Send TPM logs and EFI variables to monitor app #4672
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
rucoder
commented
Mar 12, 2025
•
rucoder
commented
- EnableBigFrames is now set on socket. this is a breaking change, so rust app and eve muct be in sync.
- update rust app to v0.2.1
- Send TPM logs and EVI variables to rust app. Unfortunately, variables encoded into TPM logs on some platforms cannot be parsed reliably so we have to manually read them from /sys and send
- update required rust version to 1.84.1 to be in sync with eve-monitor-rs repo
- eve-rust was updated to the latest stable 1.84.1 Signed-off-by: Mikhail Malyshev <[email protected]>
- TPM logs may be very big (>64k) so enable big frames for Framed codec - Also handle errors while sending IPC messages Signed-off-by: Mikhail Malyshev <[email protected]>
- We should not treat Nil UUID as valid. The data may be available but not yet initialized Signed-off-by: Mikhail Malyshev <[email protected]>
- we need this function to send contents for EFI variable together with TPM log to monitor - also add tests Signed-off-by: Mikhail Malyshev <[email protected]>
- TPM event logs are sent together with values of EFI variables Signed-off-by: Mikhail Malyshev <[email protected]>
- As soon as Vault is locked we send the notification and TPM logs for analysis - Add helper function to check Vault status Signed-off-by: Mikhail Malyshev <[email protected]>
- do not send several gigabytes of binaries to docker context. It may happen if eve-monitor-rs sources are mounted to pkg/monitor using bind --mount instead of pulling from git Signed-off-by: Mikhail Malyshev <[email protected]>
- setting EnableBigFrames is a breaking change so pkh/monitor and eve-monitor-rs must be in sync. v0.2.1 has necessary changes Signed-off-by: Mikhail Malyshev <[email protected]>
rucoder
force-pushed
the
rucoder/monitor-tpm-log
branch
from
303491e to
269e566
Compare
rene
reviewed
Mar 12, 2025
| @@ -0,0 +1,4 @@ | |||
| eve-monitor-rs/target/ | |||
There was a problem hiding this comment.
don't we need to have these on .gitignore as well?
rene
reviewed
Mar 12, 2025
| ipcMessage := ipcMessage{Type: t, Message: json.RawMessage(data)} | ||
| if data, err = json.Marshal(ipcMessage); err == nil { | ||
| log.Noticef("Sending IPC message: %s", string(data)) | ||
| if t == "TpmLogs" { | ||
| log.Noticef("Sending IPC message: %s", t) |
There was a problem hiding this comment.
what about use Sending IPC TPM log message: %s here so it becomes easier to find these in the logs?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.