From 70662bddec2ff3402433a95399caf3b6a3f6dd27 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Tue, 1 Dec 2020 11:13:41 -0500 Subject: [PATCH] Updated how the bios measurement file is uploaded. Changed the code to pull the string from the properties file instead of a hard link in the code. --- .../AbstractAttestationCertificateAuthority.java | 8 ++++++++ HIRS_ProvisionerTPM2/package/rpm-post-install.sh | 5 +++++ HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp | 5 +++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 59fbb719..b0ba7123 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -785,6 +785,8 @@ public abstract class AbstractAttestationCertificateAuthority } catch (IOException ioEx) { LOG.error(ioEx); } + } else { + LOG.warn("Device did not send swid tag file..."); } if (dv.hasLogfile()) { @@ -820,9 +822,12 @@ public abstract class AbstractAttestationCertificateAuthority } catch (IOException ioEx) { LOG.error(ioEx); } + } else { + LOG.warn("Device did not send support RIM file..."); } if (dv.hasLivelog()) { + LOG.info("Device sent bios measurement log..."); fileName = String.format("%s.measurement", clientName); try { @@ -831,6 +836,7 @@ public abstract class AbstractAttestationCertificateAuthority .byManufacturer(dv.getHw().getManufacturer()) .includeArchived().getRIM(); if (support != null) { + LOG.info("Previous bios measurement log found and being replaced..."); this.referenceManifestManager.delete(support); } support = new EventLogMeasurements(fileName, @@ -842,6 +848,8 @@ public abstract class AbstractAttestationCertificateAuthority } catch (IOException ioEx) { LOG.error(ioEx); } + } else { + LOG.warn("Device did not send bios measurement log..."); } // Get TPM info, currently unimplemented diff --git a/HIRS_ProvisionerTPM2/package/rpm-post-install.sh b/HIRS_ProvisionerTPM2/package/rpm-post-install.sh index 9622dc3d..9562a412 100644 --- a/HIRS_ProvisionerTPM2/package/rpm-post-install.sh +++ b/HIRS_ProvisionerTPM2/package/rpm-post-install.sh @@ -45,6 +45,7 @@ TCG_DIRECTORY="/boot/tcg" LOG_FILE_LOCATION="$TCG_DIRECTORY/manifest/rim/" TAG_FILE_LOCATION="$TCG_DIRECTORY/manifest/swidtag/" CREDENTIALS_LOCATION="$TCG_DIRECTORY/cert/platform/" +BINARY_BIOS_MEASUREMENTS="/sys/kernel/security/tpm0/binary_bios_measurements" if [ ! -f "$TCG_BOOT_FILE" ]; then touch "$TCG_BOOT_FILE" @@ -64,4 +65,8 @@ if [ -d "$CREDENTIALS_LOCATION" ]; then echo "tcg.cert.dir=$CREDENTIALS_LOCATION" >> "$TCG_BOOT_FILE" fi +if [ -f "$BINARY_BIOS_MEASUREMENTS" ]; then + echo "tcg.event.file=$BINARY_BIOS_MEASUREMENTS" >> "$TCG_BOOT_FILE" +fi + chmod -w "$TCG_BOOT_FILE" diff --git a/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp b/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp index 957759e7..5a6428b9 100644 --- a/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp +++ b/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp @@ -85,6 +85,8 @@ int provision() { // collect TCG Boot files const std::string& rim_file = props.get("tcg.rim.file", ""); const std::string& swid_file = props.get("tcg.swidtag.file", ""); + const std::string& live_log_file = props.get("tcg.event.file", ""); + try { dv.set_logfile(hirs::file_utils::fileToString(rim_file)); } catch (HirsRuntimeException& hirsRuntimeException) { @@ -96,8 +98,7 @@ int provision() { logger.error(hirsRuntimeException.what()); } try { - dv.set_livelog(hirs::file_utils::fileToString( - "/sys/kernel/security/tpm0/binary_bios_measurements")); + dv.set_livelog(hirs::file_utils::fileToString(live_log_file)); } catch (HirsRuntimeException& hirsRuntimeException) { logger.error(hirsRuntimeException.what()); }