From 9100206cc3da7ee645cfe598a8ef50545e017f30 Mon Sep 17 00:00:00 2001
From: lareine <lareine@evoforge.org>
Date: Thu, 3 Feb 2022 18:52:12 -0500
Subject: [PATCH] set ima policy for fw validation

added tpm clear

testing tpm clear

testing tpm clear

testing tpm clear

testing tpm clear

testing tpm clear

update ibmtss
---
 .ci/setup/setup_tpm2provisioner.sh      |  4 ++--
 .ci/system-tests/container/rim_setup.sh | 11 +++++++++--
 .ci/system-tests/sys_test_common.sh     |  2 +-
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/.ci/setup/setup_tpm2provisioner.sh b/.ci/setup/setup_tpm2provisioner.sh
index 1aea584f..433354a4 100755
--- a/.ci/setup/setup_tpm2provisioner.sh
+++ b/.ci/setup/setup_tpm2provisioner.sh
@@ -24,8 +24,8 @@ function setTpmPcrValues {
   mkdir /ibmtss
   pushd /ibmtss  > /dev/null
     echo "Installing IBM TSS to set the TPM simulator intial values correctly..."
-    wget --no-check-certificate https://downloads.sourceforge.net/project/ibmtpm20tss/ibmtss1.5.0.tar.gz > /dev/null
-    tar -zxvf ibmtss1.5.0.tar.gz > /dev/null
+    wget --no-check-certificate https://downloads.sourceforge.net/project/ibmtpm20tss/ibmtss1.6.0.tar.gz > /dev/null
+    tar -zxvf ibmtss1.6.0.tar.gz > /dev/null
     cd utils
     make -f makefiletpmc > /dev/null
     cd ../utils
diff --git a/.ci/system-tests/container/rim_setup.sh b/.ci/system-tests/container/rim_setup.sh
index ad8e666d..97965ad3 100644
--- a/.ci/system-tests/container/rim_setup.sh
+++ b/.ci/system-tests/container/rim_setup.sh
@@ -64,12 +64,19 @@ popd > /dev/null
   echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)"
 
 #Step 4, run the setpcr script to make the TPM emulator hold values that correspond the binary_bios_measurement file
-#     a: Check if a test specific setpcr.sh file exists. If not use the profiles default script
+#     a: Clear the TPM PCR registers vi a call to the tss clear 
+#     b: Check if a test specific setpcr.sh file exists. If not use the profiles default script
+pushd /ibmtss/utils/
+echo "accessing the ibmtss"
+./pcrreset -ha 16
+echo "attemping to clear PCRs"
+popd
+
 if [[ ! -f $pcrScript ]]; then
     pcrScript="$profileDir/default/"$profile"_default_setpcrs.sh"
 fi
 sh $pcrScript;
 echo "PCR script was $pcrScript"
-#tpm2_pcrlist -g sha256 
+tpm2_pcrlist -g sha256 
 
 # Done with rim_setup
\ No newline at end of file
diff --git a/.ci/system-tests/sys_test_common.sh b/.ci/system-tests/sys_test_common.sh
index 6ab6f3b7..ded0496b 100644
--- a/.ci/system-tests/sys_test_common.sh
+++ b/.ci/system-tests/sys_test_common.sh
@@ -43,7 +43,7 @@ docker exec $aca_container mysql -u root -D hirs_db -e "Update SupplyChainPolicy
 
 setPolicyEkPcFw() {
 docker exec $aca_container mysql -u root -D hirs_db -e "Update SupplyChainPolicy set enableEcValidation=1, enablePcAttributeValidation=1, enablePcValidation=1,
-           enableUtcValidation=0, enableFirmwareValidation=1, enableExpiredCertificateValidation=0, enableIgnoreGpt=0, enableIgnoreIma=0, enableIgnoretBoot=0;"
+           enableUtcValidation=0, enableFirmwareValidation=1, enableExpiredCertificateValidation=0, enableIgnoreGpt=0, enableIgnoreIma=1, enableIgnoretBoot=0;"
 }
 
 # Clear all ACA DB items including policy