Merging changes in main into this new branch

erge branch 'main' into v3_issue_804-spdm
2024-12-18 20:47:58 +00:00 · 2024-08-07 11:41:17 -04:00 · 2024-08-07 11:41:17 -04:00 · e92b3b51ce
commit e92b3b51ce
parent 9884e668eb a41b0f2fe4
57 changed files with 2194 additions and 249 deletions
--- a/.ci/docker/.env
+++ b/.ci/docker/.env
@ -12,4 +12,41 @@ HIRS_ACA_HOSTNAME=hirsaca

 HIRS_SUBNET=172.19.0.0/16

-TEST_STATUS=0
+TEST_STATUS=0
+
+HIRS_DEFAULT_APPSETTINGS_FILE=/usr/share/hirs/appsettings.json
+
+HIRS_CI_REPO_ROOT=/hirs
+
+HIRS_CI_TEST_ROOT=/ci_test
+HIRS_CI_EFI_PATH_ROOT=$HIRS_CI_TEST_ROOT/boot/efi
+HIRS_CI_EFI_PATH_TCG=$HIRS_CI_EFI_PATH_ROOT/EFI/tcg
+HIRS_CI_EFI_PATH_PLATFORM=$HIRS_CI_EFI_PATH_TCG/cert/platform
+HIRS_CI_EFI_PATH_RIM=$HIRS_CI_EFI_PATH_TCG/manifest/rim
+HIRS_CI_EFI_PATH_SWIDTAG=$HIRS_CI_EFI_PATH_TCG/manifest/swidtag
+HIRS_CI_TEST_HW_JSON_FILE=$HIRS_CI_TEST_ROOT/hw.json
+HIRS_CI_TEST_EVENT_LOG_FILE=$HIRS_CI_TEST_ROOT/binary_bios_measurements
+
+HIRS_CI_TEST_DEFAULT_PROFILE_DIR=$HIRS_CI_REPO_ROOT/.ci/system-tests/profiles/laptop
+HIRS_CI_TEST_DEFAULT_TEST_DIR=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/default
+HIRS_CI_TEST_DEFAULT_DMI_ZIP=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/laptop_dmi.zip
+HIRS_CI_TEST_DEFAULT_HW_JSON_FILE=$HIRS_CI_TEST_DEFAULT_TEST_DIR/laptop_default_hw.json
+HIRS_CI_TEST_DEFAULT_EVENT_LOG=$HIRS_CI_TEST_DEFAULT_TEST_DIR/laptop_default_binary_bios_measurements
+HIRS_CI_TEST_DEFAULT_SETPCRS_SH=$HIRS_CI_TEST_DEFAULT_TEST_DIR/laptop_default_setpcrs.sh
+HIRS_CI_TEST_DEFAULT_PLATFORMCERTS_DIR=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/empty/platformcerts
+HIRS_CI_TEST_DEFAULT_RIMS_DIR=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/empty/rims
+HIRS_CI_TEST_DEFAULT_SWIDTAGS_DIR=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/empty/swidtags
+
+HIRS_CI_TPM_EK_CERT_FILE=/hirs/.ci/setup/certs/ek_cert.der
+HIRS_CI_TPM_EK_CERT_NV_ATTR="0x2000A"
+HIRS_CI_TPM_EK_CERT_NV_INDEX="0x1c00002"
+
+HIRS_ACA_POST_POINT_EK=HIRS_AttestationCAPortal/portal/certificate-request/endorsement-key-credentials/upload
+HIRS_ACA_POST_POINT_PLATFORM=HIRS_AttestationCAPortal/portal/certificate-request/platform-credentials/upload
+HIRS_ACA_POST_POINT_RIM=HIRS_AttestationCAPortal/portal/reference-manifests/upload
+HIRS_ACA_POST_POINT_TRUST=HIRS_AttestationCAPortal/portal/certificate-request/trust-chain/upload
+
+SERVER_ECERT_POST="https://$HIRS_ACA_HOSTNAME:$HIRS_ACA_PORTAL_PORT/$HIRS_ACA_POST_POINT_EK"
+SERVER_PCERT_POST="https://$HIRS_ACA_HOSTNAME:$HIRS_ACA_PORTAL_PORT/$HIRS_ACA_POST_POINT_PLATFORM"
+SERVER_CACERT_POST="https://$HIRS_ACA_HOSTNAME:$HIRS_ACA_PORTAL_PORT/$HIRS_ACA_POST_POINT_TRUST"
+SERVER_RIM_POST="https://$HIRS_ACA_HOSTNAME:$HIRS_ACA_PORTAL_PORT/$HIRS_ACA_POST_POINT_RIM"
--- a/.ci/docker/Dockerfile.aca-windows
+++ b/.ci/docker/Dockerfile.aca-windows
@ -3,6 +3,8 @@
 # List of available tags for Microsoft's powershell docker image: https://mcr.microsoft.com/v2/powershell/tags/list.
 # This Dockerfile requires Powershell 7+. e.g. lts-windowsservercore-1809
 ARG BASE_IMAGE_TAG=latest
+
+# Start 
 FROM mcr.microsoft.com/powershell:${BASE_IMAGE_TAG}
 LABEL org.opencontainers.image.vendor NSA Laboratory for Advanced Cybersecurity Research
 LABEL org.opencontainers.image.source https://github.com/nsacyber/hirs
@ -14,6 +16,10 @@ ARG REF=main

 SHELL ["pwsh", "-Command"]

+# Print build args
+RUN Write-Host BASE_IMAGE_TAG: $Env:BASE_IMAGE_TAG
+RUN Write-Host REF: $Env:REF
+
 # Output Powershell Version
 # This Dockerfile requires Powershell 7+.
 RUN $PSVersionTable
@ -64,8 +70,8 @@ RUN Start-Process -FilePath 'C:/vs_buildtools.exe' -ArgumentList \"--quiet --wai
 RUN Write-Host "Finished installing Visual Studio Build Tools."

 # Download and extract pre-built openssl
-RUN ((New-Object System.Net.WebClient).DownloadFile('https://download.firedaemon.com/FireDaemon-OpenSSL/openssl-3.1.4.zip', 'C:/openssl-3.1.zip'))
-RUN Expand-Archive C:/openssl-3.1.zip -DestinationPath C:/openssl_files
+RUN ((New-Object System.Net.WebClient).DownloadFile('https://download.firedaemon.com/FireDaemon-OpenSSL/openssl-3.3.1.zip', 'C:/openssl-3.zip'))
+RUN Expand-Archive C:/openssl-3.zip -DestinationPath C:/openssl_files
 WORKDIR C:/openssl_files/openssl-3
 RUN cp -Recurse -Force C:/openssl_files/openssl-3/x64 'C:/Program Files/openssl'

@ -87,7 +93,11 @@ RUN echo $Env:JAVA_HOME
 # Clone ibmswtpm2 and build
 RUN git clone https://github.com/kgoldman/ibmswtpm2.git C:/ibmswtpm2
 ## tpm_server.sln is looking for the openssl crypto lib in a fixed location
+## Copying twice because sometimes it references either filename
 RUN cp 'C:/Program Files/openssl/lib/libcrypto.lib' 'C:/ibmswtpm2/tpmvstudio/tpm_server/libcrypto64md.lib'
+RUN cp 'C:/Program Files/openssl/lib/libcrypto.lib' 'C:/ibmswtpm2/tpmvstudio/tpm_server/libcrypto.lib'
+## Assume compatibility with any version of openssl3
+RUN (Get-Content C:/ibmswtpm2/src/BnToOsslMath.h) -replace '0x30200ff0L', '0x40200ff0L' | Out-File C:/ibmswtpm2/src/BnToOsslMath.h
 WORKDIR C:/ibmswtpm2/tpmvstudio/tpm_server
 #IF MSBUILD NOT ON PATH: RUN /vsbuildtools/MSBuild/Current/Bin/MSBuild.exe .\tpm_server.sln -t:Build -p:Configuration=Release -p:Platform=x64
 RUN MSBuild.exe .\tpm_server.sln -t:Build -p:Configuration=Release -p:Platform=x64
@ -96,8 +106,8 @@ RUN MSBuild.exe .\tpm_server.sln -t:Build -p:Configuration=Release -p:Platform=x
 # Clone ibmtss and build
 RUN git clone https://github.com/kgoldman/ibmtss.git C:/ibmtss
 ## Again, This VS project is looking for the openssl crypto library in a fixed location. The paths are imported into multiple subprojects. Easier to edit the paths than attempt to copy the library everywhere.
-RUN ((Get-Content C:/ibmtss/tpmutils/CommonPropertiesx64.props) -replace 'libcrypto64mdd','C:/program files/openssl/lib/libcrypto') | Set-Content C:/ibmtss/tpmutils/CommonPropertiesx64.props
-RUN ((Get-Content C:/ibmtss/tpmutils/CommonPropertiesx64Release.props) -replace 'libcrypto64md','C:/program files/openssl/lib/libcrypto') | Set-Content C:/ibmtss/tpmutils/CommonPropertiesx64Release.props
+RUN ((Get-Content C:/ibmtss/tpmutils/CommonPropertiesx64.props) -replace 'libcrypto','C:/program files/openssl/lib/libcrypto') | Set-Content C:/ibmtss/tpmutils/CommonPropertiesx64.props
+RUN ((Get-Content C:/ibmtss/tpmutils/CommonPropertiesx64Release.props) -replace 'libcrypto','C:/program files/openssl/lib/libcrypto') | Set-Content C:/ibmtss/tpmutils/CommonPropertiesx64Release.props
 WORKDIR C:/ibmtss/tpmutils
 # IF MSBUILD NOT ON PATH: RUN /vsbuildtools/MSBuild/Current/Bin/MSBuild.exe .\tpmutils.sln -t:Build -p:Configuration=Release -p:Platform=x64
 RUN MSBuild.exe .\tpmutils.sln -t:Build -p:Configuration=Release -p:Platform=x64
@ -112,7 +122,7 @@ RUN echo $Env:PATH
 WORKDIR C:/
 RUN git config --global --add core.autocrlf false
 RUN git config --global --add safe.directory '*'
-RUN git clone -b ${REF} https://github.com/nsacyber/hirs.git C:/repo
+RUN git clone -b $Env:REF https://github.com/nsacyber/hirs.git C:/repo

 # Defensive copy of the repo so it's easy to start fresh if needed
 WORKDIR C:/repo
@ -144,4 +154,4 @@ RUN Get-Item "C:/ProgramData/hirs/certificates/HIRS/ecc_512_sha384_certs/HIRS_le
 # The container will report a health state based on when embedded tomcat finishes loading. If the ACA isn't loaded after the timeout, the container will report that it is unhealthy.
 HEALTHCHECK --start-period=50s --interval=1s --timeout=90s CMD pwsh -Command try { $response = Invoke-WebRequest -Uri https://localhost:8443; if ($response.StatusCode -eq 200) { return 0 } else { return 1 }; } catch { return 1 }

-CMD ["pwsh", "-Command", "pwsh -ExecutionPolicy Bypass C:/hirs/package/win/aca/aca_bootRun.ps1"]
+CMD ["pwsh", "-Command", "pwsh -ExecutionPolicy Bypass C:/hirs/package/win/aca/aca_bootRun.ps1"]
--- a/.ci/docker/docker-compose-system-test.yml
+++ b/.ci/docker/docker-compose-system-test.yml
@ -7,6 +7,7 @@ services:
      command: ["bash", "-c", "tail -f /dev/null;"]
      ports:
         - "${HIRS_ACA_PORTAL_PORT}:${HIRS_ACA_PORTAL_CONTAINER_PORT}"
+         - 9123:9123
      hostname: ${HIRS_ACA_HOSTNAME}
      networks:
         hirs_aca_system_tests:
@ -21,7 +22,7 @@ services:
         - aca
      volumes:
         - ../../:/HIRS
-      command: ["bash", "-c", "/ibmswtpm2/src/tpm_server && tail -f /dev/null"]
+      command: ["bash", "-c", "tail -f /dev/null"]
      networks:
         hirs_aca_system_tests:
            ipv4_address: ${HIRS_ACA_PROVISIONER_TPM2_IP}
@ -32,4 +33,4 @@ networks:
      ipam:
         driver: default
         config:
-            - subnet: ${HIRS_SUBNET}
+            - subnet: ${HIRS_SUBNET}
--- a/.ci/setup/container/setup_tpm2provisioner_dotnet.sh
+++ b/.ci/setup/container/setup_tpm2provisioner_dotnet.sh
@ -4,7 +4,8 @@
 #########################################################################################

 # Setting configurations
-. ./.ci/docker/.env
+. /hirs/.ci/docker/.env
+source /hirs/.ci/setup/container/tpm2_common.sh

 set -a

@ -12,112 +13,17 @@ set -e
 echo "*** Setting up TPM emulator for the TPM2 Provisioner *** "

 # Wait for ACA to boot
-echo "*** Waiting for ACA to spin up at address ${HIRS_ACA_PORTAL_IP} on port ${HIRS_ACA_PORTAL_PORT} ..."
-  until [ "`curl --silent -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep 'HTTP/1.1 200'`" != "" ]; do
-    sleep 1;
-  done
-  echo "*** ACA is up!"
+waitForAca

 ## Un-package Provisioner.NET RPM
 yes | dnf install HIRS_Provisioner.NET/hirs/bin/Release/net6.0/linux-x64/HIRS_Provisioner.NET.2.2.0.linux-x64.rpm -y > /dev/null

 # Initiate startup for IBMTSS Tools
-pushd /ibmtss/utils
-tpm2_startup -T mssim -c &
-sleep 5
-tpm2_nvdefine -T mssim -C o -a 0x2000A -s $(cat /hirs/.ci/setup/certs/ek_cert.der | wc -c) 0x1c00002
-tpm2_nvwrite -T mssim -C o -i /hirs/.ci/setup/certs/ek_cert.der 0x1c00002
-popd
+startFreshTpmServer -f
+startupTpm
+installEkCert

-# Writing to Provisioner.Net configurations file for modified aca port and efi prefix
-cat <<APPSETTINGS_FILE > /usr/share/hirs/appsettings.json
-{
-  "auto_detect_tpm":  "TRUE",
-  "aca_address_port": "https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}",
-  "efi_prefix": "/ci_test/boot/efi",
-  "paccor_output_file": "",
-  "event_log_file":  "",
-  "hardware_manifest_collectors": "paccor_scripts",
-
-  "Serilog": {
-    "Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],
-    "Enrich": [ "FromLogContext", "WithMachineName", "WithProcessId", "WithThreadId" ],
-    "MinimumLevel": {
-      "Default": "Debug",
-      "Override": {
-        "Microsoft": "Warning",
-        "System": "Warning"
-      }
-    },
-    "WriteTo": [
-      {
-        "Name": "Console",
-        "Args": {
-          "outputTemplate": "{Message}{NewLine}",
-          "theme": "Serilog.Sinks.SystemConsole.Themes.SystemConsoleTheme::Grayscale, Serilog.Sinks.Console",
-          "restrictedToMinimumLevel": "Information"
-        }
-      },
-      {
-        "Name": "File",
-        "Args": {
-          "path": "hirs.log",
-          "rollingInterval": "Day",
-          "retainedFileCountLimit": 5
-        }
-      }
-    ]
-  }
-}
-APPSETTINGS_FILE
-cp /usr/share/hirs/appsettings.json /usr/share/hirs/appsettings_default.json
-cat <<APPSETTINGS_FILE_HW > /usr/share/hirs/appsettings_hw.json
-{
-  "auto_detect_tpm":  "TRUE",
-  "aca_address_port": "https://172.19.0.2:8443",
-  "efi_prefix": "/ci_test/boot/efi",
-  "paccor_output_file": "/ci_test/hw.json",
-  "event_log_file":  "/ci_test/binary_bios_measurements",
-  "hardware_manifest_collectors": "",
-  "linux_bios_vendor_file": "/ci_test/dmi/id/bios_vendor",
-  "linux_bios_version_file": "/ci_test/dmi/id/bios_version",
-  "linux_bios_date_file": "/ci_test/dmi/id/bios_date",
-  "linux_sys_vendor_file": "/ci_test/dmi/id/sys_vendor",
-  "linux_product_name_file": "/ci_test/dmi/id/product_name",
-  "linux_product_version_file": "/ci_test/dmi/id/product_version",
-  "linux_product_serial_file": "/ci_test/dmi/id/product_serial",
-
-  "Serilog": {
-    "Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],
-    "Enrich": [ "FromLogContext", "WithMachineName", "WithProcessId", "WithThreadId" ],
-    "MinimumLevel": {
-      "Default": "Debug",
-      "Override": {
-        "Microsoft": "Warning",
-        "System": "Warning"
-      }
-    },
-    "WriteTo": [
-      {
-        "Name": "Console",
-        "Args": {
-          "outputTemplate": "{Message}{NewLine}",
-          "theme": "Serilog.Sinks.SystemConsole.Themes.SystemConsoleTheme::Grayscale, Serilog.Sinks.Console",
-          "restrictedToMinimumLevel": "Information"
-        }
-      },
-      {
-        "Name": "File",
-        "Args": {
-          "path": "hirs.log",
-          "rollingInterval": "Day",
-          "retainedFileCountLimit": 5
-        }
-      }
-    ]
-  }
-}
-APPSETTINGS_FILE_HW
+setCiHirsAppsettingsFile

 # Triggering a single provision for test
 echo "==========="
--- a/.ci/setup/container/tpm2_common.sh
+++ b/.ci/setup/container/tpm2_common.sh
@ -149,12 +149,200 @@ DEFAULT_SITE_CONFIG_FILE
   cat /etc/hirs/hirs-site.config
 }

+# Function to update the hirs-site.config file
+function setCiHirsAppsettingsFile {
+  # Setting configurations
+  . /hirs/.ci/docker/.env
+
+  HIRS_APPSETTINGS_FILE=$HIRS_DEFAULT_APPSETTINGS_FILE
+  ACA_ADDRESS="https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}"
+  EFI_PREFIX_PATH=$HIRS_CI_EFI_PATH_ROOT
+  PACCOR_OUTPUT_FILE=""
+  EVENT_LOG_FILE=""
+  HARDWARE_MANIFEST_COLLECTORS="paccor_scripts"
+
+  # Process parameters Argument handling 
+  POSITIONAL_ARGS=()
+  ORIGINAL_ARGS=("$@")
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+      --aca-address)
+        shift # past argument
+        ACA_ADDRESS=$1
+        shift # past parameter
+        ;;
+      --efi-prefix)
+        shift # past argument
+        EFI_PREFIX_PATH=$1
+	shift # past parameter
+        ;;
+      --paccor-output-file)
+        shift # past argument
+	PACCOR_OUTPUT_FILE=$1
+	HARDWARE_MANIFEST_COLLECTORS=""
+        shift # past parameter
+        ;;
+      --event-log-file)
+        shift # past argument
+        EVENT_LOG_FILE=$1
+        shift # past argument
+        ;;
+      --linux-dmi)
+	USE_LINUX_DMI=YES
+	shift # past argument
+	;;
+    -*|--*)
+        echo "setCiHirsAppsettingsFile: Unknown option $1"
+        shift # past argument
+        ;;
+      *)
+       POSITIONAL_ARGS+=("$1") # save positional arg
+       # shift # past argument
+       break
+        ;;
+    esac
+  done
+  echo ""
+  echo "===========Updating ${HIRS_APPSETTINGS_FILE}, using values from /HIRS/.ci/docker/.env file...==========="
+
+  cat <<DEFAULT_APPSETTINGS_FILE > $HIRS_APPSETTINGS_FILE
+{
+  "auto_detect_tpm":  "TRUE",
+  "aca_address_port": "$ACA_ADDRESS",
+  "efi_prefix": "$EFI_PREFIX_PATH",
+  "paccor_output_file": "$PACCOR_OUTPUT_FILE",
+  "event_log_file": "$EVENT_LOG_FILE",
+  "hardware_manifest_collectors": "$HARDWARE_MANIFEST_COLLECTORS",
+DEFAULT_APPSETTINGS_FILE
+  if [ "$USE_LINUX_DMI" = YES ]; then
+    cat <<DEFAULT_APPSETTINGS_FILE >> $HIRS_APPSETTINGS_FILE
+  "linux_bios_vendor_file": "$HIRS_CI_TEST_ROOT/dmi/id/bios_vendor",
+  "linux_bios_version_file": "$HIRS_CI_TEST_ROOT/dmi/id/bios_version",
+  "linux_bios_date_file": "$HIRS_CI_TEST_ROOT/dmi/id/bios_date",
+  "linux_sys_vendor_file": "$HIRS_CI_TEST_ROOT/dmi/id/sys_vendor",
+  "linux_product_name_file": "$HIRS_CI_TEST_ROOT/dmi/id/product_name",
+  "linux_product_version_file": "$HIRS_CI_TEST_ROOT/dmi/id/product_version",
+  "linux_product_serial_file": "$HIRS_CI_TEST_ROOT/dmi/id/product_serial",
+DEFAULT_APPSETTINGS_FILE
+  fi
+  cat <<DEFAULT_APPSETTINGS_FILE >> $HIRS_APPSETTINGS_FILE
+  "Serilog": {
+    "Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],
+    "Enrich": [ "FromLogContext", "WithMachineName", "WithProcessId", "WithThreadId" ],
+    "MinimumLevel": {
+      "Default": "Debug",
+      "Override": {
+        "Microsoft": "Warning",
+        "System": "Warning"
+      }
+    },
+    "WriteTo": [
+      {
+        "Name": "Console",
+        "Args": {
+          "outputTemplate": "{Message}{NewLine}",
+          "theme": "Serilog.Sinks.SystemConsole.Themes.SystemConsoleTheme::Grayscale, Serilog.Sinks.Console",
+          "restrictedToMinimumLevel": "Information"
+        }
+      },
+      {
+        "Name": "File",
+        "Args": {
+          "path": "hirs.log",
+          "rollingInterval": "Day",
+          "retainedFileCountLimit": 5
+        }
+      }
+    ]
+  }
+}
+DEFAULT_APPSETTINGS_FILE
+}
+
+# These functions work on the tpm2provisioner_dotnet image 
+# They assume the IBM sw tpm server repo is cloned to /ibmswtpm2
+# They assume the IBM tss repo is cloned to /ibmtss
+# They assume tpm2-tools are installed.
+# They assume the HIRS repo is cloned to /hirs.
+function startFreshTpmServer {
+  # Process parameters Argument handling 
+  POSITIONAL_ARGS=()
+  ORIGINAL_ARGS=("$@")
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+      -f|--force|--restart)
+	stopTpmServer
+	sleep 5
+	shift # past argument
+	;;
+    -*|--*)
+        echo "setCiHirsAppsettingsFile: Unknown option $1"
+        shift # past argument
+        ;;
+      *)
+       POSITIONAL_ARGS+=("$1") # save positional arg
+       # shift # past argument
+       break
+        ;;
+    esac
+  done
+
+  if isTpmServerRunning ; then
+    echo "TPM server already running."
+  else
+    echo -n "Starting TPM server..."
+    /ibmswtpm2/src/tpm_server -rm &> /dev/null &
+    sleep 2
+    pid=$(findTpmServerPid)
+    echo "...running with pid: $pid"
+  fi
+}
+
+function startupTpm {
+  echo "Running tpm2_startup"
+  tpm2_startup -T mssim -c
+  sleep 2
+}
+
+function installEkCert {
+  # Setting configurations
+  . /hirs/.ci/docker/.env
+  
+  echo "Installing EK Cert $HIRS_CI_TPM_EK_CERT_FILE into TPM NVRAM at index $HIRS_CI_TPM_EK_CERT_NV_INDEX"
+  tpm2_nvdefine -T mssim -C o -a $HIRS_CI_TPM_EK_CERT_NV_ATTR -s $(cat $HIRS_CI_TPM_EK_CERT_FILE | wc -c) $HIRS_CI_TPM_EK_CERT_NV_INDEX
+  tpm2_nvwrite -T mssim -C o -i $HIRS_CI_TPM_EK_CERT_FILE $HIRS_CI_TPM_EK_CERT_NV_INDEX
+  echo "Finished installing EK cert."
+}
+
+function findTpmServerPid {
+  pid=$(pgrep -f /ibmswtpm2/src/tpm_server 2> /dev/null)
+  echo -n "$pid"
+}
+
+# ex usage: isTpmServerRunning && echo "up" || echo "down"
+function isTpmServerRunning {
+  tpmUp=$(findTpmServerPid)
+  if [ -n "$tpmUp" ]; then
+    return 0
+  else
+    return 1
+  fi
+}
+
+function stopTpmServer {
+  tpmUp=$(findTpmServerPid)
+  if [ -n "$tpmUp" ]; then
+    echo "Stopping TPM server with pid: $tpmUp"
+    kill -9 $tpmUp
+  fi
+}
+
 # Wait for ACA to boot
 function waitForAca {
  echo "Waiting for ACA to spin up at address ${HIRS_ACA_PORTAL_IP} on port ${HIRS_ACA_PORTAL_PORT} ..."
-  until [ "`curl --silent --connect-timeout 1 -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep '302 Found'`" != "" ]; do
+  until [ "`curl --silent -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep 'HTTP/1.1 200'`" != "" ]; do
    sleep 1;
-  #echo "Checking on the ACA..."
  done
  echo "ACA is up!"
 }
+
--- a/.ci/system-tests/container/efi_setup.sh
+++ b/.ci/system-tests/container/efi_setup.sh
@ -0,0 +1,52 @@
+#!/bin/bash
+#########################################################################################
+#   Setup a local directory to act as the ESP for testing
+#   This just creates the directory structure.
+#   usage efi_setup.sh [-c] [-p] [-r]
+#   -c: clear all artifact directories
+#   -p: clear only the platform directory
+#   -r: clear only the rim directories
+#########################################################################################
+
+# Load env variables
+. /hirs/.ci/docker/.env
+
+# Process parameters Argument handling 
+POSITIONAL_ARGS=()
+ORIGINAL_ARGS=("$@")
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    -c|--clear-all)
+      CLEAR_ALL=YES
+      shift # past argument
+      ;;
+    -p|--clear-platform)
+      CLEAR_PLATFORM=YES
+      shift # past argument
+      ;;
+    -r|--clear-rim)
+      CLEAR_RIM=YES
+      shift # past argument
+      ;;
+    *)
+     POSITIONAL_ARGS+=("$1") # save positional arg
+     # shift # past argument
+     break
+      ;;
+  esac
+done
+# Ensure file structure is there
+mkdir -p $HIRS_CI_EFI_PATH_PLATFORM
+mkdir -p $HIRS_CI_EFI_PATH_RIM
+mkdir -p $HIRS_CI_EFI_PATH_SWIDTAG
+
+# Clear out any previous artifacts
+
+if [ "$CLEAR_ALL" = YES ] || [ "$CLEAR_PLATFORM" = YES ] ; then
+  rm -f $HIRS_CI_EFI_PATH_PLATFORM/*
+fi
+if [ "$CLEAR_ALL" = YES ] || [ "$CLEAR_RIM" = YES ] ; then
+  rm -f $HIRS_CI_EFI_PATH_RIM/*
+  rm -f $HIRS_CI_EFI_PATH_SWIDTAG/*
+fi
+
--- a/.ci/system-tests/container/pc_setup.sh
+++ b/.ci/system-tests/container/pc_setup.sh
@ -1,50 +1,111 @@
 #!/bin/bash
 #########################################################################################
 #   Setup for platform certificates for testing
-#   Copies platform certs (Base and Delta) to the tcg directory
-#   usage pc_setup.sh <profile> <test>
+#   usage pc_setup.sh -p <profile> -t <test> [-u] [-n]
+#   By default, copies platform certs (Base and Delta) to the tcg directory.
+#   -u: upload the certs to the ACA directly.
+#   -n: disable copy of certs to the tcg directory.
 #########################################################################################

