v2.2.0

Version 2.2.0 introduces the HIRS_Provisioner.NET. The HIRS_Provisioner.NET is a C# implementation of the HIRS Provisioner designed to be a replacement for the HIRS_ProvisionerTPM2. The HIRS_Provisioner.NET can be packaged for Windows as well as most Linux distributions. This portability will support a wider set of scenarios and products. See the HIRS_Provisioner.NET README.md for details.

An ACA Docker image is now automatically created for each release. See the packages page

HIRS ACA Updates:

• RIM Database page was added to search and view all RIM supplied Events into the ACAs database.
• Added an ACA policy option to ignore OS events if on FW Validation is required.
• FIM Assertions were enabled on the Platform Certificate details page
• RIM uploads modified to use platformManufacturerStr and platformModel from the Base RIM (swidtag to match the against provisioning request

TCG RIM TOOL Updates:

• Support for PEM formatted Keys and Certificates added
• Added capability to add timestamps
• Use of the default keystore must be implicitly stated
• Added a xml_dsig_tool to provide an alternate means to validate the signature on the tcg_rim_tool
• Fixed install issue when installed on same device as the ACA
• Support added for nested RIMS
• Support added for multiple signatures
• Meta attributes colloquialVersion, edition, product, and revision are now optional

File	Sha256 Hash
HIRS_AttestationCA-2.2.0-1697728139.242610.el7.noarch.rpm	368979f085d27a6202021fff678cf4c05488f03ec15c40e3cff590055a329715
tcg_rim_tool-2.2.0-1697728139.242610.x86_64.rpm	bd45ac05f931cf1734422e04c226702788b41ee2027f7bb535080ba6b2e53e4c
tcg_eventlog_tool-2.2.0-2426109.x86_64.rpm	d7f0cc8860915dc84e5eab41d2c2a35b2f93f4f57de753613f5c7f10cce4bd7
HIRS_Provisioner.NET.2.2.0.linux-x64.deb	2072efaaf36614e3ccafa6e23e5419807497c0a0e00c2c27e423cc3484d1ac4b
HIRS_Provisioner.NET.2.2.0.linux-x64.rpm	26a07f471490c7028ceb29d975023f7a54b7007f734abe0831df37ea3b661c15
HIRS_Provisioner.NET.2.2.0.msi	fb034db57806f3c8e7a60d2294e8d20b395c4ffb0ca16bfe94b64163f988f4a3

v.2.1.3.Beta

This is a test release, intended to test a Github action to produce an ACA docker image. If successful an ACA test image will be posted to the package link on the right hand side of the main HIRS Github page.

There are no RPMs for this release.

v2.1.2

Several small fixes:

• Updates database parameters for larger data sizes when using reference manifests from different operating systems.
• Fixes an issue with yum/rpm update removing the tcg_boot.properties file.

Centos 7
HIRS_AttestationCA-2.1.2-1644956897.4e7f45.el7.noarch.rpm            a913d42f8004433b235c6e078eec9fb35bd8240aa662e4f071807d74523feab1
HIRS_Provisioner_TPM_1_2-2.1.2-1644956897.4e7f45.el7.noarch.rpm      99ff9695334304490928a393e437d1554c221b6cbbb14aa061ca8ebd1a4414c5
HIRS_Provisioner_TPM_2_0-2.1.2-1644956897.4e7f45.el7.x86_64.rpm      32f6bb60fcc0a893db715664b6484e7c94a100c2349a1c60e70189ad28418868
     
Centos 6
HIRS_Provisioner_TPM_1_2-2.1.2-1644956897.4e7f45.el6.noarch.rpm      ce72ef510f5d93e9af4c47ef1563da3f99398b895b450409d270aa9740387689
HIRS_AttestationCA-2.1.2-1644956897.4e7f45.el6.noarch.rpm            87651367f835b286e7afca40929ba9267f07813b6626f3a4ef80a0f22edeb44e
tpm_module-2.1.2-1644956897.4e7f45.x86_64.rpm                        5c20aefd09ffdd8fa87fd9970d8e491410ee711f724d2ef514668303348cb311

v2.1.1

This release includes gradle's recommended updates to log4j to address CVE-2021-44228.

