Create initial system test for Base/Delta Platform Certificates (#170)

* Add creation of bad base platform certificate.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Updated script to add faulty components to bad base certificate.

* Updated addFaultyComponents script.

* Add Base/Delta system tests to .travis.yml

* Disable unit tests to decrease CI time.

* Cleaned up code.

* Cleaned up code.

* Delete system_test_Driver.py

.ci/docker/docker-compose-tpm2-base-delta.yml

@@ -0,0 +1,57 @@
+---
+# Run YAML Lint to verify this file prior to check-in.
+
+version: "3.1"
+
+services:
+   aca:
+      image: hirs/hirs-ci:aca
+      container_name: hirs-aca
+      volumes:
+         - ../../:/HIRS
+      ports:
+         - "${HIRS_ACA_PORTAL_PORT}:${HIRS_ACA_PORTAL_CONTAINER_PORT}"
+      entrypoint: /bin/bash -c
+      command: [HIRS/.ci/setup/setup-aca.sh]
+      hostname: ${HIRS_ACA_HOSTNAME}
+      networks:
+         hirs_aca_system_tests:
+            ipv4_address: ${HIRS_ACA_PORTAL_IP}
+            aliases:
+               - ${HIRS_ACA_HOSTNAME}
+
+   tpm2provisioner:
+      image: hirs/hirs-ci:tpm2provisioner
+      container_name: hirs-aca-provisioner-tpm2
+      depends_on:
+         - aca
+      volumes:
+         - ../../:/HIRS
+      entrypoint: /bin/bash -c
+      command: [HIRS/.ci/setup/setup-tpm2provisioner-base-delta.sh;
+                HIRS/.ci/system-tests/systems-test-centos7-tpm2-base-delta.sh]
+      devices:
+         - "/dev/mem:/dev/mem"
+      cap_add:
+         - sys_rawio
+      networks:
+         hirs_aca_system_tests:
+            ipv4_address: ${HIRS_ACA_PROVISIONER_TPM2_IP}
+      environment:
+         - HIRS_ACA_PROVISIONER_TPM2_IP=${HIRS_ACA_PROVISIONER_TPM2_IP}
+         - TPM_ENABLED=${TPM_ENABLED}
+         - IMA_ENABLED=${IMA_ENABLED}
+         - HIRS_ACA_PORTAL_IP=${HIRS_ACA_PORTAL_IP}
+         - HIRS_ACA_PORTAL_PORT=${HIRS_ACA_PORTAL_PORT}
+         - HIRS_BROKER_PORT=${HIRS_BROKER_PORT}
+         - HIRS_ACA_PORTAL_CONTAINER_PORT=${HIRS_ACA_PORTAL_CONTAINER_PORT}
+         - HIRS_ACA_HOSTNAME=${HIRS_ACA_HOSTNAME}
+         - HIRS_SUBNET=${HIRS_SUBNET}
+
+networks:
+   hirs_aca_system_tests:
+      driver: bridge
+      ipam:
+         driver: default
+         config:
+            - subnet: ${HIRS_SUBNET}

.ci/setup/addFaultyComponents.py

@@ -0,0 +1,28 @@
+# Add faulty components to the PACCOR generated JSON componentsFile.
+# This will be used to create a bad platform certificate.
+# Will not need this once PACCOR supports generation of faulty components.
+
+import json
+
+print("Adding Faulty components...")
+
+try:
+	nicComponent = '00090002'
+	pc_dir = '/var/hirs/pc_generation/'
+
+	with open(pc_dir + "componentsFile", "r") as f:
+
+		data = json.load(f)
+		print(data)
+		components = data['COMPONENTS']
+		for component in components:
+			if component['COMPONENTCLASS']['COMPONENTCLASSVALUE'] == nicComponent:
+				print("Creating FAULTY component for: " + component['MODEL'])
+				component['MODEL'] += "-FAULTY"
+				print("New JSON value: " + component['MODEL'])
+
+	with open(pc_dir + "badComponentsFile", 'w') as outfile:
+		json.dump(data, outfile)
+
+except Exception:
+    print("=== ERROR generating badComponentsFile ===")