-profile=$1
-test=$2
-ciTestDir="/ci_test"
-tcgDir="$ciTestDir/boot/efi/EFI/tcg/cert/platform/"
+# Load env variables
+. /hirs/.ci/docker/.env

+profile=laptop
+test=default
+ciTestHwJsonFile=$HIRS_CI_TEST_HW_JSON_FILE
+
+# By default save the artifacts in EFI and do not upload to the ACA
+UPLOAD_ARTIFACTS=NO
+PUT_ARTIFACTS_IN_ESP=YES
+
+# Process parameters Argument handling 
+POSITIONAL_ARGS=()
+ORIGINAL_ARGS=("$@")
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    -p|--profile)
+      shift # past argument
+      profile=$1
+      shift # past parameter
+      ;;
+    -t|--test)
+      shift # past argument
+      test=$1
+      shift # past parameter
+      ;;
+    -u|--upload)
+      UPLOAD_ARTIFACTS=YES
+      shift # past argument
+      ;;
+    -n|--no-efi)
+      PUT_ARTIFACTS_IN_ESP=NO
+      shift # past argument
+      ;;
+    -*|--*)
+      echo "pc_setup.sh: Unknown option $1"
+      shift # past argument
+      ;;
+    *)
+     POSITIONAL_ARGS+=("$1") # save positional arg
+     # shift # past argument
+     break
+      ;;
+  esac
+done
 # Profile selections
-profileDir="/hirs/.ci/system-tests/profiles/$profile"
+profileDir="$HIRS_CI_REPO_ROOT/.ci/system-tests/profiles/$profile"
 testDir="$profileDir/$test"
 pcDir="$testDir/platformcerts"
 dmiZip="$profileDir/$profile"_dmi.zip
 hwJsonFileName="$profile"_"$test"_hw.json
 hwJsonFile="$testDir/$hwJsonFileName"
-ciTestHwJsonFile="$ciTestDir/hw.json"

-# Current TCG folder for platform certs
-mkdir -p $tcgDir;  # Create the platform cert folder if its not there
-rm -f $tcgDir*;    # Clear out any previous data
+# Use default settings if profile does not have specific changes
+if [ ! -f "$hwJsonFile" ]; then
+    echo "Test is using a profile with no hardware manifest file. Using default."
+    hwJsonFile=$HIRS_CI_TEST_DEFAULT_HW_JSON_FILE
+fi

-echo "Test is using platform cert(s) from $profile : $test"
+if [ ! -f "$dmiZip" ]; then
+    echo "Test is using a profile with no DMI data. Using default."
+    dmiZip=$HIRS_CI_TEST_DEFAULT_DMI_ZIP
+fi
+
+# Ensure platform folder under efi is set up and cleared
+$HIRS_CI_REPO_ROOT/.ci/system-tests/container/efi_setup.sh -p
+
+echo "Platform certs selected from profile: $profile : $test"
 # Step 1: Copy hw json file, if it exists.
 if [ -f "$hwJsonFile" ]; then
-      cp "$hwJsonFile" "$ciTestHwJsonFile"
+    echo "hw file used was $hwJsonFile"
+    cp "$hwJsonFile" "$ciTestHwJsonFile"
 fi

 # Can remove this once unzip is added to the image
 dnf install -y unzip &> /dev/null

 # Step 2: Unpack the dmi files.
-unzip -o "$dmiZip" -d "$ciTestDir"
+echo "dmi file used was $dmiZip"
+unzip -o "$dmiZip" -d $HIRS_CI_TEST_ROOT

-# Step 3: Copy the platform cert to tcg folder 
+# Step 3: Copy the platform cert to tcg folder and or upload it to the ACA
 if [[ ! -d $pcDir ]]; then
-    pcDir=$profileDir/default/platformcerts;
+    pcDir=$profileDir/default/platformcerts
 fi
+
 pushd $pcDir > /dev/null
 # Skip copy of platform cert if .gitigore exists (empty profile)
-if [[ ! -f ".gitignore" ]]; then
+  if [[ ! -f ".gitignore" ]]; then
    for cert in * ; do
-          cp -f $cert $tcgDir$cert;
+      if [ "$PUT_ARTIFACTS_IN_ESP" = YES ]; then
+        echo "Saving $cert to $HIRS_CI_EFI_PATH_PLATFORM"
+        cp $cert $HIRS_CI_EFI_PATH_PLATFORM
+      fi
+      if [ "$UPLOAD_ARTIFACTS" = YES ]; then
+        echo "Uploading $cert to $SERVER_PCERT_POST"
+        curl -k -F "file=@$cert" $SERVER_PCERT_POST
+      fi
    done
-fi
-
+  fi
 popd > /dev/null
+
--- a/.ci/system-tests/container/rim_setup.sh
+++ b/.ci/system-tests/container/rim_setup.sh
@ -1,76 +1,116 @@
 #!/bin/bash
 #########################################################################################
 #   Setup for PC Client Reference Integrity Manifest (RIM) tests
-#   usage rim_setup.sh <profile> <test> <option>
-#   use "clear" option to clear existing TPM PCR values
+#   usage rim_setup.sh -p <profile> -t <test> [-u] [-n]
 #########################################################################################

-profile=$1
-test=$2
-ciTestDir="/ci_test"
-tcgDir="$ciTestDir/boot/efi/EFI/tcg"
+# Load env variables
+. /hirs/.ci/docker/.env

+profile=laptop
+test=default
+ciTestEventLog=$HIRS_CI_TEST_EVENT_LOG_FILE
+
+# By default save the artifacts in EFI and do not upload to the ACA
+UPLOAD_ARTIFACTS=NO
+PUT_ARTIFACTS_IN_ESP=YES
+
+# Process parameters Argument handling 
+POSITIONAL_ARGS=()
+ORIGINAL_ARGS=("$@")
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    -p|--profile)
+      shift # past argument
+      profile=$1
+      shift # past parameter
+      ;;
+    -t|--test)
+      shift # past argument
+      test=$1
+      shift # past parameter
+      ;;
+    -u|--upload)
+      UPLOAD_ARTIFACTS=YES
+      shift # past argument
+      ;;
+    -n|--no-efi)
+      PUT_ARTIFACTS_IN_ESP=NO
+      shift # past argument
+      ;;
+    -*|--*)
+      echo "rim_setup.sh: Unknown option $1"
+      shift # past argument
+      ;;
+    *)
+     POSITIONAL_ARGS+=("$1") # save positional arg
+     # shift # past argument
+     break
+      ;;
+  esac
+done
 # Profile selections
-profileDir="/hirs/.ci/system-tests/profiles/$profile"
+profileDir="$HIRS_CI_REPO_ROOT/.ci/system-tests/profiles/$profile"
 defaultDir="$profileDir/default"
-testDir="/hirs/.ci/system-tests/profiles/$profile/$test"
+testDir="$profileDir/$test"
 eventLog="$testDir"/"$profile"_"$test"_binary_bios_measurements
 swidDir="$testDir/swidtags"
 rimDir="$testDir/rims"
 pcrScript="$testDir/"$profile"_"$test"_setpcrs.sh"
-ciTestEventLog="$ciTestDir/binary_bios_measurements"

 echo "Test is using RIM files from $profile : $test"

-# Make sure TCG defined RIM folders exist and are cleared out
-mkdir -p $tcgDir/manifest/rim/;  # Create the platform cert folder if its not there
-rm -f $tcgDir/manifest/rim/*;    # clear out any previous data
-
-mkdir -p $tcgDir/manifest/swidtag/;  # Create the platform cert folder if its not there
-rm -f $tcgDir/manifest/swidtag/*;   # clear out any previous data
+# Ensure rim folders under efi are set up and cleared
+$HIRS_CI_REPO_ROOT/.ci/system-tests/container/efi_setup.sh -r

 # Step 1: Copy binary_bios_measurement file
 if [ ! -e "$eventLog" ]; then
-  eventLog="$defaultDir"/laptop_default_binary_bios_measurements
+  eventLog=$HIRS_CI_TEST_DEFAULT_EVENT_LOG
 fi
 echo "eventLog used was  $eventLog"
 cp "$eventLog" "$ciTestEventLog"

 # Step 2: Copy Base RIM files to the TCG folder
-#      a: See if test specific swidtag folder exists, if not use the defualt folder
+#      a: See if test specific swidtag folder exists, if not use the default folder
 if [[ ! -d $swidDir ]]; then
    swidDir=$defaultDir/swidtags;
 fi
 pushd $swidDir > /dev/null
  if [[ ! -f ".gitignore" ]]; then
    for swidtag in * ; do
-          cp -f $swidtag $tcgDir/manifest/swidtag/$swidtag;
+      if [ "$PUT_ARTIFACTS_IN_ESP" = YES ]; then
+        echo "Saving $swidtag to $HIRS_CI_EFI_PATH_SWIDTAG"
+        cp $swidtag $HIRS_CI_EFI_PATH_SWIDTAG
+      fi
+      if [ "$UPLOAD_ARTIFACTS" = YES ]; then
+        echo "Uploading $swidtag to $SERVER_RIM_POST"
+        curl -k -F "file=@$swidtag" $SERVER_RIM_POST
+      fi
    done
  fi
 popd > /dev/null
-# Step 3: Copy Support RIM files to the TCG folder in the same mannor
+# Step 3: Copy Support RIM files to the TCG folder in the same manner
 if [[ ! -d $rimDir ]]; then 
    rimDir=$defaultDir/rims;
 fi
 pushd $rimDir > /dev/null
-
  if [[ ! -f ".gitignore" ]]; then
    for rim in * ; do
-          cp -f $rim $tcgDir/manifest/rim/$rim;
+      if [ "$PUT_ARTIFACTS_IN_ESP" = YES ]; then
+        echo "Saving $rim to $HIRS_CI_EFI_PATH_RIM"
+        cp $rim $HIRS_CI_EFI_PATH_RIM
+      fi
+      if [ "$UPLOAD_ARTIFACTS" = YES ]; then
+        echo "Uploading $rim to $SERVER_RIM_POST"
+        curl -k -F "file=@$rim" $SERVER_RIM_POST
+      fi
    done
  fi
 popd > /dev/null

 #Step 4, run the setpcr script to make the TPM emulator hold values that correspond the binary_bios_measurement file
-#     a: Clear the TPM PCR registers vi a call to the tss clear 
-#     b: Check if a test specific setpcr.sh file exists. If not use the profiles default script
-
-
 if [[ ! -f $pcrScript ]]; then
-    pcrScript="$profileDir/default/"$profile"_default_setpcrs.sh"
+    pcrScript=$HIRS_CI_TEST_DEFAULT_SETPCRS_SH
 fi
 sh $pcrScript;
-#echo "PCR script was $pcrScript"
-#tpm2_pcrlist -g sha256 

-# Done with rim_setup
--- a/.ci/system-tests/setup_system_tests.sh
+++ b/.ci/system-tests/setup_system_tests.sh
@ -18,16 +18,16 @@ docker exec $aca_container sh -c "/tmp/auto_clone_branch $1 > /dev/null 2>&1 \
                                  && echo 'ACA Container Current Branch: ' && git branch \
                                  && /hirs/package/linux/aca/aca_setup.sh --unattended 1> /dev/null \
                                  && /tmp/hirs_add_aca_tls_path_to_os.sh 1> /dev/null \
-                                  && /hirs/package/linux/aca/aca_bootRun.sh 1> /dev/null" &
+                                  && /hirs/package/linux/aca/aca_bootRun.sh -d 1> /dev/null" &

 # Switching to current/desired branch in Provisioner Container
 docker exec $tpm2_container sh -c "/tmp/auto_clone_branch $1 > /dev/null 2>&1 \
                                   && echo 'Provisioner Container Current Branch: ' && git branch"
-
+			  
 # Install HIRS Provisioner.Net and setup tpm2 simulator.
 # In doing so, tests a single provision between Provisioner.Net and ACA.
 echo "Launching provisioner setup"
-docker exec $tpm2_container sh /hirs/.ci/setup/container/setup_tpm2provisioner_dotnet.sh
+docker exec -i $tpm2_container /bin/bash -c "/hirs/.ci/setup/container/setup_tpm2provisioner_dotnet.sh"

 # Initiating System Tests
-echo "******** Setup Complete. Beginning HIRS System Tests. ******** "
+echo "******** Setup Complete. Beginning HIRS System Tests. ******** "
--- a/.ci/system-tests/sys_test_common.sh
+++ b/.ci/system-tests/sys_test_common.sh
@ -26,34 +26,34 @@ fi

 # clear all policy settings
 setPolicyNone() {
-docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=0, pcAttributeValidationEnabled=0, pcValidationEnabled=0,
+docker exec -i $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=0, pcAttributeValidationEnabled=0, pcValidationEnabled=0,
           utcValidationEnabled=0, firmwareValidationEnabled=0, expiredCertificateValidationEnabled=0, ignoreGptEnabled=0, ignoreImaEnabled=0, ignoretBootEnabled=0;"
 }

 # Policy Settings for tests ...
 setPolicyEkOnly() {
-docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=1, pcAttributeValidationEnabled=0, pcValidationEnabled=0,
+docker exec -i $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=1, pcAttributeValidationEnabled=0, pcValidationEnabled=0,
           utcValidationEnabled=0, firmwareValidationEnabled=0, expiredCertificateValidationEnabled=0, ignoreGptEnabled=0, ignoreImaEnabled=0, ignoretBootEnabled=0;"
 }

 setPolicyEkPc_noAttCheck() {
-docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=1, pcAttributeValidationEnabled=0, pcValidationEnabled=1,
+docker exec -i $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=1, pcAttributeValidationEnabled=0, pcValidationEnabled=1,
           utcValidationEnabled=0, firmwareValidationEnabled=0, expiredCertificateValidationEnabled=0, ignoreGptEnabled=0, ignoreImaEnabled=0, ignoretBootEnabled=0;"
 }

 setPolicyEkPc() {
-docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=1, pcAttributeValidationEnabled=1, pcValidationEnabled=1,
+docker exec -i $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=1, pcAttributeValidationEnabled=1, pcValidationEnabled=1,
           utcValidationEnabled=0, firmwareValidationEnabled=0, expiredCertificateValidationEnabled=0, ignoreGptEnabled=0, ignoreImaEnabled=0, ignoretBootEnabled=0;"
 }

 setPolicyEkPcFw() {
-docker exec $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=1, pcAttributeValidationEnabled=1, pcValidationEnabled=1,
+docker exec -i $aca_container mysql -u root -proot -D hirs_db -e "Update PolicySettings set ecValidationEnabled=1, pcAttributeValidationEnabled=1, pcValidationEnabled=1,
           utcValidationEnabled=0, firmwareValidationEnabled=1, expiredCertificateValidationEnabled=0, ignoreGptEnabled=0, ignoreImaEnabled=1, ignoretBootEnabled=0;"
 }

 # Clear all ACA DB items excluding policy
 clearAcaDb() {
-docker exec hirs-aca1 mysql -u root -proot -e "use hirs_db; set foreign_key_checks=0; truncate Appraiser;
+docker exec -i $aca_container mysql -u root -proot -e "use hirs_db; set foreign_key_checks=0; truncate Appraiser;
 truncate Certificate;truncate Certificate_Certificate;truncate CertificatesUsedToValidate;truncate ComponentAttributeResult;
 truncate ComponentInfo;truncate ComponentResult;truncate Device;truncate DeviceInfoReport;truncate PortalInfo;
 truncate ReferenceDigestValue;truncate ReferenceManifest;truncate Report;truncate SupplyChainValidation;
@ -68,15 +68,18 @@ uploadTrustedCerts() {
 #                                     && ./createekcert -rsa 2048 -cakey cakey.pem -capwd rrrr -v 1> /dev/null \
 #                                     && popd > /dev/null"
  # Upload CA Cert from IBMTSS Tools
-  docker exec $tpm2_container sh -c "pushd /ibmtss/utils/certificates > /dev/null \
-                                     && curl -k -s -F 'file=@cacert.pem' https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal/portal/certificate-request/trust-chain/upload \
-                                     && popd > /dev/null"
+  echo "Uploading Trust Certificates to ${HIRS_ACA_HOSTNAME}:${HIRS_ACA_PORTAL_PORT}"
+  echo "Uploading the EK Certificate CA(s)..."
+  docker exec -i $tpm2_container /bin/bash -c "curl -k -F 'file=@/ibmtss/utils/certificates/cacert.pem' $SERVER_CACERT_POST"
+  echo "...done"
  # Upload Trusted Certs from HIRS
-  pushd .ci/setup/certs > /dev/null
-    curl -k -s -F "file=@ca.crt" https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal/portal/certificate-request/trust-chain/upload
-    curl -k -s -F "file=@RIMCaCert.pem" https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal/portal/certificate-request/trust-chain/upload
-    curl -k -s -F "file=@RimSignCert.pem" https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal/portal/certificate-request/trust-chain/upload
-  popd > /dev/null
+  echo "Uploading the Platform Certificate CA(s)..."
+  docker exec -i $aca_container /bin/bash -c "curl -k -F 'file=@$HIRS_CI_REPO_ROOT/.ci/setup/certs/ca.crt' https://localhost:${HIRS_ACA_PORTAL_PORT}/$HIRS_ACA_POST_POINT_TRUST"
+  echo "...done"
+  echo "Uploading the RIM CA(s)..."
+  docker exec -i $aca_container /bin/bash -c "curl -k -F 'file=@$HIRS_CI_REPO_ROOT/.ci/setup/certs/RIMCaCert.pem' https://localhost:${HIRS_ACA_PORTAL_PORT}/$HIRS_ACA_POST_POINT_TRUST"
+  docker exec -i $aca_container /bin/bash -c "curl -k -F 'file=@$HIRS_CI_REPO_ROOT/.ci/setup/certs/RimSignCert.pem' https://localhost:${HIRS_ACA_PORTAL_PORT}/$HIRS_ACA_POST_POINT_TRUST"
+  echo "...done"
 }

 # provision_tpm2 takes one parameter which is the expected result of the provion: "pass" or "fail"
@ -85,7 +88,7 @@ uploadTrustedCerts() {
 provisionTpm2() {
   expected_result=$1
   ((totalTests++))
-   provisionOutput=$(docker exec $tpm2_container sh -c "/usr/share/hirs/tpm_aca_provision --tcp --ip 127.0.0.1:2321 --sim");
+   provisionOutput=$(docker exec -i $tpm2_container /bin/bash -c "/usr/share/hirs/tpm_aca_provision --tcp --ip 127.0.0.1:2321 --sim");
    echo "==========="
    echo "$provisionOutput";
    echo "===========";
@ -106,22 +109,28 @@ provisionTpm2() {
  fi
 }

+resetTpmForNewTest() {
+  docker exec -i $tpm2_container /bin/bash -c "source $HIRS_CI_REPO_ROOT/.ci/setup/container/tpm2_common.sh; startFreshTpmServer -f; startupTpm; installEkCert"
+}
+
 # Places platform cert(s) held in the test folder(s) in the provisioners tcg folder
-# setPlatCert <profile> <test>
 setPlatformCerts() {
-  docker exec $tpm2_container sh /hirs/.ci/system-tests/container/pc_setup.sh $1 $2
-  #docker exec $tpm2_container bash -c "find / -name oem_platform_v1_Base.cer"
+  OPTIONS="$@"
+  echo "Asking container $tpm2_container to run pc_setup.sh $OPTIONS"
+  docker exec -i $tpm2_container /bin/bash -c "$HIRS_CI_REPO_ROOT/.ci/system-tests/container/pc_setup.sh $OPTIONS"
 }

 # Places RIM files held in the test folder in the provisioners tcg folder
-# setRims <profile> <test>
 setRims() {
-docker exec $tpm2_container sh /hirs/.ci/system-tests/container/rim_setup.sh $1 $2 $3
-#docker exec $tpm2_container bash -c "find / -name oem_platform_v1_Base.cer"
+  OPTIONS="$@"
+  echo "Asking container $tpm2_container to run rim_setup.sh $OPTIONS"
+  docker exec -i $tpm2_container /bin/bash -c "$HIRS_CI_REPO_ROOT/.ci/system-tests/container/rim_setup.sh $OPTIONS"
 }

-setPlatformOutput() {
-    docker exec $tpm2_container cp /usr/share/hirs/appsettings_hw.json /usr/share/hirs/appsettings.json
+setAppsettings() {
+  OPTIONS="$@"
+  echo "Asking container $tpm2_container to set the appsettings file with options: $OPTIONS"
+  docker exec -i $tpm2_container /bin/bash -c "source $HIRS_CI_REPO_ROOT/.ci/setup/container/tpm2_common.sh; setCiHirsAppsettingsFile $OPTIONS"
 }

 # Writes to the Action ouput, ACA log, and Provisioner Log
@ -130,6 +139,5 @@ setPlatformOutput() {
 writeToLogs() {
  line=$1
  echo $line;
-  docker exec $aca_container sh -c "cd .. && echo '$line' >> /var/log/hirs/HIRS_AttestationCA_Portal.log"
- # docker exec $tpm2_container sh -c "echo '$line' >> /var/log/hirs/provisioner/HIRS_provisionerTPM2.log"
+  docker exec -i $aca_container /bin/bash -c "cd .. && echo '$line' >> /var/log/hirs/HIRS_AttestationCA_Portal.log"
 }
--- a/.ci/system-tests/tests/aca_policy_tests.sh
+++ b/.ci/system-tests/tests/aca_policy_tests.sh
@ -17,6 +17,8 @@ case $1 in
    6) test="6" ;;
    7) test="7" ;;
    8) test="8" ;;
+    9) test="9" ;;
+    10) test="10" ;;
 esac

