various: update github.com/canonical/tcglog-parser

github.com/canonical/tcglog-parser defined its own types for PCR indides
and digests, which resulted in a bunch of pointless conversions between
these and go-tpm2 equivalent types in packages that depended on both of
these, despite the fact that tcglog-parser already depends on go-tpm2.

I've remove the tcglog-parser type definitions in master and updated it
here which allosw us to remove a fair few type conversions.

efi/fw_load_handler.go

@@ -59,7 +59,7 @@ func (h *fwLoadHandler) measureSeparator(ctx pcrBranchContext, pcr tpm2.Handle,
 	if data.IsError() {
 		return fmt.Errorf("separator indicates that a firmware error occurred (error code from log: %d)", binary.LittleEndian.Uint32(data.Bytes()))
 	}
-	ctx.ExtendPCR(pcr, tpm2.Digest(event.Digests[ctx.PCRAlg()]))
+	ctx.ExtendPCR(pcr, event.Digests[ctx.PCRAlg()])
 	return nil
 }
 
@@ -118,10 +118,10 @@ func (h *fwLoadHandler) measureSecureBootPolicyPreOS(ctx pcrBranchContext) error
 		events = events[1:]
 
 		switch {
-		case e.PCRIndex < tcglog.PCRIndex(internal_efi.SecureBootPolicyPCR) && e.EventType == tcglog.EventTypeSeparator:
+		case e.PCRIndex < internal_efi.SecureBootPolicyPCR && e.EventType == tcglog.EventTypeSeparator:
 			// pre-OS to OS-present signal
 			foundOsPresent = true
-		case e.PCRIndex == tcglog.PCRIndex(internal_efi.SecureBootPolicyPCR) && e.EventType == tcglog.EventTypeSeparator:
+		case e.PCRIndex == internal_efi.SecureBootPolicyPCR && e.EventType == tcglog.EventTypeSeparator:
 			// end of secure boot configuration signal
 			if foundSecureBootSeparator {
 				return errors.New("unexpected separator")
@@ -130,22 +130,22 @@ func (h *fwLoadHandler) measureSecureBootPolicyPreOS(ctx pcrBranchContext) error
 				return err
 			}
 			foundSecureBootSeparator = true
-		case e.PCRIndex == tcglog.PCRIndex(internal_efi.SecureBootPolicyPCR) && e.EventType == tcglog.EventTypeEFIVariableAuthority:
+		case e.PCRIndex == internal_efi.SecureBootPolicyPCR && e.EventType == tcglog.EventTypeEFIVariableAuthority:
 			// secure boot verification event - shouldn't see this before the end of secure
 			// boot configuration signal.
 			if !foundSecureBootSeparator {
 				return errors.New("unexpected verification event")
 			}
-			digest := tpm2.Digest(e.Digests[ctx.PCRAlg()])
+			digest := e.Digests[ctx.PCRAlg()]
 			ctx.FwContext().AppendVerificationEvent(digest)
 			ctx.ExtendPCR(internal_efi.SecureBootPolicyPCR, digest)
-		case e.PCRIndex == tcglog.PCRIndex(internal_efi.SecureBootPolicyPCR) && e.EventType == tcglog.EventTypeEFIVariableDriverConfig:
+		case e.PCRIndex == internal_efi.SecureBootPolicyPCR && e.EventType == tcglog.EventTypeEFIVariableDriverConfig:
 			// ignore: part of the secure boot configuration - shouldn't see this after the
 			// end of secure boot configuration signal.
 			if foundSecureBootSeparator {
 				return errors.New("unexpected configuration event")
 			}
-		case e.PCRIndex == tcglog.PCRIndex(internal_efi.SecureBootPolicyPCR):
+		case e.PCRIndex == internal_efi.SecureBootPolicyPCR:
 			return fmt.Errorf("unexpected event type (%v) found in log", e.EventType)
 		default:
 			// not a secure boot event
@@ -166,7 +166,7 @@ func (h *fwLoadHandler) measurePlatformFirmware(ctx pcrBranchContext) error {
 	donePcrReset := false
 
 	for _, event := range h.log.Events {
-		if event.PCRIndex != tcglog.PCRIndex(internal_efi.PlatformFirmwarePCR) {
+		if event.PCRIndex != internal_efi.PlatformFirmwarePCR {
 			continue
 		}
 		if event.EventType == tcglog.EventTypeNoAction {
@@ -191,22 +191,22 @@ func (h *fwLoadHandler) measurePlatformFirmware(ctx pcrBranchContext) error {
 		if event.EventType == tcglog.EventTypeSeparator {
 			return h.measureSeparator(ctx, internal_efi.PlatformFirmwarePCR, event)
 		}
-		ctx.ExtendPCR(internal_efi.PlatformFirmwarePCR, tpm2.Digest(event.Digests[ctx.PCRAlg()]))
+		ctx.ExtendPCR(internal_efi.PlatformFirmwarePCR, event.Digests[ctx.PCRAlg()])
 	}
 
