ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-22 10:20:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[#265] Skip ima pcr (#267)

Browse Source 
* Added temp code edit to ignore IMA pcr during firmware validation

* Removed redundant check
This commit is contained in:
Cyrus 2020-06-17 13:33:02 -04:00 committed by GitHub
parent 908c49e54f
commit 16f38751ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -259,12 +259,6 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
return summary; return summary;
} }
/**
* TDM: I need to compare the manufacturer id, name and model load
* that RIM file and associated eventlog, pull that flag for sha 1
* or 256 and then compare pcrs
*/
/** /**
* This method is a sub set of the validate supply chain method and focuses * This method is a sub set of the validate supply chain method and focuses
* on the specific multibase validation check for a delta chain. This method * on the specific multibase validation check for a delta chain. This method
@ -320,6 +314,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
} }
return subPlatformScv; return subPlatformScv;
} }
private static final int IMA_TEN = 9;
private SupplyChainValidation validateFirmware(final PlatformCredential pc, private SupplyChainValidation validateFirmware(final PlatformCredential pc,
final IssuedAttestationCertificate attCert) { final IssuedAttestationCertificate attCert) {
@ -356,25 +351,30 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
.toArray(new String[swid.getPcrValues().size()]); .toArray(new String[swid.getPcrValues().size()]);
} }
int imaValue = IMA_TEN;
String pcrNum; String pcrNum;
String pcrValue; String pcrValue;
if (baseline[0].length() == TPMMeasurementRecord.SHA_BYTE_LENGTH) { if (baseline[0].length() == TPMMeasurementRecord.SHA_BYTE_LENGTH) {
for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) { for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
pcrNum = pcrs1[i + 1].split(":")[0].trim(); pcrNum = pcrs1[i + 1].split(":")[0].trim();
pcrValue = pcrs1[i + 1].split(":")[1].trim(); pcrValue = pcrs1[i + 1].split(":")[1].trim();
if (i != imaValue) {
if (!baseline[i].equals(pcrValue)) { if (!baseline[i].equals(pcrValue)) {
sb.append(String.format(failureMsg, pcrNum)); sb.append(String.format(failureMsg, pcrNum));
} }
} }
}
} else if (baseline[0].length() == TPMMeasurementRecord.SHA_256_BYTE_LENGTH) { } else if (baseline[0].length() == TPMMeasurementRecord.SHA_256_BYTE_LENGTH) {
for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) { for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
pcrNum = pcrs256[i + 1].split(":")[0].trim(); pcrNum = pcrs256[i + 1].split(":")[0].trim();
pcrValue = pcrs256[i + 1].split(":")[1].trim(); pcrValue = pcrs256[i + 1].split(":")[1].trim();
if (i != imaValue) {
if (!baseline[i].equals(pcrValue)) { if (!baseline[i].equals(pcrValue)) {
sb.append(String.format(failureMsg, pcrNum)); sb.append(String.format(failureMsg, pcrNum));
} }
} }
} }
}
if (sb.length() > 0) { if (sb.length() > 0) {
level = Level.ERROR; level = Level.ERROR;
fwStatus = new AppraisalStatus(FAIL, sb.toString()); fwStatus = new AppraisalStatus(FAIL, sb.toString());