Merge pull request #144 from alexmwu/cmdline-parser

Add Kernel cmdline parser
google · Aug 1, 2022 · 51031c1 · 51031c1
2 parents 5f43a25 + de03249
commit 51031c1
Show file tree

Hide file tree

Showing 7 changed files with 443 additions and 235 deletions.
diff --git a/internal/test/eventlogs/cos-101-amd-sev.bin b/internal/test/eventlogs/cos-101-amd-sev.bin
diff --git a/internal/test/test_data.go b/internal/test/test_data.go
@@ -22,6 +22,15 @@ var (
 	Cos85AmdSevEventLog []byte
 	//go:embed eventlogs/cos-93-amd-sev.bin
 	Cos93AmdSevEventLog []byte
+	//go:embed eventlogs/cos-101-amd-sev.bin
+	Cos101AmdSevEventLog []byte
+)
+
+// Kernel command lines from event logs.
+var (
+	Cos85AmdSevCmdline  = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16\"\x00"
+	Cos93AmdSevCmdline  = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44\"\x00"
+	Cos101AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashtree=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashstart=4077568 alg=sha256 root_hexdigest=48d436350a7e83bde985cd3f7e79fa443557743b42243803ce31104ca4719c5d salt=b323b014b6f463172fca758a1c5a6745a2c8e5872be0e175e2f4b40c8295b2ab\"\x00"
 )
 
 // Attestation .pb files.

diff --git a/proto/attest.proto b/proto/attest.proto
@@ -71,6 +71,14 @@ message GrubState {
   // and kernel modules.
   repeated string commands = 2;
 }
+
+// The state of the Linux kernel.
+// At the moment, parsing LinuxKernelState relies on parsing the GrubState.
+// To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState.
+message LinuxKernelState {
+  // The kernel command line.
+  string command_line = 1;
+}
 
 // A parsed event from the TCG event log
 message Event {
@@ -189,7 +197,7 @@ message MachineState {
 
   GrubState grub = 5;
 
-  // LinuxKernelState linux_kernel = 6;
+  LinuxKernelState linux_kernel = 6;
 
   AttestedCosState cos = 7;
 }