HIRS/HIRS_Provisioner.NET
5B96790E3664F40075A67E6ADF737EDB15B4408DBC91A81228B31537B0CE3E26 70c918e5d4
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Add Component Class Registries to the Provisioner (#892)
* Adds PCIe and Storage Component Class capability to the provisioner

* Add SMBIOS Component Class to the provisioner
2025-01-17 13:33:57 -05:00
..
2024-08-22 16:40:03 -04:00

HIRS Provisioner.NET

The HIRS Provisioner.NET is an application that can leverage a machine and its TPM to:

  • verify system attributes (as chosen in the ACA policy)
  • request and store an Attestation Identity Certificate and/or a LDevID Certificate

The HIRS Provisioner.NET application, along with the HIRS ACA, will perform the following high level tasks during the provision process. Please refer to appendix B for further details: • The HIRS Provisioner retrieves the EK Certificate from the TPMs NVRAM. • The HIRS Provisioner retrieves the Platform Certificate from the EFI partition, if present. • The HIRS Provisioner retrieves the Reference Integrity Manifest (RIM) from the EFI partition, if present. • The HIRS Provisioner retrieves the TPM Event Log. • The HIRS Provisioner retrieves Component data from the device. • An Attestation Identity Key is generated on the TPM, if one is not already present. • The HIRS Provisioner forwards the collected data and sends it to the ACA. • The HIRS ACA (Policy based) validates the Endorsement Credential. • The HIRS ACA (Policy based) validates the Platform Credential(s). • The HIRS ACA (Policy based) validates and new RIM(s) • The performs credential validation according to its policy • If validation is successful, the ACA issues an Attestation Identity Credential or LocalDevID (Policy based) to the device.

For installation, setep, and usage please refer to the HIRS_Provisioner.NET Readme