Cyrus
acef2ea5b8
Added the new status for the state of the provision
2022-02-18 10:16:32 -05:00
Cyrus
d353854835
Updated the post install to only do it if the file doesn't exist
2022-02-14 10:34:21 -05:00
Cyrus
c99622bbea
Removed conditional checks for tcg file locations in post install script
2022-02-11 08:06:23 -05:00
Cyrus
8f9c354c0a
Updated post install script for provisioner to change the permissions on
...
the file and how the file is populated.
2022-01-25 08:22:31 -05:00
Cyrus
d510e3f460
Updated error message print out.
2022-01-07 10:19:48 -05:00
Cyrus
5858e36313
Updated the implementation to return a blank identity claim response.
...
The provisioner tests the blob and if it is empty, exit
2022-01-05 16:49:27 -05:00
Cyrus
78e308e67d
The provisioner was throwing an error to the standard printout because
...
of protobuf. This had to do with the recent change to checking the
Identity Claim Response and the use of the has_credentialBlob check.
2022-01-05 07:36:21 -05:00
iadgovuser29
a5c5a3ac60
Add additional location for pci.ids file and fix checkstyle issues from
...
previous commit.
2021-12-02 12:28:41 -05:00
Cyrus
68be67b73a
Added default values to the provisioner for tcg certs and rim files
2021-12-01 13:57:18 -05:00
iadgovuser29
95c5e40f89
Utilize protobuf to parse claim response. Work on array handling on ACA.
2021-11-23 22:01:16 -05:00
Cyrus
4c46758d9a
This commit is a feature update. The IMA PCR enable/diable is being enhanced to update the mask the provisioner uses to pull the quote from the TPM. This code will send down a string range of PCR values that excludes PCR 10. The quote that is returned should be a composite without the PCR 10. There will be a log statement in this commit that should be removed.
2021-11-23 09:36:00 -05:00
Cyrus
79127e57d1
Initi commit. There are warning that newer compilers are throwing for vector.at and vector.size. These are removed. In addition a char** in a main parameter was made into a const.
2021-10-27 14:55:50 -04:00
Cyrus
ff56d83443
A compiler error was happening with an uninitialized float variable.
2021-10-14 13:58:59 -04:00
lareine
766ff75261
fixed style check issue in CommandTpm2.cpp
2021-05-27 15:43:44 -04:00
iadgovuser26
f8b5c1b24a
Merge pull request #363 from nsacyber/issue/process-rundata-newline
...
Fixed an issue that caused Process to drop data
2021-05-25 16:34:28 -04:00
iadgovuser29
41923b7337
Fixed an issue that caused Process to drop data
2021-05-25 09:18:44 -04:00
Cyrus
29257695c1
Updated the code with some additional messaging information for the provisioner when it fails. I added a bit of code that eliminates the portal having an error when a support rim is failing, this doesn't allow it to ingest the rim into the database.
2021-04-07 10:53:09 -04:00
Cyrus
a04b697c9a
Added an additional suppression to the cppcheck call.
2021-01-26 15:10:47 -05:00
Cyrus
f80d9af3b7
Some issues were found while doing script testings. These issues don't appear on Travis, however some of the issues were resolved in the scripts by making these changes. This is to test how travis will react.
2021-01-22 10:08:50 -05:00
Cyrus
62c7ca2d90
This PR is to address issue #308 . The ACA was pulling Issuer Certificates using the organization RDN of the subject string and getting this from the issuer string of the EC or PC. This presents a problem because it isn't a required field. The organization field cannot be null or empty. Pulling objects from a DB using null or empty would produce bad results. The main change of this issue (which has not been full tested) is pulling using the AKI for the db lookup. If this fails, instead of falling back on potentially left out fields like the O= RDN, the ACA takes the issuer/subject fields, breaks them apart and sorts them based on the key. It also changes the case. This way the lookup can be assured to match in case of some random situation in which the issuer or subject field don't match because RDN keys are just in different positions of the string.
2020-12-11 14:47:46 -05:00
Cyrus
7d49f63a9b
Merge branch 'master' into multiple-rim-upload
2020-12-02 11:05:12 -05:00
Cyrus
70662bddec
Updated how the bios measurement file is uploaded. Changed the code to pull the string from the properties file instead of a hard link in the code.
2020-12-01 11:13:41 -05:00
Cyrus
9534d6650f
Merge branch 'master' into platform_cert_missing_fix
2020-12-01 09:47:45 -05:00
Cyrus
6eefb393a3
Updated the code to pull all the files from a swid tag file directory and a rim log file directory, instead of a single file.
2020-11-30 14:16:57 -05:00
Cyrus
bfeff6c867
initial commit
2020-11-30 08:38:46 -05:00
Cyrus
eab88e1ef6
Merge branch 'platform_cert_missing_fix' into multiple-rim-upload
2020-11-30 06:41:52 -05:00
Cyrus
61359e1920
Updated the provisioner to look into the tcg properties file for the location of the certificates that are to be uploaded instead of using the tpm (if the file is not in the tpm).
