Releases: nsacyber/HIRS
V2.0.2 Beta
Added a script for automating Validation Report file downloads from the HIRS ACA host.
Script for automating the download can be found here. Usage:
sh download_validation_reports.sh [start date] [end date]
where data format is YYYY-mm-dd.
V2.0.0
Version 2.0 adds support for the PC Client Reference Integrity Manifest (RIM) Specification to provide firmware validation capability to the HIRS ACA. This requires that the manufacturer of a device provide a digitally signed RIM "Bundle" for each device. The HIRS ACA has a new page for uploading and viewing RIM Bundles and a policy setting for requiring Firmware validation.
To support the TCG RIM concept a new tools folder has been added to the HIRS project which contains a tcg_rim_tool command line application. The tcg_rim_tool can be used to create NISTIR 8060 compatible SWID tags that adhere to the TCG PC Client RIM specification. It also supports the ability to digitally sign the Base RIM file as the HIRS ACA will require a valid signature in order to upload any RIM file.
Sha256 checksums:
Centos 7
HIRS_AttestationCA-2.0.0-1607000235.0ce8d4.el7.noarch.rpm 1e1cf00d2e2dcbe50d3b1554948dc5679f6d0376bb82456afa6c618eadb8a01c
HIRS_Provisioner_TPM_1_2-2.0.0-1607000235.0ce8d4.el7.noarch.rpm 08341f1fc26c7f43ebc6784e16c051e1f8f6adff5f818af0aa67dc2bef432b8c
HIRS_Provisioner_TPM_2_0-2.0.0-1607000235.0ce8d4.el7.x86_64.rpm 800830ae0eefe4075da1b2d830de8b1e7be40e3f953f002de4ff94531b21568f
tcg_eventlog_tool-2.0.0-1.i386.rpm 1bcad66134aef7125d5225490d2559025bf2992d60799f447a111648cbceb420
tcg_rim_tool-2.0.0-1.el7.x86_64.rpm 87bea553eb1676173fa15b9ef19cefd50d26832b3c82ba3abcca46884a2d0ace
Centos 6
HIRS_AttestationCA-2.0.0-1607000235.0ce8d4.el6.noarch.rpm 07b09d587961d36a0168edbb397602f9c9592398ce165aa2c2d9385e44e29b42
HIRS_Provisioner_TPM_1_2-2.0.0-1607000235.0ce8d4.el6.noarch.rpm 0425db37739d7d3e3a259f1accaca72af095626440832e2a1b590e040981b4cf
tpm_module-2.0.0-1607000235.0ce8d4.x86_64.rpm 7311ccedf545ca4cdb73ef0620281558c5141ad997debf03abc89c2d4894af2c
HIRS 2.0 Beta
Tools for PC Client Reference Integrity Manifests (RIMs).
HIRS v1.1.1
Sha256 checksums:
HIRS_AttestationCA-1.1.1-1574364941.0c2005.el7.noarch.rpm e2c9ba1324a28566a0e700377998280cbef3f1d7eb6f2436ca3850f01c7da250
HIRS_AttestationCA-1.1.1-1574364941.0c2005.el6.noarch.rpm 8217e0b160609af8e8ffca1031ec1d8e7bfba7150896074c10471360af30e35b
HIRS_Provisioner_TPM_1_2-1.1.1-1574364941.0c2005.el7.noarch.rpm d481a68e6db3f3d80bc7678e09bb3c9462f9692fa7cf4ba9b5256e76834f0ebe
HIRS_Provisioner_TPM_1_2-1.1.1-1574364941.0c2005.el6.noarch.rpm a2c74bc01f9754f06d776ef9244665050ef1edbc03adeba40081238f97d26382
HIRS_Provisioner_TPM_2_0-1.1.1-1574364941.0c2005.el7.x86_64.rpm 6fb2331d9b13f657e9b7eae01393086dfca9a5ecacb763babfeb7d4eaa5c946d
tpm_module-1.1.1-1574364941.0c2005.x86_64.rpm f0d9157b56ec1ba67a36f8c1fb8636bf11351dd6202928aaaaf4693b2f4a43cb
HIRS v1.1.0
Changes for release 1.1
Process Platform Credentials per the Platform Certificate 1.1 Specification.
Note that the HIRS ACA will be dropping support for Centos 6 when a version for Centos 8 becomes available.
Release page:
Release 1.1.0 Supports Base and Delta Platform Certificates:
ACA validation now supports processing Platform Credentials per the Platform Certificate 1.1 Specification. This includes support for Base vs Delta platform certificates. See the Paccor tool for creating Base and Delta Platform Certificate test patterns.
Removes the Attribute Column from the Validation Page.
Platform Credential page shows the component class.
Platform Certificate page updated to show new 1.1. fields:
Base vs Delta type shown on Platform Page.
Platform Certificate chain hyperlinks show the Platform Certificate “chain”.
The RPM in this version should support yum upgrade.
HIRS v1.0.4
Release 1.0.4 will have several updates:
- System Serial number moved to system info on the Platform Certificate page
- On a failed provisioning attempt tooltip on the failure icon will display information about specific components that failed verification.
- tpm_aca_provision tpm version detection removed to avoid attempting to provision 2.0 as a 1.2 tpm.
