From 781dc92d9542e16ea0d9e5b30808795038ca22c0 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Tue, 24 Nov 2020 10:13:00 -0500 Subject: [PATCH 1/3] Added a bug fix for support rim and base rim display. If the Support RIM was uploaded, separately, first, then the Base; the base RIM details page would display a linked Support RIM but no expected PCR values. --- .../controllers/ReferenceManifestDetailsPageController.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index ded07cee..65298a58 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -102,6 +102,7 @@ public class ReferenceManifestDetailsPageController LOGGER.error(uuidError, iaEx); } catch (Exception ioEx) { LOGGER.error(ioEx); + LOGGER.trace(ioEx); } if (data.isEmpty()) { String notFoundMessage = "Unable to find RIM with ID: " + params.getId(); @@ -236,6 +237,10 @@ public class ReferenceManifestDetailsPageController baseRim.setAssociatedRim(support.getId()); logProcessor = new TCGEventLog(support.getRimBytes()); } + } else { + support = SupportReferenceManifest.select(referenceManifestManager) + .byEntityId(baseRim.getAssociatedRim()).getRIM(); + logProcessor = new TCGEventLog(support.getRimBytes()); } // going to have to pull the filename and grab that from the DB // to get the id to make the link From 40e744690b3d4bf72b2fb2eedc303afaa6655c27 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Wed, 25 Nov 2020 08:23:02 -0500 Subject: [PATCH 2/3] The 3 files the provisioner uploads to the ACA are system flat files. If the first or second one dosn't exist or cause an exception to be thrown, the rest aren't executed. This change separates the try catch statements so that each one is executed independently of the previous ones' error. --- HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp b/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp index f280c924..f30d6588 100644 --- a/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp +++ b/HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp @@ -74,7 +74,15 @@ int provision() { const std::string& swid_file = props.get("tcg.swidtag.file", ""); try { dv.set_logfile(hirs::file_utils::fileToString(rim_file)); + } catch (HirsRuntimeException& hirsRuntimeException) { + logger.error(hirsRuntimeException.what()); + } + try { dv.set_swidfile(hirs::file_utils::fileToString(swid_file)); + } catch (HirsRuntimeException& hirsRuntimeException) { + logger.error(hirsRuntimeException.what()); + } + try { dv.set_livelog(hirs::file_utils::fileToString( "/sys/kernel/security/tpm0/binary_bios_measurements")); } catch (HirsRuntimeException& hirsRuntimeException) { From 749a3a2317fd043ff5e311ae4f212ade8b813d57 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Wed, 25 Nov 2020 10:06:56 -0500 Subject: [PATCH 3/3] When the provisioner sends the rim swidtag and the rimel and they already exists in the db but are archived, they don't unarchive them so they never show up on the RIM page. This change fixes that. --- .../AbstractAttestationCertificateAuthority.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index e3051ee0..1469a938 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -773,6 +773,8 @@ public abstract class AbstractAttestationCertificateAuthority this.referenceManifestManager.save(dbBaseRim); } else { LOG.info("Client provided Base RIM already loaded in database."); + dbBaseRim.restore(); + dbBaseRim.resetCreateTime(); } tagId = dbBaseRim.getTagId(); @@ -798,7 +800,7 @@ public abstract class AbstractAttestationCertificateAuthority support.setTagId(tagId); this.referenceManifestManager.save(support); } else { - LOG.error("Client provided Support RIM already loaded in database."); + LOG.info("Client provided Support RIM already loaded in database."); if (dbBaseRim != null) { support.setPlatformManufacturer(dbBaseRim.getPlatformManufacturer()); support.setPlatformModel(dbBaseRim.getPlatformModel()); @@ -807,6 +809,8 @@ public abstract class AbstractAttestationCertificateAuthority support.setTagId(dbBaseRim.getTagId()); } + support.restore(); + support.resetCreateTime(); this.referenceManifestManager.update(support); } } catch (IOException ioEx) {