.ci/setup/setup-tpm2provisioner-base-delta.sh

@@ -0,0 +1,157 @@
+#!/bin/bash
+
+# Script to setup the TPM2 Provisioner Docker Image for Integration Tests
+set -e
+
+# Wait for ACA to boot
+echo "Waiting for ACA to spin up..."
+until [ "`curl --silent --connect-timeout 1 -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep '302 Found'`" != "" ]; do
+  :
+done
+echo "ACA is up!"
+
+# Function to install TPM2 Provisioner packages.
+function InstallProvisioner {
+	echo "===========Installing TPM2 Provisioner Packages...==========="
+
+	pushd /HIRS
+	if [ ! -d package/rpm/RPMS ]; then
+    	./package/package.centos.sh
+	fi
+	yum install -y package/rpm/RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.el7.x86_64.rpm
+	popd
+}
+
+# Function to initialize the TPM2 Emulator with a bad base certificate
+function InitTpm2Emulator {
+	echo "===========Initializing TPM2 Emulator with bad base certificate...==========="
+
+	mkdir -p /var/run/dbus
+	if [ -e /var/run/dbus/pid ]; then
+	  rm /var/run/dbus/pid
+	fi
+
+	if [ -e /var/run/dbus/system_bus_socket ]; then
+	  rm /var/run/dbus/system_bus_socket
+	fi
+
+	# Start the DBus
+	dbus-daemon --fork --system
+	echo "DBus started"
+
+	# Give DBus time to start up
+	sleep 5
+
+	/ibmtpm/src/./tpm_server &
+	echo "TPM Emulator started"
+
+	tpm2-abrmd -t socket &
+	echo "TPM2-Abrmd started"
+
+	# Give ABRMD time to start and register on the DBus
+	sleep 5
+
+	# EK and PC Certificate
+	ek_cert_der="/HIRS/.ci/setup/certs/ek_cert.der"
+	platform_cert="badPlatformCertificate.der"
+
+    echo "Creating Bad Base Platform Cert..."
+    PC_DIR=/var/hirs/pc_generation
+    mkdir -p $PC_DIR
+	/opt/paccor/scripts/allcomponents.sh > $PC_DIR/componentsFile
+	echo
+    echo "PACCOR generated components file:"
+    cat $PC_DIR/componentsFile
+
+    #Add bad components and create badComponentsFile used below
+    python /HIRS/.ci/setup/addFaultyComponents.py
+	/opt/paccor/scripts/referenceoptions.sh > $PC_DIR/optionsFile
+	/opt/paccor/scripts/otherextensions.sh > $PC_DIR/extensionsFile
+	/opt/paccor/bin/observer -c $PC_DIR/badComponentsFile -p $PC_DIR/optionsFile -e $ek_cert_der -f $PC_DIR/observerFile
+	/opt/paccor/bin/signer -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/setup/certs/ca.key -P /HIRS/.ci/setup/certs/ca.crt -f $PC_DIR/$platform_cert
+
+    echo
+    echo "Generated bad components file:"
+    cat $PC_DIR/badComponentsFile
+
+	if tpm2_nvlist | grep -q 0x1c00002; then
+	  echo "Released NVRAM for EK."
+	  tpm2_nvrelease -x 0x1c00002 -a 0x40000001
+	fi
+
+	# Define nvram space to enable loading of EK cert (-x NV Index, -a handle to
+	# authorize [0x40000001 = ownerAuth handle], -s size [defaults to 2048], -t
+	# specifies attribute value in publicInfo struct
+	# [0x2000A = ownerread|ownerwrite|policywrite])
+	size=$(cat $ek_cert_der | wc -c)
+	echo "Define NVRAM location for EK cert of size $size."
+	tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size
+
+	# Load key into TPM nvram
+	echo "Loading EK cert $ek_cert_der into NVRAM."
+	tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der
+
+	if tpm2_nvlist | grep -q 0x1c90000; then
+	  echo "Released NVRAM for PC."
+	  tpm2_nvrelease -x 0x1c90000 -a 0x40000001
+	fi
+
+	# Store the platform certificate in the TPM's NVRAM
+	size=$(cat $PC_DIR/$platform_cert | wc -c)
+	echo "Define NVRAM location for PC cert of size $size."
+	tpm2_nvdefine -x 0x1c90000 -a 0x40000001 -t 0x2000A -s $size
+
+	echo "Loading PC cert $PC_DIR/$platform_cert into NVRAM."
+	tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$platform_cert
+
+	echo "===========TPM2 Emulator Initialization Complete!==========="
+
+	# Set Logging to INFO Level
+	sed -i "s/WARN/INFO/" /etc/hirs/TPM2_Provisioner/log4cplus_config.ini
+}
+
+# Function to update the hirs-site.config file
+function UpdateHirsSiteConfigFile {
+	HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config"
+
+	echo ""
+	echo "===========Updating ${HIRS_SITE_CONFIG}, using values from /HIRS/.ci/docker/.env file...==========="
+	cat /HIRS/.ci/docker/.env
+
+	cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG
+#*******************************************
+#* HIRS site configuration properties file
+#*******************************************
+CLIENT_HOSTNAME=${HIRS_ACA_PROVISIONER_TPM2_IP}
+TPM_ENABLED=${TPM_ENABLED}
+IMA_ENABLED=${IMA_ENABLED}
+
+# Site-specific configuration
+ATTESTATION_CA_FQDN=${HIRS_ACA_HOSTNAME}
+ATTESTATION_CA_PORT=${HIRS_ACA_PORTAL_PORT}
+BROKER_FQDN=${HIRS_ACA_PORTAL_IP}
+BROKER_PORT=${HIRS_BROKER_PORT}
+PORTAL_FQDN=${HIRS_ACA_PORTAL_IP}
+PORTAL_PORT=${HIRS_ACA_PORTAL_PORT}
+
+DEFAULT_SITE_CONFIG_FILE
+
+ echo "===========New HIRS Config File==========="
+ cat /etc/hirs/hirs-site.config
+}
+
+# Install packages
+InstallProvisioner
+
+# Install TPM2 Emulator
+InitTpm2Emulator
+
+# Update the hirs-site.config file
+UpdateHirsSiteConfigFile
+
+echo ""
+echo "TPM2 Emulator NV RAM list"
+tpm2_nvlist
+
+echo ""
+echo "===========HIRS ACA TPM2 Provisioner Setup Complete!==========="

.ci/setup/setup-tpm2provisioner.sh

@@ -78,7 +78,7 @@ function InitTpm2Emulator {
 	tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size
 
 	# Load key into TPM nvram
-	echo "Loading EK cert into NVRAM."
+	echo "Loading EK cert $ek_cert_der into NVRAM."
 	tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der
 
 	if tpm2_nvlist | grep -q 0x1c90000; then
@@ -91,7 +91,7 @@ function InitTpm2Emulator {
 	echo "Define NVRAM location for PC cert of size $size."
 	tpm2_nvdefine -x 0x1c90000 -a 0x40000001 -t 0x2000A -s $size
 
-	echo "Loading PC cert into NVRAM."
+	echo "Loading PC cert $PC_DIR/$platform_cert into NVRAM."
 	tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$platform_cert
 
 	echo "===========TPM2 Emulator Initialization Complete!==========="
@@ -139,5 +139,9 @@ InitTpm2Emulator
 # Update the hirs-site.config file
 UpdateHirsSiteConfigFile
 
+echo ""
+echo "TPM2 Emulator NV RAM list"
+tpm2_nvlist
+
 echo ""
 echo "===========HIRS ACA TPM2 Provisioner Setup Complete!==========="

