ed7dea3706
Merge branch 'master' into aic-policy-rule
2020-11-06 06:42:44 -05:00
6130f29dfa
Merge branch 'master' into aic-policy-rule
2020-11-05 14:47:52 -05:00
623da2ce80
Overload RIM validator class for faster signature checking
2020-11-05 14:13:50 -05:00
c7ffb1c57d
Merge branch 'master' into client-display-log-mismatch
2020-11-05 12:39:35 -05:00
302ffd81ee
Load Schema object in ReferenceManifestValidator class with controller class instantiation to save time
2020-11-05 11:07:17 -05:00
24cf71642d
Add validation for support RIM hash and base RIM signature.
2020-11-05 11:07:17 -05:00
1b3abe465a
Merge pull request #303 from nsacyber/vendor-table-refactor
...
[#302 ] UEFI Table Map Refactor
2020-11-05 11:02:18 -05:00
388e3e9aa0
Merge branch 'master' into aic-policy-rule
2020-11-04 10:03:08 -05:00
49714fb3f2
Updated the Component Class Registry to rev. 4
2020-11-04 07:44:07 -05:00
e1c3a1fc0f
Initial Commit
2020-10-29 08:58:37 -04:00
1a86012e72
Merge branch 'master' into vendor-table-refactor
2020-10-27 13:05:48 -04:00
24e460e0c4
This is a refactore that changes BiosMeasurements into EventLogMeasurements for evolving naming convention updates.
2020-10-26 11:09:26 -04:00
d7ade70b5c
This branch takes the validated status of a failed event log matching from the bios measurements on the client and displays what failed on the support RIM page and the fail validation icon, if log mismatch, links to a bios measurments page that displays the events that didn't match next to baseline.
2020-10-22 13:32:30 -04:00
51f91b759d
Merge branch 'master' into vendor-table-refactor
2020-10-20 09:40:32 -04:00
96970142cb
This commit includes a completed rewrite of the ReferenceManifestSelector framework. Like the previous rewrite, it was easier and made more sense to create addition classes ands that are specific to a type of RIM (base, support, measurement) for referencing in the DB. Once this was rewritten the code was modified to validate the measurement against the support rim.
2020-10-19 13:06:44 -04:00
6052d8f8f2
The current script for generating the xjc didn't check if the files already existed. This causes the script to run multiple times during a build, which slows down the build process. This tweak checks the location to see if it exists and skips generating the xjc again.
2020-10-14 10:49:14 -04:00
9d793f50e6
Merge pull request #305 from nsacyber/client-eventlog
...
[#238 ] Client eventlog upload
2020-10-14 10:46:37 -04:00
e902c89a19
Merge pull request #304 from nsacyber/xjc-library-test
...
Updated XJC implementation/integration
2020-10-14 09:56:34 -04:00
4b0bb2df91
This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag.
2020-10-09 10:48:17 -04:00
369ce81c21
Merge branch 'master' into vendor-table-refactor
2020-10-06 09:45:12 -04:00
17728d3019
Updated the error message for no associated RIM not found, cleaned up display of the event content and adjusted the column of the digest display.
2020-10-06 07:42:15 -04:00
653acd270e
With the changes to how the ReferenceManifest is represented in the code and the previous firmware validation PR update, this branch wasn't properly updated for quote validation. The code was still pulling information for the baseline from an old source that wouldn't work anymore. Therefore all validations for the quote failed. The update now pulls the baseline information from the support RIM which is now stored in the database.
2020-10-01 12:14:29 -04:00
e97e17b534
This is a change to exclude the jaxb generated files from the git tracked file list just like the protobuf class is. The script runs and generates, the files are ignored by pmd and compile depends on building the xjc directory successfully.
2020-10-01 08:36:59 -04:00
35dcc226a6
Updated and fixed the difference in the code from the master branch merge
2020-09-30 11:33:28 -04:00
89dd2084c2
Merge branch 'master' into rimel-delete-details
2020-09-30 10:03:27 -04:00
2b57207445
Updated the Tag Version and version fields for Base and Support rims. In addition, adjusted the lay out of the support rim table so that the events column isn't as long. Instead, the full content shows up in an hover action.
2020-09-30 07:51:27 -04:00
3852bd7c6e
This code push removes a large switch/case statement structure and refactors it into a json file call. This follows the similar implementation of the Component Class but for UEFI vendor names.
