Commit Graph

66 Commits

Author SHA1 Message Date
Cyrus
749a3a2317 When the provisioner sends the rim swidtag and the rimel and they already exists in the db but are archived, they don't unarchive them so they never show up on the RIM page. This change fixes that. 2020-11-25 10:06:56 -05:00
Cyrus
2b41720ded Merge branch 'master' into update-component-failure-highlight 2020-11-17 15:24:27 -05:00
Cyrus
4291059142 Updated the break line option for failed string during firmware validation. 2020-11-16 12:39:57 -05:00
Cyrus
6eeb630a75 This PR addresses the bugs identified in #314. Due to previous changes to the RIM upload process, the suppor RIM was not being updated properly when manually uploaded.
Closes #314
2020-11-12 13:45:38 -05:00
Cyrus
67b70a386d Added method to combine the manufacturer and the model as an identifier for the component. 2020-11-10 10:04:46 -05:00
Cyrus
e8f5107137 Updating code to use a different format for identifying failed components. 2020-11-09 13:59:19 -05:00
Cyrus
9aa2c6a46d Merge branch 'master' into client-display-log-mismatch 2020-11-06 09:17:38 -05:00
chubtub
623da2ce80 Overload RIM validator class for faster signature checking 2020-11-05 14:13:50 -05:00
Cyrus
c7ffb1c57d Merge branch 'master' into client-display-log-mismatch 2020-11-05 12:39:35 -05:00
chubtub
d096aebe12 Add support RIM and signature validation checks to SupplyChainValidationServiceImpl class 2020-11-05 11:27:41 -05:00
Cyrus
24e460e0c4 This is a refactore that changes BiosMeasurements into EventLogMeasurements for evolving naming convention updates. 2020-10-26 11:09:26 -04:00
Cyrus
d7ade70b5c This branch takes the validated status of a failed event log matching from the bios measurements on the client and displays what failed on the support RIM page and the fail validation icon, if log mismatch, links to a bios measurments page that displays the events that didn't match next to baseline. 2020-10-22 13:32:30 -04:00
Cyrus
3df6eff549 Removed debug code 2020-10-19 13:20:27 -04:00
Cyrus
96970142cb This commit includes a completed rewrite of the ReferenceManifestSelector framework. Like the previous rewrite, it was easier and made more sense to create addition classes ands that are specific to a type of RIM (base, support, measurement) for referencing in the DB. Once this was rewritten the code was modified to validate the measurement against the support rim. 2020-10-19 13:06:44 -04:00
Cyrus
2c97666bb9 This commit adds code to pull the bios measurements file to the ACA 2020-10-13 13:51:14 -04:00
Cyrus
f9b0ce413d This commit adds minor tweaks. The first updates the post install script to overwrite, rather than append, the file names to the tcg boot properties file. The next tweak properly loads the Base and Support RIM from the provisioning process into the DB. 2020-10-13 11:42:50 -04:00
Cyrus
4b0bb2df91 This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag. 2020-10-09 10:48:17 -04:00
Cyrus
3f57b0ab81 This is the initial code set up to pull the log file from the provisioner and send it to the ACA. Task 1 of #238. 2020-10-07 09:37:53 -04:00
Cyrus
17728d3019 Updated the error message for no associated RIM not found, cleaned up display of the event content and adjusted the column of the digest display. 2020-10-06 07:42:15 -04:00
Cyrus
b42dfb577f The manufacturer look up for a RIM was inadequate. This change pulls down all RIMs and searches for the base RIM that matches instead of just pulling down a RIM by Manufacturer. 2020-10-05 11:37:38 -04:00
Cyrus
89fbaa0517 PCR policy matching wasn't propertly failing because the baseline from the support RIM was not properly populating. 2020-10-05 10:44:18 -04:00
Cyrus
653acd270e With the changes to how the ReferenceManifest is represented in the code and the previous firmware validation PR update, this branch wasn't properly updated for quote validation. The code was still pulling information for the baseline from an old source that wouldn't work anymore. Therefore all validations for the quote failed. The update now pulls the baseline information from the support RIM which is now stored in the database. 2020-10-01 12:14:29 -04:00
Cyrus
cb4dc0aa7f Corrected checkstyles warning 2020-09-30 12:26:46 -04:00
Cyrus
35dcc226a6 Updated and fixed the difference in the code from the master branch merge 2020-09-30 11:33:28 -04:00
Cyrus
89dd2084c2 Merge branch 'master' into rimel-delete-details 2020-09-30 10:03:27 -04:00
Cyrus
