[#265] Skip ima pcr (#267)

* Added temp code edit to ignore IMA pcr during firmware validation * Removed redundant check
2025-02-20 17:52:47 +00:00 · 2020-06-17 13:33:02 -04:00 · 2020-06-17 13:33:02 -04:00 · 16f38751ca
commit 16f38751ca
parent 908c49e54f
1 changed files with 10 additions and 10 deletions
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
@ -259,12 +259,6 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
        return summary;
    }

-            /**
-             * TDM: I need to compare the manufacturer id, name and model load
-             * that RIM file and associated eventlog, pull that flag for sha 1
-             * or 256 and then compare pcrs
-             */
-
    /**
     * This method is a sub set of the validate supply chain method and focuses
     * on the specific multibase validation check for a delta chain. This method
@ -320,6 +314,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
        }
        return subPlatformScv;
    }
+    private static final int IMA_TEN = 9;

    private SupplyChainValidation validateFirmware(final PlatformCredential pc,
            final IssuedAttestationCertificate attCert) {
@ -356,22 +351,27 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                            .toArray(new String[swid.getPcrValues().size()]);
                }

+                int imaValue = IMA_TEN;
                String pcrNum;
                String pcrValue;
                if (baseline[0].length() == TPMMeasurementRecord.SHA_BYTE_LENGTH) {
                    for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
                        pcrNum = pcrs1[i + 1].split(":")[0].trim();
                        pcrValue = pcrs1[i + 1].split(":")[1].trim();
-                        if (!baseline[i].equals(pcrValue)) {
-                            sb.append(String.format(failureMsg, pcrNum));
+                        if (i != imaValue) {
+                            if (!baseline[i].equals(pcrValue)) {
+                                sb.append(String.format(failureMsg, pcrNum));
+                            }
                        }
                    }
                } else if (baseline[0].length() == TPMMeasurementRecord.SHA_256_BYTE_LENGTH) {
                    for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
                        pcrNum = pcrs256[i + 1].split(":")[0].trim();
                        pcrValue = pcrs256[i + 1].split(":")[1].trim();
-                        if (!baseline[i].equals(pcrValue)) {
-                            sb.append(String.format(failureMsg, pcrNum));
+                        if (i != imaValue) {
+                            if (!baseline[i].equals(pcrValue)) {
+                                sb.append(String.format(failureMsg, pcrNum));
+                            }
                        }
                    }
                }