ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-29 15:44:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[#224] Update TPM Provisioner Docker images with latest PACCOR (v1.1.4r1) (#225)

Browse Source 
* Update Docker TPMProvisioner images to latest PACCOR.

* Test updated docker images from hirs Docker Hub

* Update TPM Provisioner Docker images with latest PACCOR (v1.1.4r1)

* Updated TPM images on Docker Hub.
This commit is contained in:
busaboy1340 2020-02-25 09:51:45 -05:00 committed by GitHub
parent 4a6115f443
commit b899e0bbe0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 50 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ci/docker/Dockerfile.tpm2provisioner
View File

@ -5,7 +5,7 @@ RUN yum -y update && yum clean all
RUN yum install -y tpm2-tools libcurl procps-ng wget dbus python-requests python2-future python36-future && yum clean all
# Install PACCOR for Device Info Gathering
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.3r4/paccor-1.1.3-4.noarch.rpm && yum -y install paccor-*.rpm && popd
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r1/paccor-1.1.4-1.noarch.rpm && yum -y install paccor-*.rpm && popd
# Install Software TPM for Provisioning
RUN mkdir ibmtpm && pushd ibmtpm && wget https://downloads.sourceforge.net/project/ibmswtpm2/ibmtpm1332.tar.gz && tar -zxvf ibmtpm1332.tar.gz && cd src && make -j5 && popd

4
.ci/docker/Dockerfile.tpmprovisioner
View File

@ -5,10 +5,10 @@ RUN yum -y update && yum clean all
RUN yum install -y java-1.8.0-openjdk wget util-linux chkconfig sed systemd gmp-devel coreutils dmidecode bash autoconf autoconf-archive automake libtool pkgconfig m4 gcc-c++ openssl python-requests python2-future python36-future && yum clean all
# Install tpm_module for Communicating with TPM
RUN mkdir tpm_module && pushd tpm_module && wget https://github.com/nsacyber/HIRS/releases/download/v1.0.4/tpm_module-1.0.4-1558547257.cedc93.x86_64.rpm && yum -y install tpm_module-*.rpm && popd
RUN mkdir tpm_module && pushd tpm_module && wget https://github.com/nsacyber/HIRS/releases/download/v1.1.1/tpm_module-1.1.1-1574364941.0c2005.x86_64.rpm && yum -y install tpm_module-*.rpm && popd
# Install PACCOR for Device Info Gathering
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.3r4/paccor-1.1.3-4.noarch.rpm && yum -y install paccor-*.rpm && popd
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r1/paccor-1.1.4-1.noarch.rpm && yum -y install paccor-*.rpm && popd
# Install Software TPM for Provisioning
RUN mkdir tpm_emulator && pushd tpm_emulator && wget https://phoenixnap.dl.sourceforge.net/project/ibmswtpm/tpm4769tar.gz && tar -xzvf tpm4769tar.gz && pushd libtpm && ./autogen && ./configure && make && popd && pushd tpm && make -f makefile-tpm && popd && popd

48
.ci/system-tests/allcomponents_hirs_system_tests.sh
View File

@ -12,6 +12,7 @@ ENTERPRISE_NUMBERS_FILE="$APP_HOME""/enterprise-numbers"
PEN_ROOT="1.3.6.1.4.1." # OID root for the private enterprise numbers
SMBIOS_SCRIPT="$APP_HOME""/smbios.sh"
HW_SCRIPT="$APP_HOME""/hw.sh" # For components not covered by SMBIOS
NVME_SCRIPT="$APP_HOME""/nvme.sh" # For nvme components, until lshw supports them
### SMBIOS Type Constants
source $SMBIOS_SCRIPT
@ -24,6 +25,7 @@ SMBIOS_TYPE_RAM="17"
### hw
source $HW_SCRIPT
source $NVME_SCRIPT
### ComponentClass values
COMPCLASS_REGISTRY_TCG="2.23.133.18.3.1" # switch off values within SMBIOS to reveal accurate component classes
@ -742,6 +744,50 @@ parseHddData () {
printf "$tmpData"
}
parseNvmeData () {
nvmeParse
replaceable=$(jsonFieldReplaceable "true")
tmpData=""
numHandles=$(nvmeNumDevices)
class=$(jsonComponentClass "$COMPCLASS_REGISTRY_TCG" "$COMPCLASS_HDD")
for ((i = 0 ; i < numHandles ; i++ )); do
manufacturer="" # Making this appear as it does on windows, lshw doesn't see nvme drives and nvme-cli doesn't return a manufacturer field
model=$(nvmeGetModelNumberForDevice "$i")
serial=$(nvmeGetNguidForDevice "$i")
revision="" # empty for a similar reason to the manufacturer field
if [[ -z "${manufacturer// }" ]]; then
manufacturer="$NOT_SPECIFIED"
fi
manufacturer=$(echo "$manufacturer" | sed 's/^[ \t]*//;s/[ \t]*$//')
manufacturer=$(jsonManufacturer "$manufacturer")
if [[ -z "${model// }" ]]; then
model="$NOT_SPECIFIED"
fi
model=$(echo "${model:0:16}" | sed 's/^[ \t]*//;s/[ \t]*$//') # limited to 16 characters for compatibility to windows, then trimmed
model=$(jsonModel "$model")
optional=""
if ! [[ -z "${serial// }" ]]; then
serial=$(echo "${serial^^}" | sed 's/^[ \t]*//;s/[ \t]*$//' | sed 's/.\{4\}/&_/g' | sed 's/_$/\./')
serial=$(jsonSerial "$serial")
optional="$optional"",""$serial"
fi
optional=$(printf "$optional" | cut -c2-)
newHddData=$(jsonComponent "$class" "$manufacturer" "$model" "$replaceable" "$optional")
tmpData="$tmpData"",""$newHddData"
done
# remove leading comma
tmpData=$(printf "$tmpData" | cut -c2-)
printf "$tmpData"
}
parseGfxData () {
lshwDisplay
@ -813,7 +859,7 @@ componentsRAM=$(parseRamData)
componentsNIC=$(parseNicData)
componentsHDD=$(parseHddData)
componentsGFX=$(parseGfxData)
componentArray=$(jsonComponentArray "$componentChassis" "$componentBaseboard" "$componentBios" "$componentsCPU" "$componentsRAM" "$componentsNIC" "$componentsHDD" "$componentsGFX")
componentArray=$(jsonComponentArray "$componentChassis" "$componentBaseboard" "$componentBios" "$componentsCPU" "$componentsRAM" "$componentsNIC" "$componentsHDD" "$componentsNVMe" "$componentsGFX")
### Collate the property details
propertyArray=$(jsonPropertyArray "$property1" "$property2")