ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-21 13:57:56 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Cyrus 2021-01-06 15:45:50 -05:00
parent c181665ad9
commit 08c0daf9be
3 changed files with 505 additions and 293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -324,6 +324,20 @@ public class ReferenceManifestDetailsPageController
data.put("associatedRim", support.getAssociatedRim());
data.put("rimType", support.getRimType());
data.put("tagId", support.getTagId());
boolean crtm = false;
boolean bootManager = false;
boolean osLoader = false;
boolean osKernel = false;
boolean acpiTables = false;
boolean smbiosTables = false;
boolean gptTable = false;
boolean bootOrder = false;
boolean defaultBootDevice = false;
boolean secureBoot = false;
boolean pk = false;
boolean kek = false;
boolean sigDb = false;
boolean forbiddenDbx = false;
TCGEventLog logProcessor = new TCGEventLog(support.getRimBytes());
LinkedList<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
@ -343,6 +357,59 @@ public class ReferenceManifestDetailsPageController
data.put("events", logProcessor.getEventList());
}
String contentStr;
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
contentStr = tpe.getEventContentStr();
// check for specific events
if (contentStr.contains("CRTM")) {
crtm = true;
} else if (contentStr.contains("shimx64.efi")
&& contentStr.contains("bootmgfw.efi")) {
bootManager = true;
} else if (contentStr.contains("grubx64.efi")
&& contentStr.contains("winload.efi")) {
osLoader = true;
} else if (contentStr.contains("vmlinuz")
&& contentStr.contains("ntoskrnl.exe")) {
osKernel = true;
} else if (contentStr.contains("ACPI")) {
acpiTables = true;
} else if (contentStr.contains("SMBIOS")) {
smbiosTables = true;
} else if (contentStr.contains("GPT")) {
gptTable = true;
} else if (contentStr.contains("BootOrder")) {
bootOrder = true;
} else if (contentStr.contains("Boot0000")) {
defaultBootDevice = true;
} else if (contentStr.contains("PK")) {
pk = true;
} else if (contentStr.contains("KEK")) {
kek = true;
} else if (contentStr.contains("DB")) {
sigDb = true;
} else if (contentStr.contains("DBX")) {
forbiddenDbx = true;
} else if (contentStr.contains("Secure Boot is Enabled")) {
secureBoot = true;
}
}
data.put("crtm", crtm);
data.put("bootManager", bootManager);
data.put("osLoader", osLoader);
data.put("osKernel", osKernel);
data.put("acpiTables", acpiTables);
data.put("smbiosTables", smbiosTables);
data.put("gptTable", gptTable);
data.put("bootOrder", bootOrder);
data.put("defaultBootDevice", defaultBootDevice);
data.put("secureBoot", secureBoot);
data.put("pk", pk);
data.put("kek", kek);
data.put("sigDb", sigDb);
data.put("forbiddenDbx", forbiddenDbx);
return data;
}

