HIRS
HIRS copied to clipboard
nsacyber
Trusted Computing based services supporting TPM provisioning and supply chain validation concepts. #nsacyber
Remarks from user testing: `I have tested removing "platformManufacturerStr" from the json config file, removing both "platformManufacturerStr" and "platformManufacturerId", as well as testing changing "platformManufacturerStr": "DellInc." to "platformManufacturerStr": "". The...
This issue comprises smaller, more specific issues that directly follow the results of failure testing of the rimtool.
The tcg_rim_tool embeds the cert given to -p by default when creating a new RIM. Add a new option (-e) to explicitly embed the cert, otherwise do not.
The rimtool currently does not validate credentials provided to the -k and -p options during a create command. The tool should check the given files for correct format and print...
The code currently uses 0x1c90000: https://github.com/nsacyber/HIRS/blob/8b25ae698a250c70367c21b473f5af44b6968610/HIRS_ProvisionerTPM2/src/CommandTpm2.cpp#L106-L108 In the TCG "Registry of Reserved TPM 2.0 Handles and Localities": - (page 9) the index range 0x01C00000–0x01C07FFF is reserved for endorsement - (page...
The ACA policy currently supports the creation of a Local Attestation Key/Attestation Certificate. To support 802.1x scenarios it would be useful for the ACA to support the issuance of an...
Currently the ACA is still treating the RIMs and Swidtags on a file to file basis and not as a group of potential files from the provisioner. This issue addresses...
symptoms: ACA fails to start (web portal fails to load in the browser) and the following log files are created but have a length of 0: /var/log/tomcat/HIRS_AttestationCA.log /var/log/tomcat/HIRS_AttestationCA_Portal.log Issue: Tomcat...
With the limited support for Centos 7 and future versions Rocky will be a good Linux distro alternative. the Dockerfile should support both ACA and dotnet based Provisioner installs.
These changes add support for timestamping XML signatures of base RIMs. Two new command line arguments are available: - --rfc3161 - --rfc3339 Each causes a timestamp object to be inserted...