ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-18 02:39:56 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

added oemOsInstall system test

Browse Source 
added badVarInstall system test

added badOemInstall system test

Intial RIM System Tests
This commit is contained in:
lareine 2022-02-03 16:58:11 -05:00
parent 39a95218e4
commit 212007c971
10 changed files with 200 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.ci/system-tests/container/rim_setup.sh
View File

@ -9,7 +9,7 @@ test=$2
tcgDir="/boot/tcg" tcgDir="/boot/tcg"
propFile="/etc/hirs/tcg_boot.properties"; propFile="/etc/hirs/tcg_boot.properties";
profileDir="/HIRS/.ci/system-tests/profiles/$profile" profileDir="/HIRS/.ci/system-tests/profiles/$profile"
defaultDir="$profile/default" defaultDir="$profileDir/default"
testDir="/HIRS/.ci/system-tests/profiles/$profile/$test" testDir="/HIRS/.ci/system-tests/profiles/$profile/$test"
eventLog="$testDir"/"$profile"_"$test"_binary_bios_measurements eventLog="$testDir"/"$profile"_"$test"_binary_bios_measurements
swidDir="$testDir/swidtags" swidDir="$testDir/swidtags"
@ -33,6 +33,7 @@ if [[ ! -f "$eventLog" ]]; then
eventLog="$defaultDir"/"$profile"_default_binary_bios_measurements eventLog="$defaultDir"/"$profile"_default_binary_bios_measurements
fi fi
sed -i "s:tcg.event.file=.*:tcg.event.file=$eventLog:g" "$propFile" sed -i "s:tcg.event.file=.*:tcg.event.file=$eventLog:g" "$propFile"
echo "eventLog was $eventLog"
# Step 2: Copy Base RIM files to the TCG folder # Step 2: Copy Base RIM files to the TCG folder
# a: See if test specific swidtag folder exists, if not use the defualt folder # a: See if test specific swidtag folder exists, if not use the defualt folder
@ -59,15 +60,16 @@ pushd $rimDir > /dev/null
fi fi
popd > /dev/null popd > /dev/null
# echo "Contents of tcg swidtag folder $tcgDir/manifest/swidtag/ : $(ls $tcgDir/manifest/swidtag/)" echo "Contents of tcg swidtag folder $tcgDir/manifest/swidtag/ : $(ls $tcgDir/manifest/swidtag/)"
# echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)" echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)"
#Step 4, run the setpcr script to make the TPM emulator hold values that correspond the binary_bios_measurement file #Step 4, run the setpcr script to make the TPM emulator hold values that correspond the binary_bios_measurement file
# a: Check if a test specific setpcr.sh file exists. If not use the profiles default script # a: Check if a test specific setpcr.sh file exists. If not use the profiles default script
if [[ ! -f $pcrScript ]]; then if [[ ! -f $pcrScript ]]; then
pcrScript="$testDir/"$profile"_default_setpcrs.sh" pcrScript="$profileDir/default/"$profile"_default_setpcrs.sh"
fi fi
sh $pcrScript; sh $pcrScript;
echo "PCR script was $pcrScript"
#tpm2_pcrlist -g sha256 #tpm2_pcrlist -g sha256
# Done with rim_setup # Done with rim_setup

BIN
.ci/system-tests/profiles/laptop/badOemInstall/rims/laptop_badOemInstall_oem.1.rimel Normal file
View File

Binary file not shown.

BIN
.ci/system-tests/profiles/laptop/badOemInstall/rims/laptop_badOemInstall_var.1.rimel Executable file
View File

Binary file not shown.