2020-11-27 13:09:04 -05:00
Cyrus
40e744690b
The 3 files the provisioner uploads to the ACA are system flat files. If the first or second one dosn't exist or cause an exception to be thrown, the rest aren't executed. This change separates the try catch statements so that each one is executed independently of the previous ones' error.
2020-11-25 08:23:02 -05:00
Cyrus
2c97666bb9
This commit adds code to pull the bios measurements file to the ACA
2020-10-13 13:51:14 -04:00
Cyrus
f9b0ce413d
This commit adds minor tweaks. The first updates the post install script to overwrite, rather than append, the file names to the tcg boot properties file. The next tweak properly loads the Base and Support RIM from the provisioning process into the DB.
2020-10-13 11:42:50 -04:00
Cyrus
4e39b6856b
post install script was run however that is all that was run. The set tcg properties script was not included. The contents of the new script have been added to the post install script and the set tcg script has been removed.
2020-10-09 13:18:10 -04:00
Cyrus
84df61e4cf
The CPACK variable name for the post rpm install script was the same as the set tcg script included in the cmakelists file. This caused the post install script to never run and never create directories necessary for a successful install.
2020-10-09 12:34:38 -04:00
Cyrus
04471c9653
Bash if statement with syntax error: exclamation mark was outside of []
2020-10-09 11:58:27 -04:00
Cyrus
d8da232d6b
Removed method that is not used. This is task 1 for #238
2020-10-09 10:53:42 -04:00
Cyrus
4b0bb2df91
This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag.
2020-10-09 10:48:17 -04:00
Cyrus
3f57b0ab81
This is the initial code set up to pull the log file from the provisioner and send it to the ACA. Task 1 of #238 .
2020-10-07 09:37:53 -04:00
Cyrus
89dd2084c2
Merge branch 'master' into rimel-delete-details
2020-09-30 10:03:27 -04:00
Cyrus
f4aed453f8
Additional visual changes
2020-09-30 10:02:33 -04:00
Cyrus
325feffd90
Update h file that was changed with the method change in the cpp class file.
2020-09-08 08:08:23 -04:00
Cyrus
ee294e4562
SupplyCahinValidationService did not like the additions of a method returning a SupplyChainValidation, switched to Summary and it worked. This was the cause of the DB crashing.
2020-08-25 11:36:37 -04:00
Cyrus
9fb983c828
Changed the method name for the pcr list command
2020-07-29 12:31:34 -04:00
Cyrus
2e4ecb6829
Updated code for the device pcrs. The provisioner now sends everything associated with the tpm_pcrlist. The ACA stores the full list in a flat file then pulls that file when validating the firmware policy is enabled.
2020-07-27 13:58:22 -04:00
Cyrus
3e9d26f598
This code changes how the ACA handles a pcr list provided by the provisioner. The provisioner also is changed to send all supported algorithms and no longer delimits them with a + sign. The ACA is now set up to cycle through the entire list until is matches the baseline found in the rim associated log file. Currently the code is having issues saving the larger list of pcr values. It is too big for the database.
2020-07-17 12:44:31 -04:00
Cyrus
70504e7423
Modified how TPM2 Provisioner pulls down sub module cpr ( #255 )
2020-06-05 11:54:41 -04:00
Cyrus
2805df9f8b
[ #236 ] Firmware validation update part 1 ( #243 )
...
* This commit includes changes to the provisioner for what is sent up. Originally only SHA256 was being used, this change includes both.
* This last commit cover the items 2-4 in issue #236 . The Provisioner sends up and updated list of pcrs that include 256, not just sha1. The validation and policy pages have been updated. A second pull request will be created to address parsing the information into a baseline.
2020-03-27 10:13:37 -04:00
Cyrus
c7454c945e
[ #190 ] Provision update for quote and pcrs ( #196 )
...
* This commit includes functioning TPM quote code that is sent to the ACA. In addition it has code to also sent the pcrs list results.
Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.
* Changed the requirement for the field into protobuf to optional from required.
2019-10-29 09:33:35 -04:00
apldev4
4beb1d2bac
[ #135 ] tpm_version prints output containing nulls. ( #137 )
...
The tpm_version tool can sometimes print a null
value as part of the TPM major version if the major
version is less than 4 characters. These nulls are
now removed before printing.
2019-05-14 11:08:40 -04:00
apldev4
74ab4d46b1
[ #105 ] Updated tpm_version to get data from TPM hardware.
...
The TPM 2 Provisioner gets packaged with an application called
tpm_version, which reported hard-coded values for the TPM
manufacturer and version. Now it collects those things from
the TPM and reports them.
2019-05-01 16:11:00 -04:00
apldev4
00099ebfc5
[ #130 ] Fixed Doxygen warnings. ( #131 )
...
There were some warnings generated by Doxygen when compiling.
One was from an undocumented parameter for a method in the
Properties class. Many others were due to a setting that prevented
Doxygen from being able to associate function declarations with
their definitions if their parameters used standard library objects.
2019-04-30 11:25:27 -04:00
iadgovuser26
6dba37be80
Merge pull request #97 from nsacyber/issue-90
...
Modify build scripts to enable installation on Amazon Linux
2019-03-28 11:06:33 -04:00