2020-09-25 11:19:50 -04:00
3636782987
This commit adds functionality to display tpm even log information to the support RIM display page. Outstanding issues to implement: 1) add link to base from support RIM, 2) make event table scrollable
2020-09-24 09:58:10 -04:00
39cfaa5fac
After discussion, the concept of a Support RIM was clarified and because of this the ReferenceManifest.java file has to be updated to treat the Support rim similarly to the Base (which is a binary file vs an XML file). This initial code push is the beginning of that
2020-09-21 07:34:07 -04:00
4167696e13
Removed commented line
2020-09-09 07:12:29 -04:00
0291b96ca8
Updated code should be able to print one summary
2020-08-28 14:02:40 -04:00
792a248ba0
This code finishes up validating the pcrs against the provided tpm quote. However this will cause a second summary object to display if firmware validation is enabled. This is because the summary manager isn't able to get or update the previously saved summary.
2020-08-28 12:24:02 -04:00
5fe19c5904
Updated the code to compare the composite hash and the calculated value.
2020-08-28 07:14:27 -04:00
0ab91b9b41
All bugs are fixed. The SupplyChainValidationSummary wasn't getting pulled from the DB.
2020-08-27 12:11:12 -04:00
0f3eb1b5d0
Took out initalizing TPMMeasurementRecord in PCRPolicy's constructor. This was likely throwing the DecoderException which caused the 404 error in the ACA.
2020-08-26 11:13:00 -04:00
905f12052d
This is the next stage of changes that doesn't cause a 404 error. This has a compile error because the PCRPolicy class references PCRComposite and PCRInfoShort. Both of the later classes had changes to add new constructors, and these new constructors are the source of the problem.
2020-08-26 07:54:39 -04:00
ee294e4562
SupplyCahinValidationService did not like the additions of a method returning a SupplyChainValidation, switched to Summary and it worked. This was the cause of the DB crashing.
2020-08-25 11:36:37 -04:00
6ae95da3a0
Merge branch 'master' into aca-test-validation
2020-07-29 09:47:41 -04:00
2b2e7c744b
Updated the messaging for an invalid swid tag file and added .log as another type of tmp log file to extension to accept.
2020-07-29 09:27:15 -04:00
c46b416504
Removed logging statement.
2020-07-27 14:10:22 -04:00
2e4ecb6829
Updated code for the device pcrs. The provisioner now sends everything associated with the tpm_pcrlist. The ACA stores the full list in a flat file then pulls that file when validating the firmware policy is enabled.
2020-07-27 13:58:22 -04:00
0e1413dd3c
removed unmappable characters from comment lines
2020-07-23 15:54:57 -04:00
3e9d26f598
This code changes how the ACA handles a pcr list provided by the provisioner. The provisioner also is changed to send all supported algorithms and no longer delimits them with a + sign. The ACA is now set up to cycle through the entire list until is matches the baseline found in the rim associated log file. Currently the code is having issues saving the larger list of pcr values. It is too big for the database.
2020-07-17 12:44:31 -04:00
d10e7f1ebd
Merge pull request #279 from nsacyber/issue-278
...
Set initialized values for PCRs 17-23
2020-07-07 12:25:38 -04:00
00f2f33fd0
set initialized values for PCRs 17-23
2020-07-06 12:21:11 -04:00
e763461e46
Updated RIM Details page to display File Not Found when the associated event log has not been uploaded with the swid tag.
2020-06-25 08:47:51 -04:00
d41cb46468
[ #260 ] RIM validation report page links ( #264 )
...
* Made some minor tweaks to investigate supply chain validation report bug. The bug doesn't save the summary report for some unknown reason (no error currently appears). This change uses the device object to retrieve a RIM. Still need Attestation Certificate to pull PCRs from quote. A follow up issue will be created to move that functionality to a different object from the provisioner.
2020-06-23 13:24:34 -04:00
6a62002b05
[ #265 ] IMA/TBoot PCR ignore policy ( #271 )
...
* Updated code to include an official policy to ignore IMA and TBoot. The policies will disable if firmware validation is disabled.
2020-06-23 12:48:06 -04:00
db31614694
Added case statement for 2.23.133.2.25 just like for 2.23.133.2.17 so that the error isn't thrown. ( #272 )
2020-06-19 11:11:58 -04:00
49e4ce4db4
Validation bug ( #263 )
...
* Updated code to correctly match up the PCR to the baseline PCR. Also updated values of error messages and reduced firmware error message.
2020-06-15 11:55:05 -04:00