42
.ci/system-tests/profiles/laptop/badOemInstall/swidtags/laptop_badOemInstall_oem.1.swidtag Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Dell5580" patch="false" supplemental="false" tagId="hirs.swid.SwidTags.dell5580.oem" tagVersion="1" version="0.1" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="OEM1" regid="www.example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="0.1" n8060:edition="0.1" n8060:product="Dell 5580" n8060:revision="0.1" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Dell Inc." rim:platformModel="Latitude 5580"/>
<Payload>
<Directory name="/boot/tcg/rim/support">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="103309beb735da6cc95b9ad7d7e4b25c7d2e510eab945424af533ee46096d678" name="dell5580_varOSInstall_oem.1.rimel" size="17569"/>
</Directory>
</Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>yoxwnTQu9jI+5TSG6c2hR/xI2rpxzGA5f9fu6bq7KD0=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>NUxJ8hcDDSvneXnwxCLHSbBa7hTs4MsuQDQI7/arITl3vMAYPYgmWI7uvKNqhdSvs4fzG5c5GZ+q
boe/0Lh7gkeX6rl12nxe6ormoRFqK6vuCxQLtSgyHAsoh4mI5evxMS9oijucJHJNOeVP1y2g9x+P
lfgyYJjvU6f1X6Zv4C4Qb3JrzB1vZaYbJNJD3tEMnvGPjh5X1FtMYkFldhM9jYf7PAHy8QJHh8x+
b16n+OgE2pEOUGH/I+7xuk+fFtl+DYYSn8f9vwwqIRspXqTBI4uWoFu1xozw+yAPf7bKMYgQ1KYP
PvBgcXHR5UZWmfJdDDF09GWwkCh9EF+Wpmj3Bw==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>

42
.ci/system-tests/profiles/laptop/badOemInstall/swidtags/laptop_badOemInstall_var.1.swidtag Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Dell5580" patch="false" supplemental="true" tagId="hirs.swid.SwidTags.dell5580.var" tagVersion="1" version="0.1" xml:lang="en">
<Entity name="VAR1" regid="www.example.com" role="softwareCreator tagCreator"/>
<Link href="hirs.swid.SwidTags.dell5580.oem" rel="requires"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="0.1" n8060:edition="0.1" n8060:product="Dell 5580" n8060:revision="0.1" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Dell Inc." rim:platformModel="Latitude 5580" rim:rimLinkHash="4Jocgla7QhDNd0Fs+nDfBUTLQsltTgd6Yob5ChlDg74="/>
<Payload>
<Directory name="/boot/tcg/rim/support">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="aad27380fa51f42130057cdc524f16da3e5cd959a59fc2b3574470069b95a15e" name="dell5580_varOSInstall_var.1.rimel" size="2613"/>
</Directory>
</Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>F5FruNNKqjgKSP6BOF7YUaBs9dSN8+HnYdpuYoBSWF8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>mXABBSi1haZdZZKg3OzdaLi0jZFp0A78YmFqMtaTdSTNBI/xwrzy1rIIdEc7JWqy5emAcfr2abgc
4AgOIkmcJgYD8AECcmWVloANi7uT03l4e4FMVmDL8l/Cu/93yt/+5MJeWcu3HQvwbIPkYqOqXTNu
kWVvLr8KG0v42t+TRn38O1+EDGwHlDL/705SYZwvNP12Z7+b7FKizUisn5WZC77mzJ1/9m49aiqn
mqf56NxmHuA3uhFShfjaIwoljWVLDCt3/fkrM9WSsk3tX7c8g+QhKn4ygqiMn7gI48HH0PGbbA5q
mg5c9Farqs0mbGR4WTvXjXioSFV5NYkcdoFfmQ==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>

BIN
.ci/system-tests/profiles/laptop/badVarInstall/rims/laptop_badVarInstall_oem.1.rimel Normal file
View File

Binary file not shown.

BIN
.ci/system-tests/profiles/laptop/badVarInstall/rims/laptop_badVarInstall_var.1.rimel Normal file
View File

Binary file not shown.

