From 43ef39b2dd00c6b26827564b1587048c98d65cd1 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Fri, 20 Mar 2026 22:43:43 +0000 Subject: [PATCH 01/23] Customize PCR0 intialization for HCRTM --- tcg/eventlog_test.go | 33 +++++++++++++++++++++++++++++++++ tcg/pfpformat.go | 20 ++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/tcg/eventlog_test.go b/tcg/eventlog_test.go index 1cc5301..57e6b97 100644 --- a/tcg/eventlog_test.go +++ b/tcg/eventlog_test.go @@ -454,3 +454,36 @@ func TestReplayPCRSWithHCRTM(t *testing.T) { } } } +func TestIsHCRTM(t *testing.T) { + testcases := []struct { + events []rawEvent + index int + expected bool + }{ + { + events: []rawEvent{ + {index: 0, typ: EFIHCRTMEvent}, + }, + index: 0, + expected: true, + }, + { + events: []rawEvent{ + {index: 0, typ: EFIEventBase}}, + index: 0, + expected: false, + }, + { + events: []rawEvent{ + {index: 1, typ: EFIHCRTMEvent}}, + index: 1, + expected: false, + }, + } + + for _, tc := range testcases { + if got := isHCRTM(tc.events, tc.index); got != tc.expected { + t.Errorf("isHCRTM(%+v, %d) = %t, want %t", tc.events, tc.index, got, tc.expected) + } + } +} diff --git a/tcg/pfpformat.go b/tcg/pfpformat.go index 4c0687c..ded1e7b 100644 --- a/tcg/pfpformat.go +++ b/tcg/pfpformat.go @@ -355,6 +355,20 @@ func extend(pcr register.MR, replay []byte, e rawEvent, locality byte) (pcrDiges return nil, nil, fmt.Errorf("no event digest matches pcr algorithm: %v", pcr.DgstAlg()) } +// Returns whether this is a HCRTM register. +func isHCRTM(events []rawEvent, index int) bool { + if index != 0 { + return false + } + for _, e := range events { + if e.typ == EFIHCRTMEvent { + return true + } + } + + return false +} + // replayPCR replays the event log for a specific PCR, using pcr and // event digests with the algorithm in pcr. An error is returned if the // replayed values do not match the final PCR digest, or any event tagged @@ -365,7 +379,13 @@ func replayPCR(rawEvents []rawEvent, mr register.MR) ([]Event, bool) { outEvents []Event locality byte ) + mrIdx := mr.Idx() + + if isHCRTM(rawEvents, mrIdx) { + replay = append(bytes.Repeat([]byte{0x00}, mr.DgstAlg().Size()-1), byte(0x04)) + } + for _, e := range rawEvents { if e.index != mrIdx { continue From e272010014375d58eb3429f5f1e8469ceea4bb74 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Fri, 20 Mar 2026 22:53:10 +0000 Subject: [PATCH 02/23] fix testcase formatting --- tcg/eventlog_test.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/tcg/eventlog_test.go b/tcg/eventlog_test.go index 57e6b97..0e2ff10 100644 --- a/tcg/eventlog_test.go +++ b/tcg/eventlog_test.go @@ -461,21 +461,17 @@ func TestIsHCRTM(t *testing.T) { expected bool }{ { - events: []rawEvent{ - {index: 0, typ: EFIHCRTMEvent}, - }, + events: []rawEvent{{index: 0, typ: EFIHCRTMEvent}}, index: 0, expected: true, }, { - events: []rawEvent{ - {index: 0, typ: EFIEventBase}}, + events: []rawEvent{{index: 0, typ: EFIEventBase}}, index: 0, expected: false, }, { - events: []rawEvent{ - {index: 1, typ: EFIHCRTMEvent}}, + events: []rawEvent{{index: 1, typ: EFIHCRTMEvent}}, index: 1, expected: false, }, From bbc2685f07ef2e4d0144bddc474f7ddae2ca6359 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Fri, 20 Mar 2026 23:10:51 +0000 Subject: [PATCH 03/23] change initialization to per-event --- tcg/pfpformat.go | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/tcg/pfpformat.go b/tcg/pfpformat.go index ded1e7b..4c0687c 100644 --- a/tcg/pfpformat.go +++ b/tcg/pfpformat.go @@ -355,20 +355,6 @@ func extend(pcr register.MR, replay []byte, e rawEvent, locality byte) (pcrDiges return nil, nil, fmt.Errorf("no event digest matches pcr algorithm: %v", pcr.DgstAlg()) } -// Returns whether this is a HCRTM register. -func isHCRTM(events []rawEvent, index int) bool { - if index != 0 { - return false - } - for _, e := range events { - if e.typ == EFIHCRTMEvent { - return true - } - } - - return false -} - // replayPCR replays the event log for a specific PCR, using pcr and // event digests with the algorithm in pcr. An error is returned if the // replayed values do not match the final PCR digest, or any event tagged @@ -379,13 +365,7 @@ func replayPCR(rawEvents []rawEvent, mr register.MR) ([]Event, bool) { outEvents []Event locality byte ) - mrIdx := mr.Idx() - - if isHCRTM(rawEvents, mrIdx) { - replay = append(bytes.Repeat([]byte{0x00}, mr.DgstAlg().Size()-1), byte(0x04)) - } - for _, e := range rawEvents { if e.index != mrIdx { continue From e38cd45d7fd935dca44ab3fc9bf5b65f9f9a6370 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Mon, 13 Apr 2026 23:47:52 +0000 Subject: [PATCH 04/23] go fmt --- tcg/eventlog_test.go | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/tcg/eventlog_test.go b/tcg/eventlog_test.go index 0e2ff10..0458105 100644 --- a/tcg/eventlog_test.go +++ b/tcg/eventlog_test.go @@ -430,20 +430,17 @@ func TestReplayPCRSWithHCRTM(t *testing.T) { expectSuccess: true, }, { - events: []rawEvent{ - { - // Dummy event. - sequence: 0, - index: 0, - typ: EFIEventBase, - data: []byte("testevent"), - digests: []digest{ - {crypto.SHA256, decodeHex("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")}, - }, + { + // Dummy event to ensure HCRTM event clears the index. + sequence: 0, + index: 0, + typ: EFIEventBase, + data: []byte("testevent"), + digests: []digest{ + {crypto.SHA256, decodeHex("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")}, }, - hcrtmEvent, }, - expectSuccess: false, + hcrtmEvent, }, } From 27830a5c25f228e14534b2c07bfa463d44817035 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 14 Apr 2026 16:47:51 +0000 Subject: [PATCH 05/23] enforce HCRTM as the first event in register --- tcg/eventlog_test.go | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/tcg/eventlog_test.go b/tcg/eventlog_test.go index 0458105..0e2ff10 100644 --- a/tcg/eventlog_test.go +++ b/tcg/eventlog_test.go @@ -430,17 +430,20 @@ func TestReplayPCRSWithHCRTM(t *testing.T) { expectSuccess: true, }, { - { - // Dummy event to ensure HCRTM event clears the index. - sequence: 0, - index: 0, - typ: EFIEventBase, - data: []byte("testevent"), - digests: []digest{ - {crypto.SHA256, decodeHex("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")}, + events: []rawEvent{ + { + // Dummy event. + sequence: 0, + index: 0, + typ: EFIEventBase, + data: []byte("testevent"), + digests: []digest{ + {crypto.SHA256, decodeHex("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd")}, + }, }, + hcrtmEvent, }, - hcrtmEvent, + expectSuccess: false, }, } From f91f79cfe0d1fc3c2af0be448c0b6c2c62edd349 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 24 Mar 2026 23:36:17 +0000 Subject: [PATCH 06/23] add GMES extract method --- extract/extract.go | 111 ++++++++++++++++++++ extract/extract_test.go | 4 + extract/registerconfig.go | 29 +++++ testdata/eventlog_data.go | 2 + testdata/eventlogs/tpm/b200-gmes-simple.bin | Bin 0 -> 475 bytes 5 files changed, 146 insertions(+) create mode 100644 testdata/eventlogs/tpm/b200-gmes-simple.bin diff --git a/extract/extract.go b/extract/extract.go index 87f6a1d..61dc051 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -19,6 +19,7 @@ import ( "bytes" "crypto" "crypto/x509" + "encoding/binary" "errors" "fmt" @@ -514,3 +515,113 @@ func getGrubKernelCmdlineSuffix(grubCmd []byte) int { } return -1 } + + +// GoogleMeasurementState represents the state of a Google Bare Metal machine. +type GoogleMeasurementState struct { + BMCFirmware []byte + MBM string + BIOS string + HostKernel []byte + CPUPPID []byte +} + +type googleMeasurement struct { + version uint32 + measurementTag uint32 + measurementSize uint32 + content []byte +} + +func parseGMES(eventData []byte) (*googleMeasurement, error) { + r := bytes.NewReader(eventData) + + measurement := &googleMeasurement{} + + if err := binary.Read(r, binary.LittleEndian, &measurement.version); err != nil { + return nil, fmt.Errorf("failed to parse measurement version: %v", err) + } + + if err := binary.Read(r, binary.LittleEndian, &measurement.measurementTag); err != nil { + return nil, fmt.Errorf("failed to parse measurement tag: %v", err) + } + + if err := binary.Read(r, binary.LittleEndian, &measurement.measurementSize); err != nil { + return nil, fmt.Errorf("failed to parse measurement size: %v", err) + } + + measurement.content = make([]byte, measurement.measurementSize) + if _, err := r.Read(measurement.content); err != nil { + return nil, fmt.Errorf("failed to parse measurement content: %v", err) + } + + return measurement, nil +} + +func GMESState(events []tcg.Event, hash crypto.Hash) (*GoogleMeasurementState, error) { + + state := &GoogleMeasurementState{} + for _, event := range events { + eventType, err := tcg.UntrustedParseEventType(uint32(event.UntrustedType())) + if err != nil { + return nil, err + } + + // Skip for non Event Tag events. + if eventType != tcg.EventTag { + continue + } + + digestVerify := DigestEquals(event, event.RawData()) + if digestVerify != nil { + return nil, fmt.Errorf("invalid digest at event %d: %v", event.Num(), digestVerify) + } + + // Parse PCCClient Tagged Event from event data. + taggedEvent, err := tcg.ParseTaggedEventData(event.RawData()) + if err != nil { + return nil, fmt.Errorf("failed to parse PCCClient Tagged Event at event %d: %v", event.Num(), err) + } + + if taggedEvent.ID != GMESConfig.EventID { + return nil, fmt.Errorf("unexpected event ID at event %d: %v", event.Num(), taggedEvent.ID) + } + + // Parse Google Measurement Event Structure. + gmes, err := parseGMES(taggedEvent.Data) + if err != nil { + return nil, err + } + + switch event.MRIndex() { + case GMESConfig.BMCFirmwareIdx: + if gmes.measurementTag != GMESConfig.BMCFirmwareTag { + return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmes.measurementTag) + } + state.BMCFirmware = gmes.content + + case GMESConfig.MBMIdx: + if gmes.measurementTag != GMESConfig.MBMTag { + return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmes.measurementTag) + } + state.MBM = string(gmes.content) + + case GMESConfig.BIOSIdx: + if gmes.measurementTag != GMESConfig.BIOSTag { + return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmes.measurementTag) + } + state.BIOS = string(gmes.content) + + case GMESConfig.HostKernelIdx: + if gmes.measurementTag != GMESConfig.HostKernelTag { + return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmes.measurementTag) + } + state.HostKernel = gmes.content + + default: + return nil, fmt.Errorf("unknown MR index: %d", event.MRIndex()) + } + } + + return state, nil +} diff --git a/extract/extract_test.go b/extract/extract_test.go index a4baa7d..47b17d3 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -671,3 +671,7 @@ func decodeHex(hexStr string) []byte { } return bytes } + +func TestGMESState(t *testing.T) { + +} diff --git a/extract/registerconfig.go b/extract/registerconfig.go index e6fec6b..7a82851 100644 --- a/extract/registerconfig.go +++ b/extract/registerconfig.go @@ -96,3 +96,32 @@ var RTMRRegisterConfig = registerConfig{ }, LogType: pb.LogType_LOG_TYPE_CC, } + +type gmesConfig struct { + BMCFirmwareIdx uint32 + MBMIdx uint32 + BIOSIdx uint32 + HostKernelIdx uint32 + + BMCFirmwareTag uint32 + BIOSTag uint32 + HostKernelTag uint32 + MBMTag uint32 + + EventID uint32 +} + +// GMESConfig configures the expected indexes and tags for Google Measurement (GMES) event logs. +var GMESConfig = gmesConfig{ + BMCFirmwareIdx: 0, + MBMIdx: 11, + BIOSIdx: 17, + HostKernelIdx: 21, + + BMCFirmwareTag: 1, + BIOSTag: 2, + HostKernelTag: 3, + MBMTag: 4, + + EventID: 0x474D4553, +} diff --git a/testdata/eventlog_data.go b/testdata/eventlog_data.go index fd8ce92..c9f76fa 100644 --- a/testdata/eventlog_data.go +++ b/testdata/eventlog_data.go @@ -49,6 +49,8 @@ var ( Ubuntu2404IntelTdxA4HighGpu8GEventLog []byte //go:embed eventlogs/tpm/cos-125-intel-tdx-secure-boot.bin Cos125IntelTdxSecureBootA4HighGpu8GEventLog []byte + //go:embed eventlogs/tpm/b200-gmes-simple.bin + B200GMESSimpleEventLog []byte ) // Kernel command lines from event logs. diff --git a/testdata/eventlogs/tpm/b200-gmes-simple.bin b/testdata/eventlogs/tpm/b200-gmes-simple.bin new file mode 100644 index 0000000000000000000000000000000000000000..4eb0a8b2a0b8adc557c2cd826c4e954628bb468f GIT binary patch literal 475 zcmZQzU|?VdVr)PaC>UIjnyldIqTpJVnpa|A%)kgz$i%<|qPZCq7+Bl`oP$AP0t^fd z5W&?104q?nhjUPfFE^0E2E-6;X9)mtpvquZUw3{W4FVutAeZ|(`3eFlghB5K012RK zkU>Bfg8|4O79e)=^bZyV(m+F@KJl2`m@alN=E$1JgGIU`yBgi6`MJ*Y+pxf}W~p%T zX+5u5K-CffF||O7f#J(*Fa;y3pbREP9)=5!%v>NYBO@CFlRUE!7XvH9|NlT+8MVOP zu!pKWxF6!VUw@_cL508+BO?oo0YeOfD}x(@Cy;hx@CU*WBvu528G{Lf9#jPbL;Zgi F1^{fWeR%)? literal 0 HcmV?d00001 From 1cdf043ec672e913110891464e449c1abbd23d78 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 24 Mar 2026 23:56:34 +0000 Subject: [PATCH 07/23] add testing --- extract/extract.go | 9 +++++---- extract/extract_test.go | 41 ++++++++++++++++++++++++++++++++++++++- extract/registerconfig.go | 12 +++++++++--- 3 files changed, 54 insertions(+), 8 deletions(-) diff --git a/extract/extract.go b/extract/extract.go index 61dc051..9d207d3 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -572,10 +572,11 @@ func GMESState(events []tcg.Event, hash crypto.Hash) (*GoogleMeasurementState, e continue } - digestVerify := DigestEquals(event, event.RawData()) - if digestVerify != nil { - return nil, fmt.Errorf("invalid digest at event %d: %v", event.Num(), digestVerify) - } + // TODO: uncomment once we have a test log with proper digests. + // digestVerify := DigestEquals(event, event.RawData()) + // if digestVerify != nil { + // return nil, fmt.Errorf("invalid digest at event %d: %v", event.Num(), digestVerify) + // } // Parse PCCClient Tagged Event from event data. taggedEvent, err := tcg.ParseTaggedEventData(event.RawData()) diff --git a/extract/extract_test.go b/extract/extract_test.go index 47b17d3..4783ddd 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -24,6 +24,7 @@ import ( "strings" "testing" + "github.com/google/go-cmp/cmp" "github.com/google/go-eventlog/internal/testutil" "github.com/google/go-eventlog/register" "github.com/google/go-eventlog/tcg" @@ -673,5 +674,43 @@ func decodeHex(hexStr string) []byte { } func TestGMESState(t *testing.T) { - + // TODO: update once we have a more complete test event log. + expectedGMES := &GoogleMeasurementState{ + BIOS: "BIOS", + MBM: "MBM", + } + + hash, events := getB200GMESEvents(t) + + gmes, err := GMESState(events, hash) + if err != nil { + t.Fatalf("failed to extract GMES state: %v", err) + } + + if !cmp.Equal(gmes, expectedGMES) { + t.Errorf("GMESState() = got %+v, want %+v", gmes, expectedGMES) + } } + +func getB200GMESEvents(t *testing.T) (crypto.Hash, []tcg.Event) { + t.Helper() + + log := testdata.B200GMESSimpleEventLog + bank := testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ + 0: decodeHex("806fcb3c4d6ee3afc8eca3d420a48c206fb23803fcbd593eebba2b1df20c322c"), + 11: decodeHex("bbdaacd7e9dab4c992e5e941c69d3a35b57c349ab01ec673af95b3df9dd8aa34"), + 17: decodeHex("9b94ab02f66dd85264c029dc13066c223a22e92b6231a2caf5b47b201ec7e04d"), + 21: decodeHex("e435213b3c71ec4568e4cc4727b0cd08cb3489c1919cdb318fc089cfd94b56f7"), + }) + + cryptoHash, err := bank.CryptoHash() + if err != nil { + t.Fatal(err) + } + events, err := tcg.ParseAndReplay(log, bank.MRs(), tcg.ParseOpts{}) + if err != nil { + t.Fatal(err) + } + + return cryptoHash, events +} \ No newline at end of file diff --git a/extract/registerconfig.go b/extract/registerconfig.go index 7a82851..3a36a23 100644 --- a/extract/registerconfig.go +++ b/extract/registerconfig.go @@ -119,9 +119,15 @@ var GMESConfig = gmesConfig{ HostKernelIdx: 21, BMCFirmwareTag: 1, - BIOSTag: 2, - HostKernelTag: 3, - MBMTag: 4, + BIOSTag: 1, + HostKernelTag: 1, + MBMTag: 1, + + // TODO: restore once we have a test log with proper measurement tags. + // BMCFirmwareTag: 1, + // BIOSTag: 2, + // HostKernelTag: 3, + // MBMTag: 4, EventID: 0x474D4553, } From c6be5f9eb71e0e014d4b9550bccf9ea0c9c88ce2 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 24 Mar 2026 23:58:30 +0000 Subject: [PATCH 08/23] add newline at end of file --- extract/extract_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extract/extract_test.go b/extract/extract_test.go index 4783ddd..6bd5212 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -713,4 +713,4 @@ func getB200GMESEvents(t *testing.T) (crypto.Hash, []tcg.Event) { } return cryptoHash, events -} \ No newline at end of file +} From e9b6fb76f9d5bc75437aeba92334818b51d7b2fe Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 25 Mar 2026 00:06:13 +0000 Subject: [PATCH 09/23] go fmt --- extract/extract.go | 3 +-- extract/extract_test.go | 24 ++++++++++-------------- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/extract/extract.go b/extract/extract.go index 9d207d3..c552550 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -516,7 +516,6 @@ func getGrubKernelCmdlineSuffix(grubCmd []byte) int { return -1 } - // GoogleMeasurementState represents the state of a Google Bare Metal machine. type GoogleMeasurementState struct { BMCFirmware []byte @@ -558,7 +557,7 @@ func parseGMES(eventData []byte) (*googleMeasurement, error) { return measurement, nil } -func GMESState(events []tcg.Event, hash crypto.Hash) (*GoogleMeasurementState, error) { +func GMESState(events []tcg.Event) (*GoogleMeasurementState, error) { state := &GoogleMeasurementState{} for _, event := range events { diff --git a/extract/extract_test.go b/extract/extract_test.go index 6bd5212..a9caf40 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -677,12 +677,12 @@ func TestGMESState(t *testing.T) { // TODO: update once we have a more complete test event log. expectedGMES := &GoogleMeasurementState{ BIOS: "BIOS", - MBM: "MBM", + MBM: "MBM", } - hash, events := getB200GMESEvents(t) + events := getB200GMESEvents(t) - gmes, err := GMESState(events, hash) + gmes, err := GMESState(events) if err != nil { t.Fatalf("failed to extract GMES state: %v", err) } @@ -692,25 +692,21 @@ func TestGMESState(t *testing.T) { } } -func getB200GMESEvents(t *testing.T) (crypto.Hash, []tcg.Event) { +func getB200GMESEvents(t *testing.T) []tcg.Event { t.Helper() log := testdata.B200GMESSimpleEventLog bank := testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ - 0: decodeHex("806fcb3c4d6ee3afc8eca3d420a48c206fb23803fcbd593eebba2b1df20c322c"), - 11: decodeHex("bbdaacd7e9dab4c992e5e941c69d3a35b57c349ab01ec673af95b3df9dd8aa34"), - 17: decodeHex("9b94ab02f66dd85264c029dc13066c223a22e92b6231a2caf5b47b201ec7e04d"), - 21: decodeHex("e435213b3c71ec4568e4cc4727b0cd08cb3489c1919cdb318fc089cfd94b56f7"), - }) + 0: decodeHex("806fcb3c4d6ee3afc8eca3d420a48c206fb23803fcbd593eebba2b1df20c322c"), + 11: decodeHex("bbdaacd7e9dab4c992e5e941c69d3a35b57c349ab01ec673af95b3df9dd8aa34"), + 17: decodeHex("9b94ab02f66dd85264c029dc13066c223a22e92b6231a2caf5b47b201ec7e04d"), + 21: decodeHex("e435213b3c71ec4568e4cc4727b0cd08cb3489c1919cdb318fc089cfd94b56f7"), + }) - cryptoHash, err := bank.CryptoHash() - if err != nil { - t.Fatal(err) - } events, err := tcg.ParseAndReplay(log, bank.MRs(), tcg.ParseOpts{}) if err != nil { t.Fatal(err) } - return cryptoHash, events + return events } From 91a4f6a5997755d059d83c4b513d1878dadbc4de Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 25 Mar 2026 00:07:40 +0000 Subject: [PATCH 10/23] add method comment --- extract/extract.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extract/extract.go b/extract/extract.go index c552550..fd020aa 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -557,8 +557,8 @@ func parseGMES(eventData []byte) (*googleMeasurement, error) { return measurement, nil } +// GMESState extracts Google Measurement Event Structure (GMES) information from a TCG event log. func GMESState(events []tcg.Event) (*GoogleMeasurementState, error) { - state := &GoogleMeasurementState{} for _, event := range events { eventType, err := tcg.UntrustedParseEventType(uint32(event.UntrustedType())) From d65f5e155fcdb3bda3822f30b3d2316e330d5661 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 14 Apr 2026 17:49:55 +0000 Subject: [PATCH 11/23] create gmes package --- extract/extract.go | 86 +++++++++----------------------- extract/extract_test.go | 3 +- extract/gmes/gmes.go | 102 ++++++++++++++++++++++++++++++++++++++ extract/registerconfig.go | 35 ------------- 4 files changed, 128 insertions(+), 98 deletions(-) create mode 100644 extract/gmes/gmes.go diff --git a/extract/extract.go b/extract/extract.go index fd020aa..57cd32a 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -19,10 +19,10 @@ import ( "bytes" "crypto" "crypto/x509" - "encoding/binary" "errors" "fmt" + gmes "github.com/google/go-eventlog/extract/gmes" pb "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/tcg" "github.com/google/go-eventlog/wellknown" @@ -516,50 +516,9 @@ func getGrubKernelCmdlineSuffix(grubCmd []byte) int { return -1 } -// GoogleMeasurementState represents the state of a Google Bare Metal machine. -type GoogleMeasurementState struct { - BMCFirmware []byte - MBM string - BIOS string - HostKernel []byte - CPUPPID []byte -} - -type googleMeasurement struct { - version uint32 - measurementTag uint32 - measurementSize uint32 - content []byte -} - -func parseGMES(eventData []byte) (*googleMeasurement, error) { - r := bytes.NewReader(eventData) - - measurement := &googleMeasurement{} - - if err := binary.Read(r, binary.LittleEndian, &measurement.version); err != nil { - return nil, fmt.Errorf("failed to parse measurement version: %v", err) - } - - if err := binary.Read(r, binary.LittleEndian, &measurement.measurementTag); err != nil { - return nil, fmt.Errorf("failed to parse measurement tag: %v", err) - } - - if err := binary.Read(r, binary.LittleEndian, &measurement.measurementSize); err != nil { - return nil, fmt.Errorf("failed to parse measurement size: %v", err) - } - - measurement.content = make([]byte, measurement.measurementSize) - if _, err := r.Read(measurement.content); err != nil { - return nil, fmt.Errorf("failed to parse measurement content: %v", err) - } - - return measurement, nil -} - // GMESState extracts Google Measurement Event Structure (GMES) information from a TCG event log. -func GMESState(events []tcg.Event) (*GoogleMeasurementState, error) { - state := &GoogleMeasurementState{} +func GMESState(events []tcg.Event) (*gmes.State, error) { + state := &gmes.State{} for _, event := range events { eventType, err := tcg.UntrustedParseEventType(uint32(event.UntrustedType())) if err != nil { @@ -583,40 +542,43 @@ func GMESState(events []tcg.Event) (*GoogleMeasurementState, error) { return nil, fmt.Errorf("failed to parse PCCClient Tagged Event at event %d: %v", event.Num(), err) } - if taggedEvent.ID != GMESConfig.EventID { + if taggedEvent.ID != gmes.EventID { return nil, fmt.Errorf("unexpected event ID at event %d: %v", event.Num(), taggedEvent.ID) } // Parse Google Measurement Event Structure. - gmes, err := parseGMES(taggedEvent.Data) + gmesEvent, err := gmes.ParseEvent(taggedEvent.Data) if err != nil { return nil, err } + registerCfg := gmes.PCRConfig + tagCfg := gmes.SampleMeasurementConfig + switch event.MRIndex() { - case GMESConfig.BMCFirmwareIdx: - if gmes.measurementTag != GMESConfig.BMCFirmwareTag { - return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmes.measurementTag) + case registerCfg.BMCFirmwareIdx: + if gmesEvent.Tag != tagCfg.BMCFirmware { + return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmesEvent.Tag) } - state.BMCFirmware = gmes.content + state.BMCFirmware = gmesEvent.Content - case GMESConfig.MBMIdx: - if gmes.measurementTag != GMESConfig.MBMTag { - return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmes.measurementTag) + case registerCfg.MBMIdx: + if gmesEvent.Tag != tagCfg.MBM { + return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmesEvent.Tag) } - state.MBM = string(gmes.content) + state.MBM = string(gmesEvent.Content) - case GMESConfig.BIOSIdx: - if gmes.measurementTag != GMESConfig.BIOSTag { - return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmes.measurementTag) + case registerCfg.BIOSIdx: + if gmesEvent.Tag != tagCfg.BIOS { + return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmesEvent.Tag) } - state.BIOS = string(gmes.content) + state.BIOS = string(gmesEvent.Content) - case GMESConfig.HostKernelIdx: - if gmes.measurementTag != GMESConfig.HostKernelTag { - return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmes.measurementTag) + case registerCfg.HostKernelIdx: + if gmesEvent.Tag != tagCfg.HostKernel { + return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmesEvent.Tag) } - state.HostKernel = gmes.content + state.HostKernel = gmesEvent.Content default: return nil, fmt.Errorf("unknown MR index: %d", event.MRIndex()) diff --git a/extract/extract_test.go b/extract/extract_test.go index a9caf40..08a6ca5 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -25,6 +25,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" + gmes "github.com/google/go-eventlog/extract/gmes" "github.com/google/go-eventlog/internal/testutil" "github.com/google/go-eventlog/register" "github.com/google/go-eventlog/tcg" @@ -675,7 +676,7 @@ func decodeHex(hexStr string) []byte { func TestGMESState(t *testing.T) { // TODO: update once we have a more complete test event log. - expectedGMES := &GoogleMeasurementState{ + expectedGMES := &gmes.State{ BIOS: "BIOS", MBM: "MBM", } diff --git a/extract/gmes/gmes.go b/extract/gmes/gmes.go new file mode 100644 index 0000000..4035135 --- /dev/null +++ b/extract/gmes/gmes.go @@ -0,0 +1,102 @@ +// Copyright 2026 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +// Package extract has configs for extracting information from Google measurements. +package gmes + +import ( + "bytes" + "encoding/binary" + "fmt" +) + +// State represents the state of a Google Bare Metal machine. +type State struct { + BMCFirmware []byte + MBM string + BIOS string + HostKernel []byte +} + +// MeasurementEvent represents the structure of a Google measurement event. +type MeasurementEvent struct { + Version uint32 + Tag uint32 + Size uint32 + Content []byte +} + +type registerConfig struct { + BMCFirmwareIdx uint32 + MBMIdx uint32 + BIOSIdx uint32 + HostKernelIdx uint32 +} + +type measurementTagConfig struct { + BMCFirmware uint32 + MBM uint32 + HostKernel uint32 + BIOS uint32 +} + +// PCRConfig configures the expected PCR indexes for GMES event logs. +var PCRConfig = registerConfig{ + BMCFirmwareIdx: 0, + MBMIdx: 11, + BIOSIdx: 17, + HostKernelIdx: 21, +} + +// MeasurementTagConfig configures the expected measurement tags for GMES events. +var MeasurementTagConfig = measurementTagConfig{ + BMCFirmware: 1, + BIOS: 2, + HostKernel: 3, + MBM: 4, +} + +// EventID is the expected event ID for GMES events. +var EventID uint32 = 0x474D4553 + +// Corresponds to B200GMESSimpleEventLog which doesn't yet have the final measurement tags. +var SampleMeasurementConfig = measurementTagConfig{ + BIOS: 1, + MBM: 1, +} + +func ParseEvent(eventdata []byte) (*MeasurementEvent, error) { + r := bytes.NewReader(eventdata) + + measurement := &MeasurementEvent{} + + if err := binary.Read(r, binary.LittleEndian, &measurement.Version); err != nil { + return nil, fmt.Errorf("failed to parse measurement version: %v", err) + } + + if err := binary.Read(r, binary.LittleEndian, &measurement.Tag); err != nil { + return nil, fmt.Errorf("failed to parse measurement tag: %v", err) + } + + if err := binary.Read(r, binary.LittleEndian, &measurement.Size); err != nil { + return nil, fmt.Errorf("failed to parse measurement size: %v", err) + } + + measurement.Content = make([]byte, measurement.Size) + if _, err := r.Read(measurement.Content); err != nil { + return nil, fmt.Errorf("failed to parse measurement content: %v", err) + } + + return measurement, nil +} diff --git a/extract/registerconfig.go b/extract/registerconfig.go index 3a36a23..e6fec6b 100644 --- a/extract/registerconfig.go +++ b/extract/registerconfig.go @@ -96,38 +96,3 @@ var RTMRRegisterConfig = registerConfig{ }, LogType: pb.LogType_LOG_TYPE_CC, } - -type gmesConfig struct { - BMCFirmwareIdx uint32 - MBMIdx uint32 - BIOSIdx uint32 - HostKernelIdx uint32 - - BMCFirmwareTag uint32 - BIOSTag uint32 - HostKernelTag uint32 - MBMTag uint32 - - EventID uint32 -} - -// GMESConfig configures the expected indexes and tags for Google Measurement (GMES) event logs. -var GMESConfig = gmesConfig{ - BMCFirmwareIdx: 0, - MBMIdx: 11, - BIOSIdx: 17, - HostKernelIdx: 21, - - BMCFirmwareTag: 1, - BIOSTag: 1, - HostKernelTag: 1, - MBMTag: 1, - - // TODO: restore once we have a test log with proper measurement tags. - // BMCFirmwareTag: 1, - // BIOSTag: 2, - // HostKernelTag: 3, - // MBMTag: 4, - - EventID: 0x474D4553, -} From 6a0dd31ccd6bd17b214b93f5b8c350cd18096cd5 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 14 Apr 2026 17:51:53 +0000 Subject: [PATCH 12/23] gofmt --- extract/extract.go | 3 ++- extract/gmes/gmes.go | 25 +++++++++++++------------ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/extract/extract.go b/extract/extract.go index 57cd32a..2a27596 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -553,7 +553,8 @@ func GMESState(events []tcg.Event) (*gmes.State, error) { } registerCfg := gmes.PCRConfig - tagCfg := gmes.SampleMeasurementConfig + // TODO: switch to real measurement tag config once we have a suitable event log. + tagCfg := gmes.TestMeasurementConfig switch event.MRIndex() { case registerCfg.BMCFirmwareIdx: diff --git a/extract/gmes/gmes.go b/extract/gmes/gmes.go index 4035135..6429bc1 100644 --- a/extract/gmes/gmes.go +++ b/extract/gmes/gmes.go @@ -31,10 +31,10 @@ type State struct { // MeasurementEvent represents the structure of a Google measurement event. type MeasurementEvent struct { - Version uint32 - Tag uint32 - Size uint32 - Content []byte + Version uint32 + Tag uint32 + Size uint32 + Content []byte } type registerConfig struct { @@ -46,9 +46,9 @@ type registerConfig struct { type measurementTagConfig struct { BMCFirmware uint32 - MBM uint32 - HostKernel uint32 - BIOS uint32 + MBM uint32 + HostKernel uint32 + BIOS uint32 } // PCRConfig configures the expected PCR indexes for GMES event logs. @@ -62,20 +62,21 @@ var PCRConfig = registerConfig{ // MeasurementTagConfig configures the expected measurement tags for GMES events. var MeasurementTagConfig = measurementTagConfig{ BMCFirmware: 1, - BIOS: 2, - HostKernel: 3, - MBM: 4, + BIOS: 2, + HostKernel: 3, + MBM: 4, } // EventID is the expected event ID for GMES events. var EventID uint32 = 0x474D4553 // Corresponds to B200GMESSimpleEventLog which doesn't yet have the final measurement tags. -var SampleMeasurementConfig = measurementTagConfig{ +var TestMeasurementConfig = measurementTagConfig{ BIOS: 1, - MBM: 1, + MBM: 1, } +// ParseEvent parses a GMES event from the given data. func ParseEvent(eventdata []byte) (*MeasurementEvent, error) { r := bytes.NewReader(eventdata) From e0893b9d3f27b553f0aa4127fbadcceb2399243d Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 14 Apr 2026 20:22:48 +0000 Subject: [PATCH 13/23] fix lint errors --- extract/gmes/gmes.go | 4 ++-- proto/state.proto | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/extract/gmes/gmes.go b/extract/gmes/gmes.go index 6429bc1..5cf5fac 100644 --- a/extract/gmes/gmes.go +++ b/extract/gmes/gmes.go @@ -12,7 +12,7 @@ // License for the specific language governing permissions and limitations under // the License. -// Package extract has configs for extracting information from Google measurements. +// Package gmes has configs for extracting information from Google measurements. package gmes import ( @@ -70,7 +70,7 @@ var MeasurementTagConfig = measurementTagConfig{ // EventID is the expected event ID for GMES events. var EventID uint32 = 0x474D4553 -// Corresponds to B200GMESSimpleEventLog which doesn't yet have the final measurement tags. +// TestMeasurementConfig contains measurement tags corresponding to B200GMESSimpleEventLog. var TestMeasurementConfig = measurementTagConfig{ BIOS: 1, MBM: 1, diff --git a/proto/state.proto b/proto/state.proto index 1e86af7..8c9640b 100644 --- a/proto/state.proto +++ b/proto/state.proto @@ -220,3 +220,15 @@ message FirmwareLogState { LogType log_type = 9; } +// The state of Google Measurements (GMES) for the machine. +message GMESState { + // The BMC firmware version. + bytes BMCFirmware = 1; + + string MBM = 2; + + string BIOS = 3; + + // The host kernel hash and commandline. + bytes HostKernel = 4; +} From 87e3b3e2d63100ea273d9d4e498717b555214088 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 14 Apr 2026 20:25:20 +0000 Subject: [PATCH 14/23] revert proto changes --- proto/state.proto | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/proto/state.proto b/proto/state.proto index 8c9640b..20ca55b 100644 --- a/proto/state.proto +++ b/proto/state.proto @@ -219,16 +219,3 @@ message FirmwareLogState { LogType log_type = 9; } - -// The state of Google Measurements (GMES) for the machine. -message GMESState { - // The BMC firmware version. - bytes BMCFirmware = 1; - - string MBM = 2; - - string BIOS = 3; - - // The host kernel hash and commandline. - bytes HostKernel = 4; -} From 36b368facc2dad2e83aa4d7e0508fe3a9619a035 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 14 Apr 2026 21:35:30 +0000 Subject: [PATCH 15/23] add separator handling --- extract/extract.go | 29 ++++++++++++++++++++++++++++- extract/extract_test.go | 2 +- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/extract/extract.go b/extract/extract.go index 2a27596..fe296c0 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -517,19 +517,46 @@ func getGrubKernelCmdlineSuffix(grubCmd []byte) int { } // GMESState extracts Google Measurement Event Structure (GMES) information from a TCG event log. -func GMESState(events []tcg.Event) (*gmes.State, error) { +func GMESState(hash crypto.Hash, events []tcg.Event) (*gmes.State, error) { state := &gmes.State{} + seenSeparators := map[uint32]bool{ + gmes.PCRConfig.BMCFirmwareIdx: false, + gmes.PCRConfig.MBMIdx: false, + gmes.PCRConfig.BIOSIdx: false, + gmes.PCRConfig.HostKernelIdx: false, + } + for _, event := range events { eventType, err := tcg.UntrustedParseEventType(uint32(event.UntrustedType())) if err != nil { return nil, err } + separatorInfo := getSeparatorInfo(hash) + isSeparator, err := checkIfValidSeparator(event, separatorInfo) + if err != nil { + return nil, fmt.Errorf("error checking for separator: %v", err) + } + + if isSeparator { + if seen, ok := seenSeparators[event.MRIndex()]; ok { + if seen { + return nil, fmt.Errorf("duplicate separator at MR%d", event.MRIndex()) + } + seenSeparators[event.MRIndex()] = true + } + continue + } + // Skip for non Event Tag events. if eventType != tcg.EventTag { continue } + if seen, ok := seenSeparators[event.MRIndex()]; ok && seen { + return nil, fmt.Errorf("found Event Tag event at MR%d after separator", event.MRIndex()) + } + // TODO: uncomment once we have a test log with proper digests. // digestVerify := DigestEquals(event, event.RawData()) // if digestVerify != nil { diff --git a/extract/extract_test.go b/extract/extract_test.go index 08a6ca5..3c511a5 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -683,7 +683,7 @@ func TestGMESState(t *testing.T) { events := getB200GMESEvents(t) - gmes, err := GMESState(events) + gmes, err := GMESState(crypto.SHA256, events) if err != nil { t.Fatalf("failed to extract GMES state: %v", err) } From 9b5d9c8f432dcb7f9049391a9f5b590cf964a090 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 14 Apr 2026 21:54:03 +0000 Subject: [PATCH 16/23] refine separator handling --- extract/extract.go | 44 +++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/extract/extract.go b/extract/extract.go index fe296c0..604c2bb 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -532,29 +532,39 @@ func GMESState(hash crypto.Hash, events []tcg.Event) (*gmes.State, error) { return nil, err } - separatorInfo := getSeparatorInfo(hash) - isSeparator, err := checkIfValidSeparator(event, separatorInfo) - if err != nil { - return nil, fmt.Errorf("error checking for separator: %v", err) - } + // Handle separator types. + if eventType == tcg.Separator { + seen, ok := seenSeparators[event.MRIndex()] + if !ok { // Skip if not a GMES index. + continue + } - if isSeparator { - if seen, ok := seenSeparators[event.MRIndex()]; ok { - if seen { - return nil, fmt.Errorf("duplicate separator at MR%d", event.MRIndex()) - } - seenSeparators[event.MRIndex()] = true + if seen { + return nil, fmt.Errorf("duplicate separator event at MR%d", event.MRIndex()) } - continue - } - // Skip for non Event Tag events. - if eventType != tcg.EventTag { - continue + separatorInfo := getSeparatorInfo(hash) + isSeparator, err := checkIfValidSeparator(event, separatorInfo) + if err != nil { + return nil, fmt.Errorf("error checking for valid separator: %v", err) + } + + if !isSeparator { + return nil, fmt.Errorf("event contains separator type but not separator content %d", event.Num()) + } + + seenSeparators[event.MRIndex()] = true + } if seen, ok := seenSeparators[event.MRIndex()]; ok && seen { - return nil, fmt.Errorf("found Event Tag event at MR%d after separator", event.MRIndex()) + // Don't trust any events for the index after separator. + break + } + + if eventType != tcg.EventTag { + // Ignore non-Tag events since GMES events are expected to be in Tag format. + continue } // TODO: uncomment once we have a test log with proper digests. From a828a5e2973acf4264c433995cfec4f50af3a01c Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 15 Apr 2026 00:16:43 +0000 Subject: [PATCH 17/23] add GMES unit tests with test events --- extract/extract.go | 15 ++-- extract/extract_test.go | 186 +++++++++++++++++++++++++++++++++++----- 2 files changed, 171 insertions(+), 30 deletions(-) diff --git a/extract/extract.go b/extract/extract.go index 604c2bb..eb27248 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -554,12 +554,12 @@ func GMESState(hash crypto.Hash, events []tcg.Event) (*gmes.State, error) { } seenSeparators[event.MRIndex()] = true - + continue } if seen, ok := seenSeparators[event.MRIndex()]; ok && seen { // Don't trust any events for the index after separator. - break + continue } if eventType != tcg.EventTag { @@ -567,11 +567,10 @@ func GMESState(hash crypto.Hash, events []tcg.Event) (*gmes.State, error) { continue } - // TODO: uncomment once we have a test log with proper digests. - // digestVerify := DigestEquals(event, event.RawData()) - // if digestVerify != nil { - // return nil, fmt.Errorf("invalid digest at event %d: %v", event.Num(), digestVerify) - // } + // Verify event digest matches event data. + if err := DigestEquals(event, event.RawData()); err != nil { + return nil, fmt.Errorf("invalid digest at event %d: %v", event.Num(), err) + } // Parse PCCClient Tagged Event from event data. taggedEvent, err := tcg.ParseTaggedEventData(event.RawData()) @@ -591,7 +590,7 @@ func GMESState(hash crypto.Hash, events []tcg.Event) (*gmes.State, error) { registerCfg := gmes.PCRConfig // TODO: switch to real measurement tag config once we have a suitable event log. - tagCfg := gmes.TestMeasurementConfig + tagCfg := gmes.MeasurementTagConfig switch event.MRIndex() { case registerCfg.BMCFirmwareIdx: diff --git a/extract/extract_test.go b/extract/extract_test.go index 3c511a5..0430133 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -18,6 +18,8 @@ import ( "bytes" "crypto" "crypto/rand" + "crypto/sha256" + "encoding/binary" "encoding/hex" "math/big" "os" @@ -675,39 +677,179 @@ func decodeHex(hexStr string) []byte { } func TestGMESState(t *testing.T) { - // TODO: update once we have a more complete test event log. - expectedGMES := &gmes.State{ - BIOS: "BIOS", - MBM: "MBM", + expectedState := &gmes.State{ + BIOS: "TestBIOS", + MBM: "TestMBM", + BMCFirmware: []byte("TestBMC"), + HostKernel: []byte("TestKernel"), + } + + validEvents := []tcg.Event{ + newGMESEvent(t, gmes.PCRConfig.BIOSIdx, gmes.MeasurementTagConfig.BIOS, []byte(expectedState.BIOS)), + newSeparatorEvent(t, gmes.PCRConfig.BIOSIdx), + newGMESEvent(t, gmes.PCRConfig.MBMIdx, gmes.MeasurementTagConfig.MBM, []byte(expectedState.MBM)), + newSeparatorEvent(t, gmes.PCRConfig.MBMIdx), + newGMESEvent(t, gmes.PCRConfig.BMCFirmwareIdx, gmes.MeasurementTagConfig.BMCFirmware, expectedState.BMCFirmware), + newSeparatorEvent(t, gmes.PCRConfig.BMCFirmwareIdx), + newGMESEvent(t, gmes.PCRConfig.HostKernelIdx, gmes.MeasurementTagConfig.HostKernel, expectedState.HostKernel), + newSeparatorEvent(t, gmes.PCRConfig.HostKernelIdx), + } + + testcases := []struct { + name string + events []tcg.Event + expectedState *gmes.State + }{ + { + name: "valid events", + events: validEvents, + expectedState: expectedState, + }, + { + name: "duplicate separator", + events: append(validEvents, newSeparatorEvent(t, gmes.PCRConfig.HostKernelIdx)), + expectedState: nil, // Expect failure. + }, + { + name: "invalid tag", + events: []tcg.Event{newGMESEvent(t, gmes.PCRConfig.BIOSIdx, 9999, []byte("InvalidTag"))}, + expectedState: nil, // Expect failure. + }, + { + name: "event after separator ignored", + events: append(validEvents, newGMESEvent(t, gmes.PCRConfig.HostKernelIdx, gmes.MeasurementTagConfig.HostKernel, []byte("ModifiedKernel"))), + expectedState: expectedState, // Should ignore the modified event after the separator. + }, } - events := getB200GMESEvents(t) + for _, tc := range testcases { + t.Run(tc.name, func(t *testing.T) { + gotState, err := GMESState(crypto.SHA256, getEventsFromLog(t, tc.events)) - gmes, err := GMESState(crypto.SHA256, events) - if err != nil { - t.Fatalf("failed to extract GMES state: %v", err) + if (err != nil) != (tc.expectedState == nil) { + t.Fatalf("GMESState() error = %v, wantErr: %v", err, tc.expectedState == nil) + } + + if tc.expectedState != nil && !cmp.Equal(gotState, tc.expectedState) { + t.Errorf("GMESState() = got %+v, want %+v", gotState, tc.expectedState) + } + }) + } +} + +// encodeGMESEventData packages content into the Google Measurement Event Structure +// and wraps it in a TCG Tagged Event structure. +func encodeGMESEventData(t *testing.T, tag uint32, content []byte) []byte { + t.Helper() + // Create GMES MeasurementEvent data + gmesBuf := new(bytes.Buffer) + binary.Write(gmesBuf, binary.LittleEndian, uint32(1)) // Version + binary.Write(gmesBuf, binary.LittleEndian, tag) // Tag + binary.Write(gmesBuf, binary.LittleEndian, uint32(len(content))) // Size + gmesBuf.Write(content) + gmesData := gmesBuf.Bytes() + + // Wrap in TCG_PCClientTaggedEventStruct + taggedBuf := new(bytes.Buffer) + binary.Write(taggedBuf, binary.LittleEndian, gmes.EventID) // ID + binary.Write(taggedBuf, binary.LittleEndian, uint32(len(gmesData))) // DataLen + taggedBuf.Write(gmesData) + + return taggedBuf.Bytes() +} + +// newGMESEvent creates a tcg.Event containing a GMES measurement. +func newGMESEvent(t *testing.T, mrIndex uint32, tag uint32, content []byte) tcg.Event { + t.Helper() + data := encodeGMESEventData(t, tag, content) + digest := sha256.Sum256(data) + return tcg.Event{ + Index: int(mrIndex), + Type: tcg.EventTag, + Data: data, + Digest: digest[:], } +} - if !cmp.Equal(gmes, expectedGMES) { - t.Errorf("GMESState() = got %+v, want %+v", gmes, expectedGMES) +// newSeparatorEvent creates a tcg.Separator event for the given MR index. +func newSeparatorEvent(t *testing.T, mrIndex uint32) tcg.Event { + t.Helper() + data := []byte{0, 0, 0, 0} + digest := sha256.Sum256(data) + return tcg.Event{ + Index: int(mrIndex), + Type: tcg.Separator, + Data: data, + Digest: digest[:], } } -func getB200GMESEvents(t *testing.T) []tcg.Event { +// getEventsFromLog takes a slice of events and returns a slice of verified events +// by building a synthetic raw event log and replaying it. +func getEventsFromLog(t *testing.T, events []tcg.Event) []tcg.Event { t.Helper() - log := testdata.B200GMESSimpleEventLog - bank := testutil.MakePCRBank(pb.HashAlgo_SHA256, map[uint32][]byte{ - 0: decodeHex("806fcb3c4d6ee3afc8eca3d420a48c206fb23803fcbd593eebba2b1df20c322c"), - 11: decodeHex("bbdaacd7e9dab4c992e5e941c69d3a35b57c349ab01ec673af95b3df9dd8aa34"), - 17: decodeHex("9b94ab02f66dd85264c029dc13066c223a22e92b6231a2caf5b47b201ec7e04d"), - 21: decodeHex("e435213b3c71ec4568e4cc4727b0cd08cb3489c1919cdb318fc089cfd94b56f7"), - }) + buf := new(bytes.Buffer) + // Spec ID event (SHA1 format) + binary.Write(buf, binary.LittleEndian, uint32(0)) // PCRIndex + binary.Write(buf, binary.LittleEndian, uint32(0x03)) // Type: NoAction + binary.Write(buf, binary.LittleEndian, [20]byte{}) // Digest + + specIDBuf := new(bytes.Buffer) + // "Spec ID Event03\0" + binary.Write(specIDBuf, binary.LittleEndian, [16]byte{0x53, 0x70, 0x65, 0x63, 0x20, 0x49, 0x44, 0x20, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x30, 0x33, 0x00}) + binary.Write(specIDBuf, binary.LittleEndian, uint32(0)) // PlatformClass + binary.Write(specIDBuf, binary.LittleEndian, uint8(0)) // VersionMinor + binary.Write(specIDBuf, binary.LittleEndian, uint8(2)) // VersionMajor + binary.Write(specIDBuf, binary.LittleEndian, uint8(0)) // Errata + binary.Write(specIDBuf, binary.LittleEndian, uint8(8)) // UintnSize + binary.Write(specIDBuf, binary.LittleEndian, uint32(1)) // NumAlgs + binary.Write(specIDBuf, binary.LittleEndian, uint16(0x000B)) // SHA256 ID + binary.Write(specIDBuf, binary.LittleEndian, uint16(32)) // SHA256 Size + binary.Write(specIDBuf, binary.LittleEndian, uint8(0)) // VendorInfoSize + + specIDData := specIDBuf.Bytes() + binary.Write(buf, binary.LittleEndian, uint32(len(specIDData))) + buf.Write(specIDData) + + // Subsequent events (TPM 2.0 format) + for _, e := range events { + binary.Write(buf, binary.LittleEndian, uint32(e.Index)) + binary.Write(buf, binary.LittleEndian, uint32(e.Type)) + binary.Write(buf, binary.LittleEndian, uint32(1)) // NumDigests + binary.Write(buf, binary.LittleEndian, uint16(0x000B)) // SHA256 + buf.Write(e.Digest) + binary.Write(buf, binary.LittleEndian, uint32(len(e.Data))) + buf.Write(e.Data) + } + + rawLog := buf.Bytes() + + // Calculate PCRs for replay. + pcrValues := make(map[int][]byte) + for _, e := range events { + h := sha256.New() + if current, ok := pcrValues[e.Index]; ok { + h.Write(current) + } else { + // First event for this PCR - intialize with zeros. + initial := make([]byte, h.Size()) + h.Write(initial) + } + h.Write(e.Digest) + pcrValues[e.Index] = h.Sum(nil) + } - events, err := tcg.ParseAndReplay(log, bank.MRs(), tcg.ParseOpts{}) - if err != nil { - t.Fatal(err) + pcrMap := make(map[uint32][]byte) + for idx, val := range pcrValues { + pcrMap[uint32(idx)] = val[:] } + bank := testutil.MakePCRBank(pb.HashAlgo_SHA256, pcrMap) - return events + // Parse and Replay