Centos 7
HIRS_AttestationCA-2.1.1-1642089524.119f77.el7.noarch.rpm             5c4a2374ceaef04cb91334016402d91101ddb6014dee735ed63f74ddd76578a5    
HIRS_Provisioner_TPM_1_2-2.1.1-1642089524.119f77.el7.noarch.rpm       048eab7b2f29f74a9962bd494116c9836666e70d94baba2a69b61ab64219a012
HIRS_Provisioner_TPM_2_0-2.1.1-1642089524.119f77.el7.x86_64.rpm       d57e60a7af8b12224764a7a27614a440fa862dd6bb69faa3b1a7e3a82ff9266f
tcg_rim_tool-2.1.0-1.el7.x86_64.rpm                                   eec6d9336830e5efb4d52f2cf4771284d21048e293e4c714befc7009faf418ea
tcg_eventlog_tool-2.1.1-1.i386.rpm                                    429c886e4034584a804e22efcf22e6593953835eff8ea42a98647b395db9ccf6        

Centos 6
HIRS_AttestationCA-2.1.1-1642089524.119f77.el6.noarch.rpm             9748f8940cca465802e625bd6f32ccf050b6410422bc66228ffafeb5c3e3e606         
HIRS_Provisioner_TPM_1_2-2.1.1-1642089524.119f77.el6.noarch.rpm       b9cfa8d42a0c2c095fc894cca2175a1f1fdce622b445b1b86b07a736f745d2aa 
tpm_module-2.1.1-1642089524.119f77.x86_64.rpm                         e001669736336db38d9f45dee223629af836aa4fe2baba8dc4433216f00065a2

v2.1.0

Release 2.1.0 adds support for supplemental PC Client Reference Integrity Manifests (RIMs) to support System Integrator and Value Added Reseller scenarios for the firmware validation capability of the HIRS ACA.

Other updates:

• Certificate Validation has been updated to validate the entire certificate path of the issuer.
• RIM upload validates RIM signatures and support RIM hashes, parse support RIM files (event logs), and adds individual events to a RIM Database.
• Downloadable Validation Report added to the Validation report page. Supports CSV and Json formats.
• Updated TCG Event Log data in Support RIM display
• Firmware link on Validation Report page now links to event log sent by the provisioner.
• Ignore GPT PCRs Entry policy added to Policy page to account for GPT events that may contain unique partition table guids in a Support RIM.
• The tcg_rim_tool has added Certificate Issuer checking to its validation capability.

SHA256 checksums:

Centos 7
HIRS_AttestationCA-2.1.0-1630344582.744aea.el7.noarch.rpm         8499a81e27a6c86bab031ba7dad1e0f1586de1a6b4fc2c5493380c446e16ef8b 
HIRS_Provisioner_TPM_1_2-2.1.0-1630344582.744aea.el7.noarch.rpm   db0ae2ed0fdb06dd5574c2ae4deffa9da77cebcacae05f1cf2866f68091127ae
HIRS_Provisioner_TPM_2_0-2.1.0-1630344582.744aea.el7.x86_64.rpm   e03aea3c44996c17b41e96239b48e7e17e22db8dbadd273eb01bdce87931fac8
tcg_rim_tool-2.1.0-1.el7.x86_64.rpm                               2344bee24bfb64951664a573b273f8afde6434d11d9e5e368f0315a34e2aafdb
tcg_eventlog_tool-2.1.0-1.i386.rpm                                83ee1e7a73daaaa2b9fcb1e0994ec04fdd1715e66d6e0b14d4e6938f3620a7f9

Centos 6
HIRS_AttestationCA-2.1.0-1630344582.744aea.el6.noarch.rpm         e804f37e385b17a8526cc5cf149d0ee847eec4606505ae2037dacd9f830300b5
HIRS_Provisioner_TPM_1_2-2.1.0-1630344582.744aea.el6.noarch.rpm   a1d3423aee1f5f6dcaf86cf5ef872eee3c340e6d6e4ba0c9a511caa9ce48225f
tpm_module-2.1.0-1630344582.744aea.x86_64.rpm                     07c904b8385eb6fce3c97ea9f094b75caa9f902e2e24dfa119fbecc89c326bee

v2.0.5.Beta

Added ability to to download json version of a Validation Report.

v2.0.4.Beta

Added new options for csv report download.
download_validation_reports.sh how has a -h option.

V2.0.3 Beta

Adds support for processing additional certificate algorithms.

Package                                                            SHA256SUM
HIRS_AttestationCA-2.0.3-1619025636.af9f7d.el7.noarch.rpm          8d92cf9527b9e97197ba46b38130e841cf49b978119f2e46120aa23932ac3b5e
HIRS_Provisioner_TPM_2_0-2.0.3-1619025636.af9f7d.el7.x86_64.rpm    d7542a7d596ad318113816c1a959cdf9aa212b639b8f91ab2ebcd624faf476d1

V2.0.1 Beta

Beta Capability for this release:

• Reference Integrity Manifest updates
  • Updated TCG Event Log data in Support RIM display
  • Event Summary for Support RIM files
  • Added signature verification indication for Base RIM and the support RIM File Hash
• Platform Certificates
  • Added component failure highlighting to Platform Cert page after component verification failure.
  • Added extra validation checks to delta Platoform Certificates
• Added a Validation Report download with CSV formatting for spreadsheet import.

V2.0.2 Beta

Added a script for automating Validation Report file downloads from the HIRS ACA host.
Script for automating the download can be found here. Usage:
sh download_validation_reports.sh [start date] [end date]
where data format is YYYY-mm-dd.