Updated how the bios measurement file is uploaded. Changed the code to pull the string from the properties file instead of a hard link in the code.

2025-04-07 19:34:27 +00:00 · 2020-12-01 11:13:41 -05:00 · 2020-12-01 11:13:41 -05:00 · 70662bddec
commit 70662bddec
parent 9534d6650f
3 changed files with 16 additions and 2 deletions
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
@ -785,6 +785,8 @@ public abstract class AbstractAttestationCertificateAuthority
            } catch (IOException ioEx) {
                LOG.error(ioEx);
            }
+        } else {
+            LOG.warn("Device did not send swid tag file...");
        }

        if (dv.hasLogfile()) {
@ -820,9 +822,12 @@ public abstract class AbstractAttestationCertificateAuthority
            } catch (IOException ioEx) {
                LOG.error(ioEx);
            }
+        } else {
+            LOG.warn("Device did not send support RIM file...");
        }

        if (dv.hasLivelog()) {
+            LOG.info("Device sent bios measurement log...");
            fileName = String.format("%s.measurement",
                    clientName);
            try {
@ -831,6 +836,7 @@ public abstract class AbstractAttestationCertificateAuthority
                        .byManufacturer(dv.getHw().getManufacturer())
                        .includeArchived().getRIM();
                if (support != null) {
+                    LOG.info("Previous bios measurement log found and being replaced...");
                    this.referenceManifestManager.delete(support);
                }
                support = new EventLogMeasurements(fileName,
@ -842,6 +848,8 @@ public abstract class AbstractAttestationCertificateAuthority
            } catch (IOException ioEx) {
                LOG.error(ioEx);
            }
+        } else {
+            LOG.warn("Device did not send bios measurement log...");
        }

        // Get TPM info, currently unimplemented
--- a/HIRS_ProvisionerTPM2/package/rpm-post-install.sh
+++ b/HIRS_ProvisionerTPM2/package/rpm-post-install.sh
@ -45,6 +45,7 @@ TCG_DIRECTORY="/boot/tcg"
 LOG_FILE_LOCATION="$TCG_DIRECTORY/manifest/rim/"
 TAG_FILE_LOCATION="$TCG_DIRECTORY/manifest/swidtag/"
 CREDENTIALS_LOCATION="$TCG_DIRECTORY/cert/platform/"
+BINARY_BIOS_MEASUREMENTS="/sys/kernel/security/tpm0/binary_bios_measurements"

 if [ ! -f "$TCG_BOOT_FILE" ]; then
  touch "$TCG_BOOT_FILE"
@ -64,4 +65,8 @@ if [ -d "$CREDENTIALS_LOCATION" ]; then
  echo "tcg.cert.dir=$CREDENTIALS_LOCATION" >> "$TCG_BOOT_FILE"
 fi

+if [ -f "$BINARY_BIOS_MEASUREMENTS" ]; then
+  echo "tcg.event.file=$BINARY_BIOS_MEASUREMENTS" >> "$TCG_BOOT_FILE"
+fi
+
 chmod -w "$TCG_BOOT_FILE"
--- a/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
+++ b/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
@ -85,6 +85,8 @@ int provision() {
    // collect TCG Boot files
    const std::string& rim_file = props.get("tcg.rim.file", "");
    const std::string& swid_file = props.get("tcg.swidtag.file", "");
+    const std::string& live_log_file = props.get("tcg.event.file", "");
+
    try {
        dv.set_logfile(hirs::file_utils::fileToString(rim_file));
    } catch (HirsRuntimeException& hirsRuntimeException) {
@ -96,8 +98,7 @@ int provision() {
        logger.error(hirsRuntimeException.what());
    }
    try {
-        dv.set_livelog(hirs::file_utils::fileToString(
-        "/sys/kernel/security/tpm0/binary_bios_measurements"));
+        dv.set_livelog(hirs::file_utils::fileToString(live_log_file));
    } catch (HirsRuntimeException& hirsRuntimeException) {
        logger.error(hirsRuntimeException.what());
    }