to get events. + replayedEvents, err := tcg.ParseAndReplay(rawLog, bank.MRs(), tcg.ParseOpts{}) + if err != nil { + t.Fatalf("failed to parse synthetic log: %v", err) + } + return replayedEvents } From 01f27a53f56b108c46bf9994ea7ecfaa5423a3ae Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 15 Apr 2026 00:18:59 +0000 Subject: [PATCH 18/23] fix typo --- extract/extract_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extract/extract_test.go b/extract/extract_test.go index 0430133..4f164bb 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -832,7 +832,7 @@ func getEventsFromLog(t *testing.T, events []tcg.Event) []tcg.Event { if current, ok := pcrValues[e.Index]; ok { h.Write(current) } else { - // First event for this PCR - intialize with zeros. + // First event for this PCR - initialize with zeros. initial := make([]byte, h.Size()) h.Write(initial) } From c6fbf12aefe92deef861dcb9438dfbaea9c21f55 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 15 Apr 2026 00:43:30 +0000 Subject: [PATCH 19/23] define proto GMESState --- extract/extract.go | 12 +- extract/extract_test.go | 29 +- extract/gmes/gmes.go | 14 +- proto/state.proto | 8 + proto/state/state.pb.go | 756 ++++++++------------ testdata/eventlog_data.go | 2 - testdata/eventlogs/tpm/b200-gmes-simple.bin | Bin 475 -> 0 bytes 7 files changed, 338 insertions(+), 483 deletions(-) delete mode 100644 testdata/eventlogs/tpm/b200-gmes-simple.bin diff --git a/extract/extract.go b/extract/extract.go index eb27248..d2ebf21 100644 --- a/extract/extract.go +++ b/extract/extract.go @@ -517,8 +517,8 @@ func getGrubKernelCmdlineSuffix(grubCmd []byte) int { } // GMESState extracts Google Measurement Event Structure (GMES) information from a TCG event log. -func GMESState(hash crypto.Hash, events []tcg.Event) (*gmes.State, error) { - state := &gmes.State{} +func GMESState(hash crypto.Hash, events []tcg.Event) (*pb.GMESState, error) { + state := &pb.GMESState{} seenSeparators := map[uint32]bool{ gmes.PCRConfig.BMCFirmwareIdx: false, gmes.PCRConfig.MBMIdx: false, @@ -597,25 +597,25 @@ func GMESState(hash crypto.Hash, events []tcg.Event) (*gmes.State, error) { if gmesEvent.Tag != tagCfg.BMCFirmware { return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmesEvent.Tag) } - state.BMCFirmware = gmesEvent.Content + state.BmcFirmware = string(gmesEvent.Content) case registerCfg.MBMIdx: if gmesEvent.Tag != tagCfg.MBM { return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmesEvent.Tag) } - state.MBM = string(gmesEvent.Content) + state.Mbm = string(gmesEvent.Content) case registerCfg.BIOSIdx: if gmesEvent.Tag != tagCfg.BIOS { return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmesEvent.Tag) } - state.BIOS = string(gmesEvent.Content) + state.Bios = string(gmesEvent.Content) case registerCfg.HostKernelIdx: if gmesEvent.Tag != tagCfg.HostKernel { return nil, fmt.Errorf("unexpected measurement tag at event %d: %v", event.Num(), gmesEvent.Tag) } - state.HostKernel = gmesEvent.Content + state.HostKernel = string(gmesEvent.Content) default: return nil, fmt.Errorf("unknown MR index: %d", event.MRIndex()) diff --git a/extract/extract_test.go b/extract/extract_test.go index 4f164bb..11ac8b8 100644 --- a/extract/extract_test.go +++ b/extract/extract_test.go @@ -27,6 +27,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" gmes "github.com/google/go-eventlog/extract/gmes" "github.com/google/go-eventlog/internal/testutil" "github.com/google/go-eventlog/register" @@ -677,19 +678,19 @@ func decodeHex(hexStr string) []byte { } func TestGMESState(t *testing.T) { - expectedState := &gmes.State{ - BIOS: "TestBIOS", - MBM: "TestMBM", - BMCFirmware: []byte("TestBMC"), - HostKernel: []byte("TestKernel"), + expectedState := &pb.GMESState{ + Bios: "TestBIOS", + Mbm: "TestMBM", + BmcFirmware: "TestBMC", + HostKernel: "TestKernel", } validEvents := []tcg.Event{ - newGMESEvent(t, gmes.PCRConfig.BIOSIdx, gmes.MeasurementTagConfig.BIOS, []byte(expectedState.BIOS)), + newGMESEvent(t, gmes.PCRConfig.BIOSIdx, gmes.MeasurementTagConfig.BIOS, expectedState.Bios), newSeparatorEvent(t, gmes.PCRConfig.BIOSIdx), - newGMESEvent(t, gmes.PCRConfig.MBMIdx, gmes.MeasurementTagConfig.MBM, []byte(expectedState.MBM)), + newGMESEvent(t, gmes.PCRConfig.MBMIdx, gmes.MeasurementTagConfig.MBM, expectedState.Mbm), newSeparatorEvent(t, gmes.PCRConfig.MBMIdx), - newGMESEvent(t, gmes.PCRConfig.BMCFirmwareIdx, gmes.MeasurementTagConfig.BMCFirmware, expectedState.BMCFirmware), + newGMESEvent(t, gmes.PCRConfig.BMCFirmwareIdx, gmes.MeasurementTagConfig.BMCFirmware, expectedState.BmcFirmware), newSeparatorEvent(t, gmes.PCRConfig.BMCFirmwareIdx), newGMESEvent(t, gmes.PCRConfig.HostKernelIdx, gmes.MeasurementTagConfig.HostKernel, expectedState.HostKernel), newSeparatorEvent(t, gmes.PCRConfig.HostKernelIdx), @@ -698,7 +699,7 @@ func TestGMESState(t *testing.T) { testcases := []struct { name string events []tcg.Event - expectedState *gmes.State + expectedState *pb.GMESState }{ { name: "valid events", @@ -712,12 +713,12 @@ func TestGMESState(t *testing.T) { }, { name: "invalid tag", - events: []tcg.Event{newGMESEvent(t, gmes.PCRConfig.BIOSIdx, 9999, []byte("InvalidTag"))}, + events: []tcg.Event{newGMESEvent(t, gmes.PCRConfig.BIOSIdx, 9999, "InvalidTag")}, expectedState: nil, // Expect failure. }, { name: "event after separator ignored", - events: append(validEvents, newGMESEvent(t, gmes.PCRConfig.HostKernelIdx, gmes.MeasurementTagConfig.HostKernel, []byte("ModifiedKernel"))), + events: append(validEvents, newGMESEvent(t, gmes.PCRConfig.HostKernelIdx, gmes.MeasurementTagConfig.HostKernel, "ModifiedKernel")), expectedState: expectedState, // Should ignore the modified event after the separator. }, } @@ -730,7 +731,7 @@ func TestGMESState(t *testing.T) { t.Fatalf("GMESState() error = %v, wantErr: %v", err, tc.expectedState == nil) } - if tc.expectedState != nil && !cmp.Equal(gotState, tc.expectedState) { + if tc.expectedState != nil && !cmp.Equal(gotState, tc.expectedState, cmpopts.IgnoreUnexported(pb.GMESState{})) { t.Errorf("GMESState() = got %+v, want %+v", gotState, tc.expectedState) } }) @@ -759,9 +760,9 @@ func encodeGMESEventData(t *testing.T, tag uint32, content []byte) []byte { } // newGMESEvent creates a tcg.Event containing a GMES measurement. -func newGMESEvent(t *testing.T, mrIndex uint32, tag uint32, content []byte) tcg.Event { +func newGMESEvent(t *testing.T, mrIndex uint32, tag uint32, content string) tcg.Event { t.Helper() - data := encodeGMESEventData(t, tag, content) + data := encodeGMESEventData(t, tag, []byte(content)) digest := sha256.Sum256(data) return tcg.Event{ Index: int(mrIndex), diff --git a/extract/gmes/gmes.go b/extract/gmes/gmes.go index 5cf5fac..3ed440b 100644 --- a/extract/gmes/gmes.go +++ b/extract/gmes/gmes.go @@ -21,13 +21,13 @@ import ( "fmt" ) -// State represents the state of a Google Bare Metal machine. -type State struct { - BMCFirmware []byte - MBM string - BIOS string - HostKernel []byte -} +// // State represents the state of a Google Bare Metal machine. +// type State struct { +// BMCFirmware []byte +// MBM string +// BIOS string +// HostKernel []byte +// } // MeasurementEvent represents the structure of a Google measurement event. type MeasurementEvent struct { diff --git a/proto/state.proto b/proto/state.proto index 20ca55b..742d64e 100644 --- a/proto/state.proto +++ b/proto/state.proto @@ -219,3 +219,11 @@ message FirmwareLogState { LogType log_type = 9; } + +// The verified state of Google measurements on the machine. +message GMESState { + string bmc_firmware = 1; + string bios = 2; + string host_kernel = 3; + string mbm = 4; +} diff --git a/proto/state/state.pb.go b/proto/state/state.pb.go index 0d6d44f..069bbca 100644 --- a/proto/state/state.pb.go +++ b/proto/state/state.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 -// protoc v3.21.12 +// protoc-gen-go v1.36.11 +// protoc v3.14.0 // source: state.proto package state @@ -25,6 +25,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -266,24 +267,21 @@ func (HashAlgo) EnumDescriptor() ([]byte, []int) { // // https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} type GCEInstanceInfo struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` + ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` + ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` + InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` + InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` unknownFields protoimpl.UnknownFields - - Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` - ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` - ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` - InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` - InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` + sizeCache protoimpl.SizeCache } func (x *GCEInstanceInfo) Reset() { *x = GCEInstanceInfo{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GCEInstanceInfo) String() string { @@ -294,7 +292,7 @@ func (*GCEInstanceInfo) ProtoMessage() {} func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -346,11 +344,8 @@ func (x *GCEInstanceInfo) GetInstanceId() uint64 { // The platform/firmware state for this instance type PlatformState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Firmware: + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Firmware: // // *PlatformState_ScrtmVersionId // *PlatformState_GceVersion @@ -359,16 +354,16 @@ type PlatformState struct { Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=state.GCEConfidentialTechnology" json:"technology,omitempty"` // Only set for GCE instances. // Included for backcompat. go-eventlog should NOT set this field. - InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` + InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PlatformState) Reset() { *x = PlatformState{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PlatformState) String() string { @@ -379,7 +374,7 @@ func (*PlatformState) ProtoMessage() {} func (x *PlatformState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -394,23 +389,27 @@ func (*PlatformState) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{1} } -func (m *PlatformState) GetFirmware() isPlatformState_Firmware { - if m != nil { - return m.Firmware +func (x *PlatformState) GetFirmware() isPlatformState_Firmware { + if x != nil { + return x.Firmware } return nil } func (x *PlatformState) GetScrtmVersionId() []byte { - if x, ok := x.GetFirmware().(*PlatformState_ScrtmVersionId); ok { - return x.ScrtmVersionId + if x != nil { + if x, ok := x.Firmware.(*PlatformState_ScrtmVersionId); ok { + return x.ScrtmVersionId + } } return nil } func (x *PlatformState) GetGceVersion() uint32 { - if x, ok := x.GetFirmware().(*PlatformState_GceVersion); ok { - return x.GceVersion + if x != nil { + if x, ok := x.Firmware.(*PlatformState_GceVersion); ok { + return x.GceVersion + } } return 0 } @@ -448,23 +447,20 @@ func (*PlatformState_ScrtmVersionId) isPlatformState_Firmware() {} func (*PlatformState_GceVersion) isPlatformState_Firmware() {} type GrubFile struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The digest of the file (pulled from the raw event digest). Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` // The event data. This is not measured, so it is untrusted. UntrustedFilename []byte `protobuf:"bytes,2,opt,name=untrusted_filename,json=untrustedFilename,proto3" json:"untrusted_filename,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GrubFile) Reset() { *x = GrubFile{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GrubFile) String() string { @@ -475,7 +471,7 @@ func (*GrubFile) ProtoMessage() {} func (x *GrubFile) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -505,24 +501,21 @@ func (x *GrubFile) GetUntrustedFilename() []byte { } type GrubState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // All GRUB-read and measured files, including grub.cfg. Files []*GrubFile `protobuf:"bytes,1,rep,name=files,proto3" json:"files,omitempty"` // A list of executed GRUB commands and command lines passed to the kernel // and kernel modules. - Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"` + Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GrubState) Reset() { *x = GrubState{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GrubState) String() string { @@ -533,7 +526,7 @@ func (*GrubState) ProtoMessage() {} func (x *GrubState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -566,21 +559,18 @@ func (x *GrubState) GetCommands() []string { // At the moment, parsing LinuxKernelState relies on parsing the GrubState. // To do so, use ExtractOpts{Loader: GRUB} when calling ParseMachineState. type LinuxKernelState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The kernel command line. - CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"` + CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *LinuxKernelState) Reset() { *x = LinuxKernelState{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LinuxKernelState) String() string { @@ -591,7 +581,7 @@ func (*LinuxKernelState) ProtoMessage() {} func (x *LinuxKernelState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -617,10 +607,7 @@ func (x *LinuxKernelState) GetCommandLine() string { // the firmware TPM event log, the Confidential Computing event log, or any // other TCG-like event log used by firmware to record its measurements. type Event struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The register this event was extended into. Can be PCR, RTMR, etc. // Named pcr_index for backcompat reasons. PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"` @@ -635,15 +622,15 @@ type Event struct { Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"` // This is true if hash(data) == digest. DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Event) Reset() { *x = Event{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Event) String() string { @@ -654,7 +641,7 @@ func (*Event) ProtoMessage() {} func (x *Event) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -705,28 +692,25 @@ func (x *Event) GetDigestVerified() bool { } type Certificate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The representation of the certificate. If the certificate matches a // well-known certificate above, representation should contain the value in // the enum. Otherwise, it will contain the raw DER. // - // Types that are assignable to Representation: + // Types that are valid to be assigned to Representation: // // *Certificate_Der // *Certificate_WellKnown Representation isCertificate_Representation `protobuf_oneof:"representation"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Certificate) Reset() { *x = Certificate{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Certificate) String() string { @@ -737,7 +721,7 @@ func (*Certificate) ProtoMessage() {} func (x *Certificate) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -752,23 +736,27 @@ func (*Certificate) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{6} } -func (m *Certificate) GetRepresentation() isCertificate_Representation { - if m != nil { - return m.Representation +func (x *Certificate) GetRepresentation() isCertificate_Representation { + if x != nil { + return x.Representation } return nil } func (x *Certificate) GetDer() []byte { - if x, ok := x.GetRepresentation().(*Certificate_Der); ok { - return x.Der + if x != nil { + if x, ok := x.Representation.(*Certificate_Der); ok { + return x.Der + } } return nil } func (x *Certificate) GetWellKnown() WellKnownCertificate { - if x, ok := x.GetRepresentation().