 	return errors.New("missing separator")
 }
 
 func (h *fwLoadHandler) measureDriversAndApps(ctx pcrBranchContext) error {
 	for _, event := range h.log.Events {
-		if event.PCRIndex != tcglog.PCRIndex(internal_efi.DriversAndAppsPCR) {
+		if event.PCRIndex != internal_efi.DriversAndAppsPCR {
 			continue
 		}
 
 		if event.EventType == tcglog.EventTypeSeparator {
 			return h.measureSeparator(ctx, internal_efi.DriversAndAppsPCR, event)
 		}
-		ctx.ExtendPCR(internal_efi.DriversAndAppsPCR, tpm2.Digest(event.Digests[ctx.PCRAlg()]))
+		ctx.ExtendPCR(internal_efi.DriversAndAppsPCR, event.Digests[ctx.PCRAlg()])
 	}
 
 	return errors.New("missing separator")
@@ -252,7 +252,7 @@ func (h *fwLoadHandler) measureBootManagerCodePreOS(ctx pcrBranchContext) error
 		event := events[0]
 		events = events[1:]
 
-		if event.PCRIndex != tcglog.PCRIndex(internal_efi.BootManagerCodePCR) {
+		if event.PCRIndex != internal_efi.BootManagerCodePCR {
 			continue
 		}
 
@@ -263,7 +263,7 @@ func (h *fwLoadHandler) measureBootManagerCodePreOS(ctx pcrBranchContext) error
 			measuredSeparator = true
 			break
 		}
-		ctx.ExtendPCR(internal_efi.BootManagerCodePCR, tpm2.Digest(event.Digests[ctx.PCRAlg()]))
+		ctx.ExtendPCR(internal_efi.BootManagerCodePCR, event.Digests[ctx.PCRAlg()])
 	}
 
 	if !measuredSeparator {
@@ -279,7 +279,7 @@ func (h *fwLoadHandler) measureBootManagerCodePreOS(ctx pcrBranchContext) error
 		event := events[0]
 		events = events[1:]
 
-		if event.PCRIndex != tcglog.PCRIndex(internal_efi.BootManagerCodePCR) {
+		if event.PCRIndex != internal_efi.BootManagerCodePCR {
 			continue
 		}
 		if event.EventType != tcglog.EventTypeEFIBootServicesApplication {
@@ -295,7 +295,7 @@ func (h *fwLoadHandler) measureBootManagerCodePreOS(ctx pcrBranchContext) error
 		}
 		if isAbsolute {
 			// copy the digest to the policy
-			ctx.ExtendPCR(internal_efi.BootManagerCodePCR, tpm2.Digest(event.Digests[ctx.PCRAlg()]))
+			ctx.ExtendPCR(internal_efi.BootManagerCodePCR, event.Digests[ctx.PCRAlg()])
 		}
 		// If it's not Absolute, we assume it's related to the OS launch which we will predict
 		// later on. If it's something else, discarding it here creates an invalid policy but this is

