- return true, nil, nil
- }
- res = (1 >> tpms.Capabilities & (uint32(tools.TPMFamilyDTPM20) | uint32(tools.TPMFamilyDTPMBoth)))
- if res == 0 && testtpm2present.Result == ResultPass {
- return true, nil, nil
+ switch tpmCon.Version {
+ case tss.TPMVersion12:
+ res := (1 >> tpms.Capabilities & (uint32(tools.TPMFamilyDTPM12) | uint32(tools.TPMFamilyDTPMBoth)))
+ if res == 0 {
+ return true, nil, nil
+ }
+ case tss.TPMVersion20:
+ res := (1 >> tpms.Capabilities & (uint32(tools.TPMFamilyDTPM20) | uint32(tools.TPMFamilyDTPMBoth)))
+ if res == 0 {
+ return true, nil, nil
+ }
}
return false, fmt.Errorf("SINIT ACM does not support used TPM"), nil
}
diff --git a/pkg/test/memory.go b/pkg/test/memory.go
index 94c0c109..5b2ab639 100644
--- a/pkg/test/memory.go
+++ b/pkg/test/memory.go
@@ -124,13 +124,6 @@ var (
SpecificiationTitle: IntelTXTSpecificationTitle,
SpecificationDocumentID: IntelTXTSpecificationDocumentID,
}
- testnosiniterrors = Test{
- Name: "SINIT ACM startup successful",
- Required: false,
- NonCritical: true,
- function: NoSINITErrors,
- Status: Implemented,
- }
testbiosdataregionpresent = Test{
Name: "BIOS DATA REGION present",
Required: true,
@@ -185,7 +178,6 @@ var (
Required: false,
function: ActiveIOMMU,
Status: Implemented,
- NonCritical: true,
SpecificationChapter: "1.11.2 Protected Memory Regions (PMRs)",
SpecificiationTitle: IntelTXTSpecificationTitle,
SpecificationDocumentID: IntelTXTSpecificationDocumentID,
@@ -211,7 +203,6 @@ var (
&testsinitintxt,
&testsinitmatcheschipset,
&testsinitmatchescpu,
- &testnosiniterrors,
&testbiosdataregionpresent,
&testbiosdataregionvalid,
&testhasmtrr,
@@ -564,23 +555,6 @@ func SINITMatchesCPU(txtAPI hwapi.APIInterfaces) (bool, error, error) {
return false, fmt.Errorf("CPU signature not found in SINIT processor ID list"), nil
}
-// NoSINITErrors checks if the SINITACM was executed without any errors
-func NoSINITErrors(txtAPI hwapi.APIInterfaces) (bool, error, error) {
- buf, err := tools.FetchTXTRegs(txtAPI)
- if err != nil {
- return false, nil, err
- }
- regs, err := tools.ParseTXTRegs(buf)
- if err != nil {
- return false, nil, err
- }
-
- if regs.ErrorCodeRaw != 0xc0000001 {
- return false, fmt.Errorf("SINIT Error detected"), nil
- }
- return true, nil, nil
-}
-
// BIOSDATAREGIONPresent checks is the BIOSDATA Region is present in TXT Register Space
func BIOSDATAREGIONPresent(txtAPI hwapi.APIInterfaces) (bool, error, error) {
buf, err := tools.FetchTXTRegs(txtAPI)
diff --git a/pkg/test/test.go b/pkg/test/test.go
index f812a325..50ac7e12 100644
--- a/pkg/test/test.go
+++ b/pkg/test/test.go
@@ -54,15 +54,23 @@ const (
// ResultFail indicates that the test failed
ResultFail
- // ResultWarn indicates that the test failed for the standard configuration but can still be valid in a different configuration of TXT
- ResultWarn
-
// ResultPass indicates that the test succeeded.