 # Start ACA Policy Tests
@ -24,7 +26,12 @@ esac

 if [ "$test" = "1" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA POLICY TEST 1: Test ACA default policy  ###"
-    setPlatformCerts "laptop" "empty"
+    writeToLogs "Now using default appsettings"
+    clearAcaDb
+    resetTpmForNewTest
+    setAppsettings
+    setPolicyNone
+    setPlatformCerts -p "laptop" -t "empty"
    provisionTpm2 "pass"
 fi
 if [ "$test" = "2" ] || [ "$test" = "all" ]; then
@ -47,37 +54,62 @@ if [ "$test" = "5" ] || [ "$test" = "all" ]; then
    setPolicyEkPcFw
    provisionTpm2 "fail"
 fi
+writeToLogs "Now using appsettings with hardware information"
+setAppsettings --paccor-output-file /ci_test/hw.json --event-log-file /ci_test/binary_bios_measurements --linux-dmi
 if [ "$test" = "6" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA POLICY TEST 6: Test PC Validation Policy with valid PC with no Attribute Check ###"
    clearAcaDb
+    resetTpmForNewTest
    setPolicyEkPc_noAttCheck
    uploadTrustedCerts
-    setPlatformCerts "laptop" "default"
+    setPlatformCerts -p "laptop" -t "default"
    provisionTpm2 "pass"
 fi
 if [ "$test" = "7" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA POLICY TEST 7: Test PC Validation Policy with valid PC with Attribute Check ###"
    clearAcaDb
+    resetTpmForNewTest
    setPolicyEkPc
    uploadTrustedCerts
-    setPlatformCerts "laptop" "default"
-    setPlatformOutput
+    setPlatformCerts -p "laptop" -t "default"
    provisionTpm2 "pass"
 fi
 if [ "$test" = "8" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA POLICY TEST 8: Test PC with RIM Validation Policy with valid PC and RIM ###"
    clearAcaDb
+    resetTpmForNewTest
    setPolicyEkPcFw
    uploadTrustedCerts
-    setPlatformCerts "laptop" "default"
-    setRims "laptop" "default"
+    setPlatformCerts -p "laptop" -t "default"
+    setRims -p "laptop" -t "default"
+    provisionTpm2 "pass"
+fi
+if [ "$test" = "9" ] || [ "$test" = "all" ]; then
+    writeToLogs "### ACA POLICY TEST 9: Test valid PC and RIM with PC only uploaded ###"
+    clearAcaDb
+    resetTpmForNewTest
+    setPolicyEkPcFw
+    uploadTrustedCerts
+    setPlatformCerts -p "laptop" -t "default" -u -n
+    setRims -p "laptop" -t "default"
+    provisionTpm2 "pass"
+fi
+if [ "$test" = "10" ] || [ "$test" = "all" ]; then
+    writeToLogs "### ACA POLICY TEST 10: Test valid PC and RIM with RIM only uploaded ###"
+    clearAcaDb
+    resetTpmForNewTest
+    setPolicyEkPcFw
+    uploadTrustedCerts
+    setPlatformCerts -p "laptop" -t "default"
+    setRims -p "laptop" -t "default" -u -n
    provisionTpm2 "pass"
 fi

 #  Process Test Results, any single failure will send back a failed result.
 if [[ $failedTests != 0 ]]; then
-    export TEST_STATUS=1;
+    export TEST_STATUS=1
    echo "****  $failedTests out of $totalTests ACA Policy Tests Failed! ****"
+    exit 1
  else
    echo "****  $totalTests ACA Policy Tests Passed! ****"
-fi
+fi
--- a/.ci/system-tests/tests/platform_cert_tests.sh
+++ b/.ci/system-tests/tests/platform_cert_tests.sh
@ -18,33 +18,39 @@ esac
 # provisionTpm2 takes 1 parameter (the expected result): "pass" or "fail"
 # Note that the aca_policy_tests have already run several Platform Certificate system tests

+setAppsettings --paccor-output-file /ci_test/hw.json --event-log-file /ci_test/binary_bios_measurements --linux-dmi
+
 if [ "$test" = "1" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA PLATFORM CERTIFICATE TEST 1: Test a delta Platform Certificate that adds a new memory component ###"
    clearAcaDb
+    resetTpmForNewTest
    uploadTrustedCerts
    setPolicyEkPc
-    setPlatformCerts "laptop" "deltaPlatMem"
+    setPlatformCerts -p "laptop" -t "deltaPlatMem"
    provisionTpm2 "pass"
 fi
 if [ "$test" = "2" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA PLATFORM CERTIFICATE TEST 2: Test a Platform Certificate that is missing a memory component ###"
    clearAcaDb
+    resetTpmForNewTest
    uploadTrustedCerts
-    setPlatformCerts "laptop" "platCertLight"
+    setPlatformCerts -p "laptop" -t "platCertLight"
    provisionTpm2 "pass"
 fi
 if [ "$test" = "3" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA PLATFORM CERTIFICATE TEST 3: Test a Delta Platform Certificate that has a wrong a memory component ###"
    clearAcaDb
+    resetTpmForNewTest
    uploadTrustedCerts
-    setPlatformCerts "laptop" "badDeltaMem"
+    setPlatformCerts -p "laptop" -t "badDeltaMem"
    provisionTpm2 "fail"
 fi

 #  Process Test Results, any single failure will send back a failed result.
 if [[ $failedTests != 0 ]]; then
-    export TEST_STATUS=1;
+    export TEST_STATUS=1
    echo "****  $failedTests out of $totalTests Platform Certificate Tests Failed! ****"
+    exit 1
  else
    echo "****  $totalTests Platform Certificate Tests Passed! ****"
-fi
+fi
--- a/.ci/system-tests/tests/rim_system_tests.sh
+++ b/.ci/system-tests/tests/rim_system_tests.sh
@ -21,35 +21,39 @@ esac
 if [ "$test" = "1" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA RIM TEST 1: Test a RIM from an OEM and a Supplemental RIM from a VAR ###"
    clearAcaDb
+    resetTpmForNewTest
    uploadTrustedCerts
    setPolicyEkPcFw
-    setPlatformCerts "laptop" "varOsInstall"
-    setRims "laptop" "varOsInstall" "clear"
+    setPlatformCerts -p "laptop" -t "varOsInstall"
+    setRims -p "laptop" -t "varOsInstall"
    provisionTpm2 "pass"
 fi
 if [ "$test" = "2" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA RIM TEST 2: Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR ###"
    clearAcaDb
+    resetTpmForNewTest
    uploadTrustedCerts
    setPolicyEkPcFw
-    setPlatformCerts "laptop" "badOemInstall"
-    setRims "laptop" "badOemInstall" "clear"
+    setPlatformCerts -p "laptop" -t "badOemInstall"
+    setRims -p "laptop" -t "badOemInstall"
    provisionTpm2 "fail"
 fi
 if [ "$test" = "3" ] || [ "$test" = "all" ]; then
    writeToLogs "### ACA RIM TEST 3: Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement ###"
    clearAcaDb
+    resetTpmForNewTest
    uploadTrustedCerts
    setPolicyEkPcFw
-    setPlatformCerts "laptop" "badVarInstall"
-    setRims "laptop" "badVarInstall" "clear"
+    setPlatformCerts -p "laptop" -t "badVarInstall"
+    setRims -p "laptop" -t "badVarInstall"
    provisionTpm2 "fail"
 fi

