ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
main
HIRS/HIRS_Provisioner.NET/README.md
iadgovuser26 iadgovuser26@empire.eclipse.ncsc.mil 203691e09c Updated README.md and VERSION files
2024-08-22 16:40:03 -04:00

1.6 KiB
Raw Permalink Blame History

HIRS Provisioner.NET

The HIRS Provisioner.NET is an application that can leverage a machine and its TPM to:

  • verify system attributes (as chosen in the ACA policy)
  • request and store an Attestation Identity Certificate and/or a LDevID Certificate

The HIRS Provisioner.NET application, along with the HIRS ACA, will perform the following high level tasks during the provision process. Please refer to appendix B for further details: • The HIRS Provisioner retrieves the EK Certificate from the TPMs NVRAM. • The HIRS Provisioner retrieves the Platform Certificate from the EFI partition, if present. • The HIRS Provisioner retrieves the Reference Integrity Manifest (RIM) from the EFI partition, if present. • The HIRS Provisioner retrieves the TPM Event Log. • The HIRS Provisioner retrieves Component data from the device. • An Attestation Identity Key is generated on the TPM, if one is not already present. • The HIRS Provisioner forwards the collected data and sends it to the ACA. • The HIRS ACA (Policy based) validates the Endorsement Credential. • The HIRS ACA (Policy based) validates the Platform Credential(s). • The HIRS ACA (Policy based) validates and new RIM(s) • The performs credential validation according to its policy • If validation is successful, the ACA issues an Attestation Identity Credential or LocalDevID (Policy based) to the device.

For installation, setep, and usage please refer to the HIRS_Provisioner.NET Readme