ResultPass
)
+// FirmwareType exposes the type of firmware
+type FirmwareType string
+
+const (
+ // FWCoreboot indicates test does run on coreboot firmware
+ FWCoreboot FirmwareType = "coreboot"
+
+ // FWNoCoreboot indicates test doesn't run on coreboot firmware
+ FWNoCoreboot FirmwareType = "UEFI"
+)
+
func (t Result) String() string {
- return [...]string{"TESTNOTRUN", "DEPENDENCY_FAILED", "INTERNAL_ERROR", "FAIL", "WARN", "PASS"}[t]
+ return [...]string{"TESTNOTRUN", "DEPENDENCY_FAILED", "INTERNAL_ERROR", "FAIL", "PASS"}[t]
}
// Status exposes the type for test status
@@ -117,7 +125,7 @@ type Test struct {
ErrorTextSpec string
Status Status
Spec TXTSpec
- NonCritical bool
+ Firmware FirmwareType
// The chapter inside the spec used for this test
SpecificationChapter string
// The specification used in this test
@@ -160,8 +168,6 @@ var TestsTXTReady = []*Test{
// TPM tests
&testtpmconnection,
- &testtpm12present,
- &testtpm2present,
&testtpmispresent,
&testtpmnvramislocked,
@@ -224,8 +230,6 @@ var TestsTXTLegacyBoot = []*Test{
// TPM tests
&testtpmconnection,
- &testtpm12present,
- &testtpm2present,
&testtpmispresent,
&testtpmnvramislocked,
&testpsindexconfig,
@@ -275,12 +279,7 @@ func (t *Test) Run(TxtAPI hwapi.APIInterfaces) bool {
}
t.ErrorTextSpec += "for implementation details."
}
-
- if t.NonCritical {
- t.Result = ResultWarn
- } else {
- t.Result = ResultFail
- }
+ t.Result = ResultFail
} else if rc {
t.Result = ResultPass
} else {
diff --git a/pkg/test/test_test.go b/pkg/test/test_test.go
index 47c06b69..048cb5af 100644
--- a/pkg/test/test_test.go
+++ b/pkg/test/test_test.go
@@ -17,7 +17,7 @@ func TestTest_Run(t *testing.T) {
ErrorText string
Status Status
Spec TXTSpec
- NonCritical bool
+ Firmware FirmwareType
}
BNotImplemented := Test{
@@ -30,7 +30,7 @@ func TestTest_Run(t *testing.T) {
"",
NotImplemented,
Common,
- true,
+ FWCoreboot,
"",
"",
"",
@@ -46,7 +46,7 @@ func TestTest_Run(t *testing.T) {
"",
Implemented,
Common,
- true,
+ FWCoreboot,
"",
"",
"",
@@ -61,7 +61,7 @@ func TestTest_Run(t *testing.T) {
"",
Implemented,
Common,
- true,
+ FWCoreboot,
"",
"",
"",
@@ -84,7 +84,7 @@ func TestTest_Run(t *testing.T) {
"",
Implemented,
Common,
- true,
+ FWCoreboot,
},
true,
ResultPass,
@@ -100,7 +100,7 @@ func TestTest_Run(t *testing.T) {
"",
Implemented,
Common,
- true,
+ FWCoreboot,
},
false,
ResultDependencyFailed,
@@ -116,7 +116,7 @@ func TestTest_Run(t *testing.T) {
"",
Implemented,
Common,
- true,
+ FWCoreboot,
},
true,
ResultPass,
@@ -132,7 +132,7 @@ func TestTest_Run(t *testing.T) {
"",
Implemented,
Common,
- true,
+ FWCoreboot,
},
true,
ResultPass,
@@ -148,7 +148,7 @@ func TestTest_Run(t *testing.T) {
"",
Implemented,
Common,
- true,
+ FWCoreboot,
},
false,
ResultInternalError,
@@ -158,29 +158,13 @@ func TestTest_Run(t *testing.T) {
fields{
"Test A, returns error",
true,
- func(a hwapi.APIInterfaces) (bool, error, error) { return true, fmt.Errorf("error 1"), nil },
- ResultNotRun,
- []*Test{},
- "",
- Implemented,
- Common,
- true,
- },
- false,
- ResultWarn,
- },
- {
- "Regular test error critical",
- fields{
- "Test A, returns error, but is critical",
- true,
func(a hwapi.APIInterfaces) (bool, error, error) { return false, fmt.Errorf("error 1"), nil },
ResultNotRun,
[]*Test{},
"",
Implemented,
Common,
- false,
+ FWCoreboot,
},
false,
ResultFail,
@@ -199,7 +183,7 @@ func TestTest_Run(t *testing.T) {
ErrorText: tt.fields.ErrorText,
