ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
v3_issue_844-update-hirs_utils-for-checkstyle
HIRS/HIRS_Provisioner.NET
History
5B96790E3664F40075A67E6ADF737EDB15B4408DBC91A81228B31537B0CE3E26 f2575de977
Provisioner will use .NET 8 (#838) 
* Updated .NET projects files to .NET 8
2024-09-11 14:19:16 -04:00
..
hirs Provisioner will use .NET 8 (#838) 2024-09-11 14:19:16 -04:00
hirsTest Provisioner will use .NET 8 (#838) 2024-09-11 14:19:16 -04:00
tools/pcrextend Xfer HIRS_Provisioner.NET to main (#663) 2024-01-22 16:18:01 -05:00
.editorconfig Xfer HIRS_Provisioner.NET to main (#663) 2024-01-22 16:18:01 -05:00
hirs.sln Xfer HIRS_Provisioner.NET to main (#663) 2024-01-22 16:18:01 -05:00
README.md Updated README.md and VERSION files 2024-08-22 16:40:03 -04:00

README.md

HIRS Provisioner.NET

The HIRS Provisioner.NET is an application that can leverage a machine and its TPM to:

  • verify system attributes (as chosen in the ACA policy)
  • request and store an Attestation Identity Certificate and/or a LDevID Certificate

The HIRS Provisioner.NET application, along with the HIRS ACA, will perform the following high level tasks during the provision process. Please refer to appendix B for further details: • The HIRS Provisioner retrieves the EK Certificate from the TPMs NVRAM. • The HIRS Provisioner retrieves the Platform Certificate from the EFI partition, if present. • The HIRS Provisioner retrieves the Reference Integrity Manifest (RIM) from the EFI partition, if present. • The HIRS Provisioner retrieves the TPM Event Log. • The HIRS Provisioner retrieves Component data from the device. • An Attestation Identity Key is generated on the TPM, if one is not already present. • The HIRS Provisioner forwards the collected data and sends it to the ACA. • The HIRS ACA (Policy based) validates the Endorsement Credential. • The HIRS ACA (Policy based) validates the Platform Credential(s). • The HIRS ACA (Policy based) validates and new RIM(s) • The performs credential validation according to its policy • If validation is successful, the ACA issues an Attestation Identity Credential or LocalDevID (Policy based) to the device.

For installation, setep, and usage please refer to the HIRS_Provisioner.NET Readme