 #  Process Test Results, any single failure will send back a failed result.
 if [[ $failedTests != 0 ]]; then
-    export TEST_STATUS=1;
+    export TEST_STATUS=1
    echo "****  $failedTests out of $totalTests ACA RIM Tests Failed! ****"
+    exit 1
  else
    echo "****  $totalTests ACA RIM Tests Passed! ****"
-fi
+fi
--- a/.ci/tcg-rim-tool/certs/COMP_OEM1_Cert_Chain.pem
+++ b/.ci/tcg-rim-tool/certs/COMP_OEM1_Cert_Chain.pem
@ -0,0 +1,120 @@
+-----BEGIN CERTIFICATE-----
+MIIFJzCCA4+gAwIBAgIBCTANBgkqhkiG9w0BAQwFADB5MQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjESMBAGA1UECgwJQ09NUF9P
+RU0xMTUwMwYDVQQDDCxDT01QX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IGludGVy
+bWVkaWF0ZSBjYTAeFw0yMzExMTUxMzUwMzlaFw0zMzExMTIxMzUwMzlaMG0xCzAJ
+BgNVBAYTAlVTMQswCQYDVQQIDAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRIwEAYD
+VQQKDAlDT01QX09FTTExKTAnBgNVBAMMIENPTVBfT0VNMSByc2EgM2sgc2hhMzg0
+IHRlc3QgY2ExMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA1f2wxVUD
+W0XFvPLikJJkghIa7Ds7PciVcvZvXRxF41vSsN54p75W3098BL6Sd09g+4laT6xn
+n7c0jKIAHB4saUgG6nikwmUKX/4q6aryelgb/GVOCjeqcEovA2veeFRWbErmRLlN
+kgo5T51rK4pr9rsIbkXEKqrtLxiz3ixIVI//hi0VDRcwq8txJr+Y3dfGsR0Vp9Da
+WAA0Vhr3qdNjsVERSCR2jhkNyE848alkZ8ed0HkdJFvK0m6tOXY2SCzFt+a7Madr
+0YxeuaZkk4PpstDTYKXPRLHt8SwTn98L2A7Rtl9dRP3awbak0HZDuBXqeyuF7EhX
+B9LiSQlyich+oo3fa8aVRY4ovfeu9JasN40udKReQs5hLWpQ3Th9PBmUSRWw9VXf
+BgiVOrPKaOe80653rKQk1f8z0CBCzd90ddmjwvZWthneFXOVzMBm5JlkfMMeG5PH
+9MPzqV6m7jaYTDt2L/WSioAZeKbMwUv4VqiUAWAPzayNYsWI5dNoiUttAgMBAAGj
+gcUwgcIwHQYDVR0OBBYEFCcNoCay/FaEizq+qtv7VFFWM7nRMB8GA1UdIwQYMBaA
+FC5bva5YsPVHD/BGReLWsl61O5A4MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgGGMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAoYZaHR0cHM6Ly9leGFt
+cGxlLmNvbS9jZXJ0czAoBgNVHR8EITAfMB2gG6AZhhdodHRwczovL2V4YW1wbGUu
+Y29tL2NybDANBgkqhkiG9w0BAQwFAAOCAYEAhRrXbpRvhi0if6sk36zY0FBUSWoL
+rez67kg78wjTYm9XvuBzU9wXsFeFMoQVLCAv8pu0eBjKmeyyR8PZU8GyDa3Nh++q
+52tpOvHF7vH45KbSKGA3dswCVLihEmno97cTyL8UVYiu0WbXJMC4OsAyiyToRtxr
+DHDhnNrgeOH2YghyjYU1qsWHAbgha2xnzwE5H25H/JXM3MiOe85Cr1of/6PA77FT
+wwSffuUyodKwKFSCQZFkMLAlcLxMclfWp0Mol5Eh/+0oITCnhqermt9jelQAeP0L
+s2J89fm1ouQQiHKgl7z3CEXhGGlfj0O4GcYsggHxLmA6Zid7VdRgwUXqHn/N2kjn
+wwBSow9wd/wvgeBlCY4A4iin5PV7kk/F9t1Jz8Deqwh7+/hKSkkl72tYLjKIGJpP
+H57eEdbPTD7ac+glRAmchJID6D1jhCT03ZsOHYQw0r1DQ1oOLNuUuyDyCx0zhUoi
+4+w9LGTY0rmyXd8I5/6sosnqfP1SVUNeKwgR
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFJzCCA4+gAwIBAgIBCjANBgkqhkiG9w0BAQwFADB5MQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjESMBAGA1UECgwJQ09NUF9P
+RU0xMTUwMwYDVQQDDCxDT01QX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IGludGVy
+bWVkaWF0ZSBjYTAeFw0yMzExMTUxMzUwNDBaFw0zMzExMTIxMzUwNDBaMG0xCzAJ
+BgNVBAYTAlVTMQswCQYDVQQIDAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRIwEAYD
+VQQKDAlDT01QX09FTTExKTAnBgNVBAMMIENPTVBfT0VNMSByc2EgM2sgc2hhMzg0
+IHRlc3QgY2EyMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsLUAOXy9
+uxCs0ObCMxXJzMUINnwzI/hobLwyWzswnDThMNG0DgdmB5rCXkXtnjPrKnxOhh5/
+fjt23aSbZfvuqw4VIzcSY4cLIgAsZ/u6b1NuAkwvXpSdsWM6OlckNWt1cVV2m8o4
+pjsSUgQY+ZuIuF/zgf9ZPKXyUlDuiXUdZIsLtEcmYT/plQhneG7wF8kRZvNjefnN
+xFODY81APyLtflKfzuGJXrCSC+EAtb3My59p0OmiqAPDhciJZZzJxiONkBl/KQjY
+vd327WzqTsBGUwC6/QnTWulF1LdxPjCQErQj6Z0WFdPKYn+73xrNlIwYtBlhr992
+e029NBjMug5Qm4ENLC6cdJGTFup6/i0nhy7i0oLf2vSrLgJtQvZLO1fV00PXFJgY
+oc6mPj6MSrnW8csPOXHGk0ZFyTfoW51NRo/rZ5sv9Xd2DMplY73oJyd2BYdo2bkr
+gfck1pxxjMMgFYbKQhrG8lRwx2W1jUmIPv0jUfSd7IAUm97+nX3DbTVBAgMBAAGj
+gcUwgcIwHQYDVR0OBBYEFMOT53EcOQlM+qOHjEKXErJcrE0EMB8GA1UdIwQYMBaA
+FC5bva5YsPVHD/BGReLWsl61O5A4MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgGGMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAoYZaHR0cHM6Ly9leGFt
+cGxlLmNvbS9jZXJ0czAoBgNVHR8EITAfMB2gG6AZhhdodHRwczovL2V4YW1wbGUu
+Y29tL2NybDANBgkqhkiG9w0BAQwFAAOCAYEAaXWmo+JVrPOoMCmbwK/WvWo0uWWJ
+2T/D2+hWNWGK9Ui+b+I21PdCTYx58LyHT+WyvSZ/ClgCrtTVhzPZ8DXztPeEeZCg
+QpqiyHxuvHQpcJZvvMJAOWNOjBoq9aEBOaWCAFbLpth5eu1A3dbhQw+jaxjgokxX
+iubiAOzh6Bgda3Rv83HE1EpDhOBIE3/PVO+SIVy+YuDHsKfvcMx0ZPBeZogFffIW
+fHW+OMGlKY7LBtP70Hek/Y8+oOb20EF+FIQWBReznJCqrPtQLVSgj4m3++kU56Su
+s6PrsXlnGAC8c5a32Jj2gny5nW/c0zHNv1V6L9BdFgiFuzRQ0aOoLQbjDvUdeCIh
+ujYhTz0SzGIA11kymL9jYmyKEi7NENZLLCbD2XnO8aD5kN949CKuNJL9GORDo8Gs
+WC532bXPPHTS5sWCKRenQx9H8zXVY8CJuw4nzM08vYsz7eV1JxcSqcu+QIdB1Hts
+DeflJCytDa2tyIG5FXruPThTBn/TzOqk1bup
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFKzCCA5OgAwIBAgIBCDANBgkqhkiG9w0BAQwFADBxMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjESMBAGA1UECgwJQ09NUF9P
+RU0xMS0wKwYDVQQDDCRDT01QX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IHJvb3Qg
+Y2EwHhcNMjMxMTE1MTM1MDM5WhcNMzMxMTEyMTM1MDM5WjB5MQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjESMBAGA1UECgwJQ09N
+UF9PRU0xMTUwMwYDVQQDDCxDT01QX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IGlu
+dGVybWVkaWF0ZSBjYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJqi
+MMtn9UF+chltwkzctjp4FrH89+plBnvOsV8b1n0afjRp2KiqYOB/5HYBRbqE6F75
+ujA+qetWcilHMvjGoFu73j9p3LAAJN2PxevQjg5HJWXCw37SU/F433RnjfOTA05Z
+CVGGjubitNB43Ch6ZabhCePMG/u8DBGzyF+RI4WwDqYZsUx+f+lSiPyxIjEqCioU
+qeSw+K2+cc62TAvy3JP/0a2A83K1Qfo6nfrqF3emwGRQaCfiUEID/iGcm9OLWuNn
+XvGd3HIW5DOMSN1qdu2DkOLMe8xQpgSNuvHzGAU5/LoIgH/b/yr/inARduM+xsD8
+Eq5lxk229XtJ6i9C3/hC6ibO4CSmXcRJ/6uUmMFLRn2y3jYx/S03ATivX7R+Q0Dp
+t55lmafZMsYfTv5Iq9mnEZPVela/ELlwqAUgRz9bZj5lsA+olDN7MYR8fKiJVEQ1
+WhpX0+xfwo7eZAsLn/f7uDFhMRiIIsaQlqyWAUo7DSYojEAZWFud90jOipVrFQID
+AQABo4HFMIHCMB0GA1UdDgQWBBQuW72uWLD1Rw/wRkXi1rJetTuQODAfBgNVHSME
+GDAWgBS02Y2yOIo09My7V5csxa1WA2g3hjAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8v
+ZXhhbXBsZS5jb20vY2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFt
+cGxlLmNvbS9jcmwwDQYJKoZIhvcNAQEMBQADggGBAGEyR05f2tY+Vdo8zDqLL441
+HveV5f8whiYHBYhovNq5W5HwEhL+RNkVPP8HpU0go4fXxkZjV9oXRm6VsXAtW8Xh
+RTRISZUWirHa49oxcZYjqvKP8W9rDRC3tXbCrowCbahkyUcQu+wmWrB7h9Nh45cf
+SPHA9UNwHi4erbyeIX+iwCoYr/nexKNh5iymkZUet6vkf8Pt5OwirRUZVghNzkaB
+zkqQZIg+0PIKcQKmnx/7dN9Ao4MwYCVLdXvMKI4OB/w5vKBcWrmMxEuNIgSJR86P
+xchBId2wbiR4EGJXt0LCyLcvtx6BxeUdaqa9Wi/5J5IaxQnysfZbCFQBOG1vjQY+
+jd+WeKLaWaubBbmGIj2Y8n9Uku3b1B18LNpijepyRISOyypM7bP+pdyJZqb6+E/q
+Ml26oORCtjqoqRWMjSNmrXLqUuhfxUyhHCZDafeVVgroay0wNJfa2jACg4/VoagL
+0DcFFYwWDrXljmN2Wem9vDa1Ax6q9pJlh3kQ/0ZQxw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFNjCCA56gAwIBAgIUdKjdmaud38M5wf3tadpKfc0xUSIwDQYJKoZIhvcNAQEL
+BQAwcTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0
+b24xEjAQBgNVBAoMCUNPTVBfT0VNMTEtMCsGA1UEAwwkQ09NUF9PRU0xIHJzYSAz
+ayBzaGEzODQgdGVzdCByb290IGNhMB4XDTIzMTExNTEzNTAzOFoXDTMzMTExMjEz
+NTAzOFowcTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2
+ZXJ0b24xEjAQBgNVBAoMCUNPTVBfT0VNMTEtMCsGA1UEAwwkQ09NUF9PRU0xIHJz
+YSAzayBzaGEzODQgdGVzdCByb290IGNhMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
+MIIBigKCAYEAubfD6hstD6rR7ucY9t6AyTXMEcgIMVDG/swy7bkOAjE55aLdTOmv
+BBOOVQM9RbM1RVpFLIVuuL98mMPGju1wF9THpQHnExa6lrxRuUWe//szzZSmEtX9
+X6pqHcdFcCiLJJNkqlE7wGMO/hdc7G1QOOsllqH3kB7/rx96EeA/aBPPWSE6B45J
+k+0iEPEQqltEl/MnYr0IxRJ3Pj0Cag7b00pGflYysjQ+MJJcKtVAljY5ZYvSYcHv
+zjv79rlsyb8FOeNVf5G7uFD3uVrO8wfTIgmNXhRoZyHPofYLhoQNHq4X7II0r5xY
+sHNNT7atDCPSnWGG/DM7RiJx3Eo72atEyyPvcnPhFnmI7gsvhzTmXRQdt6PFhzSp
+SkCUHnZyMsNTfZ6pENEXQixpYQ2Le60R0/gyEnd8pwTlUbIVjlmNwRnBVuJ5aRrz
+Rr/P8IvaZnfhJ2D6CgyMu+pSuL5hReFjGOLYdeUFlLjNgDJ6NDx4t3ZrOcqmZfXl
+yt0LNqQHYiJHAgMBAAGjgcUwgcIwHQYDVR0OBBYEFLTZjbI4ijT0zLtXlyzFrVYD
+aDeGMB8GA1UdIwQYMBaAFLTZjbI4ijT0zLtXlyzFrVYDaDeGMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcw
+AoYZaHR0cHM6Ly9leGFtcGxlLmNvbS9jZXJ0czAoBgNVHR8EITAfMB2gG6AZhhdo
+dHRwczovL2V4YW1wbGUuY29tL2NybDANBgkqhkiG9w0BAQsFAAOCAYEAddkaKGev
+SF/pHWs6jeEPfhAYVurR7udXoKOFcpYxKjJbFKlOMAjyjElNAPJvr8YzGmZtjUts
+BH0cFcFMlk0QN669EbQd8gS0wVW80Cn70MLHJw8eNXkmFIeBBdb4pbcY0OyZTQc3
+eJoOvHRRLRFX+a39ekrxfdNzIaphEQM6jY5lxBRRi9AEt08dQjKmIo5cfgTlFqTp
+zAapmF54HK5DWY/VS3vYl4iPBZa/OPhZRGeIsfnn55PKsPu6/kPZOE60idoSTVAy
+YSRi4zia8OrzBfeYuY7VV1yZ+8amWBr86FzvN0/lhFv98evRWa/TXWFqn3jmvde3
+X/sLlBPlp8+tjsOlBaKh5tSaVSrtu8VJKyugPqScBdGpzJPNDXvL7/8riHO5JNQs
+Qv/TEB2iWV7YjfE5rVX4oVUWA9A2+OGNvraOcgCGqPpwpIvd2NNlbEDba00sbPxy
+mSiqW2g9qhIaUCO2VtwcPOSGU41KYM+L2+HvdCPUacmpZyKrN//7ZYDd
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/COMP_OEM1_rim_signer_ecc_512_sha384.pem
+++ b/.ci/tcg-rim-tool/certs/COMP_OEM1_rim_signer_ecc_512_sha384.pem
@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAn2gAwIBAgIBBTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjESMBAGA1UECgwJQ09NUF9PRU0x
+MSowKAYDVQQDDCFDT01QX09FTTEgZWNjIDUxMiBzaGEzODQgdGVzdCBjYTIwHhcN
+MjMxMTE1MTM1MDE0WhcNMzMxMTEyMTM1MDE0WjBxMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjESMBAGA1UECgwJQ09NUF9PRU0x
+MS0wKwYDVQQDDCRDT01QX09FTTEgZWNjIDUxMiBzaGEzODQgdGVzdCBzaWduZXIw
+gZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAFifPNrrIEAGeQW8qsT5b83l5nQv9is
+V0p8yFbI6t+QjOrNgEr84gLzHxxQ46V0xdbU4cDIdFThBBtS8POl2JFrmgEmtvla
+Mbdz0lysCN2f1p25/gQvnfz6Osy0OVcG1EHNVb9cfvpF4ziv3LgWWBv5d8RccYET
+ooHUIQ06Z1DTFslKYqOBxTCBwjAdBgNVHQ4EFgQUBY/cQD+V6CpSRunMvsITbFQl
+J4owHwYDVR0jBBgwFoAU84u4W4tTUrALow01cbc6z8xup6QwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzAC
+hhlodHRwczovL2V4YW1wbGUuY29tL2NlcnRzMCgGA1UdHwQhMB8wHaAboBmGF2h0
+dHBzOi8vZXhhbXBsZS5jb20vY3JsMAoGCCqGSM49BAMDA4GLADCBhwJCAMCwsiui
+/dMNE+hGjiWaWAIfwq9pIg/WuSA21EUjEiAOZ7iE9YR8k1eD+UiIhmdDmLVqhmr9
+Y3UoskyExVvmlZaQAkFpkJzuzlqTov1eGxgjzTudyUEu8YT2Kv3t5ZjVIB1lL4VW
+R1NjxDYO6Oa7zLdriCiEAb/lbTdjC697uUWub75syg==
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/COMP_OEM1_rim_signer_rsa_3k_sha384.pem
+++ b/.ci/tcg-rim-tool/certs/COMP_OEM1_rim_signer_rsa_3k_sha384.pem
@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFHjCCA4agAwIBAgIBDDANBgkqhkiG9w0BAQwFADBtMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjESMBAGA1UECgwJQ09NUF9P
+RU0xMSkwJwYDVQQDDCBDT01QX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IGNhMjAe
+Fw0yMzExMTUxMzUwNDFaFw0zMzExMTIxMzUwNDFaMHAxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIDAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRIwEAYDVQQKDAlDT01QX09F
+TTExLDAqBgNVBAMMI0NPTVBfT0VNMSByc2EgM2sgc2hhMzg0IHRlc3Qgc2lnbmVy
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAom3pyOYtDsaqpw8xfqqo
+Fr7Oy7ABs0zrUMyzKKvfrY/JDEUFwy/q1f3ai5Y/4YdznqRlL2i8EH0DXPqDqWOD
+QbYPA4fhB+QPZr6sqbI4HJB58lP4tZ2hbJvD41BIFwkdnW0IgtwEAvleL7cXTN0h
+9317o+tJZxeuMnRlamAcW39FSuaJhTbcOp0gYBzBMP8gWM6YdijuAl8E5W7JPT+M
+r12AQM0fomCqr0VmwfqsEYC7U63gMW3aBtZh37jLdx+dzg+55wxdusLC2glPpeDU
+fsrDWjrpbT1qjpHXpZNXyMoCdZHXOnzMWG4qEEIS84m9V5sqTZdIB9IaosTAs++q
+qzBYliJG6T+0LVJyoP+YY1iShCARfFTnXIbIJQa29/ILajTJrXoMn83gPmMjxcPl
+y9Fzj8SNssxRRLewj914PJUOV+Z7zZEK1zttG1JV4U2Ji7Yv/gx34c9qW28fyDT0
+HCTim/V2pnOc2B16JYKAjEpefusTNQ0bkd78evzc8NSVAgMBAAGjgcUwgcIwHQYD
+VR0OBBYEFJLn5Axtdpa6PpHcOWcVk3Yc2iH9MB8GA1UdIwQYMBaAFMOT53EcOQlM
+qOHjEKXErJcrE0EMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMDUG
+CCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAoYZaHR0cHM6Ly9leGFtcGxlLmNvbS9j
+ZXJ0czAoBgNVHR8EITAfMB2gG6AZhhdodHRwczovL2V4YW1wbGUuY29tL2NybDAN
+BgkqhkiG9w0BAQwFAAOCAYEAfBlHSKGxQv8325o7tqLnpb6q1X9+E0xNAxPnq76A
+6GhwlU+3nyjONus6XRElmgeV2wMaEyZedrjM9CJBkccA2ntFTu+2IDWDsHEwTIYu
+3rk0LNMq5OJE7KOdWa1Hirio1U2wSWrMCwgHdwe3OE/hSv64S3RxIqgONfmUplgJ
+5InwEQaVmCtWvR7RrcGrOpj6QS1zvc60PEe47AdelkTgCZcAnXaDfxtb8cSGduTS
+YBoV6xPYlTmJDuEyLmDM2i9S8S3N7zMbXOlmRbjM/pUsMkSIHSNTtvWNk9YMqVsz
+KM8fsrmvaa2wt/m2+TS1ZJxWplvU659vkMaBNS6rsaG+w5LoU83A6dhaXgvujAuR
+57L8GOMoUWYn5iZWq/X9yvfq0WR+M3DvEIuI/zrT+oCTkElKlqJ3OZogkqLpkMXG
+aF6PCpKFbtcWiuVLpAbvCwSNVe+pH3wfNhcapGUJWcotmY2RUkItilQOHGFUZZ2q
+V/wUfRtKSjBh2rOD8rmZAjEY
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/PC_OEM1_Cert_Chain.pem
+++ b/.ci/tcg-rim-tool/certs/PC_OEM1_Cert_Chain.pem
@ -0,0 +1,120 @@
+-----BEGIN CERTIFICATE-----
+MIIFHzCCA4egAwIBAgIBAjANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MTEzMDEGA1UEAwwqUENfT0VNMSByc2EgM2sgc2hhMzg0IHRlc3QgaW50ZXJtZWRp
+YXRlIGNhMB4XDTIzMTExNTEzNDg1N1oXDTMzMTExMjEzNDg1N1owaTELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24xEDAOBgNVBAoM
+B1BDX09FTTExJzAlBgNVBAMMHlBDX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IGNh
+MTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOA06twkJzLcX1e/37oJ
+4wBJ8iMdbFMQU9mxdEB5v5P8cnxkord0zOguiXZSV0RkGQ1PMwSR8xoNrLAyDS+1
+z2wsjNoq7xIIfZJtq21gFWiQGsrD6RUmfl/Eqjn+nhv1QiSi8Qhq18PdRJT+yRgK
+58v7XOORe86It1DI47IdcHIwafHkW1op81rR9PaBBOEnoZnNSI14gLTomWPu0HUg
+Jo/lw7D2SNMOEtMLb/lEUtvs5PPh2mgbsu3HNxJDm+Wbcagy2UQ1idqMYdgGwFk0
+fQL6Lo6P+fZlN5nBRjpto6LTk7XVRnxVWtKhG5ricxKS4XodyHg/TXfGzRIo0QLi
+uyMeFp+WSdArZv2Mfy4Do/fN1bMgmEIq8YJXlXiw72x+QWTttLtcBfMxO6Bbt+is
+kBGhWSyVVYTngaCnYGjm6dtK7+AWkIBaY55lFQC7hz9uI0qKnqhe1nMd+NZ/bOHR
+7lafvYhTsh807xwfBdKNA7Cbjec1ECJN3EZ0OWs5NfNa9wIDAQABo4HFMIHCMB0G
+A1UdDgQWBBSf+/lwb7GDDjiDBC41Y3PJ9MzMfzAfBgNVHSMEGDAWgBTGyjXu0NE8
+nUNcbmVgsXw5a0L15zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1
+BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20v
+Y2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmww
+DQYJKoZIhvcNAQEMBQADggGBAMGl7ua7vlOgvj17RB/Oa78BeAQzabZ0MMHLo/fN
+5aLqESUjdsgbARdGIJJJ2JnRR4hr9GKOcYiBKlEkHf2nt9aJB0w/K2eCBMkmarIv
+xkCsq+SDogqE3j9Hrur54tsKRfPojFsvf01hPd4qahZD/0oXSoLjmqrMJuIdm9Lx
+i32/1XVq1zfLX80PvkT0D1E4pJirQj9dE4KcB2n08Wt7WmNRpoEF8uz3Co53RSBI
+/E9Fy5duJFejj4g96X8poLH5I1jVWZ9ywfCrAVEZGOvai0108ljn4uolmL1lp5ay
+Sp02QjtlYK+S4wPRQ4bPhQ3RrkOqWPmI5MjLZgTpymllyIfX1RNTivAFWyG8Q4GX
+YeageBlvaBWXPxVPLLyejMjlrviZ7U7HwlFHqLIyktL2a0UjTCyg6FA07SF/e1NW
+hkcXsgIvtdtkOfhiSCVcO3YHLuNow3se+XjHYLQINtAgbBZQb13+vPQfnLlTVR4Y
+vmiFgHxlJDp1u1uxryxgfiKH8A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFHzCCA4egAwIBAgIBAzANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MTEzMDEGA1UEAwwqUENfT0VNMSByc2EgM2sgc2hhMzg0IHRlc3QgaW50ZXJtZWRp
+YXRlIGNhMB4XDTIzMTExNTEzNDg1OFoXDTMzMTExMjEzNDg1OFowaTELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24xEDAOBgNVBAoM
+B1BDX09FTTExJzAlBgNVBAMMHlBDX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IGNh
+MjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOhc7bRGBtyKXywjlVFI
+Mq8f9pDxdXkPnCtv9LbuSzBt2YN3vcTw3w4ZQeMZG7vY9ww10ZLsFJVR7sW7+i97
+E3qRmf4ToIWDaFNEWEyTeDAhC1h2/CY/vWyPDUARqMAiWzreUo6OCwROUJ1o/ltk
+ma//mdNUlySoeLayavNAROwe0Zfdn0Sox1o3gX+0SLvgBGGlKQ0oHsEUQcIUlxNN
+xdkMB01xZf1i7Kz9hM7Gr/+45m94OOc2kq/cJWNB0E+Q9EzujLQ0ljKtcvLyan0k
+TVEU+hO6OIcK6/6I+yR3fWFUyU0bV6SuHfWSOqle+VNyDHLIE2KZLqZEhXFtksWY
+ycA0NC50LMbhYPl/9CpHILKuGJC3HgGwN38wNA7lAfu8J8//27N2owPqgiXmbXar
+Mho4L81sT980ZGd/R4LCG2oHDZQy0TyM8obZPgiOmzdWbBqcB/q0A9vVtBPh5WmY
+oCuOXvavJr47NGkn0bgnhdx1RBOgIVT0+o437DoDuAMLUQIDAQABo4HFMIHCMB0G
+A1UdDgQWBBTg8RXbnFWNbvjYViKuPBje0WxeLTAfBgNVHSMEGDAWgBTGyjXu0NE8
+nUNcbmVgsXw5a0L15zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1
+BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20v
+Y2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmww
+DQYJKoZIhvcNAQEMBQADggGBAB/NbNOnUI7Mc5si5lKJILG6TuB/jhkzS95Awlr1
+I7xDVy7u1HGnHUBe2Ge3aBFA3Lk6ebdq3vsc6ws8OowCXD9GC5S7kCVbdOQr1I7L
+nI4jz4dypH4MjtggHqwwn2sm5bjufnD0sjtN53aiEFVUPZVPcqouvR3uT9VQe0/F
+4MGBoozC3EKSRzyMHGCKO8tLGgJbVMjhAlg0EEdT14V6mQkHm35MzXNiuu8jsN72
+Tct+AudnuhnZv8QEWg3R50aMI9j138MNLHMeqZa/P/OIGi8PzMOj7BzNqCEyC+n
+rkFIgb/BLGrHatMHZtRKt7l74/eSeguRcAKR90ia98lODYyilXddD2xeJ4miI/2v
+J7vnM5aYAA4NfB8ErLyyZAKMy9DTRYZs7jC+YdvduUe+H2kunu6DT1DJQ0dy3WYP
+y0Vhz5zhoUjopnq1o7PsD1BfiazAzbefYhZqLWqchTlaFGLQ+szUnTJi4315qOjI
+PIycYq5t6da9Jsgqhg657CqpjA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFIzCCA4ugAwIBAgIBATANBgkqhkiG9w0BAQwFADBtMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MTErMCkGA1UEAwwiUENfT0VNMSByc2EgM2sgc2hhMzg0IHRlc3Qgcm9vdCBjYTAe
+Fw0yMzExMTUxMzQ4NTdaFw0zMzExMTIxMzQ4NTdaMHUxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIDAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRAwDgYDVQQKDAdQQ19PRU0x
+MTMwMQYDVQQDDCpQQ19PRU0xIHJzYSAzayBzaGEzODQgdGVzdCBpbnRlcm1lZGlh
+dGUgY2EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDL+EKVnWxVy4l1
+lJmq+v7yd1EUOBb0+hDDIPgDiAg5f43J4xCApuz1qADQP+XIQXpuuXBuHsq+tILM
+JrngSSvPtygaOgMJnehXSvZkugpf1qVJ4odQTDOUWe1/+CsINKFAnuS8xw4yUAIZ
+My7f3H1gSf7wdyG8pVI1fQjrGpvFGpnapWRoVKvFWl1hbx15mkaCF1FfkjLyPQn8
+ogDoaduWZe9BC85hK5ysZYVPUG3LzwFW+XZT9CgtbJXVyc3OcLP7ooF8mb3Awbnj
+O4EOiP6rI63iWfq1P54LtZMgSC3diIlpr2trX+CUFAvKs3nO9aovFctWEeAprtYx
+cpbwglIPr6OojKQuJ4MIYvoTezrLdDt0MjkfLxe6z7E6WrSaowzJdZl5KYT9tVYh
+KQKmag/QcJDlM7LQIpsEvpBYvGnBpLO6Wkd5nDJx5EcZ8q98EyEN0ZpI7JpOjDYa
+GHAdiOFmFuTvWHEL5ewM30HILJ5OmpRR4/Kez8/WPMNuwCtCHL0CAwEAAaOBxTCB
+wjAdBgNVHQ4EFgQUxso17tDRPJ1DXG5lYLF8OWtC9ecwHwYDVR0jBBgwFoAUZoqc
+vUpJY07vvpq9ahpajENN8BkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwczovL2V4YW1wbGUu
+Y29tL2NlcnRzMCgGA1UdHwQhMB8wHaAboBmGF2h0dHBzOi8vZXhhbXBsZS5jb20v
+Y3JsMA0GCSqGSIb3DQEBDAUAA4IBgQDJm/vRVEv1Bsb5IQYE3Jemv7cpjk86qxLC
+7f+8d0KnLGpR4We8E0Dop6P2l5VdzWIUC7kWet9GJ6N1UYpnmYK8MALKmIe21Ygx
+zqHUYO3N8rVphL68yE2R6JHV7oXLrUQm7ovsoHxZI3OMC79J2ukyVtfQ6odcPUCm
+Ff2trLkgDTGl2orQXN6zq5Hgjx0htOoWy0jJH3bx4o1/LwHkhSsUS7b8WqdaEs8C
+GLoz6lU69pceIcE70L3ICZjtfnvSVVVBdDjqyDPky/Zy5RoY/SKs1UiTdAtTpjDF
+VXsPIRd7Nhq3W8aBDm8W0YNALPixpLY7aALJpQMcfpwKocXYcdNtd4vJ9UkAdWN
+DjI5S5jAZRv5Q8Gl8qV8ydUftK38wsnP9AEDPfQ2Ufv4sYk5krbz6Y5qtEND+RKf
+g1pT7IHgdzlVYydVL4JB/sCcioUaM5ioKKRjDGEGFZDQDEY/7krPAUEg9K+IUHF+
+76R6P77JLblZs+fz29a8rpgrv8YHz8U=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFLjCCA5agAwIBAgIUdu9IA89yyCYfrt9rGCtnn2cjTqswDQYJKoZIhvcNAQEL
+BQAwbTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0
+b24xEDAOBgNVBAoMB1BDX09FTTExKzApBgNVBAMMIlBDX09FTTEgcnNhIDNrIHNo
+YTM4NCB0ZXN0IHJvb3QgY2EwHhcNMjMxMTE1MTM0ODU2WhcNMzMxMTEyMTM0ODU2
+WjBtMQswCQYDVQQGEwJVUzELMAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRv
+bjEQMA4GA1UECgwHUENfT0VNMTErMCkGA1UEAwwiUENfT0VNMSByc2EgM2sgc2hh
+Mzg0IHRlc3Qgcm9vdCBjYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
+AOzsgvi6sfMz6EK3X0ANTztC6NSu2oL23P6f3XU3R5NyE2gPNSvhqtWI1CaOW4fs
+bNB3hn7ZI1FgkYhIvtot12VUGqdUWJKeKeot0h4wQ9NTENLP1RAceDSnAGEE0YQz
+wbdXhUD2iyN0iWCrWIpCXWUu+t++wOf+2kIbHekv7PYI+Nl1SnU4+v5VTRi0ILQ7
+WjKoXNMSPFVtCuwd5Q+hz6l9ySGkyMivPZFAeFQ7tGyOBm+3LgvKIt73wyduXAGA
+iajO1Mr4Je3bT5RD7+d0mSrtYpDHv+UYFfyszZgcUIakAoNad+mdCX2igwsBSviE
+en+um9O95z5CdV+VhLkqniQhS3Uu9cdyq6CPX0cMvxYeNCgbgDy5JF6SSCZmx0A1
+zIjMWT3vB/2gTNuOKxMfmloemFQHcNdmLcQVGx1krcWvtPbNAurN89kN8pFO6dM7
+Gdtp/YSZzlo+1Lg/i1Dly73QH74TYW06+vHJIjZO4RA94ol9Mx+Nwx6/1idwmYqh
+7QIDAQABo4HFMIHCMB0GA1UdDgQWBBRmipy9SkljTu++mr1qGlqMQ03wGTAfBgNV
+HSMEGDAWgBRmipy9SkljTu++mr1qGlqMQ03wGTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBhjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBz
+Oi8vZXhhbXBsZS5jb20vY2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9l
+eGFtcGxlLmNvbS9jcmwwDQYJKoZIhvcNAQELBQADggGBABYktvvP6dzQ4DeSWv0l
+usjMenqWhDXmMoRCwa+RXASEBstZR0Ai2KnHWS0UNCMxcLaIJ0KfYVoxGbyTNirP
+SvfBbdEAeVQspZUZ+tCJltQ1aCrIbity486AbCyqjfSwrsSUPJmflu5oo9lpkrqC
+pIbP7Vm1WcYOa+KdcO8AvqChTLMlLURsBQx5Hya3KNDJqeM5g3t9LI6av4ZQk0Kg
+NjlIfxbhmuTmClkVkY1Wks09vKOoGTsY02z1uy/GgDILWvnjyBQzrLcn0DNltV1Y
+IzQxtO1of372B6axifLTBOd71WSTq2QDboe4FSopOYXlpOBjwIJjw9+7cmUf4fuK
+CU7ve734+TBHUK4yNcH8ZfSACBXnZ2dPlQUXdTfm+4XvfPV21bvsz2VJ3InIfANp
+UbeOiSJxY9uprDYG3hqO/yZnok66ioeom0N/4SJrm5a4uq+0PhQDY1e5Qbz0PD6m
+VjdZfnoMFh185vEZPby1VpF9u5VE3vKVq9rRb0epwjx7Jg==
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/PC_OEM1_RSA_Cert_Chain.pem
+++ b/.ci/tcg-rim-tool/certs/PC_OEM1_RSA_Cert_Chain.pem
@ -0,0 +1,120 @@
+-----BEGIN CERTIFICATE-----
+MIIFHzCCA4egAwIBAgIBAjANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MTEzMDEGA1UEAwwqUENfT0VNMSByc2EgM2sgc2hhMzg0IHRlc3QgaW50ZXJtZWRp
+YXRlIGNhMB4XDTIzMTExNTEzNDg1N1oXDTMzMTExMjEzNDg1N1owaTELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24xEDAOBgNVBAoM
+B1BDX09FTTExJzAlBgNVBAMMHlBDX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IGNh
+MTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOA06twkJzLcX1e/37oJ
+4wBJ8iMdbFMQU9mxdEB5v5P8cnxkord0zOguiXZSV0RkGQ1PMwSR8xoNrLAyDS+1
+z2wsjNoq7xIIfZJtq21gFWiQGsrD6RUmfl/Eqjn+nhv1QiSi8Qhq18PdRJT+yRgK
+58v7XOORe86It1DI47IdcHIwafHkW1op81rR9PaBBOEnoZnNSI14gLTomWPu0HUg
+Jo/lw7D2SNMOEtMLb/lEUtvs5PPh2mgbsu3HNxJDm+Wbcagy2UQ1idqMYdgGwFk0
+fQL6Lo6P+fZlN5nBRjpto6LTk7XVRnxVWtKhG5ricxKS4XodyHg/TXfGzRIo0QLi
+uyMeFp+WSdArZv2Mfy4Do/fN1bMgmEIq8YJXlXiw72x+QWTttLtcBfMxO6Bbt+is
+kBGhWSyVVYTngaCnYGjm6dtK7+AWkIBaY55lFQC7hz9uI0qKnqhe1nMd+NZ/bOHR
+7lafvYhTsh807xwfBdKNA7Cbjec1ECJN3EZ0OWs5NfNa9wIDAQABo4HFMIHCMB0G
+A1UdDgQWBBSf+/lwb7GDDjiDBC41Y3PJ9MzMfzAfBgNVHSMEGDAWgBTGyjXu0NE8
+nUNcbmVgsXw5a0L15zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1
+BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20v
+Y2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmww
+DQYJKoZIhvcNAQEMBQADggGBAMGl7ua7vlOgvj17RB/Oa78BeAQzabZ0MMHLo/fN
+5aLqESUjdsgbARdGIJJJ2JnRR4hr9GKOcYiBKlEkHf2nt9aJB0w/K2eCBMkmarIv
+xkCsq+SDogqE3j9Hrur54tsKRfPojFsvf01hPd4qahZD/0oXSoLjmqrMJuIdm9Lx
+i32/1XVq1zfLX80PvkT0D1E4pJirQj9dE4KcB2n08Wt7WmNRpoEF8uz3Co53RSBI
+/E9Fy5duJFejj4g96X8poLH5I1jVWZ9ywfCrAVEZGOvai0108ljn4uolmL1lp5ay
+Sp02QjtlYK+S4wPRQ4bPhQ3RrkOqWPmI5MjLZgTpymllyIfX1RNTivAFWyG8Q4GX
+YeageBlvaBWXPxVPLLyejMjlrviZ7U7HwlFHqLIyktL2a0UjTCyg6FA07SF/e1NW
+hkcXsgIvtdtkOfhiSCVcO3YHLuNow3se+XjHYLQINtAgbBZQb13+vPQfnLlTVR4Y
+vmiFgHxlJDp1u1uxryxgfiKH8A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFHzCCA4egAwIBAgIBAzANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MTEzMDEGA1UEAwwqUENfT0VNMSByc2EgM2sgc2hhMzg0IHRlc3QgaW50ZXJtZWRp
+YXRlIGNhMB4XDTIzMTExNTEzNDg1OFoXDTMzMTExMjEzNDg1OFowaTELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24xEDAOBgNVBAoM
+B1BDX09FTTExJzAlBgNVBAMMHlBDX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IGNh
+MjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOhc7bRGBtyKXywjlVFI
+Mq8f9pDxdXkPnCtv9LbuSzBt2YN3vcTw3w4ZQeMZG7vY9ww10ZLsFJVR7sW7+i97
+E3qRmf4ToIWDaFNEWEyTeDAhC1h2/CY/vWyPDUARqMAiWzreUo6OCwROUJ1o/ltk
+ma//mdNUlySoeLayavNAROwe0Zfdn0Sox1o3gX+0SLvgBGGlKQ0oHsEUQcIUlxNN
+xdkMB01xZf1i7Kz9hM7Gr/+45m94OOc2kq/cJWNB0E+Q9EzujLQ0ljKtcvLyan0k
+TVEU+hO6OIcK6/6I+yR3fWFUyU0bV6SuHfWSOqle+VNyDHLIE2KZLqZEhXFtksWY
+ycA0NC50LMbhYPl/9CpHILKuGJC3HgGwN38wNA7lAfu8J8//27N2owPqgiXmbXar
+Mho4L81sT980ZGd/R4LCG2oHDZQy0TyM8obZPgiOmzdWbBqcB/q0A9vVtBPh5WmY
+oCuOXvavJr47NGkn0bgnhdx1RBOgIVT0+o437DoDuAMLUQIDAQABo4HFMIHCMB0G
+A1UdDgQWBBTg8RXbnFWNbvjYViKuPBje0WxeLTAfBgNVHSMEGDAWgBTGyjXu0NE8
+nUNcbmVgsXw5a0L15zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1
+BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20v
+Y2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmww
+DQYJKoZIhvcNAQEMBQADggGBAB/NbNOnUI7Mc5si5lKJILG6TuB/jhkzS95Awlr1
+I7xDVy7u1HGnHUBe2Ge3aBFA3Lk6ebdq3vsc6ws8OowCXD9GC5S7kCVbdOQr1I7L
+nI4jz4dypH4MjtggHqwwn2sm5bjufnD0sjtN53aiEFVUPZVPcqouvR3uT9VQe0/F
+4MGBoozC3EKSRzyMHGCKO8tLGgJbVMjhAlg0EEdT14V6mQkHm35MzXNiuu8jsN72
+Tct+AudnuhnZv8QEWg3R50aMI9j138MNLHMeqZa/P/OIGi8PzMOj7BzNqCEyC+n
+rkFIgb/BLGrHatMHZtRKt7l74/eSeguRcAKR90ia98lODYyilXddD2xeJ4miI/2v
+J7vnM5aYAA4NfB8ErLyyZAKMy9DTRYZs7jC+YdvduUe+H2kunu6DT1DJQ0dy3WYP
+y0Vhz5zhoUjopnq1o7PsD1BfiazAzbefYhZqLWqchTlaFGLQ+szUnTJi4315qOjI
+PIycYq5t6da9Jsgqhg657CqpjA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFIzCCA4ugAwIBAgIBATANBgkqhkiG9w0BAQwFADBtMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MTErMCkGA1UEAwwiUENfT0VNMSByc2EgM2sgc2hhMzg0IHRlc3Qgcm9vdCBjYTAe
+Fw0yMzExMTUxMzQ4NTdaFw0zMzExMTIxMzQ4NTdaMHUxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIDAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRAwDgYDVQQKDAdQQ19PRU0x
+MTMwMQYDVQQDDCpQQ19PRU0xIHJzYSAzayBzaGEzODQgdGVzdCBpbnRlcm1lZGlh
+dGUgY2EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDL+EKVnWxVy4l1
+lJmq+v7yd1EUOBb0+hDDIPgDiAg5f43J4xCApuz1qADQP+XIQXpuuXBuHsq+tILM
+JrngSSvPtygaOgMJnehXSvZkugpf1qVJ4odQTDOUWe1/+CsINKFAnuS8xw4yUAIZ
+My7f3H1gSf7wdyG8pVI1fQjrGpvFGpnapWRoVKvFWl1hbx15mkaCF1FfkjLyPQn8
+ogDoaduWZe9BC85hK5ysZYVPUG3LzwFW+XZT9CgtbJXVyc3OcLP7ooF8mb3Awbnj
+O4EOiP6rI63iWfq1P54LtZMgSC3diIlpr2trX+CUFAvKs3nO9aovFctWEeAprtYx
+cpbwglIPr6OojKQuJ4MIYvoTezrLdDt0MjkfLxe6z7E6WrSaowzJdZl5KYT9tVYh
+KQKmag/QcJDlM7LQIpsEvpBYvGnBpLO6Wkd5nDJx5EcZ8q98EyEN0ZpI7JpOjDYa
+GHAdiOFmFuTvWHEL5ewM30HILJ5OmpRR4/Kez8/WPMNuwCtCHL0CAwEAAaOBxTCB
+wjAdBgNVHQ4EFgQUxso17tDRPJ1DXG5lYLF8OWtC9ecwHwYDVR0jBBgwFoAUZoqc
+vUpJY07vvpq9ahpajENN8BkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwczovL2V4YW1wbGUu
+Y29tL2NlcnRzMCgGA1UdHwQhMB8wHaAboBmGF2h0dHBzOi8vZXhhbXBsZS5jb20v
+Y3JsMA0GCSqGSIb3DQEBDAUAA4IBgQDJm/vRVEv1Bsb5IQYE3Jemv7cpjk86qxLC
+7f+8d0KnLGpR4We8E0Dop6P2l5VdzWIUC7kWet9GJ6N1UYpnmYK8MALKmIe21Ygx
+zqHUYO3N8rVphL68yE2R6JHV7oXLrUQm7ovsoHxZI3OMC79J2ukyVtfQ6odcPUCm
+Ff2trLkgDTGl2orQXN6zq5Hgjx0htOoWy0jJH3bx4o1/LwHkhSsUS7b8WqdaEs8C
+GLoz6lU69pceIcE70L3ICZjtfnvSVVVBdDjqyDPky/Zy5RoY/SKs1UiTdAtTpjDF
+VXsPIRd7Nhq3W8aBDm8W0YNALPixpLY7aALJpQMcfpwKocXYcdNtd4vJ9UkAdWN
+DjI5S5jAZRv5Q8Gl8qV8ydUftK38wsnP9AEDPfQ2Ufv4sYk5krbz6Y5qtEND+RKf
+g1pT7IHgdzlVYydVL4JB/sCcioUaM5ioKKRjDGEGFZDQDEY/7krPAUEg9K+IUHF+
+76R6P77JLblZs+fz29a8rpgrv8YHz8U=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFLjCCA5agAwIBAgIUdu9IA89yyCYfrt9rGCtnn2cjTqswDQYJKoZIhvcNAQEL
+BQAwbTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0
+b24xEDAOBgNVBAoMB1BDX09FTTExKzApBgNVBAMMIlBDX09FTTEgcnNhIDNrIHNo
+YTM4NCB0ZXN0IHJvb3QgY2EwHhcNMjMxMTE1MTM0ODU2WhcNMzMxMTEyMTM0ODU2
+WjBtMQswCQYDVQQGEwJVUzELMAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRv
+bjEQMA4GA1UECgwHUENfT0VNMTErMCkGA1UEAwwiUENfT0VNMSByc2EgM2sgc2hh
+Mzg0IHRlc3Qgcm9vdCBjYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
+AOzsgvi6sfMz6EK3X0ANTztC6NSu2oL23P6f3XU3R5NyE2gPNSvhqtWI1CaOW4fs
+bNB3hn7ZI1FgkYhIvtot12VUGqdUWJKeKeot0h4wQ9NTENLP1RAceDSnAGEE0YQz
+wbdXhUD2iyN0iWCrWIpCXWUu+t++wOf+2kIbHekv7PYI+Nl1SnU4+v5VTRi0ILQ7
+WjKoXNMSPFVtCuwd5Q+hz6l9ySGkyMivPZFAeFQ7tGyOBm+3LgvKIt73wyduXAGA
+iajO1Mr4Je3bT5RD7+d0mSrtYpDHv+UYFfyszZgcUIakAoNad+mdCX2igwsBSviE
+en+um9O95z5CdV+VhLkqniQhS3Uu9cdyq6CPX0cMvxYeNCgbgDy5JF6SSCZmx0A1
+zIjMWT3vB/2gTNuOKxMfmloemFQHcNdmLcQVGx1krcWvtPbNAurN89kN8pFO6dM7
+Gdtp/YSZzlo+1Lg/i1Dly73QH74TYW06+vHJIjZO4RA94ol9Mx+Nwx6/1idwmYqh
+7QIDAQABo4HFMIHCMB0GA1UdDgQWBBRmipy9SkljTu++mr1qGlqMQ03wGTAfBgNV
+HSMEGDAWgBRmipy9SkljTu++mr1qGlqMQ03wGTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBhjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBz
+Oi8vZXhhbXBsZS5jb20vY2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9l
+eGFtcGxlLmNvbS9jcmwwDQYJKoZIhvcNAQELBQADggGBABYktvvP6dzQ4DeSWv0l
+usjMenqWhDXmMoRCwa+RXASEBstZR0Ai2KnHWS0UNCMxcLaIJ0KfYVoxGbyTNirP
+SvfBbdEAeVQspZUZ+tCJltQ1aCrIbity486AbCyqjfSwrsSUPJmflu5oo9lpkrqC
+pIbP7Vm1WcYOa+KdcO8AvqChTLMlLURsBQx5Hya3KNDJqeM5g3t9LI6av4ZQk0Kg
+NjlIfxbhmuTmClkVkY1Wks09vKOoGTsY02z1uy/GgDILWvnjyBQzrLcn0DNltV1Y
+IzQxtO1of372B6axifLTBOd71WSTq2QDboe4FSopOYXlpOBjwIJjw9+7cmUf4fuK
+CU7ve734+TBHUK4yNcH8ZfSACBXnZ2dPlQUXdTfm+4XvfPV21bvsz2VJ3InIfANp
+UbeOiSJxY9uprDYG3hqO/yZnok66ioeom0N/4SJrm5a4uq+0PhQDY1e5Qbz0PD6m
+VjdZfnoMFh185vEZPby1VpF9u5VE3vKVq9rRb0epwjx7Jg==
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/PC_OEM1_ecc_Cert_Chain.pem
+++ b/.ci/tcg-rim-tool/certs/PC_OEM1_ecc_Cert_Chain.pem
@ -0,0 +1,76 @@
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAn6gAwIBAgIBCTAKBggqhkjOPQQDAzB2MQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VNMTE0
+MDIGA1UEAwwrUENfT0VNMSBlY2MgNTEyIHNoYTM4NCB0ZXN0IGludGVybWVkaWF0
+ZSBjYTAeFw0yMzExMTUxMzQ5NThaFw0zMzExMTIxMzQ5NThaMGoxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIDAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRAwDgYDVQQKDAdQ
+Q19PRU0xMSgwJgYDVQQDDB9QQ19PRU0xIGVjYyA1MTIgc2hhMzg0IHRlc3QgY2Ex
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBpqyjdoDTWEdMOa+9tkBrSGcByL8t
+OsBPMOiMqt+tCfTwhaLJkZ1zD8n6A6pnrq2my69E2xkivGFeqQhrgWN21eEAxcO0
+8sk/FaB08uUsasQb7H+B1fJwXMvfLt6K2d8Hdu7cJpOQ9AGdRTD1Oua3pW143rYD
+R8sspDx1xUlKaz9+UJCjgcUwgcIwHQYDVR0OBBYEFF3FyHPSOyjceEcLrgEDwKKR
+fjoqMB8GA1UdIwQYMBaAFNgwn5C7ovR70h33S/6xOT6NH51jMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcw
+AoYZaHR0cHM6Ly9leGFtcGxlLmNvbS9jZXJ0czAoBgNVHR8EITAfMB2gG6AZhhdo
+dHRwczovL2V4YW1wbGUuY29tL2NybDAKBggqhkjOPQQDAwOBjAAwgYgCQgGvXX6h
+RuGbOTZT5iMPwthA6cy8SiTJgw7MJyfFhXq2tBMSropFTUqRxvgojwhNQqLj1U12
+QAxeE4c6u+H6u4X0ygJCALF4BBSfrUX4psVjzcMFkaEqTPK3g6Oc6p+vWG+xM1mf
+M4z2bJ0/hOxuHw81a1DluEwdUNfVHiB2aIZimbIHn34Y
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDHDCCAn6gAwIBAgIBCjAKBggqhkjOPQQDAzB2MQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VNMTE0
+MDIGA1UEAwwrUENfT0VNMSBlY2MgNTEyIHNoYTM4NCB0ZXN0IGludGVybWVkaWF0
+ZSBjYTAeFw0yMzExMTUxMzQ5NThaFw0zMzExMTIxMzQ5NThaMGoxCzAJBgNVBAYT
+AlVTMQswCQYDVQQIDAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRAwDgYDVQQKDAdQ
+Q19PRU0xMSgwJgYDVQQDDB9QQ19PRU0xIGVjYyA1MTIgc2hhMzg0IHRlc3QgY2Ey
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAyIeRoLfD/8Bqsw3THkZQ1HqDx+qq
+Ohz2o994NyB9nXXyLo7hhx17qNqIvHtSlhKsf2xAC4pujjpmtpcjqFgPG54B+sMu
+YKC++CW48TYuB+892fsv+AoW1WQZavtBCorr/EhUIj6mxwGaF9aov9L0QTd8WIAe
+JgLSyNPiEfOPCrgFLYmjgcUwgcIwHQYDVR0OBBYEFLy1H64thl5FMvR1HPolC3k1
+3dCnMB8GA1UdIwQYMBaAFNgwn5C7ovR70h33S/6xOT6NH51jMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcw
+AoYZaHR0cHM6Ly9leGFtcGxlLmNvbS9jZXJ0czAoBgNVHR8EITAfMB2gG6AZhhdo
+dHRwczovL2V4YW1wbGUuY29tL2NybDAKBggqhkjOPQQDAwOBiwAwgYcCQgDjef0U
+6B4E3xLxZcATLLBZaNbFWDPm0Z1nXpiqEBmJNEZkiaM11P30Fyh1TjrLQf+GYlqp
+hLvx0roYnjE6yHbhOAJBAevscQd/Xv3ZkjLQtsJDztz7FFeNBI0WUbkylnA2PhJO
+JaNVeKP7V+iq9cTnH6x00LD4c9MlHa/s0Y231tHCaGc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoKgAwIBAgIBCDAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VNMTEs
+MCoGA1UEAwwjUENfT0VNMSBlY2MgNTEyIHNoYTM4NCB0ZXN0IHJvb3QgY2EwHhcN
+MjMxMTE1MTM0OTU4WhcNMzMxMTEyMTM0OTU4WjB2MQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VNMTE0
+MDIGA1UEAwwrUENfT0VNMSBlY2MgNTEyIHNoYTM4NCB0ZXN0IGludGVybWVkaWF0
+ZSBjYTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAbCX0usiXujf4RnKMRjeiuni
+cEMw9VHV4GWbJGtFyeHlprMz5m3zrYX0vqvCbIbGnrLA9256/AVRjqk+8lwhJfoz
+ABtMiZtTb1x9S1kfka94auQ8OFNaErDYV27uSqVd5+AG8zNe1m+YmPD6YDFALlkD
+mrFktEajAQFJTXiy779/u1WRo4HFMIHCMB0GA1UdDgQWBBTYMJ+Qu6L0e9Id90v+
+sTk+jR+dYzAfBgNVHSMEGDAWgBQoNqEGmm5eLMut8uF3E3h+OrJJITAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1BggrBgEFBQcBAQQpMCcwJQYIKwYB
+BQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20vY2VydHMwKAYDVR0fBCEwHzAdoBug
+GYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmwwCgYIKoZIzj0EAwMDgYwAMIGIAkIB
+beHnZncRP/L1QGws4Qgf0sgYtYPYTTiFymcHGG/oUgHj+Gp6NjsTWccE9zVp0XxB
+ZoWkzrxOLylZtU4OoqzF1EYCQgG2hwLdwzqRaRvH13uFSkCb4K9zHWOMXv7bEC3U
+Wkn4UOgVy4LuN8g0cFAZ52Q57CSQANRJWrGZnX4y/OquNg2oSg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKzCCAo2gAwIBAgIUMCibyLmJ0z7WUXzUHucWoqtqxD0wCgYIKoZIzj0EAwIw
+bjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24x
+EDAOBgNVBAoMB1BDX09FTTExLDAqBgNVBAMMI1BDX09FTTEgZWNjIDUxMiBzaGEz
+ODQgdGVzdCByb290IGNhMB4XDTIzMTExNTEzNDk1OFoXDTMzMTExMjEzNDk1OFow
+bjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24x
+EDAOBgNVBAoMB1BDX09FTTExLDAqBgNVBAMMI1BDX09FTTEgZWNjIDUxMiBzaGEz
+ODQgdGVzdCByb290IGNhMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBsZrc8+8Y
+6nFOJ8pVPltVR3uYL7OazfGHOHABLsicQjvdRF9uZVozFfQ5Fumahrt23bX3H7O+
+jTwP00UjpZkIgBMAi1aPpfDFxNY2aTDDV/XwecONAtrN5unn68eIWzRvV1DBEAF5
+yrORkpa42UKHt464SlHKUQOp5knawMMlduiVjCijgcUwgcIwHQYDVR0OBBYEFCg2
+oQaabl4sy63y4XcTeH46skkhMB8GA1UdIwQYMBaAFCg2oQaabl4sy63y4XcTeH46
+skkhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMDUGCCsGAQUFBwEB
+BCkwJzAlBggrBgEFBQcwAoYZaHR0cHM6Ly9leGFtcGxlLmNvbS9jZXJ0czAoBgNV
+HR8EITAfMB2gG6AZhhdodHRwczovL2V4YW1wbGUuY29tL2NybDAKBggqhkjOPQQD
+AgOBiwAwgYcCQgF5vqNlCWbx+D3yX1+VMFwPf2FkzcyHZUR+Y2fIqGdur9jgxJqL
+iaEEeWRP2H/QrbchCW76mXhbs9N4wjjv5IqKZAJBB9C6jwvVRiksawRQYakN/6wc
+TlYuTvgJ417NpLrbbG2/0IFiDRcavADAUGR3LNwORLjPK5NnuketDu4m2Msnovk=
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/PC_OEM1_rim_signer_ecc_512_sha384.pem
+++ b/.ci/tcg-rim-tool/certs/PC_OEM1_rim_signer_ecc_512_sha384.pem
@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnWgAwIBAgIBDDAKBggqhkjOPQQDAzBqMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VNMTEo
+MCYGA1UEAwwfUENfT0VNMSBlY2MgNTEyIHNoYTM4NCB0ZXN0IGNhMjAeFw0yMzEx
+MTUxMzQ5NThaFw0zMzExMTIxMzQ5NThaMG0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
+DAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRAwDgYDVQQKDAdQQ19PRU0xMSswKQYD
+VQQDDCJQQ19PRU0xIGVjYyA1MTIgc2hhMzg0IHRlc3Qgc2lnbmVyMIGbMBAGByqG
+SM49AgEGBSuBBAAjA4GGAAQAbs4DBnZ/myUu98Mx+RF7AYaeaexZV8QyHgeelA36
+gBvVbqMfnYdk1dsFTd+UHQFTiZ72kX8XBfFWfgeNbauzZgwA2chCojFQQEseW1be
+MID6dJE3StZdm0gOnaY30BnM8MwJL8rLuNRAL+eKflPbVB2kltMrjcNBDw8ba/Lk
+f++z9UqjgcUwgcIwHQYDVR0OBBYEFETnwNO85oN2AwJytUyrgl0SFW9rMB8GA1Ud
+IwQYMBaAFLy1H64thl5FMvR1HPolC3k13dCnMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgGGMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAoYZaHR0cHM6
+Ly9leGFtcGxlLmNvbS9jZXJ0czAoBgNVHR8EITAfMB2gG6AZhhdodHRwczovL2V4
+YW1wbGUuY29tL2NybDAKBggqhkjOPQQDAwOBiwAwgYcCQgGLZqNkri027hPvjBby
+2tM2HA3dTIhGdrcGsGJZxP8CpH47mpAV/j8vpL1zpz0TQALUlScJisVXuR6JX9Ko
+cNBYDAJBZRibf1dxXhnw9bO23wH0OBjI3R2lnMqR9ac4qUNdfmnwI82MdLVTfjqt
+/qHjtDigBe7s8B41Kd47GpN0TX3iLNk=
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem
+++ b/.ci/tcg-rim-tool/certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem
@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFFjCCA36gAwIBAgIBBTANBgkqhkiG9w0BAQwFADBpMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MTEnMCUGA1UEAwweUENfT0VNMSByc2EgM2sgc2hhMzg0IHRlc3QgY2EyMB4XDTIz
+MTExNTEzNDg1OFoXDTMzMTExMjEzNDg1OFowbDELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24xEDAOBgNVBAoMB1BDX09FTTExKjAo
+BgNVBAMMIVBDX09FTTEgcnNhIDNrIHNoYTM4NCB0ZXN0IHNpZ25lcjCCAaIwDQYJ
+KoZIhvcNAQEBBQADggGPADCCAYoCggGBAMxAQFXRvU6j9OckLcQnHeFlHKoxstdN
+72B5qhr/vvsQ1ZnP9cTTA6zNttCf+rpERtiQb1uIOhEhyEV0A45KYpPt7UrILsyT
+drkaj5dq4oD8pq+STzvP2Z9mcZQJXQu4gbXdHpwgZ3XQmrvVI2J7T+RebIEm1KeF
+wm3IvTsJLGMeaPD4GRhTYmyn4uS09jyK7iBxNagP+sF4uWfRVUgS6heLjJotqU0Y
+yno94z3TKCnKSWIiBy7pSGYFjzT1MOCpCjiyvLCqN5YM7rEIMgkFpOB/1vG32wCW
+n7VKiZCE5Ps/tNF5/pfx0uE0W5yrghsNAoD3RrrVZq+wUvlsAwW3IbIAfTWy+wiq
+MqsnRhIHnmF+FQEDTGMXyph11mPxh7igLCJV+LzoToANCZemcTPERw3WVwpwR+wy
+ycH0A1W3bnajMiBJEBXVqE00qnEJMNNtouquNk6RIjG5Uc5Gq4SF0TH5XT7oy3h
+LjU9REcPQpAeEoMR18gGbVkxEfuuN/x4awIDAQABo4HFMIHCMB0GA1UdDgQWBBRA
+8pTgMXmPJ/m2+0iyGJhxyiLSwDAfBgNVHSMEGDAWgBTg8RXbnFWNbvjYViKuPBje
+0WxeLTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1BggrBgEFBQcB
+AQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20vY2VydHMwKAYD
+VR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmwwDQYJKoZIhvcN
+AQEMBQADggGBACE1o5atqoWP8h8ZAQTuMHAZreo4q9jpN9UNZ3ofHj6ouHDwhdcU
+avz8inB+wbTDctCrZrhATq3qYBX89+AxZ7kK5lAcxeG8QYDToBTGfsaO9K7Uy94D
+zAmUc6pVCc4TOU9+KZWNtP2W8jTySJPN6AWEEFMMyo5liZlswGFhLcxSu43B4SJZ
+HuDOXP62OARaXrcdvgMdAuqRZURUS2kQb5Gh7LECnsAwpmfIqzLuXB2VQZFvDFna
+JN7EjUjp+japCo4jaXAwns1S3qx1jZZmqzW7d0ZS8tu7/hcR8ZGNhGZ1DC0iNkHy
+/uKzcLK3dcU+dm8fHl84QBrU+5zuQvRU33tUX792HW/EVgl4Zm4R3zyiQw8zay6
+TEDdWE9/uWoZxcYTugQ3nBikEMqxldTWdpL5aSyn9Dv8btotgiekllw4knucS2sI
+kgOeczYCLfYn9yaykCy4so2Zwb8/YSEvnpcbV99RbT/B0YyBR04I3FWlXzVd9wEO
+O8u6rNxap99cA==
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/PC_OEM2_Cert_Chain.pem
+++ b/.ci/tcg-rim-tool/certs/PC_OEM2_Cert_Chain.pem
@ -0,0 +1,120 @@
+-----BEGIN CERTIFICATE-----
+MIIFHzCCA4egAwIBAgIBAjANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MjEzMDEGA1UEAwwqUENfT0VNMiByc2EgM2sgc2hhMzg0IHRlc3QgaW50ZXJtZWRp
+YXRlIGNhMB4XDTIzMTExNTEzNDkxMloXDTMzMTExMjEzNDkxMlowaTELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24xEDAOBgNVBAoM
+B1BDX09FTTIxJzAlBgNVBAMMHlBDX09FTTIgcnNhIDNrIHNoYTM4NCB0ZXN0IGNh
+MTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALPcqlYoY669l3hekmoM
+G8cOLLFCyFyJV2qoJquCVXwxRt122cUafRsUTWyWPqm208N8B8S2wo1wxRgFhrpn
+DgFlrd6UXCgWZhlmrn3Uky1zaa4f/6l1XVUEQS6nkLuE1QAEZYdXWn1TWFDW8Te0
+omkIbQgFsgjxOB4fYrbzkS0TTrfmZJYMZnTOsDLqS2Eza7hSObkDYYu2Pgo6P/oK
+HH8RkpKfTSvcrBvcFkjl78EQK5/49/1ixApvWlC3EYeJ7mPHUizDW7jnqttoW0CG
+9O/VkfOEfsiCImln9x0oHDz8YTCJaSke8E228L2ZObJ/qjTgomO3bXdzaimSe88/
+mqIOmfOWiDGhlTOKfoLpWwtmypTfLB38uLFBZiXn/Qt/fNi56MKKIJJZnADM9+w/
+P35UsMn8rNHIV6w5Rc+ciMBiBdUal6G3QHqJWfoJWRlmTgIlRcaRb0dRKBSdYN9p
+8pWoE/0k+hK5w4tQL6oXbMjHMV5AMxdIJQzFwMmUkM8IgQIDAQABo4HFMIHCMB0G
+A1UdDgQWBBTjcyu/WpSh/Cxh3TV/3cRywHDq3zAfBgNVHSMEGDAWgBSpL4+pKGJ2
+nPVgg9I5rG3WU/cmxTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1
+BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20v
+Y2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmww
+DQYJKoZIhvcNAQEMBQADggGBAMba3sgRiygu1WymMQeKudJsWBd1DmbAGpzk4X+A
+uFWp4JNPuzzqQ/bXVm/ioQladrluJJbGsKfKlP+wo84OiKAWIypmEgEi2d2jrTN7
+zrVz1zH7dl+TcGeaYBWjqklcFEvW1aPKRTDpeclPggtBUYLSf54zcHk0vGqM4XbS
+bAn/JuWEeUJCkQIF5uu/twtw42LLzRhrq9TPsyo2GoAwmj/UgNwO1IMwYrPO8px3
+UYqYlcq7QwkTcBAHZv5k9uotzPXdohsq+PV/r49UbniQkPA8r8AKtI4IALE0lpBG
+q0NH0+weUkJqP8RCIT18WXkH+EZMe8E37eCE7E9hUg2/+m9Gzs2+ao6CqKVXtM4d
+ilqz1q9j4qybsxbV0XlaItFhskwlEsuwM0fUdxJG7BqBxFMVa/dlczYPlS4y1C08
+0LSszw226ULGR7lr2fXNCKYzCE7ehuPQxIh2PTy+Qu25Y7xnh7kEKKyO27vMEpmK
+SBynaZl4++xCF1UIc7+GwtMW9g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFHzCCA4egAwIBAgIBAzANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MjEzMDEGA1UEAwwqUENfT0VNMiByc2EgM2sgc2hhMzg0IHRlc3QgaW50ZXJtZWRp
+YXRlIGNhMB4XDTIzMTExNTEzNDkxM1oXDTMzMTExMjEzNDkxM1owaTELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24xEDAOBgNVBAoM
+B1BDX09FTTIxJzAlBgNVBAMMHlBDX09FTTIgcnNhIDNrIHNoYTM4NCB0ZXN0IGNh
+MjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMYpKUqmeTu01lfSFHDD
+DVdo8CXW39WPkB4Vl18Kz/ApTyVoVs+Jk5d2iPEwWLMX/Agl1++BryVF5LIHQd6J
+6e9zWrXytLmu4A5PHIvCeLA/9gz0wR1eoa9jrMVKS2o0gFHt+WJhCnj+2EtNBdff
+PmpUUgfzabQsCO9FLO18xg68BJp7Tmacgq1wwqyVEpySzEVPqKzWomssq3YLC79a
+vAgK0uAd+7EkfR9Q6C8ePuY5AZswyFw3PAOcFrs+VClkDFPrcbmT2pwKYFX/OPFR
+kBODUsR2ZV1AvWdEUicSgqovmuB2X6+SYsVHKxaNm1N35pcLx7zzzKDVoyRyBb7i
+S/e/tYot+M5vpGnXS4tOXcGU/ewVLA/WBh09Ugw9Stovi9wYqu93QReZIA4MSfia
+aIJ0BHIWKxj8ALyoBgLEZg2UdPhZOzlB5HC7PJkTXgwjj+RzJmsK7S6WMXgHiWTn
+LLRGRzv/J0qFTpNaJKEMHjFiWvJHgHvE3Q8BMmIS+Bs8+QIDAQABo4HFMIHCMB0G
+A1UdDgQWBBSDqjJfSBaaTlurWODEHFYTYW2Z1jAfBgNVHSMEGDAWgBSpL4+pKGJ2
+nPVgg9I5rG3WU/cmxTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1
+BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20v
+Y2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmww
+DQYJKoZIhvcNAQEMBQADggGBAHdmJ2NcacEt/rQ/o0jC6+YG4mGxTG4qzcPHXA+S
+j9SkScVl03YmzU+7exSpr39paiZvt15sAVsY4TduSb2rOaPkgC11W/fiYxGxHmgr
+VWEVsloJtotuVyiCBLZXmwkVjlYDx0R7kCY3Pht5XgBwOwDnJ6vx2ZrO4l8pnTgQ
+zoFYAqG+cFTdxHb5AnPHef7dLk2XGoPFscPO004kBNrY7JyRpNffvfxGq6k/7zPw
+OWh3vJ9UoSpQR/5fjjKGJu2J85loB+QDBWgi7yIW8HfU2wodlbNMPp9VJmkSHEtE
+9R4XrI6ifkMGMVy9AKyXIciGv7VGfT52RmELxNUBoU1waVXlhRodOqhVRxepMXBF
+eYZYKb2a/Iu75Mz27pUHE1Q0tgndbtMCRMyKj8PSHBhg6ieFsxJrUZHUsp6U2r9q
+HlXBEZX2PN8Kn7OAqF4Gstdn8MJRqBkltm8UyaPYvpCHgg/nqTxZlAX/xqJqg7yS
+oEqoaVG/kHF5oEfRwI7SePYoGA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFIzCCA4ugAwIBAgIBATANBgkqhkiG9w0BAQwFADBtMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MjErMCkGA1UEAwwiUENfT0VNMiByc2EgM2sgc2hhMzg0IHRlc3Qgcm9vdCBjYTAe
+Fw0yMzExMTUxMzQ5MTJaFw0zMzExMTIxMzQ5MTJaMHUxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIDAJPUjESMBAGA1UEBwwJQmVhdmVydG9uMRAwDgYDVQQKDAdQQ19PRU0y
+MTMwMQYDVQQDDCpQQ19PRU0yIHJzYSAzayBzaGEzODQgdGVzdCBpbnRlcm1lZGlh
+dGUgY2EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQD67DcjXjYXBXXr
+995US9X6fL1PhZ+u2Y4H+oBEhVPvg8fyUzi84qdXJGUGHkq8wDiHJ263v6XnBqxv
+FwHNJ72mUxucD8l4Db6p4PlQzEz3Im5jjFZnNAVV99LsMhwGxiq13RH+hSM5xwId
+B40V83LmD+nfTc6C0uiXBsoAjdIQrR3S24SG5RN9m7o1GmP6cuaUc7pEnjEV6HZc
+dvH5tQu3DhwoWwGGHh4FqxcW2KiAjpT5IcpfewMQFl++6sJ3wavxWOTJfrUh9vQ/
+mEe6i0AHHgJoFJmEPKH+sOlpY3MPVmgqvEkR/x7Ay28lsYiE0ocplD/h3r7kXrIS
+g5Z1KmdvDMV4g+KSv36bqQ51ZF9gAkVDBEwgXPWCTIjf0AsoUj/GLlzLju4La9fN
+6Ag8tmb58LnhXVT8ugDNP3szHZz9rQTF1CdyOj3h2kmK45Dfw7eFT4Jn6alPnuNH
+nly+I8lZTA3FpkWw24eoyOs23JDHsJ0FbSkIrN2lMW5GtVo3lIMCAwEAAaOBxTCB
+wjAdBgNVHQ4EFgQUqS+PqShidpz1YIPSOaxt1lP3JsUwHwYDVR0jBBgwFoAUKBrv
+ypNiRpjz1Pfo07eow8yE7EAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwczovL2V4YW1wbGUu
+Y29tL2NlcnRzMCgGA1UdHwQhMB8wHaAboBmGF2h0dHBzOi8vZXhhbXBsZS5jb20v
+Y3JsMA0GCSqGSIb3DQEBDAUAA4IBgQCNYpGzRp2YOmOpELIHNdqP36tqgnZgCCYq
+CGPceEcLmZqNyHEeURb1XZC1Xf4bG2DCuGnf6aqKJepY1uNBORWg6Zebn/z2YiBm
+rWdj3zZZLrikUqTa22d9emCpEDxRXolWX3AX/1E6OoGePbsMdQUGLxNrmnJJ730
+6HZdLBhw+dkyHGCxWrZUIM+ma5xdlCGl0/tlyWUwwEprfvYFAd8u+YEGA4uqGVB0
+bcIqqb3x/S0vmhaj5nDyjnv3EhSqJLv/TS4mQ3OJMMnkZPuc46MPlnYh4iahU3Is
+iX/8GPfcw5b84bG3b9FHFHptPxHozLEP4JDEdFNpNhBAzXlgBFcmhxsybGnQqYk9
+RSvwp4QbaPb46O9mRbTWTYSa8WFIMMU0ZTe2pXToj6Bc3b35HwOCgd726ay5SyAP
+AKTiRKUOH/zTvJyoGPfk8Q89baQb4/0q6LQrgCsyriJIeR25ffDXYSVYvDikb8yL
+pWGjyWe0czJkmcg0/knszGYCp091lMg=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFLjCCA5agAwIBAgIUHjSXMt9hZ3WFZkP4m6h8HLculDkwDQYJKoZIhvcNAQEL
+BQAwbTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0
+b24xEDAOBgNVBAoMB1BDX09FTTIxKzApBgNVBAMMIlBDX09FTTIgcnNhIDNrIHNo
+YTM4NCB0ZXN0IHJvb3QgY2EwHhcNMjMxMTE1MTM0OTEyWhcNMzMxMTEyMTM0OTEy
+WjBtMQswCQYDVQQGEwJVUzELMAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRv
+bjEQMA4GA1UECgwHUENfT0VNMjErMCkGA1UEAwwiUENfT0VNMiByc2EgM2sgc2hh
+Mzg0IHRlc3Qgcm9vdCBjYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
+AKTDn5itAysPqY3PANfeYzj5IX5SRhgqzFmMkCsjbNeIsfUbPhdIk/wri9bn9LD/
+5L+R1iJf4018KE7duVUYK5yw7KVuuy+QpkwCDVHnXfLlmNethVh4JE63SRcqScDE
+DTHfAnC/QIxCTUUJX4UJaEn9FT4suCQV8biuFCy1nAjBhb2NLrkXdBD4sOzCkehz
+39k8yQ+eMNKlty8upSMDGlbDie2mItkJYL8PEbKPOJgNxaur17C87YuJ03EjMS+3
+NmmMsldj2uftraivIufL4BdDrIZJjes1AKGiO2x/9QdLr0y5nJBgyNXIfTrVLcj1
+P8nwnjF3+pPGTwRX7KyhTuy946RLGw/f4zDxAeDmYzyBsdZbPpU2Rx9gUseqqNra
+5PRsnodO4oh6nrVjpmfPbLjrUomo6rsBSMO73QUEzxGaCxIu966OhI8I9HXIcqHj
+h+fC//z9uCD+3tmUU2Uq7hF3iK1isK7SYBoz1T6p2Xxx9AaVFEP1LPqYVNGLazZR
+YwIDAQABo4HFMIHCMB0GA1UdDgQWBBQoGu/Kk2JGmPPU9+jTt6jDzITsQDAfBgNV
+HSMEGDAWgBQoGu/Kk2JGmPPU9+jTt6jDzITsQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBhjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBz
+Oi8vZXhhbXBsZS5jb20vY2VydHMwKAYDVR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9l
+eGFtcGxlLmNvbS9jcmwwDQYJKoZIhvcNAQELBQADggGBAC4/SZu50SVNEhqKqSkM
+Cr+Idpsd9yON5rYwR5nKf4XqroeXRq9BRtlVgYjDU6r5dla+orVABOtyD9MtcEi5
+V1++LbnOgLeCuQ/F0Gof8t+WJqI1syf8cfOsZPlTlc6DhZ0be7McdQwWenOel5HC
+oYE8pk5j0Vq/UdZqlzuIUdcpnOiN3ZwA91nR78Q2cHzJePixWh7+aJ/4KPpvejiU
+vnELIzYpZygEwVvDkqHunTB7YjWdACY5GCJN9qQMOntYWosFXLGlkFUJ5KW8BpIY
+e36ygPe9ujXaY++DtC7auPEUiSaW/Wy1XsEkGF6TF3hEKj7Am74KcaWqeco4pH7y
+/nKnY8XIjuLK31i7WR9EX2fAtz2mxOExANZcXyn/LtLD0VhWWMMvuzzudmv27yMQ
+1ZF7opqFdCnN8/5X7V6i8gC9g2Us0+R3SQ9HhXRMo3yhM0xw0Q1Yk2Xp+v4pGptJ
+3LULIOyo+T7OztjebzQQrlxGNIjUni4m6/CD39pNp+CX4Q==
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/certs/PC_OEM2_rim_signer_rsa_3k_sha384.pem
+++ b/.ci/tcg-rim-tool/certs/PC_OEM2_rim_signer_rsa_3k_sha384.pem
@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFFjCCA36gAwIBAgIBBTANBgkqhkiG9w0BAQwFADBpMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCT1IxEjAQBgNVBAcMCUJlYXZlcnRvbjEQMA4GA1UECgwHUENfT0VN
+MjEnMCUGA1UEAwweUENfT0VNMiByc2EgM2sgc2hhMzg0IHRlc3QgY2EyMB4XDTIz
+MTExNTEzNDkxNFoXDTMzMTExMjEzNDkxNFowbDELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAk9SMRIwEAYDVQQHDAlCZWF2ZXJ0b24xEDAOBgNVBAoMB1BDX09FTTIxKjAo
+BgNVBAMMIVBDX09FTTIgcnNhIDNrIHNoYTM4NCB0ZXN0IHNpZ25lcjCCAaIwDQYJ
+KoZIhvcNAQEBBQADggGPADCCAYoCggGBANSmP8wkFWhfY2f4q+T0WR+15gfV5Xz1
+PYczfW/OrXFhC/QUFQds/MQaV/nJdSG5ZGnHAL8N8rKkD8zfIpVDHpSCcve69fBy
+Ki/OznZ2aVfYQnz/D4evWZx2D+5v4sj6rphiKKIsdNTslx/wRFhGrdJD1PwzDf5W
+zGDNm2FSylSOC9icMsHyiRtMb+hVVGixccqjXH7fbReI8iN86Kk3XWBEY52CEVzO
+d1E4aBibCqUNT3Vti+K1dD1bpi8c0rFrC72oD6cArLTdyiCW8Een9iJ4RWSt0/ml
+jZfdNveffTcqqZv2FJZUd8lMX8a4ypkBq89wYPWvX9g/vT6dDy6CfCH3f36EQZKy
+6IuPIt2EEWp7Woq9KVEGqE5HogNsf5bF6vLIvEzcb6UN7UxXAKYG778sv7TDbITS
+ZidD9acmvSy9sB4c47JSYb/amUtekvN714DVIfCxdwo4am2Z1SJOJlDnravD2B4J
+/rrFQMlo6MTqyQ/AnMjwjyET90w9ukcoLQIDAQABo4HFMIHCMB0GA1UdDgQWBBQB
+MbBr7WQ1cxlPuB6SipjrTQ1mojAfBgNVHSMEGDAWgBSDqjJfSBaaTlurWODEHFYT
+YW2Z1jAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA1BggrBgEFBQcB
+AQQpMCcwJQYIKwYBBQUHMAKGGWh0dHBzOi8vZXhhbXBsZS5jb20vY2VydHMwKAYD
+VR0fBCEwHzAdoBugGYYXaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmwwDQYJKoZIhvcN
+AQEMBQADggGBAIrFzr5JGs5s3E7SZ0qauH1d9QwuNU9PQxALc93xOy3HeJxNgyIE
+u6LNV28RDrd6AH7MSH8aPWVHBqJtnWdNhs4B4snrnINPrYHk4L5H9rWqLc7ON6AU
+5VQ+Y/evHs/wCP2v87wIyeLC6cInSXxnSna++D8FOcL1UEXoRyjhaM37NJDRlJ0d
+RpRyVRzE/atqe6kdrzCfWC4MUKsdMR0zEOmQKzIvQpUnXwITYp3ZvgM0I/PaxG09
+Kokn5iVlEFUIUcmUsnvjCnRQYj8U/m1mNSZYXzpGwxjSH/EYqAQTWFB9tP0S05WA
+kwho8BkF3QEe0Vm/Bx8/XCyx5/Rlymyf/ob6Cxk8yOOSG7hDvpOwCDCXg+egLuFM
+uZPfzHrMCP7TOStnONsgRmkglQblCQkLT2Q8yQmG3FYZDMUIFKzYR7vhJ4qydSNJ
+bYWYI7cgXZOTeurxDcCb5C5fF5QGF0grnjFEJt4WScAKO7JSkZXLGdlDtqDxyiWf
+EOcwMEB04igXOA==
+-----END CERTIFICATE-----
--- a/.ci/tcg-rim-tool/configs/Base_Rim_Config.json
+++ b/.ci/tcg-rim-tool/configs/Base_Rim_Config.json
@ -0,0 +1,53 @@
+{
+        "SoftwareIdentity": {
+                "name": "Example.com BIOS",
+                "version": "01",
+                "tagId": "94f6b457-9ac9-4d35-9b3f-78804173b65as",
+                "tagVersion": "0",
+                "patch": false,
+                "supplemental": false
+        },
+	"Entity": {
+                "name": "Example Inc",
+                "regid": "http://Example.com",
+                "role": "softwareCreator,tagCreator"
+        },
+	"Link": {
+                "href": "https://Example.com/support/ProductA/firmware/installfiles",
+                "rel": "installationmedia"
+        },
+	"Meta": {
+                "colloquialVersion": "Firmware_2019",
+                "edition": "12",
+                "product": "ProductA",
+                "revision": "r2",
+                "payloadType": "direct",
+                "platformManufacturerStr": "Example.com",
+                "platformManufacturerId": "00201234",
+                "platformModel": "ProductA",
+                "platformVersion": "01",
+                "firmwareManufacturerStr": "BIOSVendorA",
+                "firmwareManufacturerId": "00213022",
+                "firmwareModel": "A0",
+                "firmwareVersion": "12",
+                "bindingSpec": "PC Client RIM",
+                "bindingSpecVersion": "1.2",
+                "pcURIlocal": "/boot/tcg/manifest/switag/",
+                "pcURIGlobal": "https://Example.com/support/ProductA/"
+        },
+	"Payload": {
+                "supportRIMURIGlobal": "https://Example.com/support/ProductA/firmware/rims/",
+                "supportRIMFormat":"TCG_EventLog_Assertion",
+                "Directory": {
+                        "name": "rim",
+                        "root": "/boot/tcg/manifest/rim/",
+                        "File": {
+                                "version":"01",
+                                "name": "Example.com.BIOS.01.rimel",
+                                "size": "7549",
+                                "hash": "4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848"
+                                }
+                }
+        }
+}
+
--- a/.ci/tcg-rim-tool/configs/Component1_Rim_Config.json
+++ b/.ci/tcg-rim-tool/configs/Component1_Rim_Config.json
@ -0,0 +1,54 @@
+{
+        "SoftwareIdentity": {
+                "name": "Example.com BIOS",
+                "version": "01",
+                "tagId": "94f6b457-9ac9-4d35-9b3f-78804173b65as",
+                "tagVersion": "0",
+                "patch": false,
+                "supplemental": false
+        },
+	"Entity": {
+                "name": "Example Inc",
+                "regid": "http://Example.com",
+                "role": "softwareCreator,tagCreator"
+        },
+	"Link": {
+                "href": "https://Example.com/support/ProductA/firmware/installfiles",
+                "rel": "installationmedia"
+        },
+	"Meta": {
+                "colloquialVersion": "Firmware_2019",
+                "edition": "12",
+                "product": "ProductA",
+                "revision": "r2",
+                "PayloadType": "direct",
+                "platformManufacturerStr": "Example.com",
+                "platformManufacturerId": "00201234",
+                "platformModel": "ProductA",
+                "platformVersion": "01",
+                "firmwareManufacturerStr": "BIOSVendorA",
+                "firmwareManufacturerId": "00213022",
+                "firmwareModel": "A0",
+                "firmwareVersion": "12",
+                "bindingSpec": "PC Client RIM",
+                "bindingSpecVersion": "1.2",
+                "pcURIlocal": "/boot/tcg/manifest/switag/",
+                "pcURIGlobal": "https://Example.com/support/ProductA/"
+        },
+	"Payload": {
+                "supportRIMURIGlobal": "https://Example.com/support/ProductA/firmware/rims/",
+                "supportRIMFormat":"TCG_EventLog_Assertion",
+                "supportRimType": "BaseRim",
+                "Directory": {
+                        "name": "rim",
+                        "root": "/boot/tcg/manifest/rim/",
+                        "File": {
+                                "version":"01",
+                                "name": "Example.com.BIOS.01.rimel",
+                                "size": "7549",
+                                "hash": "4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848"
+                                }
+                }
+        }
+}
+
--- a/.ci/tcg-rim-tool/configs/Patch_RIM_Config.json
+++ b/.ci/tcg-rim-tool/configs/Patch_RIM_Config.json
@ -0,0 +1,53 @@
+{
+        "SoftwareIdentity": {
+                "name": "Example.com BIOS",
+                "version": "01",
+                "tagId": "94f6b457-9ac9-4d35-9b3f-78804173b65as",
+                "tagVersion": "0",
+                "patch": true,
+                "supplemental": false
+        },
+	"Entity": {
+                "name": "Example Inc",
+                "regid": "http://Example.com",
+                "role": "softwareCreator,tagCreator"
+        },
+	"Link": {
+                "href": "c30e60f5261620320a176a5f265e231409447cf25c685111cb39648d027420c5",
+                "rel": "requires"
+        },
+	"Meta": {
+                "colloquialVersion": "Firmware_2019",
+                "edition": "12",
+                "product": "ProductA",
+                "revision": "r2",
+                "PayloadType": "direct",
+                "platformManufacturerStr": "Example.com",
+                "platformManufacturerId": "00201234",
+                "platformModel": "ProductA",
+                "platformVersion": "01",
+                "firmwareManufacturerStr": "BIOSVendorA",
+                "firmwareManufacturerId": "00213022",
+                "firmwareModel": "A0",
+                "firmwareVersion": "12",
+                "bindingSpec": "PC Client RIM",
+                "bindingSpecVersion": "1.2",
+                "pcURIlocal": "/boot/tcg/manifest/switag/",
+                "pcURIGlobal": "https://Example.com/support/ProductA/"
+        },
+	"Payload": {
+                "supportRIMURIGlobal": "https://Example.com/support/ProductA/firmware/rims/",
+                "supportRIMFormat":"TCG_EventLog_Assertion",
+                "Directory": {
+                        "name": "rim",
+                        "root": "/boot/tcg/manifest/rim/",
+                        "File": {
+                                "version":"01",
+                                "name": "Example.com.BIOS.01.rimel",
+                                "size": "7549",
+                                "hash": "4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848"
+                                }
+                }
+        }
+}
+
--- a/.ci/tcg-rim-tool/configs/Primary_Rim_Config.json
+++ b/.ci/tcg-rim-tool/configs/Primary_Rim_Config.json
@ -0,0 +1,54 @@
+{
+        "SoftwareIdentity": {
+                "name": "Example.com BIOS",
+                "version": "01",
+                "tagId": "94f6b457-9ac9-4d35-9b3f-78804173b65as",
+                "tagVersion": "0",
+                "patch": false,
+                "supplemental": false
+        },
+	"Entity": {
+                "name": "Example Inc",
+                "regid": "http://Example.com",
+                "role": "softwareCreator,tagCreator"
+        },
+	"Link": {
+                "href": "https://Example.com/support/ProductA/firmware/installfiles",
+                "rel": "installationmedia"
+        },
+	"Meta": {
+                "colloquialVersion": "Firmware_2019",
+                "edition": "12",
+                "product": "ProductA",
+                "revision": "r2",
+                "PayloadType": "direct",
+                "platformManufacturerStr": "Example.com",
+                "platformManufacturerId": "00201234",
+                "platformModel": "ProductA",
+                "platformVersion": "01",
+                "firmwareManufacturerStr": "BIOSVendorA",
+                "firmwareManufacturerId": "00213022",
+                "firmwareModel": "A0",
+                "firmwareVersion": "12",
+                "bindingSpec": "PC Client RIM",
+                "bindingSpecVersion": "1.2",
+                "pcURIlocal": "/boot/tcg/manifest/switag/",
+                "pcURIGlobal": "https://Example.com/support/ProductA/"
+        },
+	"Payload": {
+                "supportRIMURIGlobal": "https://Example.com/support/ProductA/firmware/rims/",
+                "supportRIMFormat":"TCG_EventLog_Assertion",
+                "supportRimType": "BaseRim",
+                "Directory": {
+                        "name": "rim",
+                        "root": "/boot/tcg/manifest/rim/",
+                        "File": {
+                                "version":"01",
+                                "name": "Example.com.BIOS.01.rimel",
+                                "size": "7549",
+                                "hash": "4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848"
+                                }
+                }
+        }
+}
+
--- a/.ci/tcg-rim-tool/configs/Supplemental_Rim_Config.json
+++ b/.ci/tcg-rim-tool/configs/Supplemental_Rim_Config.json
@ -0,0 +1,53 @@
+{
+        "SoftwareIdentity": {
+                "name": "Example.com BIOS",
+                "version": "01",
+                "tagId": "94f6b457-9ac9-4d35-9b3f-78804173b65as",
+                "tagVersion": "0",
+                "patch": false,
+                "supplemental": true
+        },
+	"Entity": {
+                "name": "Example Inc",
+                "regid": "http://Example.com",
+                "role": "softwareCreator,tagCreator"
+        },
+	"Link": {
+                "href": "c30e60f5261620320a176a5f265e231409447cf25c685111cb39648d027420c5",
+                "rel": "requires"
+        },
+	"Meta": {
+                "colloquialVersion": "Firmware_2019",
+                "edition": "12",
+                "product": "ProductA",
+                "revision": "r2",
+                "PayloadType": "direct",
+                "platformManufacturerStr": "Example.com",
+                "platformManufacturerId": "00201234",
+                "platformModel": "ProductA",
+                "platformVersion": "01",
+                "firmwareManufacturerStr": "BIOSVendorA",
+                "firmwareManufacturerId": "00213022",
+                "firmwareModel": "A0",
+                "firmwareVersion": "12",
+                "bindingSpec": "PC Client RIM",
+                "bindingSpecVersion": "1.2",
+                "pcURIlocal": "/boot/tcg/manifest/switag/",
+                "pcURIGlobal": "https://Example.com/support/ProductA/"
+        },
+	"Payload": {
+                "supportRIMURIGlobal": "https://Example.com/support/ProductA/firmware/rims/",
+                "supportRIMFormat":"TCG_EventLog_Assertion",
+                "Directory": {
+                        "name": "rim",
+                        "root": "/boot/tcg/manifest/rim/",
+                        "File": {
+                                "version":"01",
+                                "name": "Example.com.BIOS.01.rimel",
+                                "size": "7549",
+                                "hash": "4479ca722623f8c47b703996ced3cbd981b06b1ae8a897db70137e0b7c546848"
+                                }
+                }
+        }
+}
+
--- a/.ci/tcg-rim-tool/eventlogs/TpmLog.bin
+++ b/.ci/tcg-rim-tool/eventlogs/TpmLog.bin
--- a/.ci/tcg-rim-tool/eventlogs/TpmLog2.bin
+++ b/.ci/tcg-rim-tool/eventlogs/TpmLog2.bin
--- a/.ci/tcg-rim-tool/keys/COMP_OEM1_rim_signer_rsa_3k_sha384.key
+++ b/.ci/tcg-rim-tool/keys/COMP_OEM1_rim_signer_rsa_3k_sha384.key
@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQCibenI5i0Oxqqn
+DzF+qqgWvs7LsAGzTOtQzLMoq9+tj8kMRQXDL+rV/dqLlj/hh3OepGUvaLwQfQNc
+oOpY4NBtg8Dh+EH5A9mvqypsjgckHnyU/i1naFsm8PjUEgXCR2dbQiC3AQC+V4v
+txdM3SH3fXuj60lnF64ydGVqYBxbf0VK5omFNtw6nSBgHMEw/yBYzph2KO4CXwTl
+bsk9P4yvXYBAzR+iYKqvRWbB+qwRgLtTreAxbdoG1mHfuMt3H53OD7nnDF26wsLa
+CU+l4NR+ysNaOultPWqOkdelk1fIygJ1kdc6fMxYbioQQhLzib1XmypNl0gH0hqi
+xMCz76qrMFiWIkbpP7QtUnKg/5hjWJKEIBF8VOdchsglBrb38gtqNMmtegyfzeA+
+YyPFw+XL0XOPxI2yzFFEt7CP3Xg8lQ5X5nvNkQrXO20bUlXhTYmLti/+DHfhz2pb
+bx/INPQcJOKb9Xamc5zYHXolgoCMSl5+6xM1DRuR3vx6/Nzw1JUCAwEAAQKCAYAp
+UCV/WLQrJvKuzRl8qzFXn65/dkPoc+8CPR5wgM7CmWi8ey3NCHoFdazJhiy3Uzlg
+J1YpKc1zsChT1M/6HHp9Ey5caooc9K/KJUNLYi4Nbd3med8vamltc2zuezPq0AG9
+UccxaX6Htx9yqXH+tdv20+7HsYeY9hfzc1F8LffoecWJGHvv6xU2v1JFv+qPaMS0
+cc+rdhubdMmNBZGfx3MkA3ckhEfAiC/BprhNLFHpncGHthjo2ZTz2kFIovr1UI/t
+5kjOyFjstSg3VKcUNrYISZIQN0WpJG8KHY+ls6bQobBy1M/vTTYoN9tE2fOybZL6
+EHySh7lt4jfzGijzWcrG+0mnr1t72d9n1Upk3p1xeBTeXQgWBvIM/TxYgy3as4NV
+iLdb28fZaJbdqzq/yaYtcmYgtsqaT5++H7dHw+CCU5RpRs2nytsuHjiYbNjBuUrF
+hSe/U5vG1vnmhKP2ciE5aOIodT2lDelHM2/bggwIvVmmFfuLawHVwQIM5+QfNv0C
+gcEAzX2wPBZtyNMvvJRdah0Z/ve3q343zF2zZ/e/of7q3IwuwQObjuimGBhKR+/9
+8F7qlgmpTAR4MHO6Gt/3/XpdHn4KZyjafQ2N6MBbAhDTBg+N6HzjU1zKS2MOvP6D
++Kmfc7004zvGKY37YYSm512tHy23RoiYUqxcy403R81UujXWBOCJgtWUIRn2D+E
+zTdBSeEQVxDH3/X6v2uSSYl/REsCpU5N/DgjAVAMNx7ZCN+9RlOcfmyCQsLahx3v
+ki4rAoHBAMpanaPBZw9IjykdjcOzOvutGzpdkblKmnBDqdkcWZFMyMcidI3QHWIb
+bhfDbhETy66EfG3jSaKS41wDvqFQfPpliX71MpEA0O3F1FH9Xxhd0px/vitw+oc0
+z/iOg2ZwNaa367nDxsiuHHqLFJbU3nMN+YNlPhpx6ZIeEG59keUkCnLKKS2C/L0+
+lrTOlDjOkZ/eqCFNjwL9WLvnYQhSHAkp2Y3UWvz03uw3NqDhMkpHh/dPpAc7crvY
+i7VF6qJoPwKBwQC8TI5voUXcntjBf1rSX/RwVWKy/Sf4V2yMutOZiFSC4Nn++GVV
+YQ7CSY/Xt60E1JU2A4hlJjtUetdwxQcj+TrXNDwoJ6F+sir1uz4p+GzGwv4QqlBN
+FVwyFIVu3fLnn9tcsYZbTGvUNIxPVWo7uuEJpraSiN40NRPCLfc3IN/mJ4MdLFM4
+tW7UvV/DIwF4Y0eqgVhN0Ay3x1mMivAz/pDmba3w+H4xvuckzstCvzu2DAAPL5LZ
+rmj28EL7SY08cJ0CgcEAxnz+VmvWiNJWwzDfJxC/EbIqnCS+VW/Nb8Ofbnz1iqYz
+58lvZM+4ksxvQFYNuCifyY7hcvTY/ORyqoZtzlRiU0eYCHXB5SRUzHcaHlaXmhIm
+DibrxjbrOAbg3WIFmE0HA4MzcaONcLoA619TkeQ6U8doca+0rEICp7ZfzdHUc1zX
+9uNAYwkymvsy3yYnlFVj2NqSNyCZ4IfcK2z57CyGnaJ0aT/dBHW52SELr+FV8DCc
+OUXgksuIbqQp3mU3k5kHAoHBAMvA1CElnOdaqgq6Dxc/PefozEEKOf4sYDhrZqXv
+dGltLgyPV4YENN/gCAQdlBY9L8V+nqKc0rDKVeliRokitsFX9iwWBpkmvpt1Z/mS
+ruSgKOWr9z59vstVMItMTl5DuPWIB9imk0CQWD/VxhLCQeKD6rPLoUog2pkO6QXd
+7ZHZ+QxYvglQeCr7LinUGVkvPyP1sgoNis0Hbg6l+AgJwdJCux/5T+0pbEIQGxY1
+V7U7rEXRyAfoCmL9gk1pFR3h5Q==
+-----END PRIVATE KEY-----
--- a/.ci/tcg-rim-tool/keys/PC_OEM1_rim_signer_ecc_512_sha384.key
+++ b/.ci/tcg-rim-tool/keys/PC_OEM1_rim_signer_ecc_512_sha384.key
@ -0,0 +1,10 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIBOkOcBW+GNzVEMqFg7slOZZAAf9Q+v1GptR3wrt4SN6j7zORLU8Pr
+Izrj+EfUdCq+/H2MQwbNBzz1hsty+ckc96mgBwYFK4EEACOhgYkDgYYABABuzgMG
+dn+bJS73wzH5EXsBhp5p7FlXxDIeB56UDfqAG9Vuox+dh2TV2wVN35QdAVOJnvaR
+fxcF8VZ+B41tq7NmDADZyEKiMVBASx5bVt4wgPp0kTdK1l2bSA6dpjfQGczwzAkv
+ysu41EAv54p+U9tUHaSW0yuNw0EPDxtr8uR/77P1Sg==
+-----END EC PRIVATE KEY-----
--- a/.ci/tcg-rim-tool/keys/PC_OEM1_rim_signer_rsa_3k_sha384.key
+++ b/.ci/tcg-rim-tool/keys/PC_OEM1_rim_signer_rsa_3k_sha384.key
@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDMQEBV0b1Oo/Tn
+JC3EJx3hZRyqMbLXTe9geaoa/777ENWZz/XE0wOszbbQn/q6REbYkG9biDoRIchF
+dAOOSmKT7e1KyC7Mk3a5Go+XauKA/Kavkk87z9mfZnGUCV0LuIG13R6cIGd10Jq7
+1SNie0/kXmyBJtSnhcJtyL07CSxjHmjw+BkYU2Jsp+LktPY8iu4gcTWoD/rBeLln
+0VVIEuoXi4yaLalNGMp6PeM90ygpykliIgcu6UhmBY809TDgqQo4srywqjeWDO6x
+CDIJBaTgf9bxt9sAlp+1SomQhOT7P7TRef6X8dLhNFucq4IbDQKA90a61WavsFL5
+bAMFtyGyAH01svsIqjKrJ0YSB55hfhUBA0xjF8qYddZj8Ye4oCwiVfi86E6ADQmX
+pnEzxEcN1lcKcEfsMvsnB9ANVt252ozIgSRAV1ahNNKpxCTDTbaLqrjZOkSIxuVH
+ORquEhdEx+V0+6Mt4S41PURHD0KQHhKDEdfIBm1ZMRH7rjf8eGsCAwEAAQKCAYAj
+wNuCKkTJD0o/a8XXIEHKwrhR0oFLzwioCqQMNdhoennpgs2ytn1eMmReAKMTGACO
+yDm1/BKuDQvRnI1CyyKWYn+3J3OJvAZ8QHoCN2OO0Ksc8K+N+MRPcs9O6pSvCI0s
+GJjTG5kAtpNfbd/TzWIex6iWswVmjbOLJCh7vQ9YCmq0Q7mg2HfSLVE6V7MCxg8I
+/sg1sxZh55AM7EfRZf40QOlL09Je/If0/gBZQi01o4NU+j/npk5WDYMT8hesO+qN
+wiRGg32Fzv8sf1S4kL2aisuIlO2Yk9IlDpTe06CNfSXTwvAob+3S05btPq0qsBZM
+8J16IB9sK7+NN5aAtLiCWxgsl730UGuaTZNdLiN4dqGBNJxbD9ET/6bFzd8/s5kz
+4Ywj4pg7TPglMXTYWcJjbOAzSMtFVVzhNxZrdPp7nclRLWfM+a0o+Pl90gbmFaAL
+gS33TFHS4uOIR2jvx/oC2XdigATkFUeDyLjkLWnSL8IkjY7S/qsQIkq9I8aGUIEC
+gcEA+gprGqJKKvHJ5adA5aJF4RtMpCZuljjp2tTIhrFI6i7FWEraLMRgH658pjhw
+oLpUxadznMhZh52TcLj9JxvnYUy07+ui/X4FatW/o5YhoTukSLn2RB7aZDtBmv+
+V8WjFjQQoDlVWOsiecv/ivhdBOKejQM3ykv6AZdlyAT3SRXsxmBpqtWySNlbqcaV
+azSedyGlpfDjdYZ/uJgQGbH8GkBuallYqQFM8IeARUdxXZmzJ5i8jmtPiN+GPJun
+0z6dAoHBANEedGIWHnubkW+m5S36Q0DmubbisQYBWpv2EW5SuxrB9HOiBdDu03QD
+VSAZN3qTXAM8MADJ9QkNfpFv6VNDjMoi3auAz0DBzGAUcYONQLWdhk6I+LgsK8Ax
+yuUYKyxOBMZE5X3T1dpAiBhIi9yZVNqNhoAU59QNhAjJgWv7uF5f1CjlQmLF99WK
+5YgfuxRWXmR8Xf2AKQmBl6ap8LZGLjRy4poAB02ptSZbJp69JooizZZkUo3skM7z
+Czk25lcgpwKBwEsPuZtjQNSnhS6WCRtmnYe4REe66dPa/gkde51Dt1nl9IRO5DQw
+N5MLNIxJwVDS3+x7i6AgW9RmLKmnaftSwwcMp3d9wY5upq0KpLECVnz7hwq26db1
+5baJNT6KSO5cfFr8Akm3LHHnFJBvtyUm7fW7elFmt+bY7BJyOrHTG9Eq7cuXweDx
+CfZomeXboZtvTmsBBNNN/1qWp9zoeVzdW4sd8Ieojr8djtVeOBmUGuo4a9nlNiWi
+/VtfjtK+/6Cg2QKBwQCxGhi4xUDVsF/Qbkjj0nJIsd6Qm5YOnvDs6s3CYEBjneV4
+VLyWQN1GAFiEkbahkdE4UC3bTS6/lvUdGOlDAg9nVXXkfHeJwVdj+4xTPDqUVS9c
+rbXuzEHVSJYrxXcy03RJsimlkdUoPMTFxBLnJdhuK7PAH3Ri63tpsbZxDEMNch0M
+8XRykHSfHj3cNftLcwYIFifHvFWE3oLfvEbHJ9KTysRMZj/JLzPiowmnIExWarkw
+aBBeb/4HtmBH+U3EdjsCgcEAof/UwOVPU3aMAvXntD4ybmxsLlHFW9vit56GcQC/
+7PSKogvzf+CtdN0uoipaWbJvc3WiIa3BJcQaSEKtyhF3teihD23mbFyyCpqZZpkz
+J+PPLO4XCIYE9OvTBYa9Ym+bOL34ag6RRLNoS17rdWO7JtUVlhg3Vz8WtKzCZwo1
+7CrwNIszWJrptreRCE0Acr1kipZtfgtVrKgIr+hQrTEJRgE3ChTBQemLIINZ1C5h
+epZ1MWgHJwD0suOcz5WrBlna
+-----END PRIVATE KEY-----
--- a/.ci/tcg-rim-tool/keys/PC_OEM2_rim_signer_rsa_3k_sha384.key
+++ b/.ci/tcg-rim-tool/keys/PC_OEM2_rim_signer_rsa_3k_sha384.key
@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDMQEBV0b1Oo/Tn
+JC3EJx3hZRyqMbLXTe9geaoa/777ENWZz/XE0wOszbbQn/q6REbYkG9biDoRIchF
+dAOOSmKT7e1KyC7Mk3a5Go+XauKA/Kavkk87z9mfZnGUCV0LuIG13R6cIGd10Jq7
+1SNie0/kXmyBJtSnhcJtyL07CSxjHmjw+BkYU2Jsp+LktPY8iu4gcTWoD/rBeLln
+0VVIEuoXi4yaLalNGMp6PeM90ygpykliIgcu6UhmBY809TDgqQo4srywqjeWDO6x
+CDIJBaTgf9bxt9sAlp+1SomQhOT7P7TRef6X8dLhNFucq4IbDQKA90a61WavsFL5
+bAMFtyGyAH01svsIqjKrJ0YSB55hfhUBA0xjF8qYddZj8Ye4oCwiVfi86E6ADQmX
+pnEzxEcN1lcKcEfsMvsnB9ANVt252ozIgSRAV1ahNNKpxCTDTbaLqrjZOkSIxuVH
+ORquEhdEx+V0+6Mt4S41PURHD0KQHhKDEdfIBm1ZMRH7rjf8eGsCAwEAAQKCAYAj
+wNuCKkTJD0o/a8XXIEHKwrhR0oFLzwioCqQMNdhoennpgs2ytn1eMmReAKMTGACO
+yDm1/BKuDQvRnI1CyyKWYn+3J3OJvAZ8QHoCN2OO0Ksc8K+N+MRPcs9O6pSvCI0s
+GJjTG5kAtpNfbd/TzWIex6iWswVmjbOLJCh7vQ9YCmq0Q7mg2HfSLVE6V7MCxg8I
+/sg1sxZh55AM7EfRZf40QOlL09Je/If0/gBZQi01o4NU+j/npk5WDYMT8hesO+qN
+wiRGg32Fzv8sf1S4kL2aisuIlO2Yk9IlDpTe06CNfSXTwvAob+3S05btPq0qsBZM
+8J16IB9sK7+NN5aAtLiCWxgsl730UGuaTZNdLiN4dqGBNJxbD9ET/6bFzd8/s5kz
+4Ywj4pg7TPglMXTYWcJjbOAzSMtFVVzhNxZrdPp7nclRLWfM+a0o+Pl90gbmFaAL
+gS33TFHS4uOIR2jvx/oC2XdigATkFUeDyLjkLWnSL8IkjY7S/qsQIkq9I8aGUIEC
+gcEA+gprGqJKKvHJ5adA5aJF4RtMpCZuljjp2tTIhrFI6i7FWEraLMRgH658pjhw
+oLpUxadznMhZh52TcLj9JxvnYUy07+ui/X4FatW/o5YhoTukSLn2RB7aZDtBmv+
+V8WjFjQQoDlVWOsiecv/ivhdBOKejQM3ykv6AZdlyAT3SRXsxmBpqtWySNlbqcaV
+azSedyGlpfDjdYZ/uJgQGbH8GkBuallYqQFM8IeARUdxXZmzJ5i8jmtPiN+GPJun
+0z6dAoHBANEedGIWHnubkW+m5S36Q0DmubbisQYBWpv2EW5SuxrB9HOiBdDu03QD
+VSAZN3qTXAM8MADJ9QkNfpFv6VNDjMoi3auAz0DBzGAUcYONQLWdhk6I+LgsK8Ax
+yuUYKyxOBMZE5X3T1dpAiBhIi9yZVNqNhoAU59QNhAjJgWv7uF5f1CjlQmLF99WK
+5YgfuxRWXmR8Xf2AKQmBl6ap8LZGLjRy4poAB02ptSZbJp69JooizZZkUo3skM7z
+Czk25lcgpwKBwEsPuZtjQNSnhS6WCRtmnYe4REe66dPa/gkde51Dt1nl9IRO5DQw
+N5MLNIxJwVDS3+x7i6AgW9RmLKmnaftSwwcMp3d9wY5upq0KpLECVnz7hwq26db1
+5baJNT6KSO5cfFr8Akm3LHHnFJBvtyUm7fW7elFmt+bY7BJyOrHTG9Eq7cuXweDx
+CfZomeXboZtvTmsBBNNN/1qWp9zoeVzdW4sd8Ieojr8djtVeOBmUGuo4a9nlNiWi
+/VtfjtK+/6Cg2QKBwQCxGhi4xUDVsF/Qbkjj0nJIsd6Qm5YOnvDs6s3CYEBjneV4
+VLyWQN1GAFiEkbahkdE4UC3bTS6/lvUdGOlDAg9nVXXkfHeJwVdj+4xTPDqUVS9c
+rbXuzEHVSJYrxXcy03RJsimlkdUoPMTFxBLnJdhuK7PAH3Ri63tpsbZxDEMNch0M
+8XRykHSfHj3cNftLcwYIFifHvFWE3oLfvEbHJ9KTysRMZj/JLzPiowmnIExWarkw
+aBBeb/4HtmBH+U3EdjsCgcEAof/UwOVPU3aMAvXntD4ybmxsLlHFW9vit56GcQC/
+7PSKogvzf+CtdN0uoipaWbJvc3WiIa3BJcQaSEKtyhF3teihD23mbFyyCpqZZpkz
+J+PPLO4XCIYE9OvTBYa9Ym+bOL34ag6RRLNoS17rdWO7JtUVlhg3Vz8WtKzCZwo1
+7CrwNIszWJrptreRCE0Acr1kipZtfgtVrKgIr+hQrTEJRgE3ChTBQemLIINZ1C5h
+epZ1MWgHJwD0suOcz5WrBlna
+-----END PRIVATE KEY-----
--- a/.ci/tcg-rim-tool/scripts/base_rim_nocert_very_fail.sh
+++ b/.ci/tcg-rim-tool/scripts/base_rim_nocert_very_fail.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+#Test verify with no cert chain
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+. ./rim_functions.sh
+#clearing and creating a new tmp folder
+rm -rf tmp
+mkdir -p tmp
+#rim create
+rim -c base -a ../configs/Base_Rim_Config.json -l ../eventlogs/TpmLog.bin -k ../keys/PC_OEM1_rim_signer_rsa_3k_sha384.key -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem -o tmp/noCert.swidtag
+rim_create_status $?
+
+# rim verify without cert chain
+rim -v tmp/noCert.swidtag -l ../eventlogs/TpmLog.bin -t ../certs/PC_OEM1_Cert_Chain.pem
+rim_verify_fail_test $?
+
+#Return to where ever you came from
+popd > /dev/null
--- a/.ci/tcg-rim-tool/scripts/bindingSpecprimary_rim_noconfig_fail.sh
+++ b/.ci/tcg-rim-tool/scripts/bindingSpecprimary_rim_noconfig_fail.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+#test rim create with no config file.
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+. ./rim_functions.sh
+#rim create
+rim -c base -l ../eventlog/TpmLog.bin -k ../keys/PC_OEM1_rim_signer_rsa_3k_sha384.key -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem  -o noConfig.swidtag
+rim_create_fail_test $?
+
+#Return to where ever you came from
+popd > /dev/null
--- a/.ci/tcg-rim-tool/scripts/composite_rim_create_pass.sh
+++ b/.ci/tcg-rim-tool/scripts/composite_rim_create_pass.sh
@ -0,0 +1,40 @@
+#!/bin/bash
+# Composite rim create pass test
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+. ./rim_functions.sh
+#clearing and creating a new tmp folder
+rm -rf tmp
+mkdir -p tmp
+
+failCount=0
+# primary rim create
+rim -c base -a ../configs/Primary_Rim_Config.json -l ../eventlogs/TpmLog.bin -k ../keys/PC_OEM1_rim_signer_rsa_3k_sha384.key -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem -o tmp/primaryRimFile.swidtag
+rim_create_status $?
+
+# verify primary rim
+rim -v tmp/primaryRimFile.swidtag -l ../eventlogs/TpmLog.bin -t ../certs/PC_OEM1_Cert_Chain.pem -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem
+rim_verify_status $?
+
+# comp rim create
+rim -c base -a ../configs/Component1_Rim_Config.json -l ../eventlogs/TpmLog2.bin -k ../keys/COMP_OEM1_rim_signer_rsa_3k_sha384.key -p ../certs/COMP_OEM1_rim_signer_rsa_3k_sha384.pem -o tmp/compRimFile.swidtag
+rim_create_status $?
+
+# verify comp rim
+rim -v tmp/compRimFile.swidtag -l ../eventlogs/TpmLog2.bin -t ../certs/COMP_OEM1_Cert_Chain.pem -p ../certs/COMP_OEM1_rim_signer_rsa_3k_sha384.pem
+rim_verify_status $?
+
+#Return to where ever you came from
+popd > /dev/null
+
+if [ $failCount -eq 0 ]; then
+    echo "Expected Result (PASS) Result: PASS, primaryRimFile.swidtag has a new base rim file signed by PC_OEM1_rim_signer_rsa_3k_sha384.key"
+    echo "Expected Result (PASS) Result: PASS, compRimFile.swidtag has a new base rim file signed by COMP_OEM1_rim_signer_rsa_3k_sha384.key"
+else
+    echo "Expected Result (PASS) Result: FAILED, exit status $failCount"
+fi
+exit $failCount
+
--- a/.ci/tcg-rim-tool/scripts/patch_rim_create_pass.sh
+++ b/.ci/tcg-rim-tool/scripts/patch_rim_create_pass.sh
@ -0,0 +1,33 @@
+#!/bin/bash
+#Creates and Verifies a Patch RIM. Needs to refer to the Primary RIM created in previous test.
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+. ./rim_functions.sh
+#clearing and creating a new tmp folder
+rm -rf tmp
+mkdir -p tmp
+#declares failCount as number of failure tests that are not working as they should
+#Exit 1: Rim Create failure
+#Exit 2: Rim verify failure
+failCount=0
+# rim create
+rim -c base -a ../configs/Patch_RIM_Config.json -l ../eventlogs/TpmLog2.bin -k ../keys/PC_OEM1_rim_signer_rsa_3k_sha384.key -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem -o tmp/patchRimFile.swidtag
+rim_create_status $?
+
+# RIM verify
+rim -v tmp/patchRimFile.swidtag -t ../certs/PC_OEM1_Cert_Chain.pem -l ../eventlogs/TpmLog2.bin -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem
+rim_verify_status $?
+
+#Return to where ever you came from
+popd > /dev/null
+
+#Exit status with message
+if [ $failCount -eq 0 ]; then
+    echo "Expected Result (PASS) Result: PASS, patchRimFile.swidtag has a new base rim file signed by PC_OEM1_rim_signer_rsa_3k_sha384.key"
+else
+    echo "Expected Result (PASS) Result: FAILED, exit status $failCount"
+fi
+exit $failCount
--- a/.ci/tcg-rim-tool/scripts/primary_rim_create_pass.sh
+++ b/.ci/tcg-rim-tool/scripts/primary_rim_create_pass.sh
@ -0,0 +1,37 @@
+#!/bin/bash
+#This test creates and verifies a single Primary RIM
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+. ./rim_functions.sh
+#clearing and creating a new tmp folder
+rm -rf tmp
+mkdir -p tmp
+
+#declares failCount as number of failure tests that are not working as they should
+#Exit 1: Rim Create failure
+#Exit 2: Rim verify failure
+failCount=0
+# creating a base rim and checking exit status
+rim -c base -a ../configs/Base_Rim_Config.json -l ../eventlogs/TpmLog.bin -k ../keys/PC_OEM1_rim_signer_rsa_3k_sha384.key -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem -o tmp/baseRimFile.swidtag
+rim_create_status $?
+
+# RIM verify and checking exit status
+rim -v tmp/baseRimFile.swidtag -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem -t ../certs/PC_OEM1_Cert_Chain.pem -l ../eventlogs/TpmLog.bin
+rim_verify_status $?
+
+#Return to where ever you came from
+popd > /dev/null
+
+#script exit status
+if [ $failCount -eq 0 ]; then
+    echo "Expected Result (PASS) Result: PASS, baseRimFile.swidtag has a new base rim file signed by PC_OEM1_rim_signer_rsa_3k_sha384.key"
+else
+    echo "Expected Result (PASS) Result: FAILED, exit status $failCount"
+fi
+exit $failCount
+
+
+
--- a/.ci/tcg-rim-tool/scripts/primary_rim_embedd_pass.sh
+++ b/.ci/tcg-rim-tool/scripts/primary_rim_embedd_pass.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+#Test the option to embed a certificate into the swidtag
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+. ./rim_functions.sh
+#clearing and creating a new tmp folder
+rm -rf tmp
+mkdir -p tmp
+
+#declares failCount as number of failure tests that are not working as they should
+#Exit 1: Rim Create failure
+#Exit 2: Rim verify failure
+failCount=0
+#rim create, -e flag fails? Bouncy Castle error...
+rim -c base -a ../configs/Base_Rim_Config.json -l ../eventlogs/TpmLog.bin -k ../keys/PC_OEM1_rim_signer_rsa_3k_sha384.key -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem -e -o tmp/primary_embedd.swidtag
+rim_create_status $?
+
+#rim verify.
+rim -v  tmp/primary_embedd.swidtag -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem -l ../eventlogs/TpmLog.bin -t ../certs/PC_OEM1_RSA_Cert_Chain.pem
+rim_verify_status $?
+
+#Return to where ever you came from
+popd > /dev/null
+
+#Exit status with message
+if [ $failCount -eq 0 ]; then
+    echo "Expected Result (PASS) Result: PASS, patchRimFile.swidtag has a new base rim file signed by PC_OEM1_rim_signer_rsa_3k_sha384.key"
+else
+    echo "Expected Result (PASS) Result: FAILED, exit status $failCount"
+fi
+exit $failCount
--- a/.ci/tcg-rim-tool/scripts/primary_rim_noeventlog_fail.sh
+++ b/.ci/tcg-rim-tool/scripts/primary_rim_noeventlog_fail.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+#Test for a missing event log
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+. ./rim_functions.sh
+#rim create
+rim -c base -a ../configs/Base_Rim_Config.json -k ../keys/PC_OEM1_rim_signer_rsa_3k_sha384.key -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem  -o noEventlog.swidtag
+rim_create_fail_test $?
+
+#Return to where ever you came from
+popd > /dev/null
--- a/.ci/tcg-rim-tool/scripts/primary_rim_nokey_fail.sh
+++ b/.ci/tcg-rim-tool/scripts/primary_rim_nokey_fail.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+#Tests for a missing key
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+. ./rim_functions.sh
+#rim create
+rim -c base -a ../configs/Base_Rim_Config.json -l ../eventlogs/TpmLog.bin -p ../certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem -o baseRimFile.swidtag
+rim_create_fail_test $?
+
+#Return to where ever you came from
+popd > /dev/null
--- a/.ci/tcg-rim-tool/scripts/rim_functions.sh
+++ b/.ci/tcg-rim-tool/scripts/rim_functions.sh
@ -0,0 +1,132 @@
+#!/bin/bash
+#Rim system test support functions.
+#exit status functions for rim create and rim verify.
+rim_create_status(){
+  if [ $1 -eq 0 ]; then
+      echo "********"
+      echo "RIM create passed, attempting to verify the signature on base rim file..."
+      echo "********"
+  else
+      echo "********"
+      echo "FAILED: rim creation failed"
+      echo "********"
+      ((failCount++))
+  fi
+}
+
+rim_verify_status(){
+  if [ $1 -eq 0 ]; then
+      echo "********"
+      echo "RIM Verify passed!"
+      #echo "********"
+  else
+      echo "********"
+      echo "FAILED: rim verify failed"
+      #echo "********"
+      ((failCount++))
+  fi
+}
+
+rim_create_fail_test(){
+    if [ $1 -ne 0 ]; then
+        echo "********"
+        echo "PASSED: RIM create FAILED as expected."
+        #echo "********"
+        exit 0
+    else
+        echo "********"
+        echo "FAILED: RIM create PASSED expected FAIL."
+        #echo "********"
+        exit 1
+    fi
+}
+
+rim_verify_fail_test(){
+    if [ $1 -ne 0 ]; then
+        echo "********"
+        echo "PASSED: RIM verify FAILED as expected."
+        #echo "********"
+        exit 0
+    else
+        echo "********"
+        echo "FAILED: RIM verify PASSED expected FAIL."
+        #echo "********"
+        exit 1
+    fi
+}
+
+check_req_attributes() {
+  local element="$1"
+  shift
+  local attributes=("$@")
+  for attribute in "${attributes[@]}"; do
+    ((num_tests++))
+    if grep -q "$element.*$attribute=" "$BASE_RIM"; then
+      echo "The $element element HAS the REQUIRED '$attribute' attribute."
+      ((num_tests_pass++))
+    else
+      echo -e "\033[31mError: The $element element is MISSING the REQUIRED '$attribute' attribute.\033[0m"
+      exitStatus=1
+    fi
+  done
+}
+
+check_opt_attributes() {
+  local element="$1"
+  shift
+  local attributes=("$@")
+  for attribute in "${attributes[@]}"; do
+    if grep -q "$element.*$attribute=" "$BASE_RIM"; then
+      echo "The $element element HAS the OPTIONAL '$attribute' attribute."
+    else
+      echo -e "\033[33mThe $element element is MISSING the OPTIONAL '$attribute' attribute.\033[0m"
+    fi
+  done
+}
+
+check_element() {
+  local element="$1"
+  ((num_tests++))
+  if grep -q "$1" "$BASE_RIM"; then
+    echo "************"
+    echo "$element element exists checking for REQUIRED attributes... "
+    ((num_tests_pass++))
+  else
+    echo -e "\033[31mERROR: $element element is missing\033[0m"
+    exitStatus=1
+  fi
+}
+
+# checks parent tag for REQUIRED elements/attributes found in child tags.
+check_tag_req(){
+    local element="$1"
+    local tag_block="$2"
+    shift 2
+    local attributes=("$@")
+
+    for attribute in "${attributes[@]}"; do
+      ((num_tests++))
+      if echo "$tag_block" | grep -q "$attribute"; then
+        echo "The $element element HAS the REQUIRED '$attribute' attribute."
+        ((num_tests_pass++))
+      else
+        echo -e "\033[31mError: The $element element is MISSING the REQUIRED '$attribute' attribute.\033[0m"
+        exitStatus=1
+      fi
+    done
+}
+# checks parent tag for OPTIONAL elements/attributes found in child tags.
+check_tag_opt(){
+    local element="$1"
+    local tag_block="$2"
+    shift 2
+    local attributes=("$@")
+
+    for attribute in "${attributes[@]}"; do
+      if echo "$tag_block" | grep -q "$attribute"; then
+        echo "The $element element HAS the REQUIRED '$attribute' attribute."
+      else
+        echo -e "\033[33mThe $element element is MISSING the OPTIONAL '$attribute' attribute.\033[0m"
+      fi
+    done
+}
--- a/.ci/tcg-rim-tool/scripts/run_all_tests.sh
+++ b/.ci/tcg-rim-tool/scripts/run_all_tests.sh
@ -0,0 +1,89 @@
+#!/bin/bash
+# This script will run all the tests in rim/scrips directory. it will ignore specified files.
+# counters that will provide information about the script status.
+testsFailed=0
+testsPassed=0
+testsRan=0
+# Capture location of this script to allow from invocation from any location
+scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
+# go to the script directory so everything runs smoothly ...
+pushd $scriptDir > /dev/null
+
+
+# adding the verbose option.
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    '-v'|'--verbose')
+      ARG_VERBOSE=YES
+      echo "verbose parameters"
+      shift # past argument
+      ;;
+    '-*'|'--*')
+      echo "Unknown option $1"
+      exit 1
+      ;;
+    *)
+      echo "Unknown argument $1"
+      exit 1
+      shift # past argument
+      ;;
+  esac
+done
+
+#List of files in the scripts directory to ignore.
+exclude=("run_all_tests.sh"  "rim_functions.sh")
+
+#loop through the test/rim/scripts directory
+for script in *.sh; do
+   #ignoring specified (non test) files.
+   if [[ ! "${exclude[*]}" =~ $script  ]]; then
+    ((testsRan++))
+    echo ""
+    echo "----------------"
+    echo "RUNNING $script"
+
+    if [ -n "$ARG_VERBOSE" ]; then
+      ./"$script"
+    else
+      ./"$script" >/dev/null
+    fi
+
+    #checking the exit stats of the script (test).
+    if [ $? -eq 0 ];then
+      if [ -z "$ARG_VERBOSE" ]; then
+        echo "PASSED  $script"
+      fi
+      echo "----------------"
+      ((testsPassed++))
+    else
+      if [ -z "$ARG_VERBOSE" ]; then
+        echo -e "\033[31mFAILED  $script\033[0m"
+      fi
+      echo "----------------"
+      ((testsFailed++))
+    fi
+  else
+    echo ""
+    echo "----------------"
+    echo "skipping $script"
+    echo "----------------"
+  fi
+
+done
+
+#return to whatever directory you started at
+popd > /dev/null
+
+#test results
+echo ""
+echo "**** Test Results *****"
+echo "Number of tests ran    = $testsRan"
+echo "Number of tests passed = $testsPassed"
+echo "Number of tests failed = $testsFailed"
+
+#tests status
+if [ "$testsFailed" -eq 0 ]; then
+  exit 0
+else
+  exit 1
+fi
--- a/.github/workflows/create_aca_images.yml
+++ b/.github/workflows/create_aca_images.yml
@ -110,7 +110,7 @@ jobs:
    - name: Build the docker image for ${{ github.repository }}
      run: |
        cd ./.ci/docker
-        docker build --build-arg "REF=${{ github.ref_name }}" -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} .
+        docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} .
    
    - name: Push the docker image
      run: |
@ -135,7 +135,7 @@ jobs:
    - name: Build the docker image for ${{ github.repository }}
      run: |
        cd ./.ci/docker
-        docker build --build-arg "REF=${{ github.ref_name }}" -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 .
+        docker build --build-arg REF=${{ github.ref_name }} -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 .
        
    - name: Push the docker image
      run: |
@ -181,4 +181,4 @@ jobs:
      run: |
        docker manifest create $PUBLIC_IMAGE_TAG_LATEST --amend $IMAGE1 --amend $IMAGE2 --amend $IMAGE3
        docker manifest push $PUBLIC_IMAGE_TAG_LATEST
- 
+ 
--- a/.github/workflows/rim_tests.yml
+++ b/.github/workflows/rim_tests.yml
@ -0,0 +1,45 @@
+# workflow is used to run RIM tests
+name: RIM Test
+on:
+  push:
+    branches:
+      - '*v3*'
+      - 'main'
+    workflow_dispatch:
+
+jobs:
+  tcg_rim_tool_tests:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
+          settings-path: ${{ github.workspace }} # location for the settings.xml file
+      - name: install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install git curl nano cron mariadb-server
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+      - name: Execute Gradle build
+        run: |
+          ./gradlew build;
+          ./gradlew buildDeb;
+      - name: install rim tool
+        run: |
+          sudo dpkg -i tools/tcg_rim_tool/build/distributions/tcg-rim-tool*.deb
+      - name: RIM tests
+        run: | 
+          ./.ci/tcg-rim-tool/scripts/run_all_tests.sh --verbose
+
+
+
+
--- a/.github/workflows/system_test.yml
+++ b/.github/workflows/system_test.yml
@ -69,6 +69,16 @@ jobs:
        shell: bash
        run: |
          .ci/system-tests/tests/aca_policy_tests.sh 8
+      - name: ACA POLICY TEST 9 - Test valid PC and RIM with PC only uploaded
+        continue-on-error: true
+        shell: bash
+        run: |
+          .ci/system-tests/tests/aca_policy_tests.sh 9
+      - name: ACA POLICY TEST 10 - Test valid PC and RIM with RIM only uploaded
+        continue-on-error: true
+        shell: bash
+        run: |
+          .ci/system-tests/tests/aca_policy_tests.sh 10
      # - name: All ACA Policy Tests 1-8
      #   continue-on-error: true
      #   shell: bash
@ -149,4 +159,4 @@ jobs:
            exit 0;
          else
            exit 1;
-          fi
+          fi
--- a/.gitignore
+++ b/.gitignore
@ -138,6 +138,7 @@ HIRS_ProvisionerTPM2/scripts/tpm_aca_provision

