ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 04:58:00 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
43208332ae
HIRS/HIRS_ProvisionerTPM2
History
Cyrus 2c97666bb9 This commit adds code to pull the bios measurements file to the ACA
2020-10-13 13:51:14 -04:00
..
config [#130] Fixed Doxygen warnings. (#131) 2019-04-30 11:25:27 -04:00
docs [#105] Updated tpm_version to get data from TPM hardware. 2019-05-01 16:11:00 -04:00
include This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag. 2020-10-09 10:48:17 -04:00
lib Modified how TPM2 Provisioner pulls down sub module cpr (#255) 2020-06-05 11:54:41 -04:00
package This commit adds minor tweaks. The first updates the post install script to overwrite, rather than append, the file names to the tcg boot properties file. The next tweak properly loads the Base and Support RIM from the provisioning process into the DB. 2020-10-13 11:42:50 -04:00
scripts Initial release 2018-09-06 09:47:33 -04:00
src This commit adds code to pull the bios measurements file to the ACA 2020-10-13 13:51:14 -04:00
test [#52] Make TPM2 Provisioner check for a running Resource Manager (#53) 2018-11-26 16:45:22 -05:00
tpm2_vagrantBoxes Initial release 2018-09-06 09:47:33 -04:00
build.gradle [#47] Prevent deletion of external dependencies for TPM 2.0 Provisioner (#48) 2018-11-07 10:45:42 -05:00
CMakeLists.txt post install script was run however that is all that was run. The set tcg properties script was not included. The contents of the new script have been added to the post install script and the set tcg script has been removed. 2020-10-09 13:18:10 -04:00
README.md Initial release 2018-09-06 09:47:33 -04:00

README.md

HIRS TPM 2.0 Provisioner

Overview

This document describes the HIRS TPM 2.0 Provisioner, a program that can leverage a machine and its TPM to:

  • verify system attributes (as chosen in the ACA policy)
  • request and store an Attestation Identity Credential

See the top-level project documentation for more details.

Requirements

Development and runtime of this project is currently only supported on CentOS 7.

This project is built with the CMake cross-platform build suite. Consult the developer dependencies in docs/ for a list of all third-party software that should be installed before attempting to the compile the project. Additional dependencies will be downloaded and built by CMake, so an active Internet connection is required to properly build the project.

Python 2 is required for style checking. If you do not have Python 2 installed, either install it or set the STYLE_CHECK option to OFF as part of your CMake command or in the root CMakeLists.txt file.

This project uses cppcheck to provide static code analysis. If you do not wish to run this analysis, set the STATIC_ANALYSIS option to OFF as part of your CMake Command or in the root CMakeLists.txt file.

Building

Before you begin, please ensure you have the prerequisite dependencies installed on your system (listed in docs/developer-dependencies-centos.md).

Two procedures for building the HIRS TPM 2.0 Provisioner with CMake are described below.

Building with the CLion IDE

  1. Import the root directory as a project into the CLion IDE.
  2. Click Tools > CMake > Reset Cache and Reload Project
  3. Click Run > Build

Building on the CLI

  1. Navigate to the root of the project directory.
  2. Make a build folder.
  3. Navigate into the build folder.
  4. Run the following command to generate the appropriate make files:
cmake ../
  1. Run the following command to build the executable in the bin directory of the build folder:
make

By default, the build will gather additional third-party dependencies, run the unit test suite, run static analsysis with cppcheck, and will generate code documentation (which is placed in the ./docs directory.)

Troubleshooting build issues

  • CMake will fetch additional third-party dependencies during the build. The build will fail if these cannot be retrieved, so please ensure you have an active Internet connection before building.
  • If it is found that CMake is building in an unusual/undesired directory, it's likely that CMake is using a cached target directory in lieu of an implicit target. At this point, look around the local project for a CMakeCache.txt file and delete it to force a cache refresh.

RPM Packaging

The only currently supported target runtime environment is CentOS7.

The CMakeLists is configured to package the project into an RPM using CPack. To build the RPM, navigate to the target build directory and run the following command:

cpack

This will create the CentOS 7 RPM.

NOTE: Packaging of the software for a given distribution should be done in the same environment as the target environment. Due to host-system specific, compilation-time targeting of certain system libraries and APIs, cross-platform compilation is not advised and could lead to package installation errors.

Installing

Ensure that the third-party runtime dependencies are present on the target machine(s). These can be found in /docs/developer-depedencies-centos.md. If installing these via yum or another package manager that performs dependency resolution, the EPEL repository will need to be configured, as several of the Provisioner's dependencies are not in the base CentOS 7 repository. The Provisioner RPM can be transferred and installed on client machines via the usual mechanisms (rpm/yum/etc.)