Commit Graph

363 Commits

Author SHA1 Message Date
chubtub
df6a864c2d
Merge pull request #284 from nsacyber/issue-273
[#273] Validate base RIM with external cert
2020-08-03 10:43:17 -04:00
Cyrus
3353ec5f47
Merge pull request #289 from nsacyber/aca-test-validation
[#282] ACA Firmware Validation 500 External error resolution
2020-07-29 14:37:28 -04:00
Cyrus
48f4f9a654 This could was not tested against a tpm 1.2 environment. The branch was failing on Travis because there was a timeout request from the provision to the aca, however no error from the aca could be shown. However the problem is occurring when the tpm 1.2 provision is attempting to save an issued attestation certificate. This part of the code touches the code changes for the 2.0 updates. The variable pcrValues is null when the 1.2 process is called and therefore when Files.write method is called, the pcrValues.getBytes call is throwing a null pointer exception. This code checks for that condition before operating over the code. 2020-07-29 13:54:41 -04:00
Cyrus
9fb983c828 Changed the method name for the pcr list command 2020-07-29 12:31:34 -04:00
Cyrus
6ae95da3a0 Merge branch 'master' into aca-test-validation 2020-07-29 09:47:41 -04:00
Cyrus
32fcecd48a
Merge pull request #291 from nsacyber/logfile-enhancement-cleanup
[#290] RIM Upload modification
2020-07-29 09:46:45 -04:00
Cyrus
2b2e7c744b Updated the messaging for an invalid swid tag file and added .log as another type of tmp log file to extension to accept. 2020-07-29 09:27:15 -04:00
Cyrus
29789e2fbe Updated Reference Manifest Page Controller so that the files being uploaded are properly handled. Swid tag files that ended with 'new' were being saved as if they were tpm log files. Updated how the code detects the type of file so that bin/rim/rimel are tested for and saved while anything else is processed as a swid tag. 2020-07-28 11:53:47 -04:00
Cyrus
c46b416504 Removed logging statement. 2020-07-27 14:10:22 -04:00
Cyrus
2e4ecb6829 Updated code for the device pcrs. The provisioner now sends everything associated with the tpm_pcrlist. The ACA stores the full list in a flat file then pulls that file when validating the firmware policy is enabled. 2020-07-27 13:58:22 -04:00
iadgovuser26
9a4f6aa829
Merge pull request #288 from nsacyber/issue-287
[#287] removed unmappable characters from comment lines
2020-07-27 08:40:32 -04:00
iadgovuser26
782dfa3f16
Updated for information about buildinng and runnning on windows 10. 2020-07-24 09:46:27 -04:00
iadgovuser26
17f4ce71bb
Merge pull request #286 from nsacyber/issue-283
[#283] added a gradlew.bat for bulding the tcg_event_log on windows
2020-07-24 09:05:24 -04:00
iadgovuser26
e694242230
Update README.md
path fix in README.md
2020-07-23 16:38:24 -04:00
iadgovuser26
0e1413dd3c removed unmappable characters from comment lines 2020-07-23 15:54:57 -04:00
iadgovuser26
c70a11854b added a gradlew.bat for bulding the tcg_event_log on windows 2020-07-23 10:59:46 -04:00
chubtub
dc25c983c1 Print AIA extension from validation cert 2020-07-23 10:06:49 -04:00
chubtub
6e36eee1ab Add -p option under -v to validate a self-signed base RIM with an external cert 2020-07-21 14:50:07 -04:00
chubtub
a0a2222554 Fix broken unit test from moving validation code to new class 2020-07-21 14:33:32 -04:00
chubtub
586d109e7f Move validation code to new class 2020-07-21 14:32:36 -04:00
Cyrus
3e9d26f598 This code changes how the ACA handles a pcr list provided by the provisioner. The provisioner also is changed to send all supported algorithms and no longer delimits them with a + sign. The ACA is now set up to cycle through the entire list until is matches the baseline found in the rim associated log file. Currently the code is having issues saving the larger list of pcr values. It is too big for the database. 2020-07-17 12:44:31 -04:00
iadgovuser26
d10e7f1ebd
