From 1f6b3eae69efabae1e6c5fac698f07a4de1e7332 Mon Sep 17 00:00:00 2001
From: gram-signal <84339875+gram-signal@users.noreply.github.com>
Date: Tue, 19 Mar 2024 16:44:11 -0600
Subject: [PATCH] Have azure/gcp dump their event logs on init.

---
 enclave/env/azuresnp/azuresnp.cc | 6 ++++++
 enclave/env/gcpsnp/gcpsnp.cc     | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/enclave/env/azuresnp/azuresnp.cc b/enclave/env/azuresnp/azuresnp.cc
index 5a70f2d..780d9f1 100644
--- a/enclave/env/azuresnp/azuresnp.cc
+++ b/enclave/env/azuresnp/azuresnp.cc
@@ -24,6 +24,7 @@
 #include "util/mutex.h"
 #include "util/endian.h"
 #include "util/log.h"
+#include "util/base64.h"
 #include "attestation/tpm2snp/tpm2snp.h"
 #include "hmac/hmac.h"
 #include "fs/fs.h"
@@ -179,6 +180,11 @@ class Environment : public ::svr2::env::socket::Environment {
       LOG(FATAL) << "Failure to attest evidence in Init: " << err;
     }
     LOG(INFO) << "Successfully retrieved and attested evidence";
+    if (auto [elog, err] = fs::FileContents("/sys/kernel/security/tpm0/binary_bios_measurements"); err != error::OK) {
+      LOG(ERROR) << "Unable to retrieve event log: " << err;
+    } else {
+      LOG(INFO) << "Event log: " << util::Base64Encode(elog, util::B64STD, true);
+    }
   }
  
  private:
diff --git a/enclave/env/gcpsnp/gcpsnp.cc b/enclave/env/gcpsnp/gcpsnp.cc
index 17bdf4c..50a18ac 100644
--- a/enclave/env/gcpsnp/gcpsnp.cc
+++ b/enclave/env/gcpsnp/gcpsnp.cc
@@ -29,6 +29,7 @@
 #include "util/hex.h"
 #include "util/mutex.h"
 #include "util/endian.h"
+#include "util/base64.h"
 #include "util/log.h"
 #include "hmac/hmac.h"
 #include "fs/fs.h"
@@ -145,6 +146,11 @@ class Environment : public ::svr2::env::socket::Environment {
       LOG(FATAL) << "Failure to attest evidence in Init: " << err;
     }
     LOG(INFO) << "Base evidence and endorsements created successfully";
+    if (auto [elog, err] = fs::FileContents("/sys/kernel/security/tpm0/binary_bios_measurements"); err != error::OK) {
+      LOG(ERROR) << "Unable to retrieve event log: " << err;
+    } else {
+      LOG(INFO) << "Event log: " << util::Base64Encode(elog, util::B64STD, true);
+    }
   }
 
  private: