9elements · micgor32 · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026
@@ -313,7 +313,11 @@ func (kmp *kmPrintCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	bg, err := bootguard.NewKM(file)
 	if err != nil {
 		return err
@@ -327,7 +331,11 @@ func (bpmp *bpmPrintCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	bg, err := bootguard.NewBPM(file)
 	if err != nil {
 		return err
@@ -341,7 +349,11 @@ func (acmp *acmPrintCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	acm, err := tools.ParseACM(file)
 	if err != nil {
 		return err
@@ -854,7 +866,11 @@ func (s *signKMCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	bg, err := bootguard.NewKM(file)
 	if err != nil {
 		return err
@@ -882,7 +898,11 @@ func (s *signBPMCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	bg, err := bootguard.NewBPM(file)
 	if err != nil {
 		return err
@@ -954,8 +974,11 @@ func (t *templateCmdv2) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer f.Close()
-
+	defer func() {
+		if err := f.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	if err := bootguard.WriteJSON(f); err != nil {
 		return err
 	}
@@ -996,7 +1019,11 @@ func (t *templateCmdv1) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer f.Close()
+	defer func() {
+		if err := f.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 
 	if err := bootguard.WriteJSON(f); err != nil {
 		return err
@@ -1022,7 +1049,11 @@ func (s *stitchingKMCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	sig, err := os.ReadFile(s.Signature)
 	if err != nil {
 		return err
@@ -1053,7 +1084,11 @@ func (s *stitchingBPMCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	sig, err := os.ReadFile(s.Signature)
 	if err != nil {
 		return err
@@ -1124,7 +1159,11 @@ func (s *stitchingCmd) Run(ctx *context) error {
 		if err != nil {
 			return err
 		}
-		defer file.Close()
+		defer func() {
+			if err := file.Close(); err != nil {
+				log.Warnf("failed to close the file: %v\n", err)
+			}
+		}()
 		size, err := file.WriteAt(me, int64(meRegionOffset))
 		if err != nil {
 			return err
@@ -1200,7 +1239,11 @@ func (v *verifyKMSigCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	bg, err := bootguard.NewKM(file)
 	if err != nil {
 		return err
@@ -1213,7 +1256,11 @@ func (b *verifyBPMSigCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close the file: %v\n", err)
+		}
+	}()
 	bg, err := bootguard.NewBPM(file)
 	if err != nil {
 		return err

@@ -62,7 +62,11 @@ func (a *auxDeleteCmd) Run(ctx *context) error {
 	if err != nil {
 		return err
 	}
-	defer tpm.Close()
+	defer func() {
+		if err := tpm.Close(); err != nil {
+			fmt.Printf("warning: failed to close the file: %v\n", err)
+		}
+	}()
 
 	switch tpm.Version {
 	case hwapi.TPMVersion12:

@@ -178,7 +178,11 @@ func run(testGroup string, tests []*test.Test, preset *test.PreSet, interactive
 			}
 		}
 		data, _ := json.MarshalIndent(t, "", "")
-		os.WriteFile(logfile, data, 0o664)
+		err := os.WriteFile(logfile, data, 0o664)
+		if err != nil {
+			log.Errorf("failed to write to file: %v\n", err)
+			return false
+		}
 	}
 
 	for index := range tests {

@@ -190,7 +190,10 @@ func (cmd Command) Execute(ctx context.Context, args []string) {
 			ctx.tpmCommands[commandIdx].(*tpm.CommandExtend).Digest = newDigest[:]
 
 			ctx.tpm.Reset()
-			ctx.tpm.TPMExecute(context.Background(), ctx.tpmCommands, nil)
+			err := ctx.tpm.TPMExecute(context.Background(), ctx.tpmCommands, nil)
+			if err != nil {
+				panic(err)
+			}
 
 			// is it OK?
 			return bytes.Equal(ctx.tpm.PCRValues[0][tpm2.AlgSHA1], expectedHash)

