WIP

Signed-off-by: Daniel Maslowski <[email protected]>
linuxboot · Sep 22, 2024 · fea7a79 · fea7a79
1 parent f5f60d6
commit fea7a79
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/cmds/intelmeta/main.go b/cmds/intelmeta/main.go
@@ -225,7 +225,13 @@ func main() {
 		_, ok := meta.Polm.(cbntbootpolicy.Manifest)
 		if ok == true {
 			pol := meta.Polm.(cbntbootpolicy.Manifest)
-			k := pol.PMSE.Key.Data[4:]
+			key := pol.PMSE.Key
+			alg := pol.PMSE.Signature.HashAlg
+			err = key.PrintBPMPubKey(alg)
+			fmt.Fprintf(os.Stderr, "KEY CBNT policy key err: %v alg: %v\n", err, alg)
+			err = key.PrintKMPubKey(alg)
+			fmt.Fprintf(os.Stderr, "KEY CBNT manifest key err: %v alg: %v\n", err, alg)
+			k := key.Data[4:]
 			for _, lk := range leakedKeys {
 				if bytes.Equal(k, lk) {
 					meta.LeakedKey = hex.EncodeToString(lk[:8])
@@ -235,7 +241,9 @@ func main() {
 		if ok == false {
 			p, ok := meta.Polm.(bgbootpolicy.Manifest)
 			if ok == true {
-				k := p.PMSE.Key.Data[4:]
+				// the first 4 bytes are some sort of flags
+				key := p.PMSE.Key
+				k := key.Data[4:]
 				for _, lk := range leakedKeys {
 					if bytes.Equal(k, lk) {
 						meta.LeakedKey = hex.EncodeToString(lk[:8])
@@ -270,6 +278,7 @@ func main() {
 		}
 	}
 
+	fmt.Fprintf(os.Stderr, "key size: %v\n", len(leakedKeys[0])*8)
 	if meta.LeakedKey != "" {
 		fmt.Fprintf(os.Stderr, "LEAKED BG KEY USED: %x\n", meta.LeakedKey)
 	}

diff --git a/pkg/intel/metadata/cbnt/key.go b/pkg/intel/metadata/cbnt/key.go
@@ -171,6 +171,7 @@ func (k *Key) PrintBPMPubKey(bpmAlg Algorithm) error {
 			if _, err := hash.Write(buf.Bytes()); err != nil {
 				return fmt.Errorf("unable to hash: %w", err)
 			}
+			fmt.Printf("   Boot Policy Manifest Pubkey: 0x%x\n", buf)
 			fmt.Printf("   Boot Policy Manifest Pubkey Hash: 0x%x\n", hash.Sum(nil))
 		} else if k.KeyAlg == AlgSM2 || k.KeyAlg == AlgECC {
 			if err := binary.Write(buf, binary.LittleEndian, k.Data); err != nil {
@@ -179,6 +180,7 @@ func (k *Key) PrintBPMPubKey(bpmAlg Algorithm) error {
 			if _, err := hash.Write(buf.Bytes()); err != nil {
 				return fmt.Errorf("unable to hash: %w", err)
 			}
+			fmt.Printf("   Boot Policy Manifest Pubkey: 0x%x\n", buf)
 			fmt.Printf("   Boot Policy Manifest Pubkey Hash: 0x%x\n", hash.Sum(nil))
 		} else {
 			fmt.Printf("   Boot Policy Manifest Pubkey Hash: Unknown Algorithm\n")
@@ -211,6 +213,7 @@ func (k *Key) PrintKMPubKey(kmAlg Algorithm) error {
 			if _, err := hash.Write(buf.Bytes()); err != nil {
 				return fmt.Errorf("unable to hash: %w", err)
 			}
+			fmt.Printf("   Key Manifest Pubkey: 0x%x\n", buf)
 			fmt.Printf("   Key Manifest Pubkey Hash: 0x%x\n", hash.Sum(nil))
 			// On SKL and KBL the exponent is not included in the KM hash
 			buf.Truncate(len(k.Data[4:]))