diff --git a/.github/workflows/hirs_package_linux.yml b/.github/workflows/hirs_package_linux.yml index 5406ad06..8604fc66 100644 --- a/.github/workflows/hirs_package_linux.yml +++ b/.github/workflows/hirs_package_linux.yml @@ -17,7 +17,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '17' distribution: 'temurin' @@ -26,44 +26,57 @@ jobs: - name: directory setup run: | mkdir -p artifacts/jars + mkdir -p artifacts/win - name: install dependencies run: | sudo apt-get update sudo apt-get install git curl nano cron mariadb-server - name: Setup Gradle - uses: gradle/gradle-build-action@v2 + uses: gradle/actions/setup-gradle@v3 - name: Execute Gradle build run: | ./gradlew build; ./gradlew bootWar; ./gradlew buildDeb; ./gradlew buildRpm; + ./gradlew buildZip cp HIRS_AttestationCAPortal/build/libs/*.jar artifacts/jars/. cp HIRS_AttestationCA/build/libs/*.jar artifacts/jars/. cp HIRS_Utils/build/libs/*.jar artifacts/jars/. cp HIRS_Structs/build/libs/*.jar artifacts/jars/. + cp tools/tcg_rim_tool/build/distributions/*.zip artifacts/win + cp tools/tcg_eventlog_tool/build/distributions/*.zip artifacts/win + cp package/win/tcg-rim-tool/* artifacts/win + - name: Archive RPM files - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: RPM_Files path: HIRS_AttestationCAPortal/build/distributions/*.rpm if-no-files-found: error - name: Archive DEB files - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: DEB_Files path: HIRS_AttestationCAPortal/build/distributions/*.deb if-no-files-found: error - name: War files - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: WAR_Files path: HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war if-no-files-found: error - name: JAR_Files - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: JAR_Files path: artifacts/jars/ if-no-files-found: error - \ No newline at end of file + - name: ZIP_Files + uses: actions/upload-artifact@v4 + with: + name: ZIP_Files + path: artifacts/win/ + if-no-files-found: error + + diff --git a/package/win/tcg-rim-tool/README.md b/package/win/tcg-rim-tool/README.md new file mode 100644 index 00000000..ec41c535 --- /dev/null +++ b/package/win/tcg-rim-tool/README.md @@ -0,0 +1,37 @@ +This README is part of the ZIP_Files.zip generated from hirs_package_linux.yml the goal of this zip is to have the TCG RIM tool, and the TCG Eventlog tool available on windows. + +To get the tools running on windows follow the instructions below: + +1- Unzip the main folder ("ZIP_Files"), followed by unzipping both the tcg_eventlog_tool.zip and tcg_rim_tool.zip in the working directory. + +2- Open PowerShell as administrator and run > Set-ExecutionPolicy unrestricted +To verify run > Get-ExecutionPolicy and it should be set to "unrestricted" + +3- Right click on create_hirs_desktop_shortcut.ps1 and run with PowerShell, a PowerShell terminal will pop-up, if prompted type "R" to run the script. + +4- HIRS_tools.ps1 should appear on your desktop, right click on it and run with PowerShell . if prompted type "R" to run the script. + +5- The HIRS terminal should popup. + +6- (optional) To remove the warning messages when running the rim tool and the event log tool: +Open PowerShell as administrator, navigate to the working directory, and run the following: +> Unblock-File -Path .\rim.ps1 +> Unblock-File -Path .\eventLog.ps1 + +To run the rim tool try the following commands + +> rim -c base -a .\tcg_rim_tool\Base_Rim_Config.json -l .\tcg_rim_tool\TpmLog.bin -k .\tcg_rim_tool\PC_OEM1_rim_signer_rsa_3k_sha384.key -p .\tcg_rim_tool\PC_OEM1_rim_signer_rsa_3k_sha384.pem -o baseRim.swidtag + +> rim -v .\baseRim.swidtag -p .\tcg_rim_tool\PC_OEM1_rim_signer_rsa_3k_sha384.pem -t .\tcg_rim_tool\PC_OEM1_Cert_Chain.pem -l .