Merge pull request #279 from nsacyber/issue-278
Set initialized values for PCRs 17-23
2020-07-07 12:25:38 -04:00
iadgovuser26
ba0597c344
Merge pull request #276 from nsacyber/issue-275
[#275] Modify Payload filepath
2020-07-07 10:34:55 -04:00
Cyrus
86dfc89dbd
[#274] Swid Resource Not Found (#277)
* Updated RIM Details page to display File Not Found when the associated event log has not been uploaded with the swid tag.
2020-07-07 09:57:24 -04:00
iadgovuser26
00f2f33fd0 set initialized values for PCRs 17-23 2020-07-06 12:21:11 -04:00
Cyrus
5b43e41292 Updated firmware validation method to not check for AIC if there is no RIM. 2020-07-02 12:13:10 -04:00
Cyrus
c7f796d1a3 Updated status error checking for validating firmware. 2020-06-26 09:47:04 -04:00
Cyrus
dbbcca8718 Updated error text for file not found and column header for RIM payloads. 2020-06-26 08:33:38 -04:00
Cyrus
e763461e46 Updated RIM Details page to display File Not Found when the associated event log has not been uploaded with the swid tag. 2020-06-25 08:47:51 -04:00
chubtub
2b6a947986 Directory and File names are read from json, File size and hash are calculated from given -l <filepath> 2020-06-25 08:26:41 -04:00
chubtub
7045fc9978 Passing -l <filepath> to -v will verify the payload hash with <filepath> instead of the <File name=filepath> 2020-06-25 07:58:37 -04:00
iadgovuser26
62edecd929
Added link for tgc_rim_tool READ.md 2020-06-24 07:01:41 -04:00
iadgovuser26
1f860b5682
Updated with rim command line reference. 2020-06-24 07:00:29 -04:00
Cyrus
d41cb46468
[#260] RIM validation report page links (#264)
* Made some minor tweaks to investigate supply chain validation report bug.  The bug doesn't save the summary report for some unknown reason (no error currently appears).  This change uses the device object to retrieve a RIM.  Still need Attestation Certificate to pull PCRs from quote.  A follow up issue will be created to move that functionality to a different object from the provisioner.
2020-06-23 13:24:34 -04:00
Cyrus
6a62002b05
[#265] IMA/TBoot PCR ignore policy (#271)
* Updated code to include an official policy to ignore IMA and TBoot.  The policies will disable if firmware validation is disabled.
2020-06-23 12:48:06 -04:00
iadgovuser26
1448b35e5e
Merge pull request #269 from nsacyber/issue-268
[#268] Tcg_rim_tool symlink
2020-06-19 11:31:48 -04:00
Cyrus
db31614694
Added case statement for 2.23.133.2.25 just like for 2.23.133.2.17 so that the error isn't thrown. (#272) 2020-06-19 11:11:58 -04:00
iadgovuser26
c319821e41
Added tool links 2020-06-19 10:16:21 -04:00
chubtub
c9c40e9bac Install link to /usr/local/bin 2020-06-19 09:15:02 -04:00
chubtub
4404d25f20 Revert "Revert changes to HashSwid class"
This reverts commit d850d69b1e8b14367b25c075dd8f61b30e558c02.
2020-06-19 07:29:20 -04:00
chubtub
3babe6cc2f Revert changes to HashSwid class 2020-06-19 07:29:20 -04:00
chubtub
a4e3fb38de Fixed unit test 2020-06-19 07:29:20 -04:00
chubtub
9b4eb49601 Add symlink to /usr/local/bin/rim during rpm install 2020-06-19 07:29:20 -04:00
iadgovuser26
fab55e4439
Added README.md with build instructions 2020-06-18 13:10:29 -04:00
iadgovuser26
b8af8fb23a
Merge pull request #270 from nsacyber/issue-261
Change package name to tcg_eventlog_tool
2020-06-18 10:56:53 -04:00
iadgovuser26
6f965c508f set package name to tcg_eventlog_tool 2020-06-18 09:51:03 -04:00
Cyrus
16f38751ca
[#265] Skip ima pcr (#267)
* Added temp code edit to ignore IMA pcr during firmware validation

* Removed redundant check
2020-06-17 13:33:02 -04:00
iadgovuser26
908c49e54f
Merge pull request #262 from nsacyber/issue-257
[#257] Changes for 2.0 beta
2020-06-16 09:08:54 -04:00
chubtub
3747c1911e Update packaging script to install to /opt/hirs/rimtool 2020-06-16 08:11:12 -04:00
chubtub
64ddc39c2c Add validation of support RIM in payload 2020-06-15 17:50:18 -04:00