mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
init tcg_properties
This commit is contained in:
parent
3ca559d72f
commit
79bc90046d
@ -4,33 +4,43 @@
|
||||
#
|
||||
#########################################################################################
|
||||
set -e
|
||||
pushd /
|
||||
pushd / > /dev/null
|
||||
echo "Setting up TPM emulator for the TPM2 Provisioner"
|
||||
|
||||
# Function to make and install TPM 2.0 Provisioner packages
|
||||
function InstallProvisioner {
|
||||
echo "===========Installing TPM 2.0 Provisioner Packages...==========="
|
||||
pushd /HIRS
|
||||
pushd /HIRS > /dev/null
|
||||
echo "Building the HIRS Provisioner ..."
|
||||
mkdir -p /HIRS/logs/provisioner/
|
||||
sh package/package.centos.sh &> /HIRS/logs/provisioner/provisioner_build.log
|
||||
echo "Installing the HIRS Provisioner ..."
|
||||
yum install -y package/rpm/RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.el7.x86_64.rpm
|
||||
popd
|
||||
popd > /dev/null
|
||||
}
|
||||
|
||||
# use ibm tss to properly clear tpm pcr values
|
||||
function setTpmPcrValues {
|
||||
mkdir /ibmtss
|
||||
pushd /ibmtss
|
||||
pushd /ibmtss > /dev/null
|
||||
echo "Installing IBM TSS to set the TPM simulator intial values correctly..."
|
||||
wget --no-check-certificate https://downloads.sourceforge.net/project/ibmtpm20tss/ibmtss1.5.0.tar.gz > /dev/null
|
||||
tar -zxvf ibmtss1.5.0.tar.gz > /dev/null
|
||||
cd utils
|
||||
make -f makefiletpmc > /dev/null
|
||||
cd ../utils
|
||||
./startup
|
||||
popd
|
||||
./startup
|
||||
popd > /dev/null
|
||||
}
|
||||
|
||||
# Set default values tcg_boot_properties
|
||||
function setTcgProperties {
|
||||
propFile="/etc/hirs/tcg_boot.properties";
|
||||
|
||||
echo "tcg.rim.dir=/boot/tcg/manifest/rim/" > $propFile;
|
||||
echo "tcg.swidtag.dir=/boot/tcg/manifest/swidtag/" >> $propFile;
|
||||
echo "tcg.cert.dir=/boot/tcg/cert/platform/" >> $propFile;
|
||||
echo "tcg.event.file=/sys/kernel/security/tpm0/binary_bios_measurements" >> $propFile;
|
||||
}
|
||||
|
||||
# Function to initialize the TPM 2.0 Emulator
|
||||
@ -136,7 +146,7 @@ function WaitForAca {
|
||||
# Wait for ACA to boot
|
||||
echo "Waiting for ACA to spin up at address ${HIRS_ACA_PORTAL_IP} on port ${HIRS_ACA_PORTAL_PORT} ..."
|
||||
until [ "`curl --silent --connect-timeout 1 -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep '302 Found'`" != "" ]; do
|
||||
sleep 5;
|
||||
sleep 1;
|
||||
#echo "Checking on the ACA..."
|
||||
done
|
||||
echo "ACA is up!"
|
||||
@ -152,6 +162,11 @@ InstallProvisioner
|
||||
echo "TPM2 Provisioner container running:"
|
||||
echo "Contents of /etc/hirs is $(ls -al /etc/hirs)";
|
||||
|
||||
setTcgProperties
|
||||
|
||||
echo "TPM2 Provisioner container running:"
|
||||
echo "Contents of /etc/hirs is $(ls -al /etc/hirs)";
|
||||
|
||||
# Install TPM 2.0 Emulator
|
||||
InitTpm2Emulator
|
||||
|
||||
|
@ -19,25 +19,10 @@ echo "Test is using RIM files from $profile : $test"
|
||||
|
||||
# update tcg_boot.properties to use test specific binary_bios_measurement file
|
||||
eventLog="$testDir"/"$profile"_"$test"_binary_bios_measurements
|
||||
propFile="/etc/hirs/tcg_boot.properties";
|
||||
#echo "propFile = $propFile"
|
||||
|
||||
# tcg_boot_properties is being erased, so recreate for now ......
|
||||
#echo "tcg.rim.dir=/boot/tcg/manifest/rim/" > $propFile;
|
||||
#echo "tcg.swidtag.dir=/boot/tcg/manifest/swidtag/" >> $propFile;
|
||||
#echo "tcg.cert.dir=/boot/tcg/cert/platform/" >> $propFile;
|
||||
#echo "tcg.event.file=/sys/kernel/security/tpm0/binary_bios_measurements" >> $propFile;
|
||||
|
||||
#echo "eventLog = $eventLog"
|
||||
#echo "Contents of /etc/hirs is $(ls -al /etc/hirs)";
|
||||
#echo "Contents of $propFile before sed is $(cat $propFile)";
|
||||
|
||||
sed -i "s:tcg.event.file=.*:tcg.event.file=$eventLog:g" "$propFile"
|
||||
|
||||
#echo "Contents of $propFile after sed is $(cat $propFile)";
|
||||
#echo "======================"
|
||||
|
||||
#echo "Contents of/boot/tcg/cert/platform/ is $(ls /boot/tcg/cert/platform/) : "
|
||||
|
||||
# Step 2: Copy Base RIM files to the TCG folder
|
||||
pushd $testDir/swidtags/ > /dev/null
|
||||
@ -62,7 +47,6 @@ popd > /dev/null
|
||||
# echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)"
|
||||
|
||||
#Step 4, run the setpcr script to make the TPM emulator hold values that correspond the binary_bios_measurement file
|
||||
#echo "Setting PCR register 0 - 23 for test $profile : $test"
|
||||
sh $testDir/"$profile"_"$test"_setpcrs.sh
|
||||
#tpm2_pcrlist -g sha256
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user