@@ -146,7 +146,11 @@ func (cmd Command) Execute(ctx context.Context, args []string) {
 		if err != nil {
 			panic(err)
 		}
-		defer eventLogFile.Close()
+		defer func() {
+			if err := eventLogFile.Close(); err != nil {
+				logger.Errorf(ctx, "failed to close the file: %v\n", err)
+			}
+		}()
 
 		parsedEventLog, err := tpmeventlog.Parse(eventLogFile)
 		if err != nil {
@@ -423,7 +427,11 @@ func printReproducePCR0Result(
 			return
 		}
 	}
-	resultCommandLog.Commands().Apply(ctx, dummyTPM)
+	err := resultCommandLog.Commands().Apply(ctx, dummyTPM)
+	if err != nil {
+		logger.Error(ctx, err)
+		return
+	}
 	replayedPCR0, err := dummyTPM.PCRValues.Get(0, hashAlgo)
 	if err != nil {
 		logger.Error(ctx, err)

@@ -24,7 +24,7 @@ func SetPSPVerified(
 
 // Apply implements types.Action.
 func (s *SetPSPVerifiedType) Apply(ctx context.Context, state *types.State) error {
-	data, err := s.DataSource.Data(ctx, state)
+	data, err := s.Data(ctx, state)
 	if err != nil {
 		return fmt.Errorf("unable to extract the data: %w", err)
 	}

@@ -24,7 +24,7 @@ func SetPCHVerified(
 
 // Apply implements types.Action.
 func (s *SetPCHVerifiedT) Apply(ctx context.Context, state *types.State) error {
-	data, err := s.DataSource.Data(ctx, state)
+	data, err := s.Data(ctx, state)
 	if err != nil {
 		return fmt.Errorf("unable to extract the data: %w", err)
 	}

@@ -99,9 +99,9 @@ type ErroredSteps []*StepResult
 func (s ErroredSteps) Error() string {
 	var result strings.Builder
 	for _, step := range s {
-		result.WriteString(fmt.Sprintf("step %s:\n", step))
+		fmt.Fprintf(&result, "step %s:\n", step)
 		for _, issue := range step.Issues {
-			result.WriteString(fmt.Sprintf("\t%s: %v\n", issue.Coords, issue.Issue))
+			fmt.Fprintf(&result, "\t%s: %v\n", issue.Coords, issue.Issue)
 		}
 	}
 	return result.String()

@@ -44,7 +44,7 @@ func (ValidatorActorsAreProtected) Validate(_ context.Context, _ *types.State, l
 		if step.ActorCode == nil {
 			continue
 		}
-		actorRefs := step.ActorCode.References.Exclude() // a copy
+		actorRefs := step.ActorCode.Exclude() // a copy
 		if err := actorRefs.Resolve(); err != nil {
 			result = append(result, Issue{
 				StepIdx: uint(stepIdx),

@@ -51,7 +51,7 @@ func (ValidatorFinalCoverageIsComplete) Validate(
 		}}
 	}
 
-	nonMeasured := data.References.Exclude(measured...)
+	nonMeasured := data.Exclude(measured...)
 	if len(nonMeasured) == 0 {
 		return nil
 	}

@@ -44,7 +44,7 @@ func validateBPM(
 		return nil
 	}
 
-	if err := bpm.PMSE.KeySignature.Verify(bpmFIT.DataSegmentBytes[:bpm.KeySignatureOffset]); err != nil {
+	if err := bpm.PMSE.Verify(bpmFIT.DataSegmentBytes[:bpm.KeySignatureOffset]); err != nil {
 		return fmt.Errorf("unable to confirm KM signature: %w", err)
 	}
 

@@ -67,7 +67,7 @@ func (v VolumeOfType) Data(ctx context.Context, s *types.State) (*types.Data, er
 
 			var volume *ffs.Node
 			for _, node := range nodes {
-				if node.Range.Offset == math.MaxUint64 {
+				if node.Offset == math.MaxUint64 {
 					continue
 				}
 				if _, ok := node.Firmware.(*uefi.FirmwareVolume); ok {

@@ -58,7 +58,7 @@ type CommandLogEntry struct {
 
 // String implements fmt.Stringer.
 func (entry CommandLogEntry) String() string {
-	return entry.Command.LogString()
+	return entry.LogString()
 }
 
 func newCommandLogEntry(
@@ -89,7 +89,7 @@ func (s CommandLog) Commands() Commands {
 func (s CommandLog) String() string {
 	var result strings.Builder
 	for idx, e := range s {
-		result.WriteString(fmt.Sprintf("%d. %s\n", idx, format.NiceString(e)))
+		fmt.Fprintf(&result, "%d. %s\n", idx, format.NiceString(e))
 	}
 	return result.String()
 }
@@ -380,7 +380,7 @@ func getACMPolicyStatusRefFromMeasurement(
 	// We assume this is a PCR0_DATA/PCR7_DATA measurement if it measures ACM_POLICY_STATUS registers
 	// (and no other registers but ACM_POLICY_STATUS).
 
