get pciids from code if not found on filesystem

Author: iadgovuser58

HIRS_Utils/src/main/java/hirs/utils/PciIds.java

@@ -66,7 +66,7 @@ public final class PciIds {
     static {
         if (!DB.isReady()) {
 
-            // if pciids file is found on the system, then process using this
+            // if pciids file is found on the system, then process using this file
             String dbFile = null;
             for (final String path : PCI_IDS_PATH) {
                 if ((new File(path)).exists()) {
@@ -79,7 +79,7 @@ public final class PciIds {
             if(dbFile != null) {
                 InputStream is = null;
                 try {
-                    is = new FileInputStream(new File(dbFile));
+                    is = new FileInputStream(dbFile);
                     DB.loadStream(is);
                     pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
                 } catch (IOException e) {
@@ -98,17 +98,19 @@ public final class PciIds {
 
             // if pciids file is not found on the system or not accessible, then attempt to grab it from code
             if(pciidsFileStatus == UefiConstants.FILESTATUS_NOT_ACCESSIBLE) {
-                InputStream istemp = PciIds.class.getResourceAsStream(PCIIDS_FILENAME);
-                try {
-                    DB.loadStream(istemp);
-                    pciidsFileStatus = UefiConstants.FILESTATUS_FROM_CODE;
-                } catch (IOException e) {
-                    // DB will not be ready, hardware IDs will not be translated
-                } finally {
-                    if (istemp != null) {
-                        try {
-                            istemp.close();
-                        } catch (IOException e) {
+                InputStream isFromCode = PciIds.class.getResourceAsStream(PCIIDS_FILENAME);
+                if(isFromCode != null) {
+                    try {
+                        DB.loadStream(isFromCode);
+                        pciidsFileStatus = UefiConstants.FILESTATUS_FROM_CODE;
+                    } catch (IOException e) {
+                        // DB will not be ready, hardware IDs will not be translated
+                    } finally {
+                        if (isFromCode != null) {
+                            try {
+                                isFromCode.close();
+                            } catch (IOException e) {
+                            }
                         }
                     }
                 }

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java

@@ -180,13 +180,12 @@ public TCGEventLog(final byte[] rawlog, final boolean bEventFlag,
                     != UefiConstants.FILESTATUS_FROM_FILESYSTEM)) {
                 vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus();
             }
-            if ((vendorTableFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
-                    && (eventList.get(eventNumber - 1).getVendorTableFileStatus()
+            //similar to above with vendor-table.json file, but here with pci.ids file
+            if ((pciidsFileStatus != UefiConstants.FILESTATUS_NOT_ACCESSIBLE)
+                    && (eventList.get(eventNumber - 1).getPciidsFileStatus()
                     != UefiConstants.FILESTATUS_FROM_FILESYSTEM)) {
-                vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus();
+                pciidsFileStatus = eventList.get(eventNumber - 1).getPciidsFileStatus();
             }
-
-            //add pci here
         }
         calculatePcrValues();
     }

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TpmPcrEvent.java

@@ -448,6 +448,7 @@ public String processEvent(final byte[] eventData, final byte[] content,
                     specVersion = noAction.getSpecVersion();
                     specErrataVersion = noAction.getSpecErrataVersion();
                 }
+                pciidsFileStatus = noAction.getPciidsFileStatus();
                 break;
             case EvConstants.EV_SEPARATOR:
                 if (EvPostCode.isAscii(content)) {

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java

@@ -62,8 +62,12 @@ public abstract class DeviceSecurityEvent {
     private String deviceContextInfo = "";
 
     /**
-     * Track status of pci.ids file.
-     * This is only needed if DeviceSecurityEvent includes a DeviceSecurityEventDataPciContext
+     * Track status of pci.ids
+     * This is only used for events that access the pci.ids file.
+     * (In this class, this is only needed if DeviceSecurityEvent includes a DeviceSecurityEventDataPciContext)
+     * Default is normal status (normal status is from-filesystem).
+     * Status will only change IF this is an event that uses this file,
+     * and if that event causes a different status.
      */
     @Getter
     private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
@@ -92,6 +96,8 @@ public void instantiateDeviceContext(final byte[] dsedDeviceContextBytes) {
             } else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_PCI) {
                 dsedPciContext = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes);
                 deviceContextInfo = dsedPciContext.toString();
+                // getPciidsFileStatus() must be called after DeviceSecurityEventDataPciContext.toString(),
+                // because the toString function is where the pciids db gets set up and used
                 pciidsFileStatus = dsedPciContext.getPciidsFileStatus();
             } else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_USB) {
                 deviceContextInfo = "    Device Type: USB - To be implemented";

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java

@@ -6,8 +6,6 @@
 
 import java.nio.charset.StandardCharsets;
 
-import static hirs.utils.tpm.eventlog.uefi.UefiConstants.FILESTATUS_FROM_FILESYSTEM;
-
 /**
  * Abstract class to process any SPDM event that is solely a DEVICE_SECURITY_EVENT_DATA or
  * DEVICE_SECURITY_EVENT_DATA2. The event field MUST be a
@@ -56,7 +54,7 @@ public class EvEfiSpdmDeviceSecurityEvent {
      * and if that event causes a different status.
      */
     @Getter
-    private String pciidsFileStatus = FILESTATUS_FROM_FILESYSTEM;
+    private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
 
     /**
      * EvEfiSpdmFirmwareBlob constructor.

