ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-20 17:52:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'platform_cert_missing_fix' into multiple-rim-upload

Browse Source
This commit is contained in:
Cyrus 2020-11-30 06:41:52 -05:00
commit eab88e1ef6
4 changed files with 51 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
HIRS_ProvisionerTPM2/include/Utils.h
View File

@ -5,6 +5,7 @@
#define HIRS_PROVISIONERTPM2_INCLUDE_UTILS_H_
#include <string>
#include <vector>
namespace hirs {
@ -32,6 +33,8 @@ namespace file_utils {
std::string getFileAsOneLineOrEmptyString(const std::string& filename);
std::vector<std::string> searchDirectory(const std::string& directory);
void writeBinaryFile(const std::string& bytes,
const std::string& filename);

11
HIRS_ProvisionerTPM2/package/rpm-post-install.sh
View File

@ -41,9 +41,10 @@ fi
ln -s -f /etc/hirs/provisioner/hirs-provisioner.sh /usr/sbin/hirs-provisioner
TCG_BOOT_FILE="/etc/hirs/tcg_boot.properties"
MAINFEST_DIRECTORY="/boot/tcg/manifest"
LOG_FILE_LOCATION="$MAINFEST_DIRECTORY/rim/"
TAG_FILE_LOCATION="$MAINFEST_DIRECTORY/swidtag/"
TCG_DIRECTORY="/boot/tcg"
LOG_FILE_LOCATION="$TCG_DIRECTORY/manifest/rim/"
TAG_FILE_LOCATION="$TCG_DIRECTORY/manifest/swidtag/"
CREDENTIALS_LOCATION="$TCG_DIRECTORY/cert/platform/"
if [ ! -f "$TCG_BOOT_FILE" ]; then
touch "$TCG_BOOT_FILE"
@ -59,4 +60,8 @@ if [ -d "$TAG_FILE_LOCATION" ]; then
echo "tcg.swidtag.file=$SWID_FILE" >> "$TCG_BOOT_FILE"
fi
if [ -d "$CREDENTIALS_LOCATION" ]; then
echo "tcg.cert.dir=$CREDENTIALS_LOCATION" >> "$TCG_BOOT_FILE"
fi
chmod -w "$TCG_BOOT_FILE"

17
HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp
View File

@ -44,6 +44,7 @@ int provision() {
Logger logger = Logger::getDefaultLogger();
CommandTpm2 tpm2;
Properties props("/etc/hirs/tcg_boot.properties");
tpm2.setAuthData();
// get endorsement credential and endorsement key
@ -62,14 +63,26 @@ int provision() {
cout << "----> Collecting platform credential from TPM" << endl;
string platformCredential = tpm2.getPlatformCredentialDefault();
std::vector<string> platformCredentials;
platformCredentials.push_back(platformCredential);
// if platformCredential is empty, not in TPM
// pull from properties file
if (platformCredential.empty()) {
const std::string& cert_dir = props.get("tcg.cert.dir", "");
try {
platformCredentials =
hirs::file_utils::searchDirectory(cert_dir);
} catch (HirsRuntimeException& hirsRuntimeException) {
logger.error(hirsRuntimeException.what());
}
} else {
platformCredentials.push_back(platformCredential);
}
// collect device info
cout << "----> Collecting device information" << endl;
hirs::pb::DeviceInfo dv = DeviceInfoCollector::collectDeviceInfo();
dv.set_pcrslist(tpm2.getPcrList());
// collect TCG Boot files
Properties props("/etc/hirs/tcg_boot.properties");
const std::string& rim_file = props.get("tcg.rim.file", "");
const std::string& swid_file = props.get("tcg.swidtag.file", "");
try {

25
HIRS_ProvisionerTPM2/src/Utils.cpp
View File

@ -6,6 +6,7 @@
#include <re2/re2.h>
#include <dirent.h>
#include <sys/stat.h>
#include <sstream>
#include <iomanip>
@ -118,6 +119,30 @@ namespace file_utils {
return string_utils::trimNewLines(fileToString(filename, ""));
}
vector<string> searchDirectory(const string& directory) {
DIR *dr;
std::vector<string> platform_credentials;
dr = opendir(directory.c_str());
if (dr) {
struct dirent *en;
while ((en = readdir(dr)) != NULL) {
stringstream ss;
ss << directory.c_str();
ss << en->d_name;
try {
platform_credentials.push_back(fileToString(ss.str()));
} catch (HirsRuntimeException& hirsRuntimeException) {
std::cout << hirsRuntimeException.what();
}
}
// close directory
closedir(dr);
}
return platform_credentials;
}
/**
* Takes a byte string and writes the contents to a file of the given name.
* @param bytes string bytes to write