google · yawangwang · Apr 9, 2025 · alexmwu · Apr 9, 2025
diff --git a/extract/extract.go b/extract/extract.go
@@ -297,6 +297,7 @@ func EfiState(hash crypto.Hash, events []tcg.Event, registerCfg registerConfig)
 	exitBootSvcDigest := hasher.Sum(nil)
 
 	var efiAppStates []*pb.EfiApp
+	var efiAppEvents []tcg.Event
 	var seenSeparator4 bool
 	var seenSeparator5 bool
 	var seenCallingEfiApp bool
@@ -331,11 +332,25 @@ func EfiState(hash crypto.Hash, events []tcg.Event, registerCfg registerConfig)
 				seenCallingEfiApp = true
 			}
 
+			if bytes.HasPrefix(event.RawData(), []byte(tcg.SpecificBootOptionPrefix)) {
+				if evtType != tcg.EFIAction {
+					return nil, fmt.Errorf("%s%d contains specific boot option event but non EFIAction type: %d",
+						registerCfg.Name, index, evtType)
+				}
+				if !event.DigestVerified() {
+					return nil, fmt.Errorf("unverified boot option digest for %s%d", registerCfg.Name, index)
+				}
+				if !seenCallingEfiApp {
+					return nil, fmt.Errorf("found boot option event in %s%d before CallingEFIApp event", registerCfg.Name, index)
+				}
+			}
+
 			if evtType == tcg.EFIBootServicesApplication {
 				if !seenCallingEfiApp {
 					return nil, fmt.Errorf("found EFIBootServicesApplication in %s%d before CallingEFIApp event", registerCfg.Name, index)
 				}
 				efiAppStates = append(efiAppStates, &pb.EfiApp{Digest: event.ReplayedDigest()})
+				efiAppEvents = append(efiAppEvents, event)
 			}
 
 			isSeparator, err := checkIfValidSeparator(event, separatorInfo)
@@ -381,7 +396,10 @@ func EfiState(hash crypto.Hash, events []tcg.Event, registerCfg registerConfig)
 	// Otherwise, software further down the bootchain could extend bad
 	// PCR4/RTMR2 measurements.
 	if seenExitBootServices {
-		return &pb.EfiState{Apps: efiAppStates}, nil
+		return &pb.EfiState{
+			Apps:      efiAppStates,
+			AppEvents: tcg.ConvertToPbEvents(hash, efiAppEvents),
+		}, nil
 	}
 	return nil, nil
 }

diff --git a/proto/state.proto b/proto/state.proto
@@ -172,6 +172,7 @@ message EfiState {
   // UEFI applications are typically bootloaders such as shim and GRUB.
   // These run and are measured using the UEFI LoadImage() service.
   repeated EfiApp apps = 1;
+  repeated Event app_events = 2;
 }
 
 // Enum values come from the TCG Algorithm Registry - v1.27 - Table 3.

diff --git a/proto/state/state.pb.go b/proto/state/state.pb.go
diff --git a/tcg/events.go b/tcg/events.go
@@ -220,10 +220,14 @@ func UntrustedParseEventType(et uint32) (EventType, error) {
 
 // Constant events used with type "EV_EFI_ACTION".
 // Taken from TCG PC Client Platform Firmware Profile Specification,
-// Table 17 EV_EFI_ACTION Strings.
+// https://trustedcomputinggroup.org/wp-content/uploads/TCG-PC-Client-Platform-Firmware-Profile-Version-1.06-Revision-52_pub-3.pdf
+// Table 30 EV_EFI_ACTION Strings.
 const (
 	// Measured when Boot Manager attempts to execute code from a Boot Option.
-	CallingEFIApplication      string = "Calling EFI Application from Boot Option"
+	CallingEFIApplication string = "Calling EFI Application from Boot Option"
+	// The specific Boot Option the Boot Manager passes control to.
+	// The full format is “Booting to <Boot####> Option”.
+	SpecificBootOptionPrefix   string = "Booting to"
 	ExitBootServicesInvocation string = "Exit Boot Services Invocation"
 )