Commit Graph

52 Commits

Author SHA1 Message Date
Cyrus
29257695c1 Updated the code with some additional messaging information for the provisioner when it fails. I added a bit of code that eliminates the portal having an error when a support rim is failing, this doesn't allow it to ingest the rim into the database. 2021-04-07 10:53:09 -04:00
Cyrus
a04b697c9a Added an additional suppression to the cppcheck call. 2021-01-26 15:10:47 -05:00
Cyrus
f80d9af3b7 Some issues were found while doing script testings. These issues don't appear on Travis, however some of the issues were resolved in the scripts by making these changes. This is to test how travis will react. 2021-01-22 10:08:50 -05:00
Cyrus
62c7ca2d90 This PR is to address issue #308. The ACA was pulling Issuer Certificates using the organization RDN of the subject string and getting this from the issuer string of the EC or PC. This presents a problem because it isn't a required field. The organization field cannot be null or empty. Pulling objects from a DB using null or empty would produce bad results. The main change of this issue (which has not been full tested) is pulling using the AKI for the db lookup. If this fails, instead of falling back on potentially left out fields like the O= RDN, the ACA takes the issuer/subject fields, breaks them apart and sorts them based on the key. It also changes the case. This way the lookup can be assured to match in case of some random situation in which the issuer or subject field don't match because RDN keys are just in different positions of the string. 2020-12-11 14:47:46 -05:00
Cyrus
7d49f63a9b Merge branch 'master' into multiple-rim-upload 2020-12-02 11:05:12 -05:00
Cyrus
70662bddec Updated how the bios measurement file is uploaded. Changed the code to pull the string from the properties file instead of a hard link in the code. 2020-12-01 11:13:41 -05:00
Cyrus
9534d6650f Merge branch 'master' into platform_cert_missing_fix 2020-12-01 09:47:45 -05:00
Cyrus
6eefb393a3 Updated the code to pull all the files from a swid tag file directory and a rim log file directory, instead of a single file. 2020-11-30 14:16:57 -05:00
Cyrus
bfeff6c867 initial commit 2020-11-30 08:38:46 -05:00
Cyrus
eab88e1ef6 Merge branch 'platform_cert_missing_fix' into multiple-rim-upload 2020-11-30 06:41:52 -05:00
Cyrus
61359e1920 Updated the provisioner to look into the tcg properties file for the location of the certificates that are to be uploaded instead of using the tpm (if the file is not in the tpm). 2020-11-27 13:09:04 -05:00
Cyrus
40e744690b The 3 files the provisioner uploads to the ACA are system flat files. If the first or second one dosn't exist or cause an exception to be thrown, the rest aren't executed. This change separates the try catch statements so that each one is executed independently of the previous ones' error. 2020-11-25 08:23:02 -05:00
Cyrus
2c97666bb9 This commit adds code to pull the bios measurements file to the ACA 2020-10-13 13:51:14 -04:00
Cyrus
f9b0ce413d This commit adds minor tweaks. The first updates the post install script to overwrite, rather than append, the file names to the tcg boot properties file. The next tweak properly loads the Base and Support RIM from the provisioning process into the DB. 2020-10-13 11:42:50 -04:00
Cyrus
4e39b6856b post install script was run however that is all that was run. The set tcg properties script was not included. The contents of the new script have been added to the post install script and the set tcg script has been removed. 2020-10-09 13:18:10 -04:00
Cyrus
84df61e4cf The CPACK variable name for the post rpm install script was the same as the set tcg script included in the cmakelists file. This caused the post install script to never run and never create directories necessary for a successful install. 2020-10-09 12:34:38 -04:00
Cyrus
04471c9653 Bash if statement with syntax error: exclamation mark was outside of [] 2020-10-09 11:58:27 -04:00
Cyrus
d8da232d6b Removed method that is not used. This is task 1 for #238 2020-10-09 10:53:42 -04:00
Cyrus
4b0bb2df91 This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag. 2020-10-09 10:48:17 -04:00
Cyrus
3f57b0ab81 This is the initial code set up to pull the log file from the provisioner and send it to the ACA. Task 1 of #238. 2020-10-07 09:37:53 -04:00
Cyrus
89dd2084c2 Merge branch 'master' into rimel-delete-details 2020-09-30 10:03:27 -04:00
Cyrus
f4aed453f8 Additional visual changes 2020-09-30 10:02:33 -04:00
Cyrus
325feffd90 Update h file that was changed with the method change in the cpp class file. 2020-09-08 08:08:23 -04:00
Cyrus
ee294e4562 SupplyCahinValidationService did not like the additions of a method returning a SupplyChainValidation, switched to Summary and it worked. This was the cause of the DB crashing. 2020-08-25 11:36:37 -04:00
Cyrus
9fb983c828 Changed the method name for the pcr list command 2020-07-29 12:31:34 -04:00
Cyrus
2e4ecb6829 Updated code for the device pcrs. The provisioner now sends everything associated with the tpm_pcrlist. The ACA stores the full list in a flat file then pulls that file when validating the firmware policy is enabled. 2020-07-27 13:58:22 -04:00
Cyrus
3e9d26f598 This code changes how the ACA handles a pcr list provided by the provisioner. The provisioner also is changed to send all supported algorithms and no longer delimits them with a + sign. The ACA is now set up to cycle through the entire list until is matches the baseline found in the rim associated log file. Currently the code is having issues saving the larger list of pcr values. It is too big for the database. 2020-07-17 12:44:31 -04:00
Cyrus
70504e7423
Modified how TPM2 Provisioner pulls down sub module cpr (#255) 2020-06-05 11:54:41 -04:00
Cyrus
2805df9f8b
[#236] Firmware validation update part 1 (#243)
* This commit includes changes to the provisioner for what is sent up.  Originally only SHA256 was being used, this change includes both.
* This last commit cover the items 2-4 in issue #236.  The Provisioner sends up and updated list of pcrs that include 256, not just sha1.  The validation and policy pages have been updated.  A second pull request will be created to address parsing the information into a baseline.
2020-03-27 10:13:37 -04:00
Cyrus
c7454c945e
[#190] Provision update for quote and pcrs (#196)
* This commit includes functioning TPM quote code that is sent to the ACA.  In addition it has code to also sent the pcrs list results.

Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.

* Changed the requirement for the field into protobuf to optional from required.
2019-10-29 09:33:35 -04:00
apldev4
4beb1d2bac [#135] tpm_version prints output containing nulls. (#137)
The tpm_version tool can sometimes print a null
value as part of the TPM major version if the major
version is less than 4 characters. These nulls are
now removed before printing.
2019-05-14 11:08:40 -04:00
apldev4
74ab4d46b1 [#105] Updated tpm_version to get data from TPM hardware.
The TPM 2 Provisioner gets packaged with an application called
tpm_version, which reported hard-coded values for the TPM
manufacturer and version. Now it collects those things from
the TPM and reports them.
2019-05-01 16:11:00 -04:00
apldev4
00099ebfc5
[#130] Fixed Doxygen warnings. (#131)
There were some warnings generated by Doxygen when compiling.
One was from an undocumented parameter for a method in the
Properties class. Many others were due to a setting that prevented
Doxygen from being able to associate function declarations with
their definitions if their parameters used standard library objects.
2019-04-30 11:25:27 -04:00
iadgovuser26
6dba37be80
Merge pull request #97 from nsacyber/issue-90
Modify build scripts to enable installation on Amazon Linux
2019-03-28 11:06:33 -04:00
apldev3
bc717c9241
[#95] Resolve Log4cplus Error complaining about no appenders on TPM2 Provisioner startup (#101) 2019-03-27 18:18:55 -04:00
apldev4
efbd22812d Updates to allow for TPM 2.0 quote. 2019-03-08 14:33:06 -05:00
Michael Tsai
a2e6feb15b Modify build scripts to accept building on Amazon Linux 2019-02-21 16:36:04 -05:00
apldev4
bce78c0122 [#78] hirs-provisioner-tpm2 on path after installation. (#84)
There was a problem in the rpm-post-install.sh script
that ran as part of the CentOS7 rpm installation where
a link was being created called libcurl.so which pointed
to libcurl.so.4. If the link could not be created because
it already existed, the script would quit before finishing
and never place hirs-provisioner-tpm2 in a directory on
the PATH.

