From 1b21f41be83e1f3c0869d5b2ca7290d9e9993e03 Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Wed, 11 Mar 2026 14:38:34 -0400 Subject: [PATCH 1/2] Continue parsing of event log even if RSA 512 bit error encountered --- .../hirs/utils/tpm/eventlog/TCGEventLog.java | 32 +++++++++++++------ 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java index 0aec14bbc..6a1df565a 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java @@ -8,6 +8,7 @@ import hirs.utils.tpm.eventlog.events.EvNoAction; import hirs.utils.tpm.eventlog.uefi.UefiConstants; import lombok.Getter; +import lombok.extern.log4j.Log4j2; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; @@ -34,6 +35,7 @@ /** * Class for handling different formats of TCG Event logs. */ +@Log4j2 public final class TCGEventLog { // The TCG PC Client Platform TPM Profile Specification for TPM 2.0 defines 5 localities @@ -230,11 +232,21 @@ public TCGEventLog(final byte[] rawlog, final boolean bEventFlag, // put the remaining events into the event list while (is.available() > 0) { if (bCryptoAgile) { - TpmPcrEvent2 event2 = new TpmPcrEvent2(is, eventNumber++, strongestEvLogHashAlgName); - eventList.put(eventNumber, event2); - if (event2.isStartupLocalityEvent()) { - EvNoAction event = new EvNoAction(event2.getEventContent()); - startupLocality = event.getStartupLocality(); + TpmPcrEvent2 event2 = null; + eventNumber++; + try { + event2 = new TpmPcrEvent2(is, eventNumber, strongestEvLogHashAlgName); + eventList.put(eventNumber, event2); + if (event2.isStartupLocalityEvent()) { + EvNoAction event = new EvNoAction(event2.getEventContent()); + startupLocality = event.getStartupLocality(); + } + } catch (Exception e) { + log.warn("Couldn't parse event #{} {}: {}", + eventNumber, + (event2 != null) ? event2.getEventTypeStr() : "(couldn't parse)", + e.getMessage()); + continue; } } else { TpmPcrEvent1 event1 = new TpmPcrEvent1(is, eventNumber++); @@ -267,10 +279,12 @@ public TCGEventLog(final byte[] rawlog, final boolean bEventFlag, // the if-statement is executed // [new event file status = eventList.get(eventNumber-1).getPciidsFileStatus()] // (ie. if the new file status is not-accessible or from-code, then want to update) - if ((pciidsFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE) - && (eventList.get(eventNumber - 1).getPciidsFileStatus() - != UefiConstants.FILESTATUS_FROM_FILESYSTEM)) { - pciidsFileStatus = eventList.get(eventNumber - 1).getPciidsFileStatus(); + if (eventList.containsKey(eventNumber - 1)) { + if ((pciidsFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE) + && (eventList.get(eventNumber - 1).getPciidsFileStatus() + != UefiConstants.FILESTATUS_FROM_FILESYSTEM)) { + pciidsFileStatus = eventList.get(eventNumber - 1).getPciidsFileStatus(); + } } } calculatePcrValues(); From 2ac7696c0b72987b4460f10e41ebf2d1276d2a61 Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Wed, 18 Mar 2026 13:06:39 -0400 Subject: [PATCH 2/2] Fix frontend error message for base RIM missing PCR values --- .../src/main/resources/templates/rim-details.html | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/HIRS_AttestationCAPortal/src/main/resources/templates/rim-details.html b/HIRS_AttestationCAPortal/src/main/resources/templates/rim-details.html index 8c00cd377..944fca0b0 100644 --- a/HIRS_AttestationCAPortal/src/main/resources/templates/rim-details.html +++ b/HIRS_AttestationCAPortal/src/main/resources/templates/rim-details.html @@ -557,10 +557,11 @@

- + and not ${initialData.get('swidSupplemental')}"> + PCR values not found. +