This commit adds minor tweaks. The first updates the post install script to overwrite, rather than append, the file names to the tcg boot properties file. The next tweak properly loads the Base and Support RIM from the provisioning process into the DB.

2025-04-07 11:26:51 +00:00 · 2020-10-13 11:42:50 -04:00 · 2020-10-13 11:42:50 -04:00 · f9b0ce413d
commit f9b0ce413d
parent 4e39b6856b
2 changed files with 33 additions and 4 deletions
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
@ -11,6 +11,8 @@ import hirs.data.persist.AppraisalStatus;
 import hirs.data.persist.BaseReferenceManifest;
 import hirs.data.persist.Device;
 import hirs.data.persist.DeviceInfoReport;
+import hirs.data.persist.ReferenceManifest;
+import hirs.data.persist.SupportReferenceManifest;
 import hirs.data.persist.info.FirmwareInfo;
 import hirs.data.persist.info.HardwareInfo;
 import hirs.data.persist.info.NetworkInfo;
@ -725,8 +727,24 @@ public abstract class AbstractAttestationCertificateAuthority
            this.pcrValues = dv.getPcrslist().toStringUtf8();
        }

+        // check for RIM Base and Support files, if they don't exists in the database, load them
+        String clientName;
        if (dv.hasLogfile()) {
            try {
+                ReferenceManifest support = ReferenceManifest.select(referenceManifestManager)
+                        .includeArchived()
+                        .byHashCode(dv.getSwidfile().hashCode())
+                        .getRIM();
+                if (support == null) {
+                    clientName = String.format("%s_%s.rimel",
+                            dv.getHw().getManufacturer(),
+                            dv.getHw().getProductName());
+                    this.referenceManifestManager.save(
+                            new SupportReferenceManifest(clientName,
+                                    dv.getLogfile().toByteArray()));
+                } else {
+                    LOG.info("Client provided Support RIM already loaded in database.");
+                }
                TCGEventLog tcgEventLog = new TCGEventLog(dv.getLogfile().toByteArray());
                LOG.error(tcgEventLog.toString(true, true, true));
            } catch (CertificateException cEx) {
@ -740,9 +758,20 @@ public abstract class AbstractAttestationCertificateAuthority

        if (dv.hasSwidfile()) {
            try {
-                this.referenceManifestManager.save(
-                        new BaseReferenceManifest("blank.swidtag",
-                                dv.getSwidfile().toByteArray()));
+                ReferenceManifest baseRim = ReferenceManifest.select(referenceManifestManager)
+                        .includeArchived()
+                        .byHashCode(dv.getSwidfile().hashCode())
+                        .getRIM();
+                if (baseRim == null) {
+                    clientName = String.format("%s_%s.swidtag",
+                            dv.getHw().getManufacturer(),
+                            dv.getHw().getProductName());
+                    this.referenceManifestManager.save(
+                            new BaseReferenceManifest(clientName,
+                                    dv.getSwidfile().toByteArray()));
+                } else {
+                    LOG.info("Client provided Base RIM already loaded in database.");
+                }
            } catch (IOException ioEx) {
                LOG.error(ioEx);
            }
--- a/HIRS_ProvisionerTPM2/package/rpm-post-install.sh
+++ b/HIRS_ProvisionerTPM2/package/rpm-post-install.sh
@ -51,7 +51,7 @@ fi

 if [ -d "$LOG_FILE_LOCATION" ]; then
  RIM_FILE=$(find "$LOG_FILE_LOCATION" -name '*.rimel' -or -name '*.bin' -or -name '*.rimpcr' -or -name '*.log')
-  echo "tcg.rim.file=$RIM_FILE" >> "$TCG_BOOT_FILE"
+  echo "tcg.rim.file=$RIM_FILE" > "$TCG_BOOT_FILE"
 fi

 if [ -d "$TAG_FILE_LOCATION" ]; then