f4aed453f8 Additional visual changes 2020-09-30 10:02:33 -04:00
Cyrus
2b57207445 Updated the Tag Version and version fields for Base and Support rims. In addition, adjusted the lay out of the support rim table so that the events column isn't as long. Instead, the full content shows up in an hover action. 2020-09-30 07:51:27 -04:00
Cyrus
3636782987 This commit adds functionality to display tpm even log information to the support RIM display page. Outstanding issues to implement: 1) add link to base from support RIM, 2) make event table scrollable 2020-09-24 09:58:10 -04:00
Cyrus
1ed02e72b2 This last commit corrects the database error. The code attempts to save a new supplychainvalidationsummary it needs to be a supplychainvalidation recreation to create new primary keys. 2020-09-09 07:03:31 -04:00
Cyrus
0291b96ca8 Updated code should be able to print one summary 2020-08-28 14:02:40 -04:00
Cyrus
792a248ba0 This code finishes up validating the pcrs against the provided tpm quote. However this will cause a second summary object to display if firmware validation is enabled. This is because the summary manager isn't able to get or update the previously saved summary. 2020-08-28 12:24:02 -04:00
Cyrus
5fe19c5904 Updated the code to compare the composite hash and the calculated value. 2020-08-28 07:14:27 -04:00
Cyrus
0ab91b9b41 All bugs are fixed. The SupplyChainValidationSummary wasn't getting pulled from the DB. 2020-08-27 12:11:12 -04:00
Cyrus
905f12052d This is the next stage of changes that doesn't cause a 404 error. This has a compile error because the PCRPolicy class references PCRComposite and PCRInfoShort. Both of the later classes had changes to add new constructors, and these new constructors are the source of the problem. 2020-08-26 07:54:39 -04:00
Cyrus
ee294e4562 SupplyCahinValidationService did not like the additions of a method returning a SupplyChainValidation, switched to Summary and it worked. This was the cause of the DB crashing. 2020-08-25 11:36:37 -04:00
Cyrus
48f4f9a654 This could was not tested against a tpm 1.2 environment. The branch was failing on Travis because there was a timeout request from the provision to the aca, however no error from the aca could be shown. However the problem is occurring when the tpm 1.2 provision is attempting to save an issued attestation certificate. This part of the code touches the code changes for the 2.0 updates. The variable pcrValues is null when the 1.2 process is called and therefore when Files.write method is called, the pcrValues.getBytes call is throwing a null pointer exception. This code checks for that condition before operating over the code. 2020-07-29 13:54:41 -04:00
Cyrus
2e4ecb6829 Updated code for the device pcrs. The provisioner now sends everything associated with the tpm_pcrlist. The ACA stores the full list in a flat file then pulls that file when validating the firmware policy is enabled. 2020-07-27 13:58:22 -04:00
Cyrus
3e9d26f598 This code changes how the ACA handles a pcr list provided by the provisioner. The provisioner also is changed to send all supported algorithms and no longer delimits them with a + sign. The ACA is now set up to cycle through the entire list until is matches the baseline found in the rim associated log file. Currently the code is having issues saving the larger list of pcr values. It is too big for the database. 2020-07-17 12:44:31 -04:00
Cyrus
5b43e41292 Updated firmware validation method to not check for AIC if there is no RIM. 2020-07-02 12:13:10 -04:00
Cyrus
c7f796d1a3 Updated status error checking for validating firmware. 2020-06-26 09:47:04 -04:00
Cyrus
d41cb46468
[#260] RIM validation report page links (#264)
* Made some minor tweaks to investigate supply chain validation report bug.  The bug doesn't save the summary report for some unknown reason (no error currently appears).  This change uses the device object to retrieve a RIM.  Still need Attestation Certificate to pull PCRs from quote.  A follow up issue will be created to move that functionality to a different object from the provisioner.
2020-06-23 13:24:34 -04:00
Cyrus
6a62002b05
[#265] IMA/TBoot PCR ignore policy (#271)
* Updated code to include an official policy to ignore IMA and TBoot.  The policies will disable if firmware validation is disabled.
2020-06-23 12:48:06 -04:00
Cyrus
16f38751ca
[#265] Skip ima pcr (#267)
* Added temp code edit to ignore IMA pcr during firmware validation

