Add more tpm information, clean-up code

Signed-off-by: Philipp Deppenwiese <[email protected]>
immune-gmbh · Mar 16, 2023 · 819b3f0 · 819b3f0
1 parent 4df82aa
commit 819b3f0
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 19 deletions.
diff --git a/cmd/tpm-vuln-checker/cmds.go b/cmd/tpm-vuln-checker/cmds.go
@@ -61,10 +61,10 @@ func (c *checkCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	fmt.Printf("TPM Manufacturer: \t\t%s\nTPM Spec Revision: \t\t%s\nTPM Family: \t\t\t%s\n",
-		tpmInfo.Manufacturer.String(), tpmInfo.SpecRevision.String(), tpmInfo.Family.String())
+	fmt.Printf("TPM Manufacturer: \t\t%s\nTPM Spec Revision: \t\t%s\nTPM Family: \t\t\t%s\nTPM Type: \t\t\t%s\n",
+		tpmInfo.Vendor(), tpmInfo.Specification(), tpmInfo.Version(), tpmInfo.Type())
 	if c.Verbose {
-		// TODO
+		fmt.Printf("TPM Firmware: \t\t\t%s\nTPM Spec Year: \t\t\t%s\n", tpmInfo.FirmwareVersion(), tpmInfo.SpecYear())
 	}
 	fmt.Printf("\nStarting TPM vulnerabilities checks.. This may take few seconds!\n\n")
 	vulnerable, cveData20231017, err := cve20231017.IsVulnerable(socket)

diff --git a/pkg/cve201715361/cve-2017-15361.go b/pkg/cve201715361/cve-2017-15361.go
@@ -82,13 +82,13 @@ func IsVulnerable(rwc io.ReadWriteCloser) (bool, *CVEData, error) {
 		tpm2.AlgXOR,
 		tpm2.AlgSHA256)
 	if err != nil {
-		return false, nil, fmt.Errorf("")
+		return false, nil, fmt.Errorf("couldn't start auth session")
 	}
 	defer tpm2.FlushContext(rwc, session)
 
 	hnd, publicKey, err := tpm2.CreatePrimary(rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", tss.RSAPublicKey)
 	if err != nil {
-		return false, nil, fmt.Errorf("")
+		return false, nil, fmt.Errorf("couldn't creat rsa key for testing")
 	}
 	defer tpm2.FlushContext(rwc, hnd)
 	tmp := &big.Int{}

diff --git a/pkg/tss/tpm.go b/pkg/tss/tpm.go
@@ -19,7 +19,6 @@ import (
 	"io"
 	"net"
 	"net/url"
-	"strconv"
 
 	"github.com/google/go-tpm/tpm2"
 	"github.com/google/go-tpm/tpmutil"
@@ -67,6 +66,7 @@ var families = map[TCGFamily]string{
 type TCGSpecRevision uint32
 type TCGFirmwareVersion uint32
 type TCGVendorString uint32
+type TCGYear uint32
 
 type TPM20Info struct {
 	Manufacturer TCGVendorID
@@ -78,25 +78,49 @@ type TPM20Info struct {
 	VendorData2  TCGVendorString
 	VendorData3  TCGVendorString
 	VendorData4  TCGVendorString
+	Year         TCGYear
 }
 
-func (version TCGFirmwareVersion) String() string {
-	if version == 0 {
-		return "0"
-	} else {
-		return strconv.FormatUint(uint64(version), 16)
+func (t *TPM20Info) SpecYear() string {
+	tmp := fmt.Sprintf("%d", t.Year)
+	return fmt.Sprintf("%c%c%c%c", tmp[0], tmp[1], tmp[2], tmp[3])
+}
+
+func (t *TPM20Info) Type() string {
+	switch t.Family {
+	case 1095582720:
+	case 1229870147:
+		return "fTPM"
 	}
+	return "dTPM"
 }
 
-func (family TCGFamily) String() string {
-	return families[family]
+func (t *TPM20Info) Version() string {
+	return families[t.Family]
 }
 
-func (spec TCGSpecRevision) String() string {
-	tmp := fmt.Sprintf("%d", spec)
+func (t *TPM20Info) Specification() string {
+	tmp := fmt.Sprintf("%d", t.SpecRevision)
 	return fmt.Sprintf("%c.%s", tmp[0], tmp[1:])
 }
 
+func (t *TPM20Info) FirmwareVersion() string {
+	var firmwareVersion string
+	version1 := fmt.Sprintf("%d", t.FWVersion1)
+	version2 := fmt.Sprintf("%d", t.FWVersion1)
+	if t.FWVersion1 != 0 {
+		firmwareVersion = fmt.Sprintf("%c.%s", version1[0], version1[1:])
+	}
+	if t.FWVersion2 != 0 {
+		firmwareVersion += fmt.Sprintf(" - %c.%s", version2[0], version2[1:])
+	}
+	return firmwareVersion
+}
+
+func (t *TPM20Info) Vendor() string {
+	return vendors[t.Manufacturer]
+}
+
 var ECCPublicKey = tpm2.Public{
 	Type:    tpm2.AlgECC,
 	NameAlg: tpm2.AlgSHA256,
@@ -222,10 +246,6 @@ func OpenNetTPM(url *url.URL) (io.ReadWriteCloser, error) {
 	return rwc, nil
 }
 
-func (id TCGVendorID) String() string {
-	return vendors[id]
-}
-
 func Property(conn io.ReadWriteCloser, prop uint32) (uint32, error) {
 	caps, _, err := tpm2.GetCapability(conn, tpm2.CapabilityTPMProperties, 1, prop)
 	if err != nil {
@@ -284,6 +304,10 @@ func ReadTPM2VendorAttributes(tpm io.ReadWriteCloser) (*TPM20Info, error) {
 	if err != nil {
 		return nil, err
 	}
+	year, err := Property(tpm, uint32(tpm2.SpecYear))
+	if err != nil {
+		return nil, err
+	}
 	return &TPM20Info{
 		Manufacturer: TCGVendorID(manu),
 		Family:       TCGFamily(family),
@@ -294,6 +318,7 @@ func ReadTPM2VendorAttributes(tpm io.ReadWriteCloser) (*TPM20Info, error) {
 		VendorData2:  TCGVendorString(vendor2),
 		VendorData3:  TCGVendorString(vendor3),
 		VendorData4:  TCGVendorString(vendor4),
+		Year:         TCGYear(year),
 	}, nil
 }