Home

Welcome to your wiki!

This is the default page, edit it as you see fit. To add a new page simply reference it within brackets, e.g.: [SamplePage].

The wiki uses Markdown syntax.

Project Members:

• Ken Goldman (admin)

[Ken Goldman]

If the ACS project is not in the same directory as the TSS and utilities. libibmtss.so, libibmtssutils.so and possibly libibmtssutils12 have to be in the library path.

Revision 1658

This revision was driven by the UEFI parser. The client sends EV_NO_ACTION events, since they can affect PCR 0. The server similarly processes EV_NO_ACTION events. The server propagates the first informative event, since a future UEFI parser potentially needs the pre-OS event log version.

Revision 1630

This revision improves the quote performance. It reconstructs the PCRs in the first pass from the event logs rather than using the client supplied values. This is enabled by a new IMA guarantee that the event append - extend is atomic even in a multithreaded case.

Revision 1470

This revision has a few minor changes.

• Separates the client code into two parts for ZPower VM support
• Increases the size of the DB column storing the IMA and BIOS raw event text.
• Adds support for client big endian event log at the client and server
• Changes the html header for certificates to Content-Type:text/plain since the certificates are not json. The newest Firefox does not display correctly otherwise.
  
  

Revision 1362

This revision matches the newer IBM TSS releases, which renames the include directory and library at the request of a Linux distro.

Minor changes:

• Changed over to the newer marshal functions that use unsigned sizes and the allowNull flag.
• client -bt generates a well formed date for the SQL insert
  
  

Revision 1242

This is a significant update.

• The project supports TPM 1.2 in addition to TPM 2.0.
• The enrollment protcol does not issue the AK certificate until after the client has answered the server challenge. Previously, it returned it encrypted.
• The BIOS event log is not resent if the BIOS PCRs did not change.
• Removed json and php calls to deprecated functions.
• The server supports multiple IMA signature verification public keys.
• The client tests reruns the quote if a PCR changes.
• Fixed several minor UI bugs which could occur if the attestation protocol terminates with an error.
• Added several optional environment variables for mysql configuration.
• OpenSSL 1.1 is supported.
  
  

Revision 976

Added a new web page to display the BIOS event log, with approporiate links

Minor improvements include:

• Certificates changed from SHA-1 to SHA-256
• EC Certificates are signed with an EC CA key
• Reorganized the reports web page, grouping the BIOS status and the IMA status.
  
  

Revision 898

This is a significant update with support for EC (elliptic curve) keys. clientek can provision a SW TPM with an EC EK certificate. clientenroll can enroll an EC attestation key using the EC EK certificate. client and server can validate EC signed quotes.

Revision 873

• This is a major update, with added support for IMA attestation, event log validation, and signature verification.
  
  

Revision 834

• Updated to the TSS changes for TPM specification revision 138. One TPM structure pattern changed, and the TSS changed for long term compatibility.