.ci/system-tests/run-system-tests-tpm2-base-delta.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# Script to run the System Tests for HIRS TPM 2.0 Provisioner
+
+set -e
+
+echo ""
+echo "System Tests Starting..."
+echo ""
+
+# Start System Testing Docker Environment
+cd .ci/docker
+
+docker-compose -f docker-compose-tpm2-base-delta.yml up -d
+
+tpm2_container_id="$(docker ps -aqf "name=hirs-aca-provisioner-tpm2")"
+echo "TPM2 Container ID: $tpm2_container_id"
+
+tpm2_container_status="$(docker inspect $tpm2_container_id --format='{{.State.Status}}')"
+echo "TPM2 Container Status: $tpm2_container_status"
+
+while [[ $tpm2_container_status == "running" ]]
+do
+  sleep 20
+
+  # Add status message, so Travis will not time out.
+  # It may timeout if it hasn't received output for more than 10 minutes.
+  echo "Still running tests, please wait..."
+
+  tpm2_container_status="$(docker inspect $tpm2_container_id --format='{{.State.Status}}')"
+done
+
+# Store container exit code
+tpm2_container_exit_code="$(docker inspect $tpm2_container_id --format='{{.State.ExitCode}}')"
+echo "TPM2 Container Exit Code: $tpm2_container_exit_code"
+
+# Display container log
+echo ""
+echo "===========hirs-aca-provisioner-tpm2 System Tests Log:==========="
+docker logs $tpm2_container_id
+
+echo ""
+echo "End of TPM 2.0 System Tests, cleaning up..."
+echo ""
+# Clean up services and network
+docker-compose down
+
+# Clean up dangling containers
+echo "Cleaning up dangling containers..."
+echo ""
+docker ps -a
+echo ""
+docker container prune --force
+echo ""
+
+# Return container exit code
+if [[ $tpm2_container_exit_code == 0 ]]
+then
+    echo "SUCCESS: TPM 2.0 System tests passed"
+    exit 0
+fi
+
+echo "ERROR: System tests failed"
+exit 1

.ci/system-tests/system_test.py

@@ -1,6 +1,6 @@
 # system_test.py - implements a group of tests that run appraisals on a client and server
 
-# TODO: test_01-test_11 will need to be implemented when the additional HIRS 
+# TODO: test_01-test_11 will need to be implemented when the additional HIRS
 # projects are imported to the new GitHub repo. The test code is commented out for now.
 
 import binascii
@@ -28,7 +28,7 @@ from system_test_core import HIRSPortal, AttestationCAPortal, collectors, \
 	get_all_nodes_recursively, touch_random_file_and_remove, get_random_pcr_hex_value, \
 	is_ubuntu_client, is_tpm2,\
 	DEFAULT_IMA_POLICY, DEFAULT_TPM_POLICY
-	
+
 NUMBER_OF_PCRS = 24
 
 suffix = os.environ.get('RANDOM_SYS_TEST_ID')
@@ -49,8 +49,10 @@ HIRS_ATTESTATION_CA_PORTAL_URL = "https://" + \
 	"/HIRS_AttestationCAPortal/"
 TEST_LOG_FILE = os.environ.get('TEST_LOG')
 LOG_LEVEL = os.environ.get('LOG_LEVEL')
+
 CA_CERT_LOCATION = "/HIRS/.ci/setup/certs/ca.crt"
 EK_CA_CERT_LOCATION = "/HIRS/.ci/setup/certs/ek_cert.der"
+BAD_BASE_PC_CERT_LOCATION = "/var/hirs/pc_generation/badPlatformCertificate.der"
 USB_STORAGE_FILE_HASH = "e164c378ceb45a62642730be5eb3169a6bfc2d6d"
 USB_STORAGE_FILE_HASH_2 = "e164c378ceb45a62642730be5eb3169a6bfc1234"
 FORMAT = "%(asctime)-15s %(message)s"
@@ -73,7 +75,6 @@ class SystemTest(unittest.TestCase):
 
 	def setUp(self):
 		"""Set the systems tests state up for testing"""
-#         Portal.set_group_appraisal_wait_setting()
         AcaPortal.disable_supply_chain_validations()
 