 # tcg_rim_tool files
 tools/tcg_rim_tool/generated_swidTag.swidtag
+.ci/tcg-rim-tool/scripts/tmp

 ### c# build files, visual studio files
 *.user
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java
@ -19,6 +19,7 @@ public interface ReferenceManifestRepository extends JpaRepository<ReferenceMani
    ReferenceManifest findByHexDecHash(String hexDecHash);
    ReferenceManifest findByBase64Hash(String base64Hash);
    ReferenceManifest findByHexDecHashAndRimType(String hexDecHash, String rimType);
+    ReferenceManifest findByEventLogHashAndRimType(String hexDecHash, String rimType);
    @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Base'", nativeQuery = true)
    List<BaseReferenceManifest> getBaseByManufacturerModel(String manufacturer, String model);
    @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true)
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java
@ -60,7 +60,7 @@ public class SupplyChainValidation extends ArchivableEntity {
    private final List<Certificate> certificatesUsed;

    @Getter
-    @Column(length = MAX_MESSAGE_LENGTH)
+    @Column(length = RESULT_MESSAGE_LENGTH)
    private final String message;

    @Getter
@ -105,8 +105,8 @@ public class SupplyChainValidation extends ArchivableEntity {
        this.certificatesUsed = new ArrayList<>();
        this.rimId = "";
        for (ArchivableEntity ae : certificatesUsed) {
-            if (ae instanceof ReferenceManifest) {
-                this.rimId = ae.getId().toString();
+            if (ae instanceof BaseReferenceManifest rm) {
+                this.rimId = rm.getId().toString();
                break;
            } else if (ae instanceof Certificate) {
                this.certificatesUsed.add((Certificate) ae);
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java
@ -32,8 +32,6 @@ public class SupportReferenceManifest extends ReferenceManifest {
    private int pcrHash = 0;
    @Column
    private boolean updated = false;
-    @Column
-    private boolean processed = false;

    /**
     * Main constructor for the RIM object. This takes in a byte array of a
@ -127,11 +125,11 @@ public class SupportReferenceManifest extends ReferenceManifest {
        if (o == null || getClass() != o.getClass()) return false;
        if (!super.equals(o)) return false;
        SupportReferenceManifest that = (SupportReferenceManifest) o;
-        return pcrHash == that.pcrHash && updated == that.updated && processed == that.processed;
+        return pcrHash == that.pcrHash && updated == that.updated;
    }

    @Override
    public int hashCode() {
-        return Objects.hash(super.hashCode(), pcrHash, updated, processed);
+        return Objects.hash(super.hashCode(), pcrHash, updated);
    }
 }
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
@ -492,7 +492,9 @@ public class IdentityClaimProcessor extends AbstractProcessor {
                measurements = temp;
                measurements.setPlatformManufacturer(dv.getHw().getManufacturer());
                measurements.setPlatformModel(dv.getHw().getProductName());
-                measurements.setTagId(tagId);
+                if (tagId != null && !tagId.trim().isEmpty()) {
+                    measurements.setTagId(tagId);
+                }
                measurements.setDeviceName(dv.getNw().getHostname());
                measurements.archive();

--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java
@ -17,6 +17,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCred
 import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentAttributeResult;
 import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo;
+import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
 import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements;
 import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
 import hirs.attestationca.persist.enums.AppraisalStatus;
@ -35,6 +36,7 @@ import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.UUID;

 import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL;
@ -353,32 +355,47 @@ public class SupplyChainValidationService {
                log.error(ex);
            }

+            BaseReferenceManifest bRim = null;
+            if (sRim != null && sRim.getAssociatedRim() != null) {
+                Optional<ReferenceManifest> oRim = referenceManifestRepository.findById(sRim.getAssociatedRim());
+                if (oRim.isPresent()) {
+                    ReferenceManifest rim = oRim.get();
+                    if (rim instanceof BaseReferenceManifest) {
+                        bRim = (BaseReferenceManifest) rim;
+                    }
+                }
+            }
+
            quoteScv = ValidationService.buildValidationRecord(SupplyChainValidation
                            .ValidationType.FIRMWARE,
-                    fwStatus.getAppStatus(), fwStatus.getMessage(), eventLog, level);
+                    fwStatus.getAppStatus(), fwStatus.getMessage(), bRim != null ? bRim : eventLog, level);

            // Generate validation summary, save it, and return it.
            List<SupplyChainValidation> validations = new ArrayList<>();
-            SupplyChainValidationSummary previous
+            Optional<SupplyChainValidationSummary> previousOpt
                    //= this.supplyChainValidationSummaryRepository.findByDevice(deviceName);
-                    = this.supplyChainValidationSummaryRepository.findByDevice(device);
-            for (SupplyChainValidation scv : previous.getValidations()) {
-                if (scv.getValidationType() != SupplyChainValidation.ValidationType.FIRMWARE) {
-                    validations.add(ValidationService.buildValidationRecord(scv.getValidationType(),
-                            scv.getValidationResult(), scv.getMessage(),
-                            scv.getCertificatesUsed().get(0), Level.INFO));
+                    //= this.supplyChainValidationSummaryRepository.findByDevice(device);
+                    = this.supplyChainValidationSummaryRepository.findById(UUID.fromString(device.getSummaryId()));
+            if (previousOpt.isPresent()) {
+                SupplyChainValidationSummary previous = previousOpt.get();
+                for (SupplyChainValidation scv : previous.getValidations()) {
+                    if (scv.getValidationType() != SupplyChainValidation.ValidationType.FIRMWARE) {
+                        validations.add(ValidationService.buildValidationRecord(scv.getValidationType(),
+                                scv.getValidationResult(), scv.getMessage(),
+                                scv.getCertificatesUsed().get(0), Level.INFO));
+                    }
                }
-            }
-            validations.add(quoteScv);
-            previous.archive();
-            supplyChainValidationSummaryRepository.save(previous);
-            summary = new SupplyChainValidationSummary(device, validations);
+                validations.add(quoteScv);
+                previous.archive();
+                supplyChainValidationSummaryRepository.save(previous);
+                summary = new SupplyChainValidationSummary(device, validations);

-            // try removing the supply chain validation as well and resaving that
-            try {
-                supplyChainValidationSummaryRepository.save(summary);
-            } catch (DBManagerException dbEx) {
-                log.error("Failed to save Supply Chain Summary", dbEx);
+                // try removing the supply chain validation as well and resaving that
+                try {
+                    supplyChainValidationSummaryRepository.save(summary);
+                } catch (DBManagerException dbEx) {
+                    log.error("Failed to save Supply Chain Summary", dbEx);
+                }
            }
        }

--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java
@ -59,20 +59,32 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
        ReferenceManifest supportReferenceManifest = null;
        EventLogMeasurements measurement = null;

-        baseReferenceManifests = referenceManifestRepository.findAllBaseRims();
+        //baseReferenceManifests = referenceManifestRepository.findAllBaseRims();

-        for (BaseReferenceManifest bRim : baseReferenceManifests) {
-            if (bRim.getDeviceName().equals(hostName)
-                    && !bRim.isSwidSupplemental() && !bRim.isSwidPatch()) {
-                baseReferenceManifest = bRim;
+        // This block was looking for a base RIM matching the device name
+        // The base rim might not have a device name associated with it- i.e. if it's uploaded to the ACA prior to provisioning
+        // In this case, try to look up the event log associated with the device, then get the base rim associated by event log hash
+        List<ReferenceManifest> deviceRims = referenceManifestRepository.findByDeviceName(hostName);
+        for (ReferenceManifest deviceRim : deviceRims) {
+            if (deviceRim instanceof BaseReferenceManifest && !deviceRim.isSwidSupplemental() && !deviceRim.isSwidPatch()) {
+                baseReferenceManifest = (BaseReferenceManifest) deviceRim;
            }
+
+            if (deviceRim instanceof EventLogMeasurements) {
+                measurement = (EventLogMeasurements) deviceRim;
+            }
+        }
+
+        // Attempt to get an event log from the database matching the expected hash
+        if (baseReferenceManifest == null && measurement != null) {
+            baseReferenceManifest = (BaseReferenceManifest)referenceManifestRepository.findByEventLogHashAndRimType(measurement.getHexDecHash(), ReferenceManifest.BASE_RIM);
        }

        String failedString = "";
        if (baseReferenceManifest == null) {
            failedString = "Base Reference Integrity Manifest\n";
            passed = false;
-        } else {
+        } else if (measurement == null) {
            measurement = (EventLogMeasurements) referenceManifestRepository.findByHexDecHashAndRimType(
                    baseReferenceManifest.getEventLogHash(), ReferenceManifest.MEASUREMENT_RIM);

--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java
@ -217,6 +217,9 @@ public class PcrValidator {
              // other information.
            String calculatedString = Hex.encodeHexString(
                    pcrInfoShort.getCalculatedDigest());
+            log.debug("Validating PCR information with the following:" +
+                    System.lineSeparator() + "calculatedString = " + calculatedString +
+                    System.lineSeparator() + "quoteString = " + quoteString);
            validated = quoteString.contains(calculatedString);
            if (!validated) {
                log.warn(calculatedString + " not found in " + quoteString);
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
@ -462,12 +462,14 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
                        supportRim.setPlatformModel(dbBaseRim.getPlatformModel());
                        supportRim.setTagId(dbBaseRim.getTagId());
                        supportRim.setAssociatedRim(dbBaseRim.getId());
+                        dbBaseRim.setAssociatedRim(supportRim.getId());
                        supportRim.setUpdated(true);
                        referenceManifestRepository.save(supportRim);
                        updatedSupportRims.put(supportHash, supportRim);
                    }
                }
            }
+            referenceManifestRepository.save(dbBaseRim);
        }

        return updatedSupportRims;
--- a/package/win/aca/aca_common.ps1
+++ b/package/win/aca/aca_common.ps1
@ -43,7 +43,7 @@ $global:SSL_DB_CLIENT_CERT=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PA
 $global:SSL_DB_CLIENT_KEY=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PATH 'HIRS_db_client_rsa_3k_sha384.key')
 #     HIRS Relative directories assumed structure
 #         package
-#           scripts
+#           linux
 #             aca
 #             db
 #               db_create.sql
@ -65,7 +65,7 @@ $global:SSL_DB_CLIENT_KEY=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PAT
 $global:HIRS_REL_WIN_ACA_HOME=(Split-Path -parent $PSCommandPath)
 $global:HIRS_REL_WIN_HOME=(Join-Path -Resolve $global:HIRS_REL_WIN_ACA_HOME ..)
 $global:HIRS_REL_PACKAGE_HOME=(Join-Path -Resolve $global:HIRS_REL_WIN_HOME ..)
-$global:HIRS_REL_SCRIPTS_HOME=(Join-Path -Resolve $global:HIRS_REL_PACKAGE_HOME 'scripts')
+$global:HIRS_REL_SCRIPTS_HOME=(Join-Path -Resolve $global:HIRS_REL_PACKAGE_HOME 'linux')
 $global:HIRS_REL_SCRIPTS_ACA_HOME=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_HOME 'aca')
 $global:HIRS_REL_SCRIPTS_DB_HOME=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_HOME 'db')
 $global:HIRS_REL_SCRIPTS_DB_CREATE_SQL=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_DB_HOME 'db_create.sql')