(*Certificate_WellKnown); ok { - return x.WellKnown + if x != nil { + if x, ok := x.Representation.(*Certificate_WellKnown); ok { + return x.WellKnown + } } return WellKnownCertificate_UNKNOWN } @@ -793,21 +781,18 @@ func (*Certificate_WellKnown) isCertificate_Representation() {} // A Secure Boot database containing lists of hashes and certificates, // as defined by section 32.4.1 Signature Database in the UEFI spec. type Database struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` + Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` unknownFields protoimpl.UnknownFields - - Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` - Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` + sizeCache protoimpl.SizeCache } func (x *Database) Reset() { *x = Database{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Database) String() string { @@ -818,7 +803,7 @@ func (*Database) ProtoMessage() {} func (x *Database) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -849,10 +834,7 @@ func (x *Database) GetHashes() [][]byte { // The Secure Boot state for this instance. type SecureBootState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Whether Secure Boot is enabled. Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` // The Secure Boot signature (allowed) database. @@ -865,16 +847,16 @@ type SecureBootState struct { // The Secure Boot Platform key, used to sign key exchange keys. Pk *Database `protobuf:"bytes,5,opt,name=pk,proto3" json:"pk,omitempty"` // The Secure Boot Key Exchange Keys, used to sign db and dbx updates. - Kek *Database `protobuf:"bytes,6,opt,name=kek,proto3" json:"kek,omitempty"` + Kek *Database `protobuf:"bytes,6,opt,name=kek,proto3" json:"kek,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SecureBootState) Reset() { *x = SecureBootState{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SecureBootState) String() string { @@ -885,7 +867,7 @@ func (*SecureBootState) ProtoMessage() {} func (x *SecureBootState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -943,22 +925,19 @@ func (x *SecureBootState) GetKek() *Database { } type EfiApp struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The PE/COFF digest of the EFI application (pulled from the raw event digest). // This can also represent digest of the EFI boot/runtime service drivers. - Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` + Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *EfiApp) Reset() { *x = EfiApp{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EfiApp) String() string { @@ -969,7 +948,7 @@ func (*EfiApp) ProtoMessage() {} func (x *EfiApp) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -994,10 +973,7 @@ func (x *EfiApp) GetDigest() []byte { // The verified state of EFI Drivers and Applications. Policy usage on this machine state // should check the entire set of EFI App digests matches, not a subset. type EfiState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // UEFI's OS Loader code is required to measure attempts to load and execute // UEFI applications. // UEFI applications are typically bootloaders such as shim and GRUB. @@ -1009,15 +985,15 @@ type EfiState struct { BootServicesDrivers []*EfiApp `protobuf:"bytes,2,rep,name=boot_services_drivers,json=bootServicesDrivers,proto3" json:"boot_services_drivers,omitempty"` // The EFI Runtime Drivers from adapter or loaded bydriver in adapter. RuntimeServicesDrivers []*EfiApp `protobuf:"bytes,3,rep,name=runtime_services_drivers,json=runtimeServicesDrivers,proto3" json:"runtime_services_drivers,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *EfiState) Reset() { *x = EfiState{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EfiState) String() string { @@ -1028,7 +1004,7 @@ func (*EfiState) ProtoMessage() {} func (x *EfiState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1072,30 +1048,27 @@ func (x *EfiState) GetRuntimeServicesDrivers() []*EfiApp { // or TCG_PCR_EVENT2 (Crypto Agile format). // The CC logs are structured using CC_EVENT. type FirmwareLogState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` - SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` + Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` + SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` // The complete parsed Firmware Event Log, including those events used to // create this MachineState. RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"` // The hash algorithm used to calculate event digests to verify a log entry. - Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=state.HashAlgo" json:"hash,omitempty"` - Grub *GrubState `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"` - LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"` - Efi *EfiState `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"` - LogType LogType `protobuf:"varint,9,opt,name=log_type,json=logType,proto3,enum=state.LogType" json:"log_type,omitempty"` + Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=state.HashAlgo" json:"hash,omitempty"` + Grub *GrubState `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"` + LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"` + Efi *EfiState `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"` + LogType LogType `protobuf:"varint,9,opt,name=log_type,json=logType,proto3,enum=state.LogType" json:"log_type,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *FirmwareLogState) Reset() { *x = FirmwareLogState{} - if protoimpl.UnsafeEnabled { - mi := &file_state_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_state_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *FirmwareLogState) String() string { @@ -1106,7 +1079,7 @@ func (*FirmwareLogState) ProtoMessage() {} func (x *FirmwareLogState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1177,170 +1150,191 @@ func (x *FirmwareLogState) GetLogType() LogType { return LogType_LOG_TYPE_UNDEFINED } -var File_state_proto protoreflect.FileDescriptor +// The verified state of Google measurements on the machine. +type GMESState struct { + state protoimpl.MessageState `protogen:"open.v1"` + BmcFirmware string `protobuf:"bytes,1,opt,name=bmc_firmware,json=bmcFirmware,proto3" json:"bmc_firmware,omitempty"` + Bios string `protobuf:"bytes,2,opt,name=bios,proto3" json:"bios,omitempty"` + HostKernel string `protobuf:"bytes,3,opt,name=host_kernel,json=hostKernel,proto3" json:"host_kernel,omitempty"` + Mbm string `protobuf:"bytes,4,opt,name=mbm,proto3" json:"mbm,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *GMESState) Reset() { + *x = GMESState{} + mi := &file_state_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} -var file_state_proto_rawDesc = []byte{ - 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x22, 0xb1, 0x01, 0x0a, 0x0f, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, - 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x7a, 0x6f, 0x6e, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x12, 0x1d, 0x0a, 0x0a, - 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, - 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4e, 0x75, 0x6d, 0x62, - 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, - 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, - 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x69, 0x6e, - 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x22, 0xe9, 0x01, 0x0a, 0x0d, 0x50, 0x6c, 0x61, - 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x10, 0x73, 0x63, - 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0e, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x63, 0x65, 0x5f, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x0a, 0x67, - 0x63, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x0a, 0x74, 0x65, 0x63, - 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, - 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x3b, 0x0a, 0x0d, 0x69, - 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x43, 0x45, 0x49, 0x6e, - 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, - 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x0a, 0x0a, 0x08, 0x66, 0x69, 0x72, 0x6d, - 0x77, 0x61, 0x72, 0x65, 0x22, 0x51, 0x0a, 0x08, 0x47, 0x72, 0x75, 0x62, 0x46, 0x69, 0x6c, 0x65, - 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, - 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x75, 0x6e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x46, - 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x4e, 0x0a, 0x09, 0x47, 0x72, 0x75, 0x62, 0x53, - 0x74, 0x61, 0x74, 0x65, 0x12, 0x25, 0x0a, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x72, 0x75, 0x62, - 0x46, 0x69, 0x6c, 0x65, 0x52, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x63, - 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, - 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x22, 0x35, 0x0a, 0x10, 0x4c, 0x69, 0x6e, 0x75, 0x78, - 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, - 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x4c, 0x69, 0x6e, 0x65, 0x22, 0xa0, - 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x63, 0x72, 0x5f, - 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x63, 0x72, - 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x25, 0x0a, 0x0e, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x65, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x75, - 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, - 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, - 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, - 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x67, 0x65, - 0x73, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x0e, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, - 0x64, 0x22, 0x71, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x12, 0x12, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, - 0x03, 0x64, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x0a, 0x77, 0x65, 0x6c, 0x6c, 0x5f, 0x6b, 0x6e, 0x6f, - 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, - 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x09, 0x77, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, - 0x77, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x08, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, - 0x12, 0x28, 0x0a, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x12, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x52, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, - 0x73, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x06, 0x68, 0x61, 0x73, 0x68, - 0x65, 0x73, 0x22, 0xe2, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, - 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, - 0x12, 0x1f, 0x0a, 0x02, 0x64, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x02, 0x64, - 0x62, 0x12, 0x21, 0x0a, 0x03, 0x64, 0x62, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, - 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, - 0x03, 0x64, 0x62, 0x78, 0x12, 0x2d, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, - 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x12, 0x1f, 0x0a, 0x02, 0x70, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, - 0x52, 0x02, 0x70, 0x6b, 0x12, 0x21, 0x0a, 0x03, 0x6b, 0x65, 0x6b, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, - 0x73, 0x65, 0x52, 0x03, 0x6b, 0x65, 0x6b, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x66, 0x69, 0x41, 0x70, - 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0xb9, 0x01, 0x0a, 0x08, 0x45, 0x66, - 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x04, 0x61, 0x70, 0x70, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x66, 0x69, - 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x12, 0x41, 0x0a, 0x15, 0x62, 0x6f, 0x6f, - 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x5f, 0x64, 0x72, 0x69, 0x76, 0x65, - 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, - 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x13, 0x62, 0x6f, 0x6f, 0x74, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x73, 0x44, 0x72, 0x69, 0x76, 0x65, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x18, - 0x72, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x5f, 0x64, 0x72, 0x69, 0x76, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, - 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x16, 0x72, - 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x44, 0x72, - 0x69, 0x76, 0x65, 0x72, 0x73, 0x22, 0x85, 0x03, 0x0a, 0x10, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, - 0x72, 0x65, 0x4c, 0x6f, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x08, 0x70, 0x6c, - 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, - 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x37, 0x0a, 0x0b, - 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x16, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, - 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, - 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x2b, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, - 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, - 0x74, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, - 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x24, 0x0a, 0x04, 0x67, 0x72, 0x75, 0x62, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x72, - 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x04, 0x67, 0x72, 0x75, 0x62, 0x12, 0x3a, 0x0a, - 0x0c, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x69, 0x6e, 0x75, - 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x6c, 0x69, - 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x21, 0x0a, 0x03, 0x65, 0x66, 0x69, - 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, - 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x65, 0x66, 0x69, 0x12, 0x29, 0x0a, 0x08, - 0x6c, 0x6f, 0x67, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0e, - 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x6f, 0x67, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, - 0x6c, 0x6f, 0x67, 0x54, 0x79, 0x70, 0x65, 0x4a, 0x04, 0x08, 0x07, 0x10, 0x08, 0x2a, 0x45, 0x0a, - 0x07, 0x4c, 0x6f, 0x67, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47, 0x5f, - 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, - 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x4f, 0x47, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54, 0x43, 0x47, - 0x32, 0x10, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x4c, 0x4f, 0x47, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, - 0x43, 0x43, 0x10, 0x02, 0x2a, 0x62, 0x0a, 0x19, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, - 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, - 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, - 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x49, 0x4e, 0x54, 0x45, - 0x4c, 0x5f, 0x54, 0x44, 0x58, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4d, 0x44, 0x5f, 0x53, - 0x45, 0x56, 0x5f, 0x53, 0x4e, 0x50, 0x10, 0x04, 0x2a, 0x96, 0x01, 0x0a, 0x14, 0x57, 0x65, 0x6c, - 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, - 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, - 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, - 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, - 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x02, 0x12, 0x1e, 0x0a, - 0x1a, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, - 0x4b, 0x45, 0x4b, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x03, 0x12, 0x12, 0x0a, - 0x0e, 0x47, 0x43, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x5f, 0x50, 0x4b, 0x10, - 0x04, 0x2a, 0x4a, 0x0a, 0x08, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x12, 0x10, 0x0a, - 0x0c, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, - 0x08, 0x0a, 0x04, 0x53, 0x48, 0x41, 0x31, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, - 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, - 0x0c, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x42, 0x2b, 0x5a, - 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x6c, 0x6f, 0x67, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, +func (x *GMESState) String() string { + return protoimpl.X.MessageStringOf(x) } +func (*GMESState) ProtoMessage() {} + +func (x *GMESState) ProtoReflect() protoreflect.Message { + mi := &file_state_proto_msgTypes[12] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GMESState.ProtoReflect.Descriptor instead. +func (*GMESState) Descriptor() ([]byte, []int) { + return file_state_proto_rawDescGZIP(), []int{12} +} + +func (x *GMESState) GetBmcFirmware() string { + if x != nil { + return x.BmcFirmware + } + return "" +} + +func (x *GMESState) GetBios() string { + if x != nil { + return x.Bios + } + return "" +} + +func (x *GMESState) GetHostKernel() string { + if x != nil { + return x.HostKernel + } + return "" +} + +func (x *GMESState) GetMbm() string { + if x != nil { + return x.Mbm + } + return "" +} + +var File_state_proto protoreflect.FileDescriptor + +const file_state_proto_rawDesc = "" + + "\n" + + "\vstate.proto\x12\x05state\"\xb1\x01\n" + + "\x0fGCEInstanceInfo\x12\x12\n" + + "\x04zone\x18\x01 \x01(\tR\x04zone\x12\x1d\n" + + "\n" + + "project_id\x18\x02 \x01(\tR\tprojectId\x12%\n" + + "\x0eproject_number\x18\x03 \x01(\x04R\rprojectNumber\x12#\n" + + "\rinstance_name\x18\x04 \x01(\tR\finstanceName\x12\x1f\n" + + "\vinstance_id\x18\x05 \x01(\x04R\n" + + "instanceId\"\xe9\x01\n" + + "\rPlatformState\x12*\n" + + "\x10scrtm_version_id\x18\x01 \x01(\fH\x00R\x0escrtmVersionId\x12!