 	def tearDown(self):
@@ -87,7 +88,7 @@ class SystemTest(unittest.TestCase):
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertTrue(result)
 # 		self.assertEqual(0, Portal.get_alert_count_from_latest_report())
-		
+
 	@collectors(['IMA'], COLLECTOR_LIST)
 	def test_02_small_ima_appraisal(self):
 		"""Test that appraisal works with a small hard-coded IMA baseline
@@ -103,8 +104,8 @@ class SystemTest(unittest.TestCase):
 # 		policy_name = Portal.add_ima_policy(required_set=baseline, policy_name_prefix='small_ima')
 # 		Portal.set_default_policies(ima_policy=policy_name)
 # 		result = run_hirs_report(CLIENT)
-# 		self.assertTrue(result)  
- 		
+# 		self.assertTrue(result)
+
 	@collectors(['IMA'], COLLECTOR_LIST)
 	def test_03_large_ima_appraisal(self):
 		"""Test that appraisal works with a full-size IMA baseline
@@ -134,7 +135,7 @@ class SystemTest(unittest.TestCase):
 # 		 	logging.warning("new alert count: " + str(new_alert_count))
 # 			 #logging.debug("new alerts:\n{0}".format(pprint.pformat(after_alerts['data'][0:new_alert_count])))
 # 		self.assertTrue(True)
-		
+
 	@collectors(['IMA'], COLLECTOR_LIST)
 	def test_04_small_ima_appraisal_required_set_missing(self):
 		"""Test that appraisal results in an appropriate alert generation when a required set file is missing
@@ -155,19 +156,19 @@ class SystemTest(unittest.TestCase):
 # 		baseline["records"].append({"path": missing_file, "hash": random_hash})
 # 		policy_name = Portal.add_ima_policy(required_set=baseline, policy_name_prefix="small_ima_req")
 # 		Portal.set_default_policies(ima_policy=policy_name)
-#   
+#
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertFalse(result)
 # 		after_alerts = Portal.get_alerts_from_latest_report()
 # 		new_alert_count = after_alerts['recordsTotal']
 # 		self.assertEqual(new_alert_count, 1)
-#   
+#
 # 		# find the alert with the most recent createTime
 # 		latest_alert = max(after_alerts['data'], key=lambda alert: alert['createTime'])
 # 		self.assertTrue("MISSING_RECORD" in latest_alert['type'])
 # 		self.assertTrue(random_hash in latest_alert['expected'])
 # 		self.assertTrue(missing_file in latest_alert['expected'])
-		
+
 	@collectors(['TPM'], COLLECTOR_LIST)
 	def test_05_tpm_white_list_appraisal(self):
 		"""Test that appraisal works with a TPM white list baseline
@@ -193,20 +194,20 @@ class SystemTest(unittest.TestCase):
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertTrue(result)
 # 		self.assertEqual(0, Portal.get_alert_count_from_latest_report())
-#   
+#
 # 		# create a new baseline with random PCR values
 # 		baseline_bad_tpm_pcr = make_baseline_from_xml(xml_report, "TPM")
 # 		for pcr_index in range(0, NUMBER_OF_PCRS):
 # 			baseline_bad_tpm_pcr["records"][pcr_index]["hash"] = get_random_pcr_hex_value()
-#   
+#
 # 		policy_name = Portal.add_tpm_wl_policy(baseline_bad_tpm_pcr, policy_name_prefix='bad_vals')
 # 		Portal.set_default_policies(tpm_policy=policy_name)
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertFalse(result)
 # 		self.assertEqual(NUMBER_OF_PCRS, Portal.get_alert_count_from_latest_report())
-#   
+#
 # 		after_alerts = Portal.get_alerts()
-#   
+#
 # 		# for the set of new alerts, verify the alert fields for each PCR value
 # 		# the order of the alerts it not necessarily PCR 0, 1, 2... , so we must index
 # 		# in to the hash table correctly
@@ -214,17 +215,17 @@ class SystemTest(unittest.TestCase):
 # 			pcr_alert = after_alerts["data"][alert_index]
 # 			alert_details = pcr_alert["details"]
 # 			pcr_int = int(re.findall(r'\d+', alert_details)[0])
-#   
+#
 # 			logging.info("Checking TPM alert for PCR %s", pcr_int)
-#   
+#
 # 			self.assertTrue("WHITE_LIST_PCR_MISMATCH" in pcr_alert['type'])
 # 			self.assertTrue("TPM_APPRAISER" in pcr_alert['source'])
 # 			baseline_hash = baseline_bad_tpm_pcr["records"][pcr_int]["hash"]
 # 			reported_hash = baseline["records"][pcr_int]["hash"]
-#   
+#
 # 			self.assertTrue(baseline_hash in pcr_alert['expected'])
 # 			self.assertTrue(reported_hash in pcr_alert['received'])
-			
+
 	@collectors(['IMA'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_06_ima_blacklist_appraisal(self):
@@ -241,102 +242,102 @@ class SystemTest(unittest.TestCase):
 # 		baseline = make_simple_ima_blacklist_baseline()
 # 		policy_name = Portal.add_ima_policy(blacklist=baseline, policy_name_prefix='small_ima_blacklist')
 # 		Portal.set_default_policies(ima_policy=policy_name)
-#   
+#
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertTrue(result)
-#   
+#
 # 		send_command('touch /boot/usb-storage-foo.ko')
 # 		#send_command('sudo cat /tmp/usb-storage-foo.ko')
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertFalse(result)
-#   
+#
 # 		after_alerts = Portal.get_alerts_from_latest_report()
 # 		new_alert_count = after_alerts['recordsTotal']
 # 		self.assertEqual(new_alert_count, 1)
-#   
+#
 # 		# find the alert with the most recent createTime
 # 		latest_alert = after_alerts['data'][0]
 # 		self.assertTrue("IMA_BLACKLIST_PATH_MATCH" in latest_alert['type'])
 # 		self.assertTrue("usb-storage-foo.ko" in latest_alert['expected'])
-#   
+#
 # 		#
 # 		# create ima blacklist baseline that contains a hash and generate alert upon detection
 # 		#
-#   
+#
 # 		# create file and add content to file
 # 		send_command('touch /tmp/usb-storage_2.ko')
 # 		send_command('echo blacklist >> /tmp/usb-storage_2.ko')
 # 		policy_name = Portal.add_ima_policy(blacklist=None,
 # 											 policy_name_prefix='empty')
 # 		Portal.set_default_policies(ima_policy=policy_name)
-#   
+#
 # 		# send report to verify successful appraisal
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertTrue(result)
-#   
+#
 # 		 # create blacklist baseline with hash and update policy
 # 		baseline = make_simple_ima_blacklist_baseline_with_hash();
 # 		policy_name = Portal.add_ima_policy(blacklist=baseline,
 # 											 policy_name_prefix='small_ima_blacklist_with_hash')
 # 		Portal.set_default_policies(ima_policy=policy_name)
-#   
+#
 # 		# trigger measurement of file and run hirs report
 # 		send_command('sudo cat /tmp/usb-storage_2.ko')
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertFalse(result)
-#   
+#
 # 		after_alerts = Portal.get_alerts_from_latest_report()
 # 		new_alert_count = after_alerts['recordsTotal']
 # 		self.assertEqual(new_alert_count, 1)
-#   
+#
 # 		# find the alert with the most recent createTime
 # 		latest_alert = after_alerts['data'][0]
 # 		self.assertTrue("IMA_BLACKLIST_HASH_MATCH" in latest_alert['type'])
 # 		self.assertTrue(USB_STORAGE_FILE_HASH in latest_alert['expected'])
-#   
+#
 # 		#
 # 		# create ima blacklist baseline that contains a file and hash and generate alert upon detection
 # 		#
 # 		policy_name = Portal.add_ima_policy(blacklist=None,
 # 											policy_name_prefix='empty')
 # 		Portal.set_default_policies(ima_policy=policy_name)
-#   
+#
 # 		# send report to verify successful appraisal
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertTrue(result)
-#   
+#
 # 		# create blacklist baseline with file and hash and update policy
 # 		baseline = make_simple_ima_blacklist_baseline_with_file_and_hash();
 # 		policy_name = Portal.add_ima_policy(blacklist=baseline,
 # 											policy_name_prefix='small_ima_blacklist_with_file_and_hash')
 # 		Portal.set_default_policies(ima_policy=policy_name)
-#   
+#
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertFalse(result)
-#   
+#
 # 		after_alerts = Portal.get_alerts_from_latest_report()
 # 		new_alert_count = after_alerts['recordsTotal']
 # 		self.assertEqual(new_alert_count, 1)
-#   
+#
 # 		# find the alert with the most recent createTime
 # 		latest_alert = after_alerts['data'][0]
 # 		self.assertTrue("IMA_BLACKLIST_PATH_AND_HASH_MATCH" in latest_alert['type'])
 # 		self.assertTrue("usb-storage_2.ko" in latest_alert['expected'])
 # 		self.assertTrue(USB_STORAGE_FILE_HASH in latest_alert['expected'])
-#   
+#
 # 		#
 # 		# change ima blacklist baseline file and hash and verify alert is not generated
 # 		#
-#   
+#
 # 		# create blacklist baseline with file and hash and update policy
 # 		baseline = make_simple_ima_blacklist_baseline_with_updated_file_and_hash();
 # 		policy_name = Portal.add_ima_policy(blacklist=baseline,
 # 											policy_name_prefix='small_ima_blacklist_with_updated_file_and_hash')
 # 		Portal.set_default_policies(ima_policy=policy_name)
-#   
+#
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertTrue(result)
-		
+
 	@collectors(['IMA'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_07_delta_reports_required_set(self):
@@ -366,12 +367,12 @@ class SystemTest(unittest.TestCase):
 # 		foo_file_name = 'foo-file-' + unique_name
 # 		foo_bar_file_name = 'foo-bar-file-' + unique_name
 # 		test_hash = 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'
-#   
+#
 # 		baseline = {"name": baseline_name,
 # 					"description": "a simple hard-coded ima baseline "
 # 					"for delta reports systems testing",
 # 					"records": []}
-#   
+#
 # 		ima_policy = Portal.add_ima_policy(required_set=baseline, delta_reports_enabled="true", policy_name_prefix="delta_with_required_set")
 # 		Portal.set_default_policies(ima_policy=ima_policy)
 # 		run_hirs_report(CLIENT)
@@ -380,16 +381,16 @@ class SystemTest(unittest.TestCase):
 # 		found_foo_bar_file = foo_bar_file_name in report
 # 		self.assertFalse(found_foo_file)
 # 		self.assertFalse(found_foo_bar_file)
-#   
+#
 # 		Portal.add_to_ima_baseline(baseline_name, foo_file_name, test_hash)
 # 		Portal.add_to_ima_baseline(baseline_name, foo_bar_file_name, test_hash)
-#   
+#
 # 		#create foo_file_name. Don't create foo_bar_file_name yet.
 # 		#send_vagrant_command('echo {0} > {1}'.format("test", foo_file_name), CLIENT)
 # 		#send_vagrant_command('sudo cat {0}'.format(foo_file_name), CLIENT)
 # 		send_command('echo {0} > {1}'.format("test", foo_file_name))
 # 		send_command('sudo cat {0}'.format(foo_file_name))
-#   
+#
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertFalse(result, msg="report should fail - " + foo_bar_file_name + " not present")
 # 		report = Portal.get_latest_report()
@@ -397,7 +398,7 @@ class SystemTest(unittest.TestCase):
 # 		found_foo_bar_file = foo_bar_file_name in report
 # 		self.assertTrue(found_foo_file)
 # 		self.assertFalse(found_foo_bar_file)
-#  
+#
 # 		send_vagrant_command('echo {0} > {1}'.format("test", foo_bar_file_name), CLIENT)
 # 		send_vagrant_command('sudo cat {0}'.format(foo_bar_file_name), CLIENT)
 # 		result = run_hirs_report(CLIENT)
@@ -407,10 +408,10 @@ class SystemTest(unittest.TestCase):
 # 		found_foo_bar_file = foo_bar_file_name in report
 # 		self.assertFalse(found_foo_file)
 # 		self.assertTrue(found_foo_bar_file)
-#  
+#
 # 		send_vagrant_command('rm {0}'.format(foo_file_name), CLIENT)
 # 		send_vagrant_command('rm {0}'.format(foo_bar_file_name), CLIENT)
-		
+
 	@collectors(['IMA'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_08_delta_reports_whitelist(self):
@@ -444,39 +445,39 @@ class SystemTest(unittest.TestCase):
 # 		foo_file_name = 'foo-file-' + unique_name
 # 		foo_bar_file_name = 'foo-bar-file-' + unique_name
 # 		test_hash = 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'
-#  
+#
