ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-20 11:05:17 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
HIRS/HIRS_Provisioner.NET
History
iadgovuser29 69da0e643e
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Details
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
Details
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
Details
HIRS System Tests / DockerTests (push) Has been cancelled
Details
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Details
Add SMBIO Component Class to the provisioner
2025-01-13 15:40:41 -05:00
..
hirs
Add SMBIO Component Class to the provisioner
2025-01-13 15:40:41 -05:00
hirsTest
Improve output for ACA-signed certificates (#859)
2024-10-24 20:14:10 +00:00
tools/pcrextend
Xfer HIRS_Provisioner.NET to main (#663)
2024-01-22 16:18:01 -05:00
.editorconfig
Xfer HIRS_Provisioner.NET to main (#663)
2024-01-22 16:18:01 -05:00
hirs.sln
Xfer HIRS_Provisioner.NET to main (#663)
2024-01-22 16:18:01 -05:00
README.md
Updated README.md and VERSION files
2024-08-22 16:40:03 -04:00

README.md

HIRS Provisioner.NET

The HIRS Provisioner.NET is an application that can leverage a machine and its TPM to:

  • verify system attributes (as chosen in the ACA policy)
  • request and store an Attestation Identity Certificate and/or a LDevID Certificate

The HIRS Provisioner.NET application, along with the HIRS ACA, will perform the following high level tasks during the provision process. Please refer to appendix B for further details: • The HIRS Provisioner retrieves the EK Certificate from the TPMs NVRAM. • The HIRS Provisioner retrieves the Platform Certificate from the EFI partition, if present. • The HIRS Provisioner retrieves the Reference Integrity Manifest (RIM) from the EFI partition, if present. • The HIRS Provisioner retrieves the TPM Event Log. • The HIRS Provisioner retrieves Component data from the device. • An Attestation Identity Key is generated on the TPM, if one is not already present. • The HIRS Provisioner forwards the collected data and sends it to the ACA. • The HIRS ACA (Policy based) validates the Endorsement Credential. • The HIRS ACA (Policy based) validates the Platform Credential(s). • The HIRS ACA (Policy based) validates and new RIM(s) • The performs credential validation according to its policy • If validation is successful, the ACA issues an Attestation Identity Credential or LocalDevID (Policy based) to the device.

For installation, setep, and usage please refer to the HIRS_Provisioner.NET Readme