Skip to content

Commit fea7a79

Browse files
orangecmsorangecms
committed
WIP
Signed-off-by: Daniel Maslowski <info@orangecms.org>
1 parent f5f60d6 commit fea7a79

File tree

2 files changed

+14
-2
lines changed

2 files changed

+14
-2
lines changed

cmds/intelmeta/main.go

+11-2
Original file line numberDiff line numberDiff line change
@@ -225,7 +225,13 @@ func main() {
225225
_, ok := meta.Polm.(cbntbootpolicy.Manifest)
226226
if ok == true {
227227
pol := meta.Polm.(cbntbootpolicy.Manifest)
228-
k := pol.PMSE.Key.Data[4:]
228+
key := pol.PMSE.Key
229+
alg := pol.PMSE.Signature.HashAlg
230+
err = key.PrintBPMPubKey(alg)
231+
fmt.Fprintf(os.Stderr, "KEY CBNT policy key err: %v alg: %v\n", err, alg)
232+
err = key.PrintKMPubKey(alg)
233+
fmt.Fprintf(os.Stderr, "KEY CBNT manifest key err: %v alg: %v\n", err, alg)
234+
k := key.Data[4:]
229235
for _, lk := range leakedKeys {
230236
if bytes.Equal(k, lk) {
231237
meta.LeakedKey = hex.EncodeToString(lk[:8])
@@ -235,7 +241,9 @@ func main() {
235241
if ok == false {
236242
p, ok := meta.Polm.(bgbootpolicy.Manifest)
237243
if ok == true {
238-
k := p.PMSE.Key.Data[4:]
244+
// the first 4 bytes are some sort of flags
245+
key := p.PMSE.Key
246+
k := key.Data[4:]
239247
for _, lk := range leakedKeys {
240248
if bytes.Equal(k, lk) {
241249
meta.LeakedKey = hex.EncodeToString(lk[:8])
@@ -270,6 +278,7 @@ func main() {
270278
}
271279
}
272280

281+
fmt.Fprintf(os.Stderr, "key size: %v\n", len(leakedKeys[0])*8)
273282
if meta.LeakedKey != "" {
274283
fmt.Fprintf(os.Stderr, "LEAKED BG KEY USED: %x\n", meta.LeakedKey)
275284
}

pkg/intel/metadata/cbnt/key.go

+3
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,7 @@ func (k *Key) PrintBPMPubKey(bpmAlg Algorithm) error {
171171
if _, err := hash.Write(buf.Bytes()); err != nil {
172172
return fmt.Errorf("unable to hash: %w", err)
173173
}
174+
fmt.Printf(" Boot Policy Manifest Pubkey: 0x%x\n", buf)
174175
fmt.Printf(" Boot Policy Manifest Pubkey Hash: 0x%x\n", hash.Sum(nil))
175176
} else if k.KeyAlg == AlgSM2 || k.KeyAlg == AlgECC {
176177
if err := binary.Write(buf, binary.LittleEndian, k.Data); err != nil {
@@ -179,6 +180,7 @@ func (k *Key) PrintBPMPubKey(bpmAlg Algorithm) error {
179180
if _, err := hash.Write(buf.Bytes()); err != nil {
180181
return fmt.Errorf("unable to hash: %w", err)
181182
}
183+
fmt.Printf(" Boot Policy Manifest Pubkey: 0x%x\n", buf)
182184
fmt.Printf(" Boot Policy Manifest Pubkey Hash: 0x%x\n", hash.Sum(nil))
183185
} else {
184186
fmt.Printf(" Boot Policy Manifest Pubkey Hash: Unknown Algorithm\n")
@@ -211,6 +213,7 @@ func (k *Key) PrintKMPubKey(kmAlg Algorithm) error {
211213
if _, err := hash.Write(buf.Bytes()); err != nil {
212214
return fmt.Errorf("unable to hash: %w", err)
213215
}
216+
fmt.Printf(" Key Manifest Pubkey: 0x%x\n", buf)
214217
fmt.Printf(" Key Manifest Pubkey Hash: 0x%x\n", hash.Sum(nil))
215218
// On SKL and KBL the exponent is not included in the KM hash
216219
buf.Truncate(len(k.Data[4:]))

0 commit comments

Comments
 (0)