measured boot: move to new failure architecture

Currently only has one event id. If necessary can be extended such that
policies can generate their own event ids.

Part of enhancement proposal keylime/enhancements#48

Signed-off-by: Thore Sommer <[email protected]>

Author: THS-on

keylime/measured_boot.py

@@ -10,7 +10,7 @@
 
 from keylime import config
 from keylime import keylime_logging
-
+from keylime.failure import Failure, Component
 logger = keylime_logging.init_logging('measured_boot')
 
 def read_mb_refstate(mb_path=None):
@@ -61,20 +61,23 @@ def get_policy(mb_refstate_str):
 
     return mb_policy, mb_refstate_data
 
-def evaluate_policy(mb_policy, mb_refstate_data, mb_measurement_data, pcrsInQuote, pcrPrefix, agent_id):
+def evaluate_policy(mb_policy, mb_refstate_data, mb_measurement_data, pcrsInQuote, pcrPrefix, agent_id) -> Failure:
+    failure = Failure(Component.MEASURED_BOOT)
     missing = list(set(config.MEASUREDBOOT_PCRS).difference(pcrsInQuote))
     if len(missing) > 0:
         logger.error("%sPCRs specified for measured boot not in quote: %s", pcrPrefix, missing)
-        return False
+        failure.add_event("missing_pcrs", {"context": "PCRs are missing in quote", "data": missing}, True)
     try:
         reason = mb_policy.evaluate(mb_refstate_data, mb_measurement_data)
     except Exception as exn:
         reason= "policy evaluation failed: %s"%(str(exn))
     if reason:
         logger.error("Boot attestation failed for agent %s, configured policy %s, refstate=%s, reason=%s",
             agent_id, config.MEASUREDBOOT_POLICYNAME, json.dumps(mb_refstate_data), reason)
-        return False
-    return True
+        failure.add_event("policy",
+                          {"context": "Boot attestation failed", "policy": config.MEASUREDBOOT_POLICYNAME,
+                           "refstate": mb_refstate_data, "reason": reason}, True)
+    return failure
 
 def main():
     parser = argparse.ArgumentParser()