From f9b0ce413d05596d3ead107b019143f58e57034f Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Tue, 13 Oct 2020 11:42:50 -0400 Subject: [PATCH] This commit adds minor tweaks. The first updates the post install script to overwrite, rather than append, the file names to the tcg boot properties file. The next tweak properly loads the Base and Support RIM from the provisioning process into the DB. --- ...stractAttestationCertificateAuthority.java | 35 +++++++++++++++++-- .../package/rpm-post-install.sh | 2 +- 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 8993640b..b3bc65f7 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -11,6 +11,8 @@ import hirs.data.persist.AppraisalStatus; import hirs.data.persist.BaseReferenceManifest; import hirs.data.persist.Device; import hirs.data.persist.DeviceInfoReport; +import hirs.data.persist.ReferenceManifest; +import hirs.data.persist.SupportReferenceManifest; import hirs.data.persist.info.FirmwareInfo; import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.info.NetworkInfo; @@ -725,8 +727,24 @@ public abstract class AbstractAttestationCertificateAuthority this.pcrValues = dv.getPcrslist().toStringUtf8(); } + // check for RIM Base and Support files, if they don't exists in the database, load them + String clientName; if (dv.hasLogfile()) { try { + ReferenceManifest support = ReferenceManifest.select(referenceManifestManager) + .includeArchived() + .byHashCode(dv.getSwidfile().hashCode()) + .getRIM(); + if (support == null) { + clientName = String.format("%s_%s.rimel", + dv.getHw().getManufacturer(), + dv.getHw().getProductName()); + this.referenceManifestManager.save( + new SupportReferenceManifest(clientName, + dv.getLogfile().toByteArray())); + } else { + LOG.info("Client provided Support RIM already loaded in database."); + } TCGEventLog tcgEventLog = new TCGEventLog(dv.getLogfile().toByteArray()); LOG.error(tcgEventLog.toString(true, true, true)); } catch (CertificateException cEx) { @@ -740,9 +758,20 @@ public abstract class AbstractAttestationCertificateAuthority if (dv.hasSwidfile()) { try { - this.referenceManifestManager.save( - new BaseReferenceManifest("blank.swidtag", - dv.getSwidfile().toByteArray())); + ReferenceManifest baseRim = ReferenceManifest.select(referenceManifestManager) + .includeArchived() + .byHashCode(dv.getSwidfile().hashCode()) + .getRIM(); + if (baseRim == null) { + clientName = String.format("%s_%s.swidtag", + dv.getHw().getManufacturer(), + dv.getHw().getProductName()); + this.referenceManifestManager.save( + new BaseReferenceManifest(clientName, + dv.getSwidfile().toByteArray())); + } else { + LOG.info("Client provided Base RIM already loaded in database."); + } } catch (IOException ioEx) { LOG.error(ioEx); } diff --git a/HIRS_ProvisionerTPM2/package/rpm-post-install.sh b/HIRS_ProvisionerTPM2/package/rpm-post-install.sh index 082fd086..bb8f9182 100644 --- a/HIRS_ProvisionerTPM2/package/rpm-post-install.sh +++ b/HIRS_ProvisionerTPM2/package/rpm-post-install.sh @@ -51,7 +51,7 @@ fi if [ -d "$LOG_FILE_LOCATION" ]; then RIM_FILE=$(find "$LOG_FILE_LOCATION" -name '*.rimel' -or -name '*.bin' -or -name '*.rimpcr' -or -name '*.log') - echo "tcg.rim.file=$RIM_FILE" >> "$TCG_BOOT_FILE" + echo "tcg.rim.file=$RIM_FILE" > "$TCG_BOOT_FILE" fi if [ -d "$TAG_FILE_LOCATION" ]; then