efi/fw_load_handler_test.go

@@ -547,9 +547,9 @@ func (s *fwLoadHandlerSuite) testMeasureImageStartErrBadLogSeparatorError(c *C,
 	log := efitest.NewLog(c, &efitest.LogOptions{
 		Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA1}})
 	for i, event := range log.Events {
-		if event.PCRIndex == tcglog.PCRIndex(pcr) && event.EventType == tcglog.EventTypeSeparator {
+		if event.PCRIndex == pcr && event.EventType == tcglog.EventTypeSeparator {
 			// Overwrite the event data with a mock error event
-			log.Events[i].Data = tcglog.NewErrorSeparatorEventData([]byte{0x50, 0x10, 0x00, 0x00})
+			log.Events[i].Data = &tcglog.SeparatorEventData{Value: tcglog.SeparatorEventErrorValue, ErrorInfo: []byte{0x50, 0x10, 0x00, 0x00}}
 			break
 		}
 	}
@@ -588,7 +588,7 @@ func (s *fwLoadHandlerSuite) testMeasureImageStartErrBadLogInvalidSeparator(c *C
 	log := efitest.NewLog(c, &efitest.LogOptions{
 		Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA1}})
 	for i, event := range log.Events {
-		if event.PCRIndex == tcglog.PCRIndex(pcr) && event.EventType == tcglog.EventTypeSeparator {
+		if event.PCRIndex == pcr && event.EventType == tcglog.EventTypeSeparator {
 			// Overwrite the event data with a mock error event
 			log.Events[i].Data = &mockErrLogData{errors.New("data is the wrong size")}
 			break
@@ -629,7 +629,7 @@ func (s *fwLoadHandlerSuite) testMeasureImageStartErrBadLogMissingSeparator(c *C
 	log := efitest.NewLog(c, &efitest.LogOptions{
 		Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA1}})
 	for i, event := range log.Events {
-		if event.PCRIndex == tcglog.PCRIndex(pcr) && event.EventType == tcglog.EventTypeSeparator {
+		if event.PCRIndex == pcr && event.EventType == tcglog.EventTypeSeparator {
 			events := log.Events[:i]
 			if len(log.Events) > i+1 {
 				events = append(events, log.Events[i+1:]...)

efi/preinstall/check_fw_protections.go

@@ -121,7 +121,7 @@ func checkSecureBootPolicyPCRForDegradedFirmwareSettings(log *tcglog.Log) error
 		event := events[0]
 		events = events[1:]
 
-		if event.PCRIndex != tcglog.PCRIndex(internal_efi.SecureBootPolicyPCR) {
+		if event.PCRIndex != internal_efi.SecureBootPolicyPCR {
 			continue
 		}
 

efi/preinstall/check_fw_protections_test.go

@@ -85,7 +85,7 @@ func (s *fwProtectionsSuite) TestCheckSecureBootPolicyPCRForDegradedSettingsDMAP
 func (s *fwProtectionsSuite) TestCheckSecureBootPolicyPCRForDegradedSettingsErrUnexpectedData(c *C) {
 	log := efitest.NewLog(c, &efitest.LogOptions{FirmwareDebugger: true})
 	for _, ev := range log.Events {
-		if ev.PCRIndex != tcglog.PCRIndex(internal_efi.SecureBootPolicyPCR) {
+		if ev.PCRIndex != internal_efi.SecureBootPolicyPCR {
 			continue
 		}
 		ev.Data = tcglog.EFICallingEFIApplicationEvent
@@ -97,7 +97,7 @@ func (s *fwProtectionsSuite) TestCheckSecureBootPolicyPCRForDegradedSettingsErrU
 func (s *fwProtectionsSuite) TestCheckSecureBootPolicyPCRForDegradedSettingsErrUnexpectedType(c *C) {
 	log := efitest.NewLog(c, &efitest.LogOptions{FirmwareDebugger: true})
 	for _, ev := range log.Events {
-		if ev.PCRIndex != tcglog.PCRIndex(internal_efi.SecureBootPolicyPCR) {
+		if ev.PCRIndex != internal_efi.SecureBootPolicyPCR {
 			continue
 		}
 		ev.EventType = tcglog.EventTypeAction

go.mod

@@ -6,8 +6,8 @@ require (
 	github.com/canonical/go-efilib v1.2.0
 	github.com/canonical/go-sp800.108-kdf v0.0.0-20210315104021-ead800bbf9a0
 	github.com/canonical/go-sp800.90a-drbg v0.0.0-20210314144037-6eeb1040d6c3
-	github.com/canonical/go-tpm2 v1.7.3
-	github.com/canonical/tcglog-parser v0.0.0-20240726104243-6363e875afc6
+	github.com/canonical/go-tpm2 v1.7.6
+	github.com/canonical/tcglog-parser v0.0.0-20240813235124-27d841b70bdb
 	github.com/intel-go/cpuid v0.0.0-20220614022739-219e067757cb
 	github.com/snapcore/snapd v0.0.0-20220714152900-4a1f4c93fc85
 	golang.org/x/crypto v0.9.0