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java

@@ -53,6 +53,16 @@ public class EvNoAction {
     @Getter
     private String noActionInfo = "";
 
+    /**
+     * Track status of pci.ids
+     * This is only used for events that access the pci.ids file.
+     * Default is normal status (normal status is from-filesystem).
+     * Status will only change IF this is an event that uses this file,
+     * and if that event causes a different status.
+     */
+    @Getter
+    private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
+
     /**
      * EvNoAction constructor.
      *
@@ -78,9 +88,11 @@ public EvNoAction(final byte[] eventData) throws UnsupportedEncodingException {
         } else if (signature.contains("NvIndexInstance")) {
             NvIndexInstanceEventLogData nvIndexInstanceEvent = new NvIndexInstanceEventLogData(eventData);
             noActionInfo += nvIndexInstanceEvent.toString();
+            pciidsFileStatus = nvIndexInstanceEvent.getPciidsFileStatus();
         } else if (signature.contains("NvIndexDynamic")) {
             NvIndexDynamicEventLogData nvIndexDynamicEvent = new NvIndexDynamicEventLogData(eventData);
             noActionInfo += nvIndexDynamicEvent.toString();
+            pciidsFileStatus = nvIndexDynamicEvent.getPciidsFileStatus();
         } else {
             noActionInfo = "   EV_NO_ACTION event named \"" + signature
                     + "\" encountered but support for processing it has not been"

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexDynamicEventLogData.java

@@ -1,6 +1,8 @@
 package hirs.utils.tpm.eventlog.events;
 
 import hirs.utils.HexUtils;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
 
 import java.nio.charset.StandardCharsets;
 
@@ -36,6 +38,16 @@ public class NvIndexDynamicEventLogData {
      */
     private String nvIndexDynamicInfo = "";
 
+    /**
+     * Track status of pci.ids
+     * This is only used for events that access the pci.ids file.
+     * Default is normal status (normal status is from-filesystem).
+     * Status will only change IF this is an event that uses this file,
+     * and if that event causes a different status.
+     */
+    @Getter
+    private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
+
     /**
      * NvIndexInstanceEventLogData constructor.
      *

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java

@@ -1,6 +1,8 @@
 package hirs.utils.tpm.eventlog.events;
 
 import hirs.utils.HexUtils;
+import hirs.utils.tpm.eventlog.uefi.UefiConstants;
+import lombok.Getter;
 
 import java.nio.charset.StandardCharsets;
 
@@ -38,6 +40,16 @@ public class NvIndexInstanceEventLogData {
      */
     private String nvIndexInstanceInfo = "";
 
+    /**
+     * Track status of pci.ids
+     * This is only used for events that access the pci.ids file.
+     * Default is normal status (normal status is from-filesystem).
+     * Status will only change IF this is an event that uses this file,
+     * and if that event causes a different status.
+     */
+    @Getter
+    private String pciidsFileStatus = UefiConstants.FILESTATUS_FROM_FILESYSTEM;
+
     /**
      * NvIndexInstanceEventLogData constructor.
      *
@@ -84,6 +96,7 @@ public NvIndexInstanceEventLogData(final byte[] eventData) {
             if (dsedVersion.equals("0200")) {
                 dsed = new DeviceSecurityEventData2(dsedEventData);
                 nvIndexInstanceInfo += dsed.toString();
+                pciidsFileStatus = dsed.getPciidsFileStatus();
             } else {
                 nvIndexInstanceInfo += "    Incompatible version for DeviceSecurityEventData2: "
                         + dsedVersion + "\n";

tools/tcg_eventlog_tool/src/main/java/hirs/tcg_eventlog/Main.java

@@ -136,13 +136,24 @@ private static void handleEventLog() {
                                 + evLog.getEventList().size() + " events:\n\n");
                     }
                     if (evLog.getVendorTableFileStatus() == FILESTATUS_NOT_ACCESSIBLE) {
-                        writeOut("*** WARNING: The file vendor-table.json was not accessible from the "
-                                + "filesystem or the code, so some event data shown in the output of this "
-                                + "tool may be outdated or omitted.\n\n");
+                        writeOut("*** WARNING: "
+                                + "The file vendor-table.json was not accessible from the filesystem or the code,\n"
+                                + "             so some event data shown in the output of this tool may be outdated\n"
+                                + "             or omitted.\n\n");
                     } else if (evLog.getVendorTableFileStatus() == FILESTATUS_FROM_CODE) {
-                        writeOut("*** NOTE: "
+                        writeOut("*** NOTE:    "
                                 + "The file vendor-table.json file was not accessible from the filesystem,\n"
-                                + "          so the vendor-table.json from code was used.\n\n");
+                                + "             so the vendor-table.json from code was used.\n\n");
+                    }
+                    if (evLog.getPciidsFileStatus() == FILESTATUS_NOT_ACCESSIBLE) {
+                        writeOut("*** WARNING: "
+                                + "The file pci.ids was not accessible from the filesystem or the code,\n"
+                                + "             so some pci device info lookups in the output of this tool\n"
+                                + "             may be omitted or the hex code may be used instead.\n\n");
+                    } else if (evLog.getPciidsFileStatus() == FILESTATUS_FROM_CODE) {
+                        writeOut("*** NOTE:    "
+                                + "The file pci.ids file was not accessible from the filesystem,\n"
+                                + "             so the pci.ids from code was used.\n\n");
                     }
                 }
                 int eventCount = 0;