 # 		baseline = {"name": baseline_name,
 # 					 "description": "a simple hard-coded ima baseline "
 # 					 "for delta reports systems testing",
 # 					 "records": []}
-#  
+#
 # 		ima_policy = Portal.add_ima_policy(whitelist=baseline, delta_reports_enabled="true", policy_name_prefix="delta_with_whitelist")
 # 		Portal.set_default_policies(ima_policy=ima_policy)
 # 		run_hirs_report(CLIENT)
 # 		report = Portal.get_latest_report()
 # 		found_foo_file = foo_file_name in report
 # 		self.assertFalse(found_foo_file)
-#  
+#
 # 		Portal.add_to_ima_baseline(baseline_name, foo_file_name, test_hash)
-# 
+#
 # 		#create foo_file_name. Don't create foo_bar_file_name yet.
 # 		send_vagrant_command('echo \'foo-file\' > {0}'.format(foo_file_name), CLIENT)
 # 		send_vagrant_command('sudo cat {0}'.format(foo_file_name), CLIENT)
-#  
+#
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertFalse(result, msg="report should fail - whitelist mismatch for " + foo_bar_file_name)
 # 		report = Portal.get_latest_report()
 # 		found_foo_file = foo_file_name in report
 # 		self.assertTrue(found_foo_file)
-#  
+#
 # 		result = run_hirs_report(CLIENT)
 # 		self.assertTrue(result, msg="delta reporting should pass because the mismatched record should be found in a previous report")
 # 		report = Portal.get_latest_report()
 # 		found_foo_file = foo_file_name in report
 # 		self.assertFalse(found_foo_file)
-# 
+#
 # 		send_vagrant_command('rm {0}'.format(foo_file_name), CLIENT)
-		
+
 	@collectors(['IMA', 'TPM'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_09_on_demand(self):
@@ -499,15 +500,15 @@ class SystemTest(unittest.TestCase):
 # 		logging.info('on demand policy name: %s', policy_name)
 # 		Portal.set_default_policies(ima_policy=policy_name, tpm_policy=DEFAULT_TPM_POLICY)
 # 		first_report_summary = Portal.get_latest_report_summary()
-#  
+#
 # 		(filename, sha_hash) = touch_random_file_and_remove(CLIENT)
 # 		partial_filename = filename.split('/')[-1]
 # 		logging.info("touched file {} with hash {}".format(filename, sha_hash))
 # 		Portal.start_on_demand()
 # 		logging.info("started on-demand appraisal")
-#  
+#
 # 		latest_report_summary = None
-#  
+#
 # 		attempts = 0
 # 		while latest_report_summary == None or latest_report_summary['report']['id'] == first_report_summary['report']['id']:
 # 			 attempts += 1
@@ -515,15 +516,15 @@ class SystemTest(unittest.TestCase):
 # 			 latest_report_summary = Portal.get_latest_report_summary()
 # 			 if attempts == 6:
 # 				 self.fail("No new report summary was found after 120 seconds; failing.")
-#  
+#
 # 		self.assertEqual(latest_report_summary["hirsAppraisalResult"]["appraisalStatus"], 'PASS')
-#  
+#
 # 		self.assertTrue(Portal.report_contains_ima_record(
 # 			 partial_filename, sha_hash, latest_report_summary['report']['id']))
 # 		sub_reports = latest_report_summary['report']['reports']
 # 		self.assertTrue(any(sr for sr in sub_reports if 'TPMReport' in sr['reportType']),
 # 						 "report summary should contain a TPMReport as a sub-report")
-		
+
 	@collectors(['IMA'], COLLECTOR_LIST)
 	@unittest.skip("SELinux issues are preventing repo sync from working")
 	def test_10_failing_ima_appraisal_broad_repo_baseline(self):
@@ -541,13 +542,13 @@ class SystemTest(unittest.TestCase):
 # 		baseline_name = "Test Broad Baseline"
 # 		policy_name = "Test Broad Repo IMA Policy"
 # 		repo_url = 'file:///flamethrower/Systems_Tests/resources/repositories/small_yum_repo'
-#  
+#
 # 		Portal.configure_yum_repository(repo_name, repo_url)
 # 		Portal.create_broad_ima_baseline(baseline_name, repo_name)
 # 		Portal.create_policy(policy_name, "IMA")
 # 		Portal.add_baseline_to_required_sets(policy_name, baseline_name)
 # 		Portal.set_tpm_ima_policy(ima_policy=policy_name, tpm_policy=DEFAULT_TPM_POLICY)
-#  
+#
 # 		self.assertFalse(run_hirs_report(CLIENT))
 # 		alerts = Portal.get_alerts_from_latest_report()
 # 		self.assertTrue(alerts_contain(alerts['data'], {
@@ -555,7 +556,7 @@ class SystemTest(unittest.TestCase):
 # 			 'type': 'MISSING_RECORD',
 # 			 'expected': '(/usr/lib64/glusterfs/3.7.6/xlator/features/quota.so, SHA-1 - 0xc9b5e8df6b50f2f58ea55fd41a962393d9eeec94)',
 # 		}))
-		
+
 	@collectors(['IMA'], COLLECTOR_LIST)
 	@unittest.skip("SELinux issues are preventing repo sync from working")
 	@unittest.skipIf(is_ubuntu_client(CLIENT_OS), "Skipping this test due to client OS " + CLIENT_OS)
@@ -576,31 +577,34 @@ class SystemTest(unittest.TestCase):
 # 		baseline_name = "Test Broad Baseline"
 # 		policy_name = "Test Broad Repo IMA Policy"
 # 		repo_url = 'file:///flamethrower/Systems_Tests/resources/repositories/two_package_yum_repo'
-#  
+#
 # 		Portal.configure_yum_repository(repo_name, repo_url)
 # 		Portal.create_broad_ima_baseline(baseline_name, repo_name)
 # 		Portal.create_policy(policy_name, "IMA")
 # 		Portal.add_baseline_to_required_sets(policy_name, baseline_name)
 # 		Portal.set_partial_paths_for_ima_policy(policy_name, True)
 # 		Portal.set_tpm_ima_policy(ima_policy=policy_name, tpm_policy=DEFAULT_TPM_POLICY)
-#  
+#
 # 		if CLIENT_OS in ["centos6", "centos7"]:
 # 			 send_vagrant_command("sudo rpm -i --force /flamethrower/Systems_Tests/resources/repositories/two_package_yum_repo/SimpleTest1-1-1.noarch.rpm", CLIENT)
 # 			 send_vagrant_command("sudo rpm -i --force /flamethrower/Systems_Tests/resources/repositories/two_package_yum_repo/SimpleTest2-1-1.noarch.rpm", CLIENT)
 # 		else:
 # 			 logging.error("unsupported client os: %s",  CLIENT_OS)
-#  
+#
 # 		send_vagrant_command("sudo find /opt/simpletest -type f -exec head {} \;", CLIENT)
-#  
+#
 # 		self.assertTrue(run_hirs_report(CLIENT))
 # 		self.assertEqual(Portal.get_alert_count_from_latest_report(), 0)
 