- tpm2 log4cplus prints initialization error fixed
- Dependency for hirs-provisioner-tpm2 RPM fixed
HIRS v1.0.3
Release 1.0.3 will have several updates:
- Added a User's Guide document for the ACA and TPM provisioner(s)
- Added several certificate display fields
- Cleaned up some error logs
- Put in a check for ResourceMgr or TPM2-Abmrd for the TPM2 provisioner
- PACCOR is now a dependency for the TPM Provisioner
Centos 6: SHA256 hashes
HIRS_AttestationCA-1.0.3-1548356481.c8ac15.el6.noarch.rpm 75f8cd71efb35961dbdbc8653e2194a7ae0fc49b6fd8cbdf2b538f264b469095
HIRS_Provisioner_TPM_1_2-1.0.3-1548356481.c8ac15.el6.noarch.rpm 03cd2b5413d8fa4f434be8572e8da8d2d675ddc15885ee40fd6169ca7447fb93
tpm_module-1.0.3-1548356481.c8ac15.x86_64.rpm 8de885bb535a1f335da9f01b52c6e08929387a4710b5ade44a6c6da3dd24f54d
Centos 7:
HIRS_AttestationCA-1.0.3-1548356481.c8ac15.el7.noarch.rpm ea0d0b9877845eec3c0d6d6b27b6a6dda5ad408e1544552372983940bbe084e1
HIRS_Provisioner_TPM_2_0-1.0.3-1548356481.c8ac15.el7.x86_64.rpm ff07ab0c3316ae2376a54b99689e20fd8f805a0f5e75a97d46941ea777a8bdaa
HIRS_Provisioner_TPM_1_2-1.0.3-1548356481.c8ac15.el7.noarch.rpm 5175b440e57d4842d115a101080972d4241078bf60739262f3af8c475e778312
For PACCOR rpms, please refer to the paccor release page.
HIRS v1.0.2
Release 1.0.2 Notes
Release 1.0.2 contains a few bug fixes and additional portal fields. Specific changes are:
- Added the ability to delete issued Attestation Certificates
- Platform Attributes will not pass unless Platform Certificate signature validate.
- ACA Platform Credential page will display the holder information.
- ACA will accept RSA Trust Chain Certificates signed with Ecc keys.
- Corrected a condition in which extra bytes stored with the EK cert on the TPM's NvRAM would prevent the EK certificate from being processed.
- Fixed display issues with the HIRS ACA portal when SeLinux is enabled.
- Updated Error reporting to the client when provisioning fails
- Fixed a bug when TPM Security assertions imply the TPM is field upgradable.
Centos 6: SHA256 hashes
tpm_module-1.0.2-1541093721.d1bdf9.x86_64.rpm ed037f734a010239ca49ad8a29207cb155578155741af71d9bcf9fa29e3eeeb4
HIRS_AttestationCA-1.0.2-1541093721.d1bdf9.el6.noarch.rpm 361c79862db68cc342841d4b4468e39158a36d2dbeb987258b3c4e333bb8ee54
HIRS_Provisioner_TPM_1_2-1.0.2-1541093721.d1bdf9.el6.noarch.rpm 59e92d4a8124ae4b1efc005c52eb4d2343ad6700f5b8d5896a48187208184b97
Centos 7:
HIRS_AttestationCA-1.0.2-1541093721.d1bdf9.el7.noarch.rpm 052277442474ecd4a33c574fd93d6f054e42842fd40e92bfbc5a22f356647a70
HIRS_Provisioner_TPM_1_2-1.0.2-1541093721.d1bdf9.el7.noarch.rpm 1fd762782be57f3fec10387406590bf6920e6239b690f7f0cb81ac6837b6235e
HIRS_Provisioner_TPM_2_0-1.0.2-1541093721.d1bdf9.el7.x86_64.rpm 76b60de15c5b35fd5457ae4684bdd44a49e85ee6b7d3871d13f57fc26a5b07af
For paccor rpms, please refer to the paccor release page.
HIRS v1.0.1
Initial release.
Centos 6: SHA256 Hash
HIRS_AttestationCA-1.0.1-1536241653.d7e44b.el6.noarch.rpm 3889e42b55c2a2309a9176d3957fe7049d1a4945b2acd59265eca4c98112878f
HIRS_Provisioner_TPM_1_2-1.0.1-1536241653.d7e44b.el6.noarch.rpm a563b7fb7eb7b88c903d15ea02c312ecd72cb085fadbd7d3390b24a273297d42
tpm_module-1.0.1-1536241653.d7e44b.x86_64.rpm f81f41bc2991d66178781f99ac35fdd772f00f14a771fac0fd517a4031653c5f
Centos 7:
HIRS_AttestationCA-1.0.1-1536241653.d7e44b.el7.noarch.rpm c40156d492d6e37ea7ebec135b8a6d33aa1cb8c6ac4c7faba3239e60f0932952
HIRS_Provisioner_TPM_1_2-1.0.1-1536241653.d7e44b.el7.noarch.rpm a3cfac4112bfda93fc40a2b2cecd255200b7c85a28b38510b0a9e43a6944c4ef
HIRS_Provisioner_TPM_2_0-1.0.1-1536241653.d7e44b.el7.x86_64.rpm 4406764003f2f86bbd536a577c7b1cbc71f6cc285f2626edb3d982ea827ab8cd
For paccor rpms, please refer to the paccor release page.