144
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp
View File

@ -41,8 +41,142 @@
</c:choose>
</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1">
<span class="colRimHeader">
<a role="button" data-toggle="collapse" class="collapsed" href="#eventOptions"
aria-expanded="true" data-placement="top" aria-controls="eventOptions">
Event Summary
</a>
</span>
</div>
<div id="eventsCol" class="col col-md-8">
<div id="eventOptions" class="collapse" class="collapsed" aria-expanded="false">
<ul>
<li>This Support RIM file covers the following critical items:</li>
<ul>
<c:if test="${initialData.crtm || initialData.bootManager || initialData.osLoader || initialData.osKernel}">
<li>PC Client Boot path</li>
</c:if>
<ul>
<c:if test="${initialData.crtm}">
<li>Software Core Root of Trust for Measurement (SRTM)</li>
</c:if>
<c:if test="${initialData.bootManager}">
<li>Boot Manager</li>
</c:if>
<c:if test="${initialData.osLoader}">
<li>OS Loader</li>
</c:if>
<c:if test="${initialData.osKernel}">
<li>OS Kernel</li>
</c:if>
</ul>
<c:if test="${initialData.acpiTables || initialData.smbiosTables || initialData.gptTable || initialData.defaultBootDevice}">
<li>Device Configuration</li>
</c:if>
<ul>
<c:if test="${initialData.acpiTables}">
<li>ACPI Tables</li>
</c:if>
<c:if test="${initialData.smbiosTables}">
<li>SMBIOS Tables</li>
</c:if>
<c:if test="${initialData.gptTable}">
<li>GPT Table</li>
</c:if>
<c:if test="${initialData.defaultBootDevice}">
<li>Default boot device</li>
</c:if>
</ul>
<c:if test="${initialData.secureBoot || initialData.pk || initialData.kek || initialData.sigDb || initialData.forbiddenDbx}">
<li>Secure Boot Variables</li>
</c:if>
<ul>
<c:if test="${initialData.secureBoot}">
<li>Secure Boot Enabled</li>
</c:if>
<c:if test="${initialData.pk}">
<li>Platform Key (PK)</li>
</c:if>
<c:if test="${initialData.kek}">
<li>Key Exchange Key (KEK)</li>
</c:if>
<c:if test="${initialData.sigDb}">
<li>Signature Database (db)</li>
</c:if>
<c:if test="${initialData.forbiddenDbx}">
<li>Forbidden Signatures Database (dbx)</li>
</c:if>
</ul>
</ul>
</ul>
<ul>
<li>The Support RIM file does NOT covers the following critical items:</li>
<ul>
<c:if test="${not initialData.crtm || not initialData.bootManager || not initialData.osLoader || not initialData.osKernel}">
<li>PC Client Boot path</li>
</c:if>
<ul>
<c:if test="${not initialData.crtm}">
<li>Software Core Root of Trust for Measurement (SRTM)</li>
</c:if>
<c:if test="${not initialData.bootManager}">
<li>Boot Manager</li>
</c:if>
<c:if test="${not initialData.osLoader}">
<li>OS Loader</li>
</c:if>
<c:if test="${not initialData.osKernel}">
<li>OS Kernel</li>
</c:if>
</ul>
<c:if test="${not initialData.acpiTables || not initialData.smbiosTables || not initialData.gptTable || not initialData.defaultBootDevice}">
<li>Device Configuration</li>
</c:if>
<ul>
<c:if test="${not initialData.acpiTables}">
<li>ACPI Tables</li>
</c:if>
<c:if test="${not initialData.smbiosTables}">
<li>SMBIOS Tables</li>
</c:if>
<c:if test="${not initialData.gptTable}">
<li>GPT Table</li>
</c:if>
<c:if test="${not initialData.defaultBootDevice}">
<li>Default boot device</li>
</c:if>
</ul>
<c:if test="${not initialData.secureBoot || not initialData.pk || not initialData.kek || not initialData.sigDb || not initialData.forbiddenDbx}">
<li>Secure Boot Variables</li>
</c:if>
<ul>
<c:if test="${not initialData.secureBoot}">
<li>Secure Boot Enabled</li>
</c:if>
<c:if test="${not initialData.pk}">
<li>Platform Key (PK)</li>
</c:if>
<c:if test="${not initialData.kek}">
<li>Key Exchange Key (KEK)</li>
</c:if>
<c:if test="${not initialData.sigDb}">
<li>Signature Database (db)</li>
</c:if>
<c:if test="${not initialData.forbiddenDbx}">
<li>Forbidden Signatures Database (dbx)</li>
</c:if>
</ul>
</ul>
</ul>
</div>
</div>
</div>
</div>
<div id="tableDivTag">
<input type="text" id="eventInput" onkeyup="eventSearch()" placeholder="Search for text..." /><br />
<input type="text" id="eventInput" onkeyup="eventSearch(null)" placeholder="Search for text..." /><br />
<table id="eventLog">
<thead>
<tr class="header">
@ -364,11 +498,17 @@
</div>
</div>
<script>
function eventSearch() {
function eventSearch(txtInput) {
// Declare variables
var input, filter, table, tr, td, i, txtValue, txtFound;
if (txtInput === null) {
input = document.getElementById("eventInput");
filter = input.value.toUpperCase();
} else {
filter = txtInput;
}
table = document.getElementById("eventLog");
tr = table.getElementsByTagName("tr");

5
HIRS_AttestationCAPortal/src/main/webapp/common/rim_details.css
View File

@ -14,6 +14,11 @@
overflow-y: scroll;
}
.colRimHeader{
font-weight: bold;
margin: auto 0;
}
#eventLog {
border-collapse: collapse; /* Collapse borders */
width: 100%;