diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index cbbc269a..a2bca365 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -578,29 +578,34 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe // check if the policy is enabled if (policy.isFirmwareValidationEnabled()) { String[] baseline = new String[Integer.SIZE]; - String manufacturer = device.getDeviceInfo() - .getHardwareInfo().getManufacturer(); + String deviceName = device.getDeviceInfo() + .getNetworkInfo().getHostname(); try { - sRim = SupportReferenceManifest.select( - this.referenceManifestManager) - .byManufacturer(manufacturer).getRIM(); + Set supportRims = SupportReferenceManifest + .select(this.referenceManifestManager) + .byDeviceName(deviceName).getRIMs(); + for (SupportReferenceManifest support : supportRims) { + if (support.isBaseSupport()) { + sRim = support; + } + } eventLog = EventLogMeasurements .select(this.referenceManifestManager) - .byManufacturer(manufacturer).getRIM(); + .byDeviceName(deviceName).getRIM(); if (sRim == null) { fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Quote validation failed: " + "No associated Support RIM file " + "could be found for %s", - manufacturer)); + deviceName)); } else if (eventLog == null) { fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Quote validation failed: " + "No associated Client Log file " + "could be found for %s", - manufacturer)); + deviceName)); } else { baseline = sRim.getExpectedPCRList(); String[] storedPcrs = eventLog.getExpectedPCRList(); @@ -618,13 +623,13 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe fwStatus.setMessage("Firmware validation of TPM Quote failed." + "\nPCR hash and Quote hash do not match."); } + eventLog.setOverallValidationResult(fwStatus.getAppStatus()); + this.referenceManifestManager.update(eventLog); } } catch (Exception ex) { LOGGER.error(ex); } - eventLog.setOverallValidationResult(fwStatus.getAppStatus()); - this.referenceManifestManager.update(eventLog); quoteScv = buildValidationRecord(SupplyChainValidation .ValidationType.FIRMWARE, fwStatus.getAppStatus(), fwStatus.getMessage(), eventLog, level); @@ -639,6 +644,10 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe validations.add(buildValidationRecord(scv.getValidationType(), scv.getResult(), scv.getMessage(), scv.getCertificatesUsed().get(0), Level.INFO)); + } else { + validations.add(buildValidationRecord(scv.getValidationType(), + scv.getResult(), scv.getMessage(), + quoteScv.getCertificatesUsed().get(0), Level.INFO)); } } validations.add(quoteScv); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index b3b1f18e..0e4c9b2e 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -34,6 +34,7 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collection; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -378,20 +379,6 @@ public class ReferenceManifestDetailsPageController data.put("associatedRim", support.getAssociatedRim()); data.put("rimType", support.getRimType()); data.put("tagId", support.getTagId()); - boolean crtm = false; - boolean bootManager = false; - boolean osLoader = false; - boolean osKernel = false; - boolean acpiTables = false; - boolean smbiosTables = false; - boolean gptTable = false; - boolean bootOrder = false; - boolean defaultBootDevice = false; - boolean secureBoot = false; - boolean pk = false; - boolean kek = false; - boolean sigDb = false; - boolean forbiddenDbx = false; TCGEventLog logProcessor = new TCGEventLog(support.getRimBytes()); LinkedList tpmPcrEvents = new LinkedList<>(); @@ -417,8 +404,29 @@ public class ReferenceManifestDetailsPageController data.put("events", logProcessor.getEventList()); } + getEventSummary(data, logProcessor.getEventList()); + return data; + } + + private static void getEventSummary(final HashMap data, + final Collection eventList) { + boolean crtm = false; + boolean bootManager = false; + boolean osLoader = false; + boolean osKernel = false; + boolean acpiTables = false; + boolean smbiosTables = false; + boolean gptTable = false; + boolean bootOrder = false; + boolean defaultBootDevice = false; + boolean secureBoot = false; + boolean pk = false; + boolean kek = false; + boolean sigDb = false; + boolean forbiddenDbx = false; + String contentStr; - for (TpmPcrEvent tpe : logProcessor.getEventList()) { + for (TpmPcrEvent tpe : eventList) { contentStr = tpe.getEventContentStr(); // check for specific events if (contentStr.contains("CRTM")) { @@ -471,8 +479,6 @@ public class ReferenceManifestDetailsPageController data.put("kek", kek); data.put("sigDb", sigDb); data.put("forbiddenDbx", forbiddenDbx); - - return data; } /** @@ -503,10 +509,11 @@ public class ReferenceManifestDetailsPageController data.put("supportFilename", "Blank"); data.put("supportId", ""); - data.put("baseId", ""); + data.put("associatedRim", ""); data.put("rimType", measurements.getRimType()); data.put("hostName", measurements.getDeviceName()); data.put("validationResult", measurements.getOverallValidationResult()); + data.put("swidBase", true); if (measurements.getDeviceName() != null) { digestRecords = referenceDigestManager @@ -532,7 +539,7 @@ public class ReferenceManifestDetailsPageController data.put("tagId", baseSupport.getTagId()); if (base != null) { - data.put("baseId", base.getId()); + data.put("associatedRim", base.getId()); } } } @@ -587,7 +594,10 @@ public class ReferenceManifestDetailsPageController data.put("eventTypeMap", baselineLogEvents); } + TCGEventLog logProcessor = new TCGEventLog(measurements.getRimBytes()); data.put("livelogEvents", livelogEvents); + data.put("events", logProcessor.getEventList()); + getEventSummary(data, logProcessor.getEventList()); return data; } diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp index a7c1393f..8b20649e 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp @@ -114,7 +114,7 @@
Not Before: ${initialData.beginValidity}
Not After: ${initialData.endValidity}
- +
Signature
@@ -736,7 +736,7 @@ Name: ${property.getPropertyName()}
Value: - ${property.getPropertyValue()}
+ ${property.getPropertyValue()}
diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp index ad8cd9f7..0cd67660 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp @@ -27,16 +27,23 @@
-
Base RIM
+
Additional
RIM Info
${initialData.tagId} + +
Device: ${initialData.hostName}
+ + + + -
Base RIM not uploaded from the ACA RIM Page
+
RIM not uploaded from the ACA RIM Page
@@ -242,11 +249,11 @@
Base/Support
-
${initialData.hostName} +
Device: ${initialData.hostName}
-
Base: ${initialData.tagId} + @@ -273,7 +280,7 @@