0b7a72805a
* issue_896: first cut at changing the logic on the validator * issue_896: Added more javadocs, still going through the process and figuring out places where this will work. Can successfully debug provisioner+aca. * issue_896: slowly introducing component identifier v2 into multiple spots throughout out the app. Seems like we need to ensure that when we try to parse the pc from the identity claim, it needs to recognize the new kind of identifier. * issue_896: deleted abstract plat form config class, replaced it with plat config v1 (which already exists), moved attribuutes associated with v2 to the v2 class, when validating the aca will now verify if the platform config associated with the cert is v1 or v2. Made corrections to attributes names to better align with tcg docs. * issue_896:Added a new property to component info, made some more spelling corrections, deleted unused classes that were being referenced by componentinfo. pretty much done with the aca side of things. * issue_896:I believe I have finished the issue. Further testing needs to be done. Will put in a WIP PR for now. * issue_896: Made some more changes after viewing PR * issue_896: Changed v3 to v4 in the github actions yaml files. * issue_896: Fixed issues in one of the test classes, can now test other aspects of the SupplyChainCredentialValidator class. Will add more tests as more issues get fixed. * issue_896: Hopefully GITHUB actions will be more forgiving. * issue_896: Placed test task in the root build.gradle. Made more fixes to the test classes. * issue_896: Realized there might be more work needed for the validation part. Started adding more logic to validation. * issue_896: Last change before the long weekend. Hoping these changes will make github actions happy. * issue_896: Verifying that this part works. We will need to figure out a smart/efficient way of comparing the components from platform cert and device info report. * testing * v3_issue_896: Should work for this PR. * v3_issue_821: fixed the NPE issue we were getting during provisioning for missing component info. * v3_issue_896: my copy/paste skills need work. Fixed the issue that was causing the docker tests to fail. * v3_issue_896: trying to see if reverting the return call null will make a difference. * v3_issue_896: should fix issues with pc found on certain devices * v3_issue_896: part ii of should fix issues with pc found on certain devices
To support the TCG RIM concept a new command line application called the The tcg_rim_tool has been created. The tcg_rim_tool can be used to create NISTIR 8060 compatible SWID tags that adhere to the TCG PC Client RIM specification. It also supports the ability to digitally sign the Base RIM file as the HIRS ACA will require a valid signature in order to upload any RIM file.
Building
Linux
To build this tool navigate to the tcg_eventlog-tool directory and use the following command:
./gradlew clean build
Windows
Several options exist for building on Windows 11:
- Windows command shell (CMD.exe):
- Navigate to the tcg_eventlog_tool folder and run the widows gradle wrapper:
gradlew.bat clean build
- Windows powershell with Windows Subsystem for Linux enabled.
- Navigate to the tcg_eventlog_tool folder and run the Linux gradle wrapper:
./gradlew clean build
In both cases the tcg_rim_tool-X.X.jar file should have been placed in the build\libs\tools\ (Windows) or build/libs/tools/ (Linux) folder.
Packaging
Packages for this tool can be found on the [HIRS release page](https://github.com/nsacyber/HIRS/release
Currently only a packaging for Linux is supported.
To create an RPM package on a Redhat or Rocky linux device use the following command in the same directory:
./gradlew buildRpm
or for a Debian or Ubuntu Linux distro:
./gradlew buildDeb
the package can be found under the build/distributions/ folder
Installing
Currently only a install packages for Linux are supported.
To install this tool on a Redhat or Rocky Linux distro use the following command from the same directory:
sudo dnf install build/distributions/tcg_eventlog_tool*.rpm
or for a Debian or Ubuntu Linux distro:
sudo apt-get install build/distributions/tcg_eventlog_tool*.deb
Usage
The tcg_rim_tool rpm will create a rim commandline shortcut. This can be invoked from a command line:
rim -h
The tcg_eventlog_tool also can be invoked using java from the tcg_eventlog_tool directory:
java -jar build/libs/tools/tcg_rim_tool-1.0.jar -h
Current options for the tool can be found using the -h option.