-	refs := m.References.BySystemArtifact(txtPublicRegisters)
+	refs := m.BySystemArtifact(txtPublicRegisters)
 	if len(refs) != 1 {
 		return nil
 	}

@@ -548,7 +548,7 @@ func (j *orderBruteforcerJob) executeRecursive(
 }
 
 func isMeasurePCR0DATACmdLogEntry(logEntry *tpm.CommandLogEntry) bool {
-	_, ok := logEntry.CauseCoordinates.Step().(intelsteps.MeasurePCR0DATA)
+	_, ok := logEntry.Step().(intelsteps.MeasurePCR0DATA)
 	return ok
 }
 
@@ -589,7 +589,7 @@ func (j *reproduceExpectedPCR0Job) measurementsVerifyWithBruteForceACMPolicyStat
 		return nil, nil, fmt.Errorf("empty measurements slice, cannot compute PCR0")
 	}
 
-	_, ok := enabledMeasurements[0].CauseCoordinates.Step().(intelsteps.MeasurePCR0DATA)
+	_, ok := enabledMeasurements[0].Step().(intelsteps.MeasurePCR0DATA)
 	if !ok {
 		return nil, nil, fmt.Errorf("the first TPM command is not caused by a MeasurePCR0DATA step")
 	}

@@ -34,6 +34,6 @@ func acquireHasher(algo tpm2.Algorithm) (*hasher, error) {
 }
 
 func releaseHasher(hasher *hasher) {
-	hasher.Hash.Reset()
+	hasher.Reset()
 	hasherPools[hasher.Algo].Put(hasher)
 }
@@ -503,12 +503,12 @@ type MeasuredData struct {
 // String implements fmt.Stringer.
 func (d MeasuredData) String() string {
 	var result strings.Builder
-	result.WriteString(fmt.Sprintf("%s <- %v", typeMapKey(d.TrustChain).Name(), d.Data))
+	fmt.Fprintf(&result, "%s <- %v", typeMapKey(d.TrustChain).Name(), d.Data)
 	if d.DataSource != nil {
-		result.WriteString(fmt.Sprintf(" (%v)", d.DataSource))
+		fmt.Fprintf(&result, " (%v)", d.DataSource)
 	}
 	if d.Actor != nil {
-		result.WriteString(fmt.Sprintf(" [%T]", d.Actor))
+		fmt.Fprintf(&result, " [%T]", d.Actor)
 	}
 	return result.String()
 }

@@ -340,16 +340,16 @@ type interval struct {
 }
 
 func (item *interval) LowAtDimension(_ uint64) int64 {
-	return int64(item.Range.Offset)
+	return int64(item.Offset)
 }
 
 func (item *interval) HighAtDimension(_ uint64) int64 {
-	return int64(item.Range.Offset + item.Range.Length)
+	return int64(item.Offset + item.Length)
 }
 
 func (item *interval) OverlapsAtDimension(cmpIface augmentedtree.Interval, _ uint64) bool {
 	cmp := cmpIface.(*interval)
-	return item.Range.Intersect(cmp.Range)
+	return item.Intersect(cmp.Range)
 }
 
 func (item *interval) ID() uint64 {
@@ -394,7 +394,7 @@ func newNamesIntervalTree(m map[string]pkgbytes.Ranges) intervalTree {
 
 func (t *intervalTree) FindOverlapping(r pkgbytes.Range) []interface{} {
 	var result []interface{}
-	for _, item := range t.Tree.Query(&interval{
+	for _, item := range t.Query(&interval{
 		Range: r,
 	}) {
 		result = append(result, item.(*interval).Value)

@@ -15,7 +15,7 @@ func FileToBytes(filePath string) ([]byte, error) {
 		return nil, fmt.Errorf(`unable to open the image-file "%v": %w`,
 			filePath, err)
 	}
-	defer file.Close() // it was a read-only Open(), so we don't check the Close()
+	defer file.Close() //nolint:errcheck // it was a read-only Open(), so we don't check the Close()
 
 	// To consume less memory we use mmap() instead of reading the image
 	// into the memory. However these bytes are also parsed by