\n" + + "\vgce_version\x18\x02 \x01(\rH\x00R\n" + + "gceVersion\x12@\n" + + "\n" + + "technology\x18\x03 \x01(\x0e2 .state.GCEConfidentialTechnologyR\n" + + "technology\x12;\n" + + "\rinstance_info\x18\x04 \x01(\v2\x16.state.GCEInstanceInfoR\finstanceInfoB\n" + + "\n" + + "\bfirmware\"Q\n" + + "\bGrubFile\x12\x16\n" + + "\x06digest\x18\x01 \x01(\fR\x06digest\x12-\n" + + "\x12untrusted_filename\x18\x02 \x01(\fR\x11untrustedFilename\"N\n" + + "\tGrubState\x12%\n" + + "\x05files\x18\x01 \x03(\v2\x0f.state.GrubFileR\x05files\x12\x1a\n" + + "\bcommands\x18\x02 \x03(\tR\bcommands\"5\n" + + "\x10LinuxKernelState\x12!\n" + + "\fcommand_line\x18\x01 \x01(\tR\vcommandLine\"\xa0\x01\n" + + "\x05Event\x12\x1b\n" + + "\tpcr_index\x18\x01 \x01(\rR\bpcrIndex\x12%\n" + + "\x0euntrusted_type\x18\x02 \x01(\rR\runtrustedType\x12\x12\n" + + "\x04data\x18\x03 \x01(\fR\x04data\x12\x16\n" + + "\x06digest\x18\x04 \x01(\fR\x06digest\x12'\n" + + "\x0fdigest_verified\x18\x05 \x01(\bR\x0edigestVerified\"q\n" + + "\vCertificate\x12\x12\n" + + "\x03der\x18\x01 \x01(\fH\x00R\x03der\x12<\n" + + "\n" + + "well_known\x18\x02 \x01(\x0e2\x1b.state.WellKnownCertificateH\x00R\twellKnownB\x10\n" + + "\x0erepresentation\"L\n" + + "\bDatabase\x12(\n" + + "\x05certs\x18\x01 \x03(\v2\x12.state.CertificateR\x05certs\x12\x16\n" + + "\x06hashes\x18\x02 \x03(\fR\x06hashes\"\xe2\x01\n" + + "\x0fSecureBootState\x12\x18\n" + + "\aenabled\x18\x01 \x01(\bR\aenabled\x12\x1f\n" + + "\x02db\x18\x02 \x01(\v2\x0f.state.DatabaseR\x02db\x12!\n" + + "\x03dbx\x18\x03 \x01(\v2\x0f.state.DatabaseR\x03dbx\x12-\n" + + "\tauthority\x18\x04 \x01(\v2\x0f.state.DatabaseR\tauthority\x12\x1f\n" + + "\x02pk\x18\x05 \x01(\v2\x0f.state.DatabaseR\x02pk\x12!\n" + + "\x03kek\x18\x06 \x01(\v2\x0f.state.DatabaseR\x03kek\" \n" + + "\x06EfiApp\x12\x16\n" + + "\x06digest\x18\x01 \x01(\fR\x06digest\"\xb9\x01\n" + + "\bEfiState\x12!\n" + + "\x04apps\x18\x01 \x03(\v2\r.state.EfiAppR\x04apps\x12A\n" + + "\x15boot_services_drivers\x18\x02 \x03(\v2\r.state.EfiAppR\x13bootServicesDrivers\x12G\n" + + "\x18runtime_services_drivers\x18\x03 \x03(\v2\r.state.EfiAppR\x16runtimeServicesDrivers\"\x85\x03\n" + + "\x10FirmwareLogState\x120\n" + + "\bplatform\x18\x01 \x01(\v2\x14.state.PlatformStateR\bplatform\x127\n" + + "\vsecure_boot\x18\x02 \x01(\v2\x16.state.SecureBootStateR\n" + + "secureBoot\x12+\n" + + "\n" + + "raw_events\x18\x03 \x03(\v2\f.state.EventR\trawEvents\x12#\n" + + "\x04hash\x18\x04 \x01(\x0e2\x0f.state.HashAlgoR\x04hash\x12$\n" + + "\x04grub\x18\x05 \x01(\v2\x10.state.GrubStateR\x04grub\x12:\n" + + "\flinux_kernel\x18\x06 \x01(\v2\x17.state.LinuxKernelStateR\vlinuxKernel\x12!\n" + + "\x03efi\x18\b \x01(\v2\x0f.state.EfiStateR\x03efi\x12)\n" + + "\blog_type\x18\t \x01(\x0e2\x0e.state.LogTypeR\alogTypeJ\x04\b\a\x10\b\"u\n" + + "\tGMESState\x12!\n" + + "\fbmc_firmware\x18\x01 \x01(\tR\vbmcFirmware\x12\x12\n" + + "\x04bios\x18\x02 \x01(\tR\x04bios\x12\x1f\n" + + "\vhost_kernel\x18\x03 \x01(\tR\n" + + "hostKernel\x12\x10\n" + + "\x03mbm\x18\x04 \x01(\tR\x03mbm*E\n" + + "\aLogType\x12\x16\n" + + "\x12LOG_TYPE_UNDEFINED\x10\x00\x12\x11\n" + + "\rLOG_TYPE_TCG2\x10\x01\x12\x0f\n" + + "\vLOG_TYPE_CC\x10\x02*b\n" + + "\x19GCEConfidentialTechnology\x12\b\n" + + "\x04NONE\x10\x00\x12\v\n" + + "\aAMD_SEV\x10\x01\x12\x0e\n" + + "\n" + + "AMD_SEV_ES\x10\x02\x12\r\n" + + "\tINTEL_TDX\x10\x03\x12\x0f\n" + + "\vAMD_SEV_SNP\x10\x04*\x96\x01\n" + + "\x14WellKnownCertificate\x12\v\n" + + "\aUNKNOWN\x10\x00\x12\x1c\n" + + "\x18MS_WINDOWS_PROD_PCA_2011\x10\x01\x12\x1f\n" + + "\x1bMS_THIRD_PARTY_UEFI_CA_2011\x10\x02\x12\x1e\n" + + "\x1aMS_THIRD_PARTY_KEK_CA_2011\x10\x03\x12\x12\n" + + "\x0eGCE_DEFAULT_PK\x10\x04*J\n" + + "\bHashAlgo\x12\x10\n" + + "\fHASH_INVALID\x10\x00\x12\b\n" + + "\x04SHA1\x10\x04\x12\n" + + "\n" + + "\x06SHA256\x10\v\x12\n" + + "\n" + + "\x06SHA384\x10\f\x12\n" + + "\n" + + "\x06SHA512\x10\rB+Z)github.com/google/go-eventlog/proto/stateb\x06proto3" + var ( file_state_proto_rawDescOnce sync.Once - file_state_proto_rawDescData = file_state_proto_rawDesc + file_state_proto_rawDescData []byte ) func file_state_proto_rawDescGZIP() []byte { file_state_proto_rawDescOnce.Do(func() { - file_state_proto_rawDescData = protoimpl.X.CompressGZIP(file_state_proto_rawDescData) + file_state_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_state_proto_rawDesc), len(file_state_proto_rawDesc))) }) return file_state_proto_rawDescData } var file_state_proto_enumTypes = make([]protoimpl.EnumInfo, 4) -var file_state_proto_msgTypes = make([]protoimpl.MessageInfo, 12) +var file_state_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_state_proto_goTypes = []any{ (LogType)(0), // 0: state.LogType (GCEConfidentialTechnology)(0), // 1: state.GCEConfidentialTechnology @@ -1358,6 +1352,7 @@ var file_state_proto_goTypes = []any{ (*EfiApp)(nil), // 13: state.EfiApp (*EfiState)(nil), // 14: state.EfiState (*FirmwareLogState)(nil), // 15: state.FirmwareLogState + (*GMESState)(nil), // 16: state.GMESState } var file_state_proto_depIdxs = []int32{ 1, // 0: state.PlatformState.technology:type_name -> state.GCEConfidentialTechnology @@ -1393,152 +1388,6 @@ func file_state_proto_init() { if File_state_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_state_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*GCEInstanceInfo); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*PlatformState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[2].Exporter = func(v any, i int) any { - switch v := v.(*GrubFile); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[3].Exporter = func(v any, i int) any { - switch v := v.(*GrubState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[4].Exporter = func(v any, i int) any { - switch v := v.(*LinuxKernelState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[5].Exporter = func(v any, i int) any { - switch v := v.(*Event); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[6].Exporter = func(v any, i int) any { - switch v := v.(*Certificate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[7].Exporter = func(v any, i int) any { - switch v := v.(*Database); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[8].Exporter = func(v any, i int) any { - switch v := v.(*SecureBootState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[9].Exporter = func(v any, i int) any { - switch v := v.(*EfiApp); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[10].Exporter = func(v any, i int) any { - switch v := v.(*EfiState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_state_proto_msgTypes[11].Exporter = func(v any, i int) any { - switch v := v.(*FirmwareLogState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } file_state_proto_msgTypes[1].OneofWrappers = []any{ (*PlatformState_ScrtmVersionId)(nil), (*PlatformState_GceVersion)(nil), @@ -1551,9 +1400,9 @@ func file_state_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_state_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_state_proto_rawDesc), len(file_state_proto_rawDesc)), NumEnums: 4, - NumMessages: 12, + NumMessages: 13, NumExtensions: 0, NumServices: 0, }, @@ -1563,7 +1412,6 @@ func file_state_proto_init() { MessageInfos: file_state_proto_msgTypes, }.Build() File_state_proto = out.File - file_state_proto_rawDesc = nil file_state_proto_goTypes = nil file_state_proto_depIdxs = nil } diff --git a/testdata/eventlog_data.go b/testdata/eventlog_data.go index c9f76fa..fd8ce92 100644 --- a/testdata/eventlog_data.go +++ b/testdata/eventlog_data.go @@ -49,8 +49,6 @@ var ( Ubuntu2404IntelTdxA4HighGpu8GEventLog []byte //go:embed eventlogs/tpm/cos-125-intel-tdx-secure-boot.bin Cos125IntelTdxSecureBootA4HighGpu8GEventLog []byte - //go:embed eventlogs/tpm/b200-gmes-simple.bin - B200GMESSimpleEventLog []byte ) // Kernel command lines from event logs. diff --git a/testdata/eventlogs/tpm/b200-gmes-simple.bin b/testdata/eventlogs/tpm/b200-gmes-simple.bin deleted file mode 100644 index 4eb0a8b2a0b8adc557c2cd826c4e954628bb468f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 475 zcmZQzU|?VdVr)PaC>UIjnyldIqTpJVnpa|A%)kgz$i%<|qPZCq7+Bl`oP$AP0t^fd z5W&?104q?nhjUPfFE^0E2E-6;X9)mtpvquZUw3{W4FVutAeZ|(`3eFlghB5K012RK zkU>Bfg8|4O79e)=^bZyV(m+F@KJl2`m@alN=E$1JgGIU`yBgi6`MJ*Y+pxf}W~p%T zX+5u5K-CffF||O7f#J(*Fa;y3pbREP9)=5!%v>NYBO@CFlRUE!7XvH9|NlT+8MVOP zu!pKWxF6!VUw@_cL508+BO?oo0YeOfD}x(@Cy;hx@CU*WBvu528G{Lf9#jPbL;Zgi F1^{fWeR%)? From b5a695a374a70b9e180a6c04da4e3da1eb5f980e Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 15 Apr 2026 00:47:33 +0000 Subject: [PATCH 20/23] update state.pb.go --- proto/state/state.pb.go | 722 +++++++++++++++++++++++++++------------- 1 file changed, 483 insertions(+), 239 deletions(-) diff --git a/proto/state/state.pb.go b/proto/state/state.pb.go index 069bbca..84ebd75 100644 --- a/proto/state/state.pb.go +++ b/proto/state/state.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.11 +// protoc-gen-go v1.34.2 // protoc v3.14.0 // source: state.proto @@ -25,7 +25,6 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" - unsafe "unsafe" ) const ( @@ -267,21 +266,24 @@ func (HashAlgo) EnumDescriptor() ([]byte, []int) { // // https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} type GCEInstanceInfo struct { - state protoimpl.MessageState `protogen:"open.v1"` - Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` - ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` - ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` - InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` - InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` + ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` + ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` + InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` + InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` } func (x *GCEInstanceInfo) Reset() { *x = GCEInstanceInfo{} - mi := &file_state_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GCEInstanceInfo) String() string { @@ -292,7 +294,7 @@ func (*GCEInstanceInfo) ProtoMessage() {} func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -344,8 +346,11 @@ func (x *GCEInstanceInfo) GetInstanceId() uint64 { // The platform/firmware state for this instance type PlatformState struct { - state protoimpl.MessageState `protogen:"open.v1"` - // Types that are valid to be assigned to Firmware: + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to Firmware: // // *PlatformState_ScrtmVersionId // *PlatformState_GceVersion @@ -354,16 +359,16 @@ type PlatformState struct { Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=state.GCEConfidentialTechnology" json:"technology,omitempty"` // Only set for GCE instances. // Included for backcompat. go-eventlog should NOT set this field. - InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` } func (x *PlatformState) Reset() { *x = PlatformState{} - mi := &file_state_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *PlatformState) String() string { @@ -374,7 +379,7 @@ func (*PlatformState) ProtoMessage() {} func (x *PlatformState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -389,27 +394,23 @@ func (*PlatformState) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{1} } -func (x *PlatformState) GetFirmware() isPlatformState_Firmware { - if x != nil { - return x.Firmware +func (m *PlatformState) GetFirmware() isPlatformState_Firmware { + if m != nil { + return m.Firmware } return nil } func (x *PlatformState) GetScrtmVersionId() []byte { - if x != nil { - if x, ok := x.Firmware.(*PlatformState_ScrtmVersionId); ok { - return x.ScrtmVersionId - } + if x, ok := x.GetFirmware().(*PlatformState_ScrtmVersionId); ok { + return x.ScrtmVersionId } return nil } func (x *PlatformState) GetGceVersion() uint32 { - if x != nil { - if x, ok := x.Firmware.(*PlatformState_GceVersion); ok { - return x.GceVersion - } + if x, ok := x.GetFirmware().(*PlatformState_GceVersion); ok { + return x.GceVersion } return 0 } @@ -447,20 +448,23 @@ func (*PlatformState_ScrtmVersionId) isPlatformState_Firmware() {} func (*PlatformState_GceVersion) isPlatformState_Firmware() {} type GrubFile struct { - state protoimpl.MessageState `protogen:"open.v1"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // The digest of the file (pulled from the raw event digest). Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` // The event data. This is not measured, so it is untrusted. UntrustedFilename []byte `protobuf:"bytes,2,opt,name=untrusted_filename,json=untrustedFilename,proto3" json:"untrusted_filename,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache } func (x *GrubFile) Reset() { *x = GrubFile{} - mi := &file_state_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GrubFile) String() string { @@ -471,7 +475,7 @@ func (*GrubFile) ProtoMessage() {} func (x *GrubFile) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -501,21 +505,24 @@ func (x *GrubFile) GetUntrustedFilename() []byte { } type GrubState struct { - state protoimpl.MessageState `protogen:"open.v1"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // All GRUB-read and measured files, including grub.cfg. Files []*GrubFile `protobuf:"bytes,1,rep,name=files,proto3" json:"files,omitempty"` // A list of executed GRUB commands and command lines passed to the kernel // and kernel modules. - Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"` } func (x *GrubState) Reset() { *x = GrubState{} - mi := &file_state_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GrubState) String() string { @@ -526,7 +533,7 @@ func (*GrubState) ProtoMessage() {} func (x *GrubState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -559,18 +566,21 @@ func (x *GrubState) GetCommands() []string { // At the moment, parsing LinuxKernelState relies on parsing the GrubState. // To do so, use ExtractOpts{Loader: GRUB} when calling ParseMachineState. type LinuxKernelState struct { - state protoimpl.MessageState `protogen:"open.v1"` - // The kernel command line. - CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The kernel command line. + CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"` } func (x *LinuxKernelState) Reset() { *x = LinuxKernelState{} - mi := &file_state_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *LinuxKernelState) String() string { @@ -581,7 +591,7 @@ func (*LinuxKernelState) ProtoMessage() {} func (x *LinuxKernelState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -607,7 +617,10 @@ func (x *LinuxKernelState) GetCommandLine() string { // the firmware TPM event log, the Confidential Computing event log, or any // other TCG-like event log used by firmware to record its measurements. type Event struct { - state protoimpl.MessageState `protogen:"open.v1"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // The register this event was extended into. Can be PCR, RTMR, etc. // Named pcr_index for backcompat reasons. PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"` @@ -622,15 +635,15 @@ type Event struct { Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"` // This is true if hash(data) == digest. DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache } func (x *Event) Reset() { *x = Event{} - mi := &file_state_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Event) String() string { @@ -641,7 +654,7 @@ func (*Event) ProtoMessage() {} func (x *Event) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[5] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -692,25 +705,28 @@ func (x *Event) GetDigestVerified() bool { } type Certificate struct { - state protoimpl.MessageState `protogen:"open.v1"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // The representation of the certificate. If the certificate matches a // well-known certificate above, representation should contain the value in // the enum. Otherwise, it will contain the raw DER. // - // Types that are valid to be assigned to Representation: + // Types that are assignable to Representation: // // *Certificate_Der // *Certificate_WellKnown Representation isCertificate_Representation `protobuf_oneof:"representation"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache } func (x *Certificate) Reset() { *x = Certificate{} - mi := &file_state_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Certificate) String() string { @@ -721,7 +737,7 @@ func (*Certificate) ProtoMessage() {} func (x *Certificate) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[6] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -736,27 +752,23 @@ func (*Certificate) Descriptor() ([]byte, []int) { return file_state_proto_rawDescGZIP(), []int{6} } -func (x *Certificate) GetRepresentation() isCertificate_Representation { - if x != nil { - return x.Representation +func (m *Certificate) GetRepresentation() isCertificate_Representation { + if m != nil { + return m.Representation } return nil } func (x *Certificate) GetDer() []byte { - if x != nil { - if x, ok := x.Representation.(*Certificate_Der); ok { - return x.Der - } + if x, ok := x.GetRepresentation().(*Certificate_Der); ok { + return x.Der } return nil } func (x *Certificate) GetWellKnown() WellKnownCertificate { - if x != nil { - if x, ok := x.Representation.(*Certificate_WellKnown); ok { - return x.WellKnown - } + if x, ok := x.GetRepresentation().(*Certificate_WellKnown); ok { + return x.WellKnown } return WellKnownCertificate_UNKNOWN } @@ -781,18 +793,21 @@ func (*Certificate_WellKnown) isCertificate_Representation() {} // A Secure Boot database containing lists of hashes and certificates, // as defined by section 32.4.1 Signature Database in the UEFI spec. type Database struct { - state protoimpl.MessageState `protogen:"open.v1"` - Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` - Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` + Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` } func (x *Database) Reset() { *x = Database{} - mi := &file_state_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Database) String() string { @@ -803,7 +818,7 @@ func (*Database) ProtoMessage() {} func (x *Database) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[7] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -834,7 +849,10 @@ func (x *Database) GetHashes() [][]byte { // The Secure Boot state for this instance. type SecureBootState struct { - state protoimpl.MessageState `protogen:"open.v1"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // Whether Secure Boot is enabled. Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` // The Secure Boot signature (allowed) database. @@ -847,16 +865,16 @@ type SecureBootState struct { // The Secure Boot Platform key, used to sign key exchange keys. Pk *Database `protobuf:"bytes,5,opt,name=pk,proto3" json:"pk,omitempty"` // The Secure Boot Key Exchange Keys, used to sign db and dbx updates. - Kek *Database `protobuf:"bytes,6,opt,name=kek,proto3" json:"kek,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + Kek *Database `protobuf:"bytes,6,opt,name=kek,proto3" json:"kek,omitempty"` } func (x *SecureBootState) Reset() { *x = SecureBootState{} - mi := &file_state_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *SecureBootState) String() string { @@ -867,7 +885,7 @@ func (*SecureBootState) ProtoMessage() {} func (x *SecureBootState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[8] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -925,19 +943,22 @@ func (x *SecureBootState) GetKek() *Database { } type EfiApp struct { - state protoimpl.MessageState `protogen:"open.v1"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // The PE/COFF digest of the EFI application (pulled from the raw event digest). // This can also represent digest of the EFI boot/runtime service drivers. - Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` } func (x *EfiApp) Reset() { *x = EfiApp{} - mi := &file_state_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *EfiApp) String() string { @@ -948,7 +969,7 @@ func (*EfiApp) ProtoMessage() {} func (x *EfiApp) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[9] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -973,7 +994,10 @@ func (x *EfiApp) GetDigest() []byte { // The verified state of EFI Drivers and Applications. Policy usage on this machine state // should check the entire set of EFI App digests matches, not a subset. type EfiState struct { - state protoimpl.MessageState `protogen:"open.v1"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // UEFI's OS Loader code is required to measure attempts to load and execute // UEFI applications. // UEFI applications are typically bootloaders such as shim and GRUB. @@ -985,15 +1009,15 @@ type EfiState struct { BootServicesDrivers []*EfiApp `protobuf:"bytes,2,rep,name=boot_services_drivers,json=bootServicesDrivers,proto3" json:"boot_services_drivers,omitempty"` // The EFI Runtime Drivers from adapter or loaded bydriver in adapter. RuntimeServicesDrivers []*EfiApp `protobuf:"bytes,3,rep,name=runtime_services_drivers,json=runtimeServicesDrivers,proto3" json:"runtime_services_drivers,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache } func (x *EfiState) Reset() { *x = EfiState{} - mi := &file_state_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *EfiState) String() string { @@ -1004,7 +1028,7 @@ func (*EfiState) ProtoMessage() {} func (x *EfiState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[10] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1048,27 +1072,30 @@ func (x *EfiState) GetRuntimeServicesDrivers() []*EfiApp { // or TCG_PCR_EVENT2 (Crypto Agile format). // The CC logs are structured using CC_EVENT. type FirmwareLogState struct { - state protoimpl.MessageState `protogen:"open.v1"` - Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` - SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` + SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` // The complete parsed Firmware Event Log, including those events used to // create this MachineState. RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"` // The hash algorithm used to calculate event digests to verify a log entry. - Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=state.HashAlgo" json:"hash,omitempty"` - Grub *GrubState `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"` - LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"` - Efi *EfiState `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"` - LogType LogType `protobuf:"varint,9,opt,name=log_type,json=logType,proto3,enum=state.LogType" json:"log_type,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=state.HashAlgo" json:"hash,omitempty"` + Grub *GrubState `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"` + LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"` + Efi *EfiState `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"` + LogType LogType `protobuf:"varint,9,opt,name=log_type,json=logType,proto3,enum=state.LogType" json:"log_type,omitempty"` } func (x *FirmwareLogState) Reset() { *x = FirmwareLogState{} - mi := &file_state_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *FirmwareLogState) String() string { @@ -1079,7 +1106,7 @@ func (*FirmwareLogState) ProtoMessage() {} func (x *FirmwareLogState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[11] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1152,20 +1179,23 @@ func (x *FirmwareLogState) GetLogType() LogType { // The verified state of Google measurements on the machine. type GMESState struct { - state protoimpl.MessageState `protogen:"open.v1"` - BmcFirmware string `protobuf:"bytes,1,opt,name=bmc_firmware,json=bmcFirmware,proto3" json:"bmc_firmware,omitempty"` - Bios string `protobuf:"bytes,2,opt,name=bios,proto3" json:"bios,omitempty"` - HostKernel string `protobuf:"bytes,3,opt,name=host_kernel,json=hostKernel,proto3" json:"host_kernel,omitempty"` - Mbm string `protobuf:"bytes,4,opt,name=mbm,proto3" json:"mbm,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + BmcFirmware string `protobuf:"bytes,1,opt,name=bmc_firmware,json=bmcFirmware,proto3" json:"bmc_firmware,omitempty"` + Bios string `protobuf:"bytes,2,opt,name=bios,proto3" json:"bios,omitempty"` + HostKernel string `protobuf:"bytes,3,opt,name=host_kernel,json=hostKernel,proto3" json:"host_kernel,omitempty"` + Mbm string `protobuf:"bytes,4,opt,name=mbm,proto3" json:"mbm,omitempty"` } func (x *GMESState) Reset() { *x = GMESState{} - mi := &file_state_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_state_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GMESState) String() string { @@ -1176,7 +1206,7 @@ func (*GMESState) ProtoMessage() {} func (x *GMESState) ProtoReflect() protoreflect.Message { mi := &file_state_proto_msgTypes[12] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1221,114 +1251,169 @@ func (x *GMESState) GetMbm() string { var File_state_proto protoreflect.FileDescriptor -const file_state_proto_rawDesc = "" + - "\n" + - "\vstate.proto\x12\x05state\"\xb1\x01\n" + - "\x0fGCEInstanceInfo\x12\x12\n" + - "\x04zone\x18\x01 \x01(\tR\x04zone\x12\x1d\n" + - "\n" + - "project_id\x18\x02 \x01(\tR\tprojectId\x12%\n" + - "\x0eproject_number\x18\x03 \x01(\x04R\rprojectNumber\x12#\n" + - "\rinstance_name\x18\x04 \x01(\tR\finstanceName\x12\x1f\n" + - "\vinstance_id\x18\x05 \x01(\x04R\n" + - "instanceId\"\xe9\x01\n" + - "\rPlatformState\x12*\n" + - "\x10scrtm_version_id\x18\x01 \x01(\fH\x00R\x0escrtmVersionId\x12!\n" + - "\vgce_version\x18\x02 \x01(\rH\x00R\n" + - "gceVersion\x12@\n" + - "\n" + - "technology\x18\x03 \x01(\x0e2 .state.GCEConfidentialTechnologyR\n" + - "technology\x12;\n" + - "\rinstance_info\x18\x04 \x01(\v2\x16.state.GCEInstanceInfoR\finstanceInfoB\n" + - "\n" + - "\bfirmware\"Q\n" + - "\bGrubFile\x12\x16\n" + - "\x06digest\x18\x01 \x01(\fR\x06digest\x12-\n" + - "\x12untrusted_filename\x18\x02 \x01(\fR\x11untrustedFilename\"N\n" + - "\tGrubState\x12%\n" + - "\x05files\x18\x01 \x03(\v2\x0f.state.GrubFileR\x05files\x12\x1a\n" + - "\bcommands\x18\x02 \x03(\tR\bcommands\"5\n" + - "\x10LinuxKernelState\x12!\n" + - "\fcommand_line\x18\x01 \x01(\tR\vcommandLine\"\xa0\x01\n" + - "\x05Event\x12\x1b\n" + - "\tpcr_index\x18\x01 \x01(\rR\bpcrIndex\x12%\n" + - "\x0euntrusted_type\x18\x02 \x01(\rR\runtrustedType\x12\x12\n" + - "\x04data\x18\x03 \x01(\fR\x04data\x12\x16\n" + - "\x06digest\x18\x04 \x01(\fR\x06digest\x12'\n" + - "\x0fdigest_verified\x18\x05 \x01(\bR\x0edigestVerified\"q\n" + - "\vCertificate\x12\x12\n" + - "\x03der\x18\x01 \x01(\fH\x00R\x03der\x12<\n" + - "\n" + - "well_known\x18\x02 \x01(\x0e2\x1b.state.WellKnownCertificateH\x00R\twellKnownB\x10\n" + - "\x0erepresentation\"L\n" + - "\bDatabase\x12(\n" + - "\x05certs\x18\x01 \x03(\v2\x12.state.CertificateR\x05certs\x12\x16\n" + - "\x06hashes\x18\x02 \x03(\fR\x06hashes\"\xe2\x01\n" + - "\x0fSecureBootState\x12\x18\n" + - "\aenabled\x18\x01 \x01(\bR\aenabled\x12\x1f\n" + - "\x02db\x18\x02 \x01(\v2\x0f.state.DatabaseR\x02db\x12!\n" + - "\x03dbx\x18\x03 \x01(\v2\x0f.state.DatabaseR\x03dbx\x12-\n" + - "\tauthority\x18\x04 \x01(\v2\x0f.state.DatabaseR\tauthority\x12\x1f\n" + - "\x02pk\x18\x05 \x01(\v2\x0f.state.DatabaseR\x02pk\x12!\n" + - "\x03kek\x18\x06 \x01(\v2\x0f.state.DatabaseR\x03kek\" \n" + - "\x06EfiApp\x12\x16\n" + - "\x06digest\x18\x01 \x01(\fR\x06digest\"\xb9\x01\n" + - "\bEfiState\x12!\n" + - "\x04apps\x18\x01 \x03(\v2\r.state.EfiAppR\x04apps\x12A\n" + - "\x15boot_services_drivers\x18\x02 \x03(\v2\r.state.EfiAppR\x13bootServicesDrivers\x12G\n" + - "\x18runtime_services_drivers\x18\x03 \x03(\v2\r.state.EfiAppR\x16runtimeServicesDrivers\"\x85\x03\n" + - "\x10FirmwareLogState\x120\n" + - "\bplatform\x18\x01 \x01(\v2\x14.state.PlatformStateR\bplatform\x127\n" + - "\vsecure_boot\x18\x02 \x01(\v2\x16.state.SecureBootStateR\n" + - "secureBoot\x12+\n" + - "\n" + - "raw_events\x18\x03 \x03(\v2\f.state.EventR\trawEvents\x12#\n" + - "\x04hash\x18\x04 \x01(\x0e2\x0f.state.HashAlgoR\x04hash\x12$\n" + - "\x04grub\x18\x05 \x01(\v2\x10.state.GrubStateR\x04grub\x12:\n" + - "\flinux_kernel\x18\x06 \x01(\v2\x17.state.LinuxKernelStateR\vlinuxKernel\x12!\n" + - "\x03efi\x18\b \x01(\v2\x0f.state.EfiStateR\x03efi\x12)\n" + - "\blog_type\x18\t \x01(\x0e2\x0e.state.LogTypeR\alogTypeJ\x04\b\a\x10\b\"u\n" + - "\tGMESState\x12!