+	@collectors(['TPM'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_12_attestation_ca_portal_online(self):
 		"""Test that the Attestation CA Portal is online and accessible by making a GET request.
 		    If not online, an exception will be raised since the response code is non-200"""
 		logging.info("*****************beginning of attestation ca portal online test *****************")
 	 	AcaPortal.check_is_online()
 
+	@collectors(['TPM'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_13_tpm2_initial_provision(self):
 		"""Test that running the tpm2 hirs provisioner works"""
@@ -608,16 +612,19 @@ class SystemTest(unittest.TestCase):
  		# Run the provisioner to ensure that it provisions successfully
  		provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
        	print("Initial provisioner run output: {0}".format(provisioner_out))
-      
+
+	@collectors(['TPM'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_14_device_info_report_stored_after_provisioning(self):
 		"""Test that running the hirs provisioner results in storing a device info report for
 			the device in the DB"""
 		logging.info("*****************beginning of provisioner + device info report test *****************")
 		logging.info("getting devices from ACA portal")
  		aca_portal_devices = AcaPortal.get_devices()
-		self.assertEqual(aca_portal_devices['recordsTotal'], 1) 
-	 
-	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)	
+		self.assertEqual(aca_portal_devices['recordsTotal'], 1)
+
+	@collectors(['TPM'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_15_supply_chain_validation_summary_stored_after_second_provisioning(self):
 		"""Test that running the hirs provisioner, a second time, results in storing a supply chain validation
 		   record in the database"""
@@ -634,7 +641,7 @@ class SystemTest(unittest.TestCase):
 				AcaPortal.upload_ca_cert(EK_CA_CERT_LOCATION)
 				AcaPortal.enable_ec_validation()
 				provisioner_out = run_hirs_provisioner(CLIENT)
- 				
+
 		print("Second provisioner run output: {0}".format(provisioner_out))
 		supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries()
 		# verify this is one SCVS record indicating PASS
@@ -644,7 +651,8 @@ class SystemTest(unittest.TestCase):
 		# verify device has been updated with supply chain appraisal result
 		devices = AcaPortal.get_devices()
 		self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
-	
+
+	@collectors(['TPM'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_16_ek_info_report(self):
 		"""Test that running the hirs provisioner results in storing EK certs info report for
@@ -652,20 +660,22 @@ class SystemTest(unittest.TestCase):
 		logging.info("*****************beginning of provisioner + Endorsement certs info report test *****************")
 		logging.info("getting ek certs from ACA portal")
 		cert_list = AcaPortal.get_ek_certs()
-		self.assertEqual(cert_list['recordsTotal'], 1)	
+		self.assertEqual(cert_list['recordsTotal'], 1)
 		self.assertEqual(cert_list['data'][0]['credentialType'], "TCPA Trusted Platform Module Endorsement")
- 		
- 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)   
+
+ 	@collectors(['TPM'], COLLECTOR_LIST)
+ 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_17_pk_info_report(self):
 		"""Test that running the hirs provisioner results in storing PK certs info report for
 			the device in the DB"""
 		logging.info("*****************beginning of provisioner + Platform certs info report test *****************")
 		logging.info("getting pk certs from ACA portal")
 		cert_list = AcaPortal.get_pk_certs()
-		self.assertEqual(cert_list['recordsTotal'], 1)	
+		self.assertEqual(cert_list['recordsTotal'], 1)
 		self.assertEqual(cert_list['data'][0]['credentialType'], "TCG Trusted Platform Endorsement")
-	
-	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)	
+
+	@collectors(['TPM'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_18_trust_chain_info_report(self):
 		"""Test that running the hirs provisioner results in storing trust chains info report for
 			the device in the DB"""
@@ -673,7 +683,99 @@ class SystemTest(unittest.TestCase):
 		logging.info("getting trust chains from ACA portal")
 		trust_chain_list = AcaPortal.get_trust_chains()
 		self.assertEqual(trust_chain_list['recordsTotal'], 1)
-			
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A1_base_delta(self):
+		"""Test Base/Delta Certificates A1 - Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)"""
+		logging.info("*****************test_19_A1 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A2_base_delta(self):
+		"""Test Base/Delta Certificates A2 - Provisioning with Good Base Platform Cert Base and 1 Delta Cert"""
+		logging.info("*****************test_19_A2 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform Cert Base and 1 Delta Cert")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A3_base_delta(self):
+		"""Test Base/Delta Certificates A3 - Provisioning with Good Base Platform Cert Base and 2 Delta Certs"""
+		logging.info("*****************test_19_A3 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform Cert Base and 2 Delta Certs")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A4_base_delta(self):
+		"""Test Base/Delta Certificates A4 - Provisioning with Good Base Platform Cert and 1 Bad Delta Cert"""
+		logging.info("*****************test_19_A4 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform Cert and 1 Bad Delta Cert")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A5_base_delta(self):
+		"""Test Base/Delta Certificates A5 - Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert"""
+		logging.info("*****************test_19_A5 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A6_base_delta(self):
+		"""Test Base/Delta Certificates A6 - Provisioning with Good Base Platform, 2 Good Delta Certs and
+			1 Bad Delta Cert with non present component"""
+		logging.info("*****************test_19_A6 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert with non present component")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A7_base_delta(self):
+		"""Test Base/Delta Certificates A7 - Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert
+			replacing component from previous, using the Delta as a base certificate"""
+		logging.info("*****************test_19_A7 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A8_base_delta(self):
+		"""Test Base/Delta Certificates A8 - Attempt to upload Base cert with holder already having a Base Platform Cert associated with it"""
+		logging.info("*****************test_19_A8 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_B1_base_delta(self):
+		"""Test Base/Delta Certificates B1 - Provisioning with Bad Platform Cert Base """
+		logging.info("*****************test_19_B1 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Bad Platform Cert Base")
+		logging.info("Check if ACA is online...")
+		AcaPortal.check_is_online()
+		if is_tpm2(TPM_VERSION):
+			logging.info("Using TPM 2.0")
+			logging.info("Uploading CA cert: " + CA_CERT_LOCATION)
+			AcaPortal.upload_ca_cert(CA_CERT_LOCATION)
+			AcaPortal.enable_supply_chain_validations()
+			provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
+
+		print("Bad Base Certificate provisioner run output: {0}".format(provisioner_out))
+
+		# Provisioning should fail since the PC contains FAULTY components.
+		self.assertIn("Provisioning failed", format(provisioner_out))
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_B2_base_delta(self):
+		"""Test Base/Delta Certificates B2 - Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component unresolved"""
+		logging.info("*****************test_19_B2 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component unresolved")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_B3_base_delta(self):
+		"""Test Base/Delta Certificates B3 - Provisioning with Bad Platform Cert Base and 2 Good delta with all component resolved"""
+		logging.info("*****************test_19_B3 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Bad Platform Cert Base and 2 Good delta with all component resolved")
+
 def make_simple_ima_baseline():
     timestamp = get_current_timestamp()
 