Status: tt.fields.Status,
Spec: tt.fields.Spec,
- NonCritical: tt.fields.NonCritical,
+ Firmware: tt.fields.Firmware,
}
if got := tr.Run(txtAPI); got != tt.wantReturn {
t.Errorf("Test.Run() = %v, want %v", got, tt.wantReturn)
diff --git a/pkg/test/tpm.go b/pkg/test/tpm.go
index b0443fff..037077a4 100644
--- a/pkg/test/tpm.go
+++ b/pkg/test/tpm.go
@@ -72,22 +72,6 @@ var (
function: TPMConnect,
Status: Implemented,
}
- testtpm12present = Test{
- Name: "TPM 1.2 present",
- Required: false,
- NonCritical: true,
- function: TPM12Present,
- dependencies: []*Test{&testtpmconnection},
- Status: Implemented,
- }
- testtpm2present = Test{
- Name: "TPM 2.0 is present",
- Required: false,
- NonCritical: true,
- function: TPM20Present,
- dependencies: []*Test{&testtpmconnection},
- Status: Implemented,
- }
testtpmispresent = Test{
Name: "TPM is present",
Required: true,
@@ -99,9 +83,9 @@ var (
Name: "TPM NVRAM is locked",
function: TPMNVRAMIsLocked,
Required: true,
- NonCritical: true,
dependencies: []*Test{&testtpmispresent},
Status: Implemented,
+ Firmware: FWNoCoreboot,
SpecificationChapter: "5.6.3.1 Failsafe Hash",
SpecificiationTitle: IntelTXTBGSBIOSSpecificationTitle,
SpecificationDocumentID: IntelTXTBGSBIOSSpecificationDocumentID,
@@ -130,7 +114,6 @@ var (
Name: "AUX Index has the correct hash",
function: AUXTPM2IndexCheckHash,
Required: true,
- NonCritical: false,
dependencies: []*Test{&testtpmispresent},
Status: Implemented,
SpecificationChapter: "I TPM NV",
@@ -141,7 +124,6 @@ var (
Name: "PO Index has correct config",
function: POIndexConfig,
Required: false,
- NonCritical: true,
dependencies: []*Test{&testtpmispresent},
Status: Implemented,
SpecificationChapter: "I TPM NV",
@@ -162,7 +144,6 @@ var (
Name: "PO index has valid LCP Policy",
function: POIndexHasValidLCP,
Required: true,
- NonCritical: true,
dependencies: []*Test{&testtpmispresent},
Status: Implemented,
SpecificationChapter: "D.3 LCP_POLICY_LIST",
@@ -189,24 +170,13 @@ var (
SpecificiationTitle: IntelTXTBGSBIOSSpecificationTitle,
SpecificationDocumentID: IntelTXTBGSBIOSSpecificationDocumentID,
}
- testtxtmodeauto = Test{
- Name: "Auto-promotion mode is active",
- function: AutoPromotionModeIsActive,
+ // TODO TXT Mode is Set
+ testtxtmodeisset = Test{
+ Name: "TXT Mode is set",
+ function: TXTModeIsSet,
Required: true,
dependencies: []*Test{&testpsindexissvalid},
Status: Implemented,
- NonCritical: true,
- SpecificationChapter: "5.6.2 Autopromotion Hash and Signed BIOS Policy",
- SpecificiationTitle: IntelTXTBGSBIOSSpecificationTitle,
- SpecificationDocumentID: IntelTXTBGSBIOSSpecificationDocumentID,
- }
- testtxtmodesignedpolicy = Test{
- Name: "Signed policy mode is active",
- function: SignedPolicyModeIsActive,
- Required: true,
- dependencies: []*Test{&testpsindexissvalid},
- Status: Implemented,
- NonCritical: true,
SpecificationChapter: "5.6.2 Autopromotion Hash and Signed BIOS Policy",
SpecificiationTitle: IntelTXTBGSBIOSSpecificationTitle,
SpecificationDocumentID: IntelTXTBGSBIOSSpecificationDocumentID,
@@ -215,8 +185,6 @@ var (
// TestsTPM exposes the slice of pointers to tests regarding tpm functionality for txt
TestsTPM = [...]*Test{
&testtpmconnection,
- &testtpm12present,
- &testtpm2present,
&testtpmispresent,
&testtpmnvramislocked,
&testpsindexconfig,
@@ -227,8 +195,7 @@ var (
&testpoindexissvalid,
&testpcr00valid,
&testpsnpwmodenotactive,
- &testtxtmodeauto,
- &testtxtmodesignedpolicy,
+ &testtxtmodeisset,