* Removed redundant check
2020-06-17 13:33:02 -04:00
Cyrus
49e4ce4db4
Validation bug (#263)
* Updated code to correctly match up the PCR to the baseline PCR.  Also updated values of error messages and reduced firmware error message.
2020-06-15 11:55:05 -04:00
Cyrus
da5bc217ef
[#236] Firmware validation update part 2 (#259)
* Modified the hirs.data.persist package to have better fidelity into the objects necessary to create and maintain a baseline.  the info objects will be next.
2020-06-10 11:17:45 -04:00
Cyrus
2805df9f8b
[#236] Firmware validation update part 1 (#243)
* This commit includes changes to the provisioner for what is sent up.  Originally only SHA256 was being used, this change includes both.
* This last commit cover the items 2-4 in issue #236.  The Provisioner sends up and updated list of pcrs that include 256, not just sha1.  The validation and policy pages have been updated.  A second pull request will be created to address parsing the information into a baseline.
2020-03-27 10:13:37 -04:00
Cyrus
4a6115f443
[#212] Added functionality to process and display RIM files. (#226)
* Some initial additions to the details page for displaying Rim information.

* Initial changes for uploading a rim file.

* This is an update to the display of the Reference Integrity Manifest code base that'll allow a user to upload a swidtag.  This code includes some additions from #217, slightly modified.

* This code update include changes to import, archive and delete a swidtag into the RIM object.

* This commit consolidated the SwidTagGatway code and Constants into Reference Manifest.

* This is the final main push of code that will upload, process, store, retrive/delete and display the contents of a RIM swid tag.

* Interim commit for demo purposes.

* Updated Unit Tests

* This commit adds the unit tests that weren't added in the previous commit

* Updated code to reduce execution time when processing reference manifest objects.

* Updated code for better GUI performance.

* Removed previously added suppression entries.
2020-02-21 11:16:46 -05:00
Cyrus
81e13831b2
[#202] Certificate fail to save upon deletion during provisioning FIXED (#206)
* This commit fixes an error produced when provisioning when the certificate from a previous provision is deleted from the ACA.  The error involves doing a look up for an existing certificate and getting nothing however this is due to not using the 'includeArchived' attribute for the Certificate Selector.  Include Archived is used when manually uploading a certificate.
2020-01-06 08:17:04 -05:00
Cyrus
0ede7191ad
[#191] ACA Processing TPM Quote/PCRs from Certificate Request (#197)
* Updated the ACA to verify that the quote and pcrlist exist before trying to parse them.

* Removed unused methods for the tpmquote process.
2019-10-29 09:34:06 -04:00
Cyrus
f73d65c952
[#181] Delta holder validation (#186)
* This is a quick fix to ensure that a delta that is being uploaded has a holder serial number that exists in the database.

* Fixed syntax issues.

* Through further testing with delta certificates that had differing begin validity dates, the code to test the sorting failed.  This push includes a fix that places the deltas in the proper order.

In addition, this code includes a placeholder for deltas that don't have an existing holder certificate in the database.

* Findbugs is a cumbersome COTS product that generates more hassle than help.  Upon indicating 'dodgy' code about redundant null checks, that didn't exist, it then didn't like using non-short circuit operators to verify that both objects are not null.  It then spells out what non-shorting curcuit operators do, without acknowledges that's what you mean to do.
2019-08-29 13:35:41 -04:00