The proper solution was to link hirs-provisioner against
libcurl.so.4 so that it is clear which version of the API
was compiled against. This was not happening because
we were linking against a version of curl build by the CPR
project which was not properly embedding the SONAME in the
shared object file. By linking instead against the shared
object file distributed in the development package of
libcurl, hirs-provisioner-tpm2 now looks for libcurl.so.4
rather than the generic libcurl.so. This will prevent our
executable from breaking if libcurl.so gets updated to point
to a newer version of libcurl that uses a different API.

Closes #78.
2019-01-31 11:50:43 -05:00
apldev2
b40094373b Fix Style Issue in Build (#76)
A couple of variables had conflicting names and the inner scope was
shadowing the outer. Style checker was complaining. Deleted one inner
definition and renamed another variable.
2019-01-23 17:01:59 -05:00
apldev3
05a78a3d79
[#46] Setup Travis for HIRS Integration Tests (#68)
* [#46] Ensure Travis mounts repository rather than clones it in Docker

* [#46] Containerize HIRS ACA and prep ACA container for Integration Tests

* [#46] Containerize HIRS TPM2Provisioner and prep TPM2Provisioner container for Integration Tests

* [#46] Replace localinstall with install

* [#46] Prevent rebuilding of packages unnecessarily

* [#46] Finish initial docker compose setup for integration tests

* [#46] Allow for detection of complete Integration Environment Setup

* [#46] Fix Travis CI to allow for detecting Integ Test Environ Stand-Up

* [#46] Fix Initial Integration Test Script

* [#46] Troubleshoot Integration Test script
2019-01-07 15:28:53 -05:00
apldev4
6f99a10ad3 [#62] Cleaned up preprocessor file expansion.
There were unnecessary references to file paths in the executable.
2018-12-11 16:23:51 -05:00
apldev3
c4bc52bd42
[#52] Make TPM2 Provisioner check for a running Resource Manager (#53)
[#52] Make TPM2 Provisioner check for a running Resource Manager
2018-11-26 16:45:22 -05:00
apldev4
0586afb9d8
[#41] Provisioners use PACCOR for device info collection. (#45)
The provisioners used to shell out using different tools
to collect device info. Now they both use PACCOR instead.
2018-11-07 14:54:48 -05:00
apldev3
f8b9dfe582 [#47] Prevent deletion of external dependencies for TPM 2.0 Provisioner (#48) 2018-11-07 10:45:42 -05:00
apldev3
37ba6de3cd [#7] Ensure Ubuntu support pending end-user installation of supported TPM2 Libraries 2018-11-01 09:47:40 -04:00
apldev3
87be5a396b [#25] Make ACA exception handling more descriptive 2018-10-31 09:26:20 -04:00
apldev2
23570f71c3 Adding Tpm2-tss support for Deb packaging.
Changes how tpm20.h, which contains the TPM2 SAPI, is
imported to allow successful packaging of both debs and
rpms.
2018-10-18 12:05:43 -04:00
apldev3
e27e5ea1e6 [#7] Setup Build/Package Support for Ubuntu (#9) 2018-10-02 16:21:35 -04:00
apldev3
9731a78fcb [#7] Support Building (Not Packaging) on Ubuntu 18.04 2018-09-18 18:23:48 -04:00
apldev3
8363ab867c [#3] Ensure ACA and TPM2 Provisioner handle versioning correctly 2018-09-17 12:38:22 -04:00