42
.ci/system-tests/profiles/laptop/badVarInstall/swidtags/laptop_badVarInstall_oem.1.swidtag Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Dell5580" patch="false" supplemental="false" tagId="hirs.swid.SwidTags.dell5580.oem" tagVersion="1" version="0.1" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="OEM1" regid="www.example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="0.1" n8060:edition="0.1" n8060:product="Dell 5580" n8060:revision="0.1" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Dell Inc." rim:platformModel="Latitude 5580"/>
<Payload>
<Directory name="/boot/tcg/rim/support">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="a1704e9cd5727c5429d16bc2829e2890aa358c59b4f3d2e191c3eaa751520ce8" name="dell5580_varOSInstall_oem.1.rimel" size="17569"/>
</Directory>
</Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>YwIGXKSKuII5sXcCa9fcwU6kr7u6HwTYHp58jfPJ5ic=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>KiCrZx3Pe//AJv97y9a7/APfNB24AWhOMvd4mcxPzMdkz7XEKvi93CWHqvGXmzoLthHwy6O6pPEO
2vl8fgt8URZdx7FGRWNZMmOep91KsVvTnm64//BU+/4yvwvDSGwnDrZOWugeDYg8G+hAnVY/KFMb
WM+pyND8K6Qw0HkIDh3iitk/luE2TElGNZEx30VUa/5W4DxL2NYPMlquJYD4nZorqU/uEpSo2HED
T7qF9UV5tJWnrOclJH7DkCy/b1u+mcxmjfRmRemwBUHS3bbG11prgLwTMvV5jYJnDct+O/mc7CF3
X0DP//wO4qziqK04kXLPZewB1wD2zknM35hORw==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>

42
.ci/system-tests/profiles/laptop/badVarInstall/swidtags/laptop_badVarInstall_var.1.swidtag Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Dell5580" patch="false" supplemental="true" tagId="hirs.swid.SwidTags.dell5580.var" tagVersion="1" version="0.1" xml:lang="en">
<Entity name="VAR1" regid="www.example.com" role="softwareCreator tagCreator"/>
<Link href="hirs.swid.SwidTags.dell5580.oem" rel="requires"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="0.1" n8060:edition="0.1" n8060:product="Dell 5580" n8060:revision="0.1" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Dell Inc." rim:platformModel="Latitude 5580" rim:rimLinkHash="4Jocgla7QhDNd0Fs+nDfBUTLQsltTgd6Yob5ChlDg74="/>
<Payload>
<Directory name="/boot/tcg/rim/support">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="d83a6208cc647e6bf42ecfd8bf559d6c7845d352f1e05ca90ffc3048fad1509e" name="dell5580_varOSInstall_var.1.rimel" size="2613"/>
</Directory>
</Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>jRkKkYQ4oDpP/H6AEj1/xwE1mI65v6jmAHIZFtSrO0Y=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>h3bDGaljFAoof24cyU/L/ln3I419ov5iYm/I6Fvn4MHu7xfS85dSARkHarXn8yjegUSGrcGpCMbV
qAjZYK0Ljq95JETlVLc46/dAM98c/LOhE3WqcqMSvv7gMdOn2IsoRXfnUAnYNd7jGxnxlyGqS0UN
XDFXOi4rGY1km2DFGT7QHCRswy3GHhoPY8IocdrhaIN98aNFSEDzeLwIl8AtJHDmSEsmgxUCDMEL
1RvAbX1Fvjt6FE9gWbo/EY/Oj9cSNS+QXJR2CjEmsNe9KxUAMWVNpQJlXfGFZ2mJvjGmhKxfYYHN
EOb+D341sGCP4/TPH3wEQuTyQN4c/yNxwsIxpg==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>

27
.ci/system-tests/rim_system_tests.sh
View File

@ -16,4 +16,29 @@ clearAcaDb
uploadTrustedCerts uploadTrustedCerts
setPolicyEkPcFw setPolicyEkPcFw
setPlatformCerts "laptop" "varOsInstall" setPlatformCerts "laptop" "varOsInstall"
provisionTpm2 "pass" setRims "laptop" "varOsInstall"
provisionTpm2 "pass"
writeToLogs "### ACA RIM TEST 2: Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR ###"
clearAcaDb
uploadTrustedCerts
setPolicyEkPcFw
setPlatformCerts "laptop" "badOemInstall"
setRims "laptop" "badOemInstall"
provisionTpm2 "fail"
writeToLogs "### ACA RIM TEST 3: Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement ###"
clearAcaDb
uploadTrustedCerts
setPolicyEkPcFw
setPlatformCerts "laptop" "badVarInstall"
setRims "laptop" "badVarInstall"
provisionTpm2 "fail"
# Process Test Results, any single failure will send back a failed result.
if [[ $failedTests != 0 ]]; then
export TEST_STATUS=1;
echo "**** $failedTests out of $totalTests ACA RIM Tests Failed! ****"
else
echo "**** $totalTests ACA RIM Tests Passed! ****"
fi