ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 21:17:59 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
iadgovuser26 2024-08-05 16:09:59 -04:00 committed by GitHub
parent dba81f6466
commit 58ee2748ef
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -1,5 +1,7 @@
<h1><center>Host Integrity at Runtime and Start-up (HIRS) <BR\></center></h1>
**Notice**: Over the next few weeks HIRS will be upgrading to Version 3.0. Version 3.0 has been completely refactored to support deployments to muiltiple Operating Systems. For a discussion of these changes please refer to the [Github Discussion](https://github.com/nsacyber/HIRS/discussions/498) for further details. These changes will take several weeks and will effect the building and installation of the project.
<h2>Attestation Certificate Authority (ACA) and TPM Provisioning with Trusted Computing-based Supply Chain Validation </h2>
The Host Integrity at Runtime and Start-up Attestation Certificate Authority is a Proof of Concept - Prototype intended to spur interest and adoption of the [Trusted Platform Module (TPM)](https://trustedcomputinggroup.org/work-groups/trusted-platform-module/). The ACA can be configured to enforce the Validation of Endorsement and Platform Credentials to illustrate a **Supply Chain Validation** capability. It's intended for testing and development purposes only and is not intended for production. The ACA's functionality supports the provisioning of the [TPM 2.0](https://trustedcomputinggroup.org/wp-content/uploads/2019_TCG_TPM2_BriefOverview_DR02web.pdf) with an [Attestation Identity Credential (AIC)](https://www.trustedcomputinggroup.org/wp-content/uploads/IWG-Credential_Profiles_V1_R1_14.pdf).
@ -7,12 +9,15 @@ The Host Integrity at Runtime and Start-up Attestation Certificate Authority is
The ACA provides a “provisioner” application to be installed on all devices which will be requesting Attestation Credentials.
The ACA is a web based server which processes Attestation Identity Requests.
![TPM Provisioning](images/TPM_Provisioning.jpg)
Please refer to [this link](https://github.com/nsacyber/HIRS/blob/master/HIRS_AttestationCAPortal/src/main/webapp/docs/HIRS%20.NET%20Provisioner%20Readme_2.2.pdf) for details on the the HIRS dotnet provisioner
Version 1.1 added support for the [Platform Certificate v1.1 Specification](https://trustedcomputinggroup.org/resource/tcg-platform-certificate-profile/). This allows entities that are part of the supply chain (System integrators and Value Added Resellers) the ability to create Delta Platform Certificate to compliment the Base Platform Certificate created by the Platform Manufacturer. See the [Article on Base and Delta Platform Certificates](https://github.com/nsacyber/HIRS/wiki/Base-and-Delta-Platform-Certificates) for details.
Version 2.0 added support for the [PC Client Reference Integrity Manifest (RIM) Specification](https://trustedcomputinggroup.org/resource/tcg-pc-client-reference-integrity-manifest-specification/) to provide firmware validation capability to the HIRS ACA. This requires that the manufacturer of a device provide a digitally signed RIM "Bundle" for each device. The HIRS ACA has a new page for uploading and viewing RIM Bundles and a policy setting for requiring Firmware validation.
Version 2.2 introduces the HIRS_Provisioner.NET. The HIRS_Provisioner.NET is a C# implementation of the HIRS Provisioner designed to be a replacement for the HIRS_ProvisionerTPM2. The HIRS_Provisioner.NET can be packaged for Windows as well as most Linux distributions. This portability will support a wider set of scenarios and products. See the [HIRS_Provisioner.NET README](https://github.com/nsacyber/HIRS/blob/master/HIRS_AttestationCAPortal/src/main/webapp/docs/HIRS%20.NET%20Provisioner%20Readme_2.2.pdf) for details.
Version 2.2 introduced the HIRS_Provisioner.NET. The HIRS_Provisioner.NET is a C# implementation of the HIRS Provisioner designed to be a replacement for the HIRS_ProvisionerTPM2. The HIRS_Provisioner.NET can be packaged for Windows as well as most Linux distributions. This portability will support a wider set of scenarios and products. See the [HIRS_Provisioner.NET README](https://github.com/nsacyber/HIRS/blob/master/HIRS_AttestationCAPortal/src/main/webapp/docs/HIRS%20.NET%20Provisioner%20Readme_2.2.pdf) for details.
Please refer to [this link](https://github.com/nsacyber/HIRS/blob/master/HIRS_AttestationCAPortal/src/main/webapp/docs/HIRS%20.NET%20Provisioner%20Readme_2.2.pdf) for details on the the HIRS dotnet provisioner
Version 3.0 was completely refactored to build and run on multiple platforms. The Base OS used for development of the ACA was migrated to Rocky Linux with updates to current dependencies (e.g. Java, Tomcat, Mariadb, etc.) and development tools (e.g. Gradle). New features introduced in Version 3.0 include support for the [PC Client RIM 1.1](https://trustedcomputinggroup.org/resource/tcg-pc-client-reference-integrity-manifest-specification/) specification including composite RIMs, time-stamps, and counter signatures and detailed linkages between TCG Event Logs, OEM issuer certificates, and Reference Integrity Manifests (RIMs) have been added to provide greater granularity of information. Support for TPM 1.2 (HIRS_Provisioner) and the Cplus version of the TPM provsioner (HIRS_ProvisionerTPM2) was dropped from Version 3.0 and replaced with the HIRS_Provisioner.NET.
An ACA Docker image is now automatically created for each release. See the [packages page](https://github.com/orgs/nsacyber/packages?repo_name=HIRS) for published ACA docker images.