@@ -731,7 +833,7 @@ def make_baseline_from_xml(xml_report, appraiser_type):
     logging.info("created {0} baseline from xml with {1} records".format(
                  appraiser_type, str(len(baseline["records"]))))
     return baseline
-   
+
 def make_simple_ima_blacklist_baseline():
     return {
             "name": "simple_ima_blacklist_baseline_{0}".format(get_current_timestamp()),
@@ -762,7 +864,7 @@ def make_simple_ima_blacklist_baseline_with_updated_file_and_hash():
         "records": [{"path": "test-file",
                      "hash": USB_STORAGE_FILE_HASH_2}]
     }
-    
+
 if __name__ == '__main__':
     suite = unittest.TestLoader().loadTestsFromTestCase(SystemTest)
     ret = not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful()

.ci/system-tests/system_test_core.py

@@ -317,7 +317,7 @@ class AttestationCAPortal:
     def get_devices(self):
         """Get devices from ACA portal."""
         return self.request("get", "portal/devices/list").json()
-    
+
     def get_ek_certs(self):
         """Get EK certs from ACA portal."""
         return self.request("get", "portal/certificate-request/endorsement-key-credentials/list").json()
@@ -325,14 +325,14 @@ class AttestationCAPortal:
     def get_pk_certs(self):
         """Get PK certs from ACA portal."""
         return self.request("get", "portal/certificate-request/platform-credentials/list").json()
-    
+
     def get_trust_chains(self):
         """Get trust chains from ACA portal."""
         return self.request("get", "portal/certificate-request/trust-chain/list").json()
-    
+
     def upload_ca_cert(self, ca_cert_file):
         file = {'file': open(ca_cert_file, 'rb')}
-        self.request("post", "portal/certificate-request/trust-chain/upload", files=file, operation="upload CA cert")        
+        self.request("post", "portal/certificate-request/trust-chain/upload", files=file, operation="upload CA cert")
 
 def web_request(server_url, method, path, params={}, data={}, files={}, expected_status_codes=[200], operation=None, verify=False):
     url = server_url + path

.ci/system-tests/systems-test-centos7-tpm2-base-delta.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+export CLIENT_OS=centos7
+export CLIENT_HOSTNAME=hirs-client-$CLIENT_OS-tpm2
+
+export SERVER_OS=$CLIENT_OS
+export SERVER_HOSTNAME=hirs-appraiser-$SERVER_OS
+
+export ENABLED_COLLECTORS=BASE_DELTA
+export TPM_VERSION=2.0
+
+$SCRIPT_DIR/systems-test.core.sh

.ci/system-tests/systems-test-centos7-tpm2.sh

@@ -8,7 +8,7 @@ export CLIENT_HOSTNAME=hirs-client-$CLIENT_OS-tpm2
 export SERVER_OS=$CLIENT_OS
 export SERVER_HOSTNAME=hirs-appraiser-$SERVER_OS
 
-export ENABLED_COLLECTORS=
+export ENABLED_COLLECTORS=TPM
 export TPM_VERSION=2.0
 
 $SCRIPT_DIR/systems-test.core.sh

.travis.yml

@@ -32,7 +32,7 @@ cache:
 install: true
 
 script:
-  - docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash -c "cd /HIRS; ./gradlew :$SUBPROJECT:build"
+  - docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash -c "cd /HIRS; ./gradlew :$SUBPROJECT:build -x test"
 
 jobs:
   include:
@@ -40,11 +40,6 @@ jobs:
       script: docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:ubuntu18 /bin/bash -c "cd /HIRS; ./package/package.ubuntu.sh"
       env: null
       name: "Package Ubuntu"
-#     TODO: Explore reason behind Building/Packaging Failing on Amazon Linux
-#    - stage: Packaging and System Tests
-#      script: docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:amazonlinux2 /bin/bash -c "cd /HIRS; ./package/package.centos.sh"
-#      env: null
-#      name: "Package Amazon Linux"
     - stage: Packaging and System Tests
       script: .ci/system-tests/./run-system-tests.sh
       env: null
@@ -53,3 +48,7 @@ jobs:
       script: .ci/system-tests/./run-system-tests-tpm2.sh
       env: null
       name: "System Tests TPM2"
+    - stage: Packaging and System Tests
+      script: .ci/system-tests/./run-system-tests-tpm2-base-delta.sh
+      env: null
+      name: "System Tests TPM2 Base/Delta"