}
)
@@ -242,30 +209,14 @@ func TPMConnect(txtAPI hwapi.APIInterfaces) (bool, error, error) {
return true, nil, nil
}
-// TPM12Present Checks if TPM 1.2 is present and answers to GetCapability
-func TPM12Present(txtAPI hwapi.APIInterfaces) (bool, error, error) {
-
+// TPMIsPresent validates if one of the two previous tests succeeded
+func TPMIsPresent(txtAPI hwapi.APIInterfaces) (bool, error, error) {
switch tpmCon.Version {
case tss.TPMVersion12:
return true, nil, nil
- }
- return false, fmt.Errorf("No TPM1.2 device detected"), nil
-}
-
-// TPM20Present Checks if TPM 2.0 is present and answers to GetCapability
-func TPM20Present(txtAPI hwapi.APIInterfaces) (bool, error, error) {
- switch tpmCon.Version {
case tss.TPMVersion20:
return true, nil, nil
}
- return false, fmt.Errorf("No TPM2.0 device detected"), nil
-}
-
-// TPMIsPresent validates if one of the two previous tests succeeded
-func TPMIsPresent(txtAPI hwapi.APIInterfaces) (bool, error, error) {
- if (testtpm12present.Result == ResultPass) || (testtpm2present.Result == ResultPass) {
- return true, nil, nil
- }
return false, fmt.Errorf("No TPM present"), nil
}
@@ -895,39 +846,26 @@ func NPWModeIsNotSetInPS(txtAPI hwapi.APIInterfaces) (bool, error, error) {
return true, nil, nil
}
-// AutoPromotionModeIsActive checks if TXT is in auto-promotion mode
-func AutoPromotionModeIsActive(txtAPI hwapi.APIInterfaces) (bool, error, error) {
+// TXTModeIsSet checks if a TXT mode is set
+func TXTModeIsSet(txtAPI hwapi.APIInterfaces) (bool, error, error) {
pol1, pol2, err := readPSLCPPolicy(txtAPI)
if err != nil {
return false, nil, err
}
if pol1 != nil {
if pol1.PolicyType != tools.LCPPolicyTypeAny {
- return false, fmt.Errorf("Signed Policy mode active"), nil
+ return true, fmt.Errorf("Signed Policy mode active"), nil
}
- }
- if pol2 != nil {
- if pol2.PolicyType != tools.LCPPolicyTypeAny {
- return false, fmt.Errorf("Signed Policy mode active"), nil
- }
- }
- return true, nil, nil
-}
-
-// SignedPolicyModeIsActive checks if TXT is in signed policy mode
-func SignedPolicyModeIsActive(txtAPI hwapi.APIInterfaces) (bool, error, error) {
- pol1, pol2, err := readPSLCPPolicy(txtAPI)
- if err != nil {
- return false, nil, err
- }
- if pol1 != nil {
if pol1.PolicyType != tools.LCPPolicyTypeList {
- return false, fmt.Errorf("Auto-promotion mode active"), nil
+ return true, fmt.Errorf("Auto-promotion mode active"), nil
}
}
if pol2 != nil {
+ if pol2.PolicyType != tools.LCPPolicyTypeAny {
+ return true, fmt.Errorf("Signed Policy mode active"), nil
+ }
if pol2.PolicyType != tools.LCPPolicyTypeList {
- return false, fmt.Errorf("Auto-promotion mode active"), nil
+ return true, fmt.Errorf("Auto-promotion mode active"), nil
}
}
return true, nil, nil
diff --git a/pkg/tools/smbios.go b/pkg/tools/smbios.go
new file mode 100644
index 00000000..cf8b2522
--- /dev/null
+++ b/pkg/tools/smbios.go
@@ -0,0 +1,27 @@
+package tools
+
+import (
+ "errors"
+
+ "github.com/digitalocean/go-smbios/smbios"
+)
+
+// SMBIOSGetVendor gets the vendor name from table 0
+func SMBIOSGetVendor() (*string, error) {
+ rc, _, err := smbios.Stream()
+ if err != nil {
+ return nil, err
+ }
+ defer rc.Close()
+ d := smbios.NewDecoder(rc)
+ ss, err := d.Decode()
+ if err != nil {
+ return nil, err
+ }
+ for _, s := range ss {
+ if s.Header.Type == 0 {
+ return &s.Strings[0], nil
+ }
+ }
+ return nil, errors.New("Firmware vendor string in SMBIOS not found")
+}