\tcg_rim_tool\TpmLog.bin + + + +To run the eventlog tool: + +elt -f C:\Windows\Logs\MeasuredBoot\[.log file here] -e + +Eventlog files are found here windows: +C:\Windows\Logs\MeasuredBoot + +Example Command would be: +> elt -f C:\Windows\Logs\MeasuredBoot\000000001-000000001.log -e (file name needs to match on on your system) diff --git a/package/win/tcg-rim-tool/create_hirstools_desktop_shortcut.ps1 b/package/win/tcg-rim-tool/create_hirstools_desktop_shortcut.ps1 new file mode 100644 index 00000000..748b2126 --- /dev/null +++ b/package/win/tcg-rim-tool/create_hirstools_desktop_shortcut.ps1 @@ -0,0 +1,7 @@ + +# Create a shortcut to start the RIM shell +$WshShell = New-Object -comObject WScript.Shell +$Shortcut = $WshShell.CreateShortcut("$Home\Desktop\HIRS_tools.lnk") +$Shortcut.TargetPath = "$PWD\hirsshell.ps1" +$Shortcut.WorkingDirectory = "$PWD" +$Shortcut.Save() diff --git a/package/win/tcg-rim-tool/eventLog.ps1 b/package/win/tcg-rim-tool/eventLog.ps1 new file mode 100644 index 00000000..552289c7 --- /dev/null +++ b/package/win/tcg-rim-tool/eventLog.ps1 @@ -0,0 +1,11 @@ +# Script to run the tcg_rim_tool in java + +$JavaParams = @{ + FilePath = 'java' + ArgumentList = @( + '-jar "{0}"' -f "$PWD\tcg_eventlog_tool/tcg_eventlog_tool.jar" + "$args" + ) +} + +Start-Process @JavaParams -NoNewWindow -Wait \ No newline at end of file diff --git a/package/win/tcg-rim-tool/hirsshell.ps1 b/package/win/tcg-rim-tool/hirsshell.ps1 new file mode 100644 index 00000000..6b475e17 --- /dev/null +++ b/package/win/tcg-rim-tool/hirsshell.ps1 @@ -0,0 +1,14 @@ +# Script to start a new shell with a rim alias +$StartInfo = new-object System.Diagnostics.ProcessStartInfo +$StartInfo.FileName = "$pshome\powershell.exe" +$StartInfo.Arguments = "-NoExit -Command + `$Host.UI.RawUI.WindowTitle=`'TCG RIM TOOL`'; + Set-Alias elt '$PWD\eventlog.ps1'; + Set-Alias rim '$PWD\rim.ps1'; + echo 'The TCG RIM TOOL is intended for testing TCG Defined PC Client Reference Integrity Manifests (RIMs)'; + echo 'for usage type: rim -h'; + echo 'for eventlog usage type: elt -h' + Set-Location -Path $PWD; + function prompt {'HIRS > '};" +[System.Diagnostics.Process]::Start($StartInfo) + diff --git a/package/win/tcg-rim-tool/rim.ps1 b/package/win/tcg-rim-tool/rim.ps1 new file mode 100644 index 00000000..986e2917 --- /dev/null +++ b/package/win/tcg-rim-tool/rim.ps1 @@ -0,0 +1,11 @@ +# Script to run the tcg_rim_tool in java + +$JavaParams = @{ + FilePath = 'java' + ArgumentList = @( + '-jar "{0}"' -f "$PWD\tcg_rim_tool/tcg_rim_tool.jar" + "$args" + ) +} + +Start-Process @JavaParams -NoNewWindow -Wait \ No newline at end of file diff --git a/tools/tcg_eventlog_tool/build.gradle b/tools/tcg_eventlog_tool/build.gradle index 6775b515..4de963e4 100644 --- a/tools/tcg_eventlog_tool/build.gradle +++ b/tools/tcg_eventlog_tool/build.gradle @@ -123,4 +123,22 @@ ospackage { buildDeb { arch = X86_64 } + } + + +task buildZip(type: Zip){ + dependsOn jar + from(tasks.jar.archiveFile){ + rename( filename -> + "${project.name}.jar") + into '/' + } + + archiveBaseName.set(project.name) + destinationDirectory.set(file("$buildDir/distributions")) + archiveFileName.set("${project.name}.zip") +} + +buildZip.dependsOn jar +//build.dependsOn buildZip \ No newline at end of file diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index fc39524c..92921f72 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -131,3 +131,38 @@ buildRpm { buildDeb { arch = 'amd64' } + +task buildZip(type: Zip){ + dependsOn jar + dependsOn jar + from(tasks.jar.archiveFile){ + rename( filename -> + "${project.name}.jar") + into '/' + } + from('./build/resources/test/rim_fields.json'){ + into '/' + } + from('../../.ci/tcg-rim-tool/configs/Base_Rim_Config.json'){ + into '/' + } + from('../../.ci/tcg-rim-tool/eventlogs/TpmLog.bin'){ + into '/' + } + from('../../.ci/tcg-rim-tool/keys/PC_OEM1_rim_signer_rsa_3k_sha384.key'){ + into '/' + } + from('../../.ci/tcg-rim-tool/certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem'){ + into '/' + } + from('../../.ci/tcg-rim-tool/certs/PC_OEM1_Cert_Chain.pem'){ + into '/' + } + + archiveBaseName.set(project.name) + destinationDirectory.set(file("$buildDir/distributions")) + archiveFileName.set("${project.name}.zip") +} + +buildZip.dependsOn jar +//build.dependsOn buildZip \ No newline at end of file