go.sum

@@ -7,11 +7,11 @@ github.com/canonical/go-sp800.108-kdf v0.0.0-20210315104021-ead800bbf9a0/go.mod
 github.com/canonical/go-sp800.90a-drbg v0.0.0-20210314144037-6eeb1040d6c3 h1:oe6fCvaEpkhyW3qAicT0TnGtyht/UrgvOwMcEgLb7Aw=
 github.com/canonical/go-sp800.90a-drbg v0.0.0-20210314144037-6eeb1040d6c3/go.mod h1:qdP0gaj0QtgX2RUZhnlVrceJ+Qln8aSlDyJwelLLFeM=
 github.com/canonical/go-tpm2 v0.0.0-20210827151749-f80ff5afff61/go.mod h1:vG41hdbBjV4+/fkubTT1ENBBqSkLwLr7mCeW9Y6kpZY=
-github.com/canonical/go-tpm2 v1.7.3 h1:4B88K59G6j4gVY+amW0JhFngtyIMmiZr6slj6cZyv4U=
-github.com/canonical/go-tpm2 v1.7.3/go.mod h1:Dz0PQRmoYrmk/4BLILjRA+SFzuqEo1etAvYeAJiMhYU=
+github.com/canonical/go-tpm2 v1.7.6 h1:9k9OAEEp9xKp4h2WJwfTUNivblJi4L5Wjx7Q/LkSTSQ=
+github.com/canonical/go-tpm2 v1.7.6/go.mod h1:Dz0PQRmoYrmk/4BLILjRA+SFzuqEo1etAvYeAJiMhYU=
 github.com/canonical/tcglog-parser v0.0.0-20210824131805-69fa1e9f0ad2/go.mod h1:QoW2apR2tBl6T/4czdND/EHjL1Ia9cCmQnIj9Xe0Kt8=
-github.com/canonical/tcglog-parser v0.0.0-20240726104243-6363e875afc6 h1:WcR9HTKI1uiKZXpfbQ33Qjr5uGfBontkpX3aQJauF/E=
-github.com/canonical/tcglog-parser v0.0.0-20240726104243-6363e875afc6/go.mod h1:eDAzszT5fmIHIjTMTsT0nTtZ+GnZb14tvi1h45Njk3g=
+github.com/canonical/tcglog-parser v0.0.0-20240813235124-27d841b70bdb h1:oOu7KRWO40ojgSbPh4RjdkPijtJCwVVI/cYMkaQAQU4=
+github.com/canonical/tcglog-parser v0.0.0-20240813235124-27d841b70bdb/go.mod h1:ywdPBqUGkuuiitPpVWCfilf2/gq+frhq4CNiNs9KyHU=
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/frankban/quicktest v1.2.2/go.mod h1:Qh/WofXFeiAFII1aEBu529AtJo6Zg2VHscnEsbBnJ20=
 github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 h1:ZpnhV/YsD2/4cESfV5+Hoeu/iUR3ruzNvZ+yQfO03a0=

internal/efitest/log.go

@@ -62,7 +62,7 @@ func (d bytesHashData) Write(w io.Writer) error {
 }
 
 type logEvent struct {
-	pcrIndex  tcglog.PCRIndex
+	pcrIndex  tpm2.Handle
 	eventType tcglog.EventType
 	data      tcglog.EventData
 }
@@ -131,7 +131,7 @@ func NewLog(c *C, opts *LogOptions) *tcglog.Log {
 		{
 			PCRIndex:  0,
 			EventType: tcglog.EventTypeNoAction,
-			Digests:   tcglog.DigestMap{tpm2.HashAlgorithmSHA1: make(tcglog.Digest, tpm2.HashAlgorithmSHA1.Size())},
+			Digests:   tcglog.DigestMap{tpm2.HashAlgorithmSHA1: make(tpm2.Digest, tpm2.HashAlgorithmSHA1.Size())},
 			Data: &tcglog.SpecIdEvent03{
 				SpecVersionMajor: 2,
 				UintnSize:        2,
@@ -147,7 +147,7 @@ func NewLog(c *C, opts *LogOptions) *tcglog.Log {
 			Data:      &tcglog.StartupLocalityEventData{StartupLocality: opts.StartupLocality},
 		}
 		for _, alg := range opts.Algorithms {
-			ev.Digests[alg] = make(tcglog.Digest, alg.Size())
+			ev.Digests[alg] = make(tpm2.Digest, alg.Size())
 		}
 		builder.events = append(builder.events, ev)
 	}
@@ -401,7 +401,7 @@ func NewLog(c *C, opts *LogOptions) *tcglog.Log {
 			eventType: tcglog.EventTypeEFIAction,
 			data:      data})
 	}
-	for _, pcr := range []tcglog.PCRIndex{0, 1, 2, 3, 4, 5, 6} {
+	for _, pcr := range []tpm2.Handle{0, 1, 2, 3, 4, 5, 6} {
 		data := &tcglog.SeparatorEventData{Value: tcglog.SeparatorEventNormalValue}
 		builder.hashLogExtendEvent(c, data, &logEvent{
 			pcrIndex:  pcr,