\n" + - "\fbmc_firmware\x18\x01 \x01(\tR\vbmcFirmware\x12\x12\n" + - "\x04bios\x18\x02 \x01(\tR\x04bios\x12\x1f\n" + - "\vhost_kernel\x18\x03 \x01(\tR\n" + - "hostKernel\x12\x10\n" + - "\x03mbm\x18\x04 \x01(\tR\x03mbm*E\n" + - "\aLogType\x12\x16\n" + - "\x12LOG_TYPE_UNDEFINED\x10\x00\x12\x11\n" + - "\rLOG_TYPE_TCG2\x10\x01\x12\x0f\n" + - "\vLOG_TYPE_CC\x10\x02*b\n" + - "\x19GCEConfidentialTechnology\x12\b\n" + - "\x04NONE\x10\x00\x12\v\n" + - "\aAMD_SEV\x10\x01\x12\x0e\n" + - "\n" + - "AMD_SEV_ES\x10\x02\x12\r\n" + - "\tINTEL_TDX\x10\x03\x12\x0f\n" + - "\vAMD_SEV_SNP\x10\x04*\x96\x01\n" + - "\x14WellKnownCertificate\x12\v\n" + - "\aUNKNOWN\x10\x00\x12\x1c\n" + - "\x18MS_WINDOWS_PROD_PCA_2011\x10\x01\x12\x1f\n" + - "\x1bMS_THIRD_PARTY_UEFI_CA_2011\x10\x02\x12\x1e\n" + - "\x1aMS_THIRD_PARTY_KEK_CA_2011\x10\x03\x12\x12\n" + - "\x0eGCE_DEFAULT_PK\x10\x04*J\n" + - "\bHashAlgo\x12\x10\n" + - "\fHASH_INVALID\x10\x00\x12\b\n" + - "\x04SHA1\x10\x04\x12\n" + - "\n" + - "\x06SHA256\x10\v\x12\n" + - "\n" + - "\x06SHA384\x10\f\x12\n" + - "\n" + - "\x06SHA512\x10\rB+Z)github.com/google/go-eventlog/proto/stateb\x06proto3" +var file_state_proto_rawDesc = []byte{ + 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x73, + 0x74, 0x61, 0x74, 0x65, 0x22, 0xb1, 0x01, 0x0a, 0x0f, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, + 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x7a, 0x6f, 0x6e, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x12, 0x1d, 0x0a, 0x0a, + 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, + 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4e, 0x75, 0x6d, 0x62, + 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, + 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, + 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x69, 0x6e, + 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x22, 0xe9, 0x01, 0x0a, 0x0d, 0x50, 0x6c, 0x61, + 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x10, 0x73, 0x63, + 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0e, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x63, 0x65, 0x5f, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x0a, 0x67, + 0x63, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x0a, 0x74, 0x65, 0x63, + 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, + 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x3b, 0x0a, 0x0d, 0x69, + 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x43, 0x45, 0x49, 0x6e, + 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, + 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x0a, 0x0a, 0x08, 0x66, 0x69, 0x72, 0x6d, + 0x77, 0x61, 0x72, 0x65, 0x22, 0x51, 0x0a, 0x08, 0x47, 0x72, 0x75, 0x62, 0x46, 0x69, 0x6c, 0x65, + 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x75, 0x6e, 0x74, 0x72, + 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x46, + 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x4e, 0x0a, 0x09, 0x47, 0x72, 0x75, 0x62, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x12, 0x25, 0x0a, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x72, 0x75, 0x62, + 0x46, 0x69, 0x6c, 0x65, 0x52, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x63, + 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, + 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x22, 0x35, 0x0a, 0x10, 0x4c, 0x69, 0x6e, 0x75, 0x78, + 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, + 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x4c, 0x69, 0x6e, 0x65, 0x22, 0xa0, + 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x63, 0x72, 0x5f, + 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x63, 0x72, + 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x25, 0x0a, 0x0e, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, + 0x65, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x75, + 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, + 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, + 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x67, 0x65, + 0x73, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x0e, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, + 0x64, 0x22, 0x71, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x12, 0x12, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, + 0x03, 0x64, 0x65, 0x72, 0x12, 0x3c, 0x0a, 0x0a, 0x77, 0x65, 0x6c, 0x6c, 0x5f, 0x6b, 0x6e, 0x6f, + 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1b, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, + 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x09, 0x77, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, + 0x77, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x08, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, + 0x12, 0x28, 0x0a, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x12, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x52, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, + 0x73, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x06, 0x68, 0x61, 0x73, 0x68, + 0x65, 0x73, 0x22, 0xe2, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, + 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, + 0x12, 0x1f, 0x0a, 0x02, 0x64, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, + 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x02, 0x64, + 0x62, 0x12, 0x21, 0x0a, 0x03, 0x64, 0x62, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, + 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, + 0x03, 0x64, 0x62, 0x78, 0x12, 0x2d, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, + 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x12, 0x1f, 0x0a, 0x02, 0x70, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, + 0x52, 0x02, 0x70, 0x6b, 0x12, 0x21, 0x0a, 0x03, 0x6b, 0x65, 0x6b, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, + 0x73, 0x65, 0x52, 0x03, 0x6b, 0x65, 0x6b, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x66, 0x69, 0x41, 0x70, + 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0xb9, 0x01, 0x0a, 0x08, 0x45, 0x66, + 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x04, 0x61, 0x70, 0x70, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x66, 0x69, + 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x12, 0x41, 0x0a, 0x15, 0x62, 0x6f, 0x6f, + 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x5f, 0x64, 0x72, 0x69, 0x76, 0x65, + 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, + 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x13, 0x62, 0x6f, 0x6f, 0x74, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x73, 0x44, 0x72, 0x69, 0x76, 0x65, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x18, + 0x72, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, + 0x5f, 0x64, 0x72, 0x69, 0x76, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, + 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x16, 0x72, + 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x44, 0x72, + 0x69, 0x76, 0x65, 0x72, 0x73, 0x22, 0x85, 0x03, 0x0a, 0x10, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, + 0x72, 0x65, 0x4c, 0x6f, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x08, 0x70, 0x6c, + 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x73, + 0x74, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x37, 0x0a, 0x0b, + 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x16, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, + 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, + 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x2b, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, + 0x74, 0x73, 0x12, 0x23, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, + 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x24, 0x0a, 0x04, 0x67, 0x72, 0x75, 0x62, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x47, 0x72, + 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x04, 0x67, 0x72, 0x75, 0x62, 0x12, 0x3a, 0x0a, + 0x0c, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x69, 0x6e, 0x75, + 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x6c, 0x69, + 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x21, 0x0a, 0x03, 0x65, 0x66, 0x69, + 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, + 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x65, 0x66, 0x69, 0x12, 0x29, 0x0a, 0x08, + 0x6c, 0x6f, 0x67, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0e, + 0x2e, 0x73, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4c, 0x6f, 0x67, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, + 0x6c, 0x6f, 0x67, 0x54, 0x79, 0x70, 0x65, 0x4a, 0x04, 0x08, 0x07, 0x10, 0x08, 0x22, 0x75, 0x0a, + 0x09, 0x47, 0x4d, 0x45, 0x53, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x62, 0x6d, + 0x63, 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0b, 0x62, 0x6d, 0x63, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x12, 0x12, 0x0a, + 0x04, 0x62, 0x69, 0x6f, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6f, + 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x4b, 0x65, 0x72, 0x6e, + 0x65, 0x6c, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x62, 0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6d, 0x62, 0x6d, 0x2a, 0x45, 0x0a, 0x07, 0x4c, 0x6f, 0x67, 0x54, 0x79, 0x70, 0x65, 0x12, + 0x16, 0x0a, 0x12, 0x4c, 0x4f, 0x47, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, + 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x4f, 0x47, 0x5f, 0x54, + 0x59, 0x50, 0x45, 0x5f, 0x54, 0x43, 0x47, 0x32, 0x10, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x4c, 0x4f, + 0x47, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x43, 0x10, 0x02, 0x2a, 0x62, 0x0a, 0x19, 0x47, + 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, + 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, + 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, 0x12, + 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, 0x12, + 0x0d, 0x0a, 0x09, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x5f, 0x54, 0x44, 0x58, 0x10, 0x03, 0x12, 0x0f, + 0x0a, 0x0b, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x53, 0x4e, 0x50, 0x10, 0x04, 0x2a, + 0x96, 0x01, 0x0a, 0x14, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, + 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, + 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, + 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, + 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, + 0x31, 0x31, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, + 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x4b, 0x45, 0x4b, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, + 0x31, 0x31, 0x10, 0x03, 0x12, 0x12, 0x0a, 0x0e, 0x47, 0x43, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, + 0x55, 0x4c, 0x54, 0x5f, 0x50, 0x4b, 0x10, 0x04, 0x2a, 0x4a, 0x0a, 0x08, 0x48, 0x61, 0x73, 0x68, + 0x41, 0x6c, 0x67, 0x6f, 0x12, 0x10, 0x0a, 0x0c, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x56, + 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x48, 0x41, 0x31, 0x10, 0x04, + 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, + 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x35, + 0x31, 0x32, 0x10, 0x0d, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x6c, 0x6f, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x74, 0x61, 0x74, + 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} var ( file_state_proto_rawDescOnce sync.Once - file_state_proto_rawDescData []byte + file_state_proto_rawDescData = file_state_proto_rawDesc ) func file_state_proto_rawDescGZIP() []byte { file_state_proto_rawDescOnce.Do(func() { - file_state_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_state_proto_rawDesc), len(file_state_proto_rawDesc))) + file_state_proto_rawDescData = protoimpl.X.CompressGZIP(file_state_proto_rawDescData) }) return file_state_proto_rawDescData } @@ -1388,6 +1473,164 @@ func file_state_proto_init() { if File_state_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_state_proto_msgTypes[0].Exporter = func(v any, i int) any { + switch v := v.(*GCEInstanceInfo); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[1].Exporter = func(v any, i int) any { + switch v := v.(*PlatformState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[2].Exporter = func(v any, i int) any { + switch v := v.(*GrubFile); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[3].Exporter = func(v any, i int) any { + switch v := v.(*GrubState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[4].Exporter = func(v any, i int) any { + switch v := v.(*LinuxKernelState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[5].Exporter = func(v any, i int) any { + switch v := v.(*Event); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[6].Exporter = func(v any, i int) any { + switch v := v.(*Certificate); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[7].Exporter = func(v any, i int) any { + switch v := v.(*Database); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[8].Exporter = func(v any, i int) any { + switch v := v.(*SecureBootState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[9].Exporter = func(v any, i int) any { + switch v := v.(*EfiApp); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[10].Exporter = func(v any, i int) any { + switch v := v.(*EfiState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[11].Exporter = func(v any, i int) any { + switch v := v.(*FirmwareLogState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_state_proto_msgTypes[12].Exporter = func(v any, i int) any { + switch v := v.(*GMESState); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } file_state_proto_msgTypes[1].OneofWrappers = []any{ (*PlatformState_ScrtmVersionId)(nil), (*PlatformState_GceVersion)(nil), @@ -1400,7 +1643,7 @@ func file_state_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: unsafe.Slice(unsafe.StringData(file_state_proto_rawDesc), len(file_state_proto_rawDesc)), + RawDescriptor: file_state_proto_rawDesc, NumEnums: 4, NumMessages: 13, NumExtensions: 0, @@ -1412,6 +1655,7 @@ func file_state_proto_init() { MessageInfos: file_state_proto_msgTypes, }.Build() File_state_proto = out.File + file_state_proto_rawDesc = nil file_state_proto_goTypes = nil file_state_proto_depIdxs = nil } From f3a8d0f95678c775e431348c99eea9dd01dab2c6 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 15 Apr 2026 00:48:48 +0000 Subject: [PATCH 21/23] remove gmes.State comment --- extract/gmes/gmes.go | 8 -------- 1 file changed, 8 deletions(-) diff --git a/extract/gmes/gmes.go b/extract/gmes/gmes.go index 3ed440b..7d15bde 100644 --- a/extract/gmes/gmes.go +++ b/extract/gmes/gmes.go @@ -21,14 +21,6 @@ import ( "fmt" ) -// // State represents the state of a Google Bare Metal machine. -// type State struct { -// BMCFirmware []byte -// MBM string -// BIOS string -// HostKernel []byte -// } - // MeasurementEvent represents the structure of a Google measurement event. type MeasurementEvent struct { Version uint32 From f9a9b3cc12244ded77f057fa8357482163f9d1d9 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 15 Apr 2026 00:52:09 +0000 Subject: [PATCH 22/23] remove testmeasurementconfig --- extract/gmes/gmes.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/extract/gmes/gmes.go b/extract/gmes/gmes.go index 7d15bde..e30ff54 100644 --- a/extract/gmes/gmes.go +++ b/extract/gmes/gmes.go @@ -62,12 +62,6 @@ var MeasurementTagConfig = measurementTagConfig{ // EventID is the expected event ID for GMES events. var EventID uint32 = 0x474D4553 -// TestMeasurementConfig contains measurement tags corresponding to B200GMESSimpleEventLog. -var TestMeasurementConfig = measurementTagConfig{ - BIOS: 1, - MBM: 1, -} - // ParseEvent parses a GMES event from the given data. func ParseEvent(eventdata []byte) (*MeasurementEvent, error) { r := bytes.NewReader(eventdata) From 2f163c3f985c52b692ce9b3b77b6eaaf90e47415 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Wed, 15 Apr 2026 22:57:25 +0000 Subject: [PATCH 23/23] fix merge conflict --- tcg/eventlog_test.go | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/tcg/eventlog_test.go b/tcg/eventlog_test.go index 0e2ff10..1cc5301 100644 --- a/tcg/eventlog_test.go +++ b/tcg/eventlog_test.go @@ -454,32 +454,3 @@ func TestReplayPCRSWithHCRTM(t *testing.T) { } } } -func TestIsHCRTM(t *testing.T) { - testcases := []struct { - events []rawEvent - index int - expected bool - }{ - { - events: []rawEvent{{index: 0, typ: EFIHCRTMEvent}}, - index: 0, - expected: true, - }, - { - events: []rawEvent{{index: 0, typ: EFIEventBase}}, - index: 0, - expected: false, - }, - { - events: []rawEvent{{index: 1, typ: EFIHCRTMEvent}}, - index: 1, - expected: false, - }, - } - - for _, tc := range testcases { - if got := isHCRTM(tc.events, tc.index); got != tc.expected { - t.Errorf("isHCRTM(%+v, %d) = %t, want %t", tc.events, tc.index, got, tc.expected) - } - } -}