Merge pull request #815 from SuperPotato27/v3_issue_810

(WIP) Added action to package the RIM tool and the EventLog tool for windows.
nsacyber · Sep 4, 2024 · 72b37ce · 72b37ce
2 parents 3f466aa + 0c16564
commit 72b37ce
Show file tree

Hide file tree

Showing 8 changed files with 149 additions and 7 deletions.
diff --git a/.github/workflows/hirs_package_linux.yml b/.github/workflows/hirs_package_linux.yml
@@ -17,7 +17,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK 17
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v4
       with:
         java-version: '17'
         distribution: 'temurin'
@@ -26,44 +26,57 @@ jobs:
     - name: directory setup
       run: |
        mkdir -p artifacts/jars
+       mkdir -p artifacts/win
+       mkdir -p artifacts/win/hirstools
     - name: install dependencies
       run: |
         sudo apt-get update
         sudo apt-get install git curl nano cron mariadb-server
     - name: Setup Gradle
-      uses: gradle/gradle-build-action@v2
+      uses: gradle/actions/setup-gradle@v3
     - name: Execute Gradle build
       run: |
           ./gradlew build;
           ./gradlew bootWar;
           ./gradlew buildDeb;
           ./gradlew buildRpm;
+          ./gradlew buildZip
           cp HIRS_AttestationCAPortal/build/libs/*.jar artifacts/jars/. 
           cp HIRS_AttestationCA/build/libs/*.jar artifacts/jars/.
           cp HIRS_Utils/build/libs/*.jar artifacts/jars/.
           cp HIRS_Structs/build/libs/*.jar artifacts/jars/.
+          cp tools/tcg_rim_tool/build/distributions/*.zip artifacts/win
+          cp tools/tcg_eventlog_tool/build/distributions/*.zip artifacts/win
+          cp package/win/tcg-rim-tool/* artifacts/win/hirstools
     - name: Archive RPM files
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: RPM_Files
         path: HIRS_AttestationCAPortal/build/distributions/*.rpm
         if-no-files-found: error
     - name: Archive DEB files
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: DEB_Files
         path: HIRS_AttestationCAPortal/build/distributions/*.deb
         if-no-files-found: error
     - name: War files
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: WAR_Files
         path: HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war
         if-no-files-found: error
     - name: JAR_Files
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: JAR_Files
         path: artifacts/jars/
         if-no-files-found: error
-
+    - name: ZIP_Files
+      uses: actions/upload-artifact@v4
+      with:
+        name: ZIP_Files
+        path: artifacts/win/
+        if-no-files-found: error
+
+
diff --git a/package/win/tcg-rim-tool/README.md b/package/win/tcg-rim-tool/README.md
@@ -0,0 +1,29 @@
+This README is part of the ZIP_Files.zip generated from hirs_package_linux.yml the goal of this zip is to have the TCG RIM tool, and the TCG Eventlog tool available on windows. 
+
+To get the tools running on windows follow the instructions below:  
+
+1- Unzip "ZIP_Files" 
+
+2- open powershell as administrator and navigate to the hirstools folder. 
+
+3- run the following command: ```powershell -ExecutionPolicy Bypass -File '.\create_hirstools_desktop_shortcut.ps1'```
+
+4- double-click the HIRS_tools shortcut on your desktop. 
+
+To run the rim tool try the following commands:
+
+> rim -c base -a .\tcg_rim_tool\Base_Rim_Config.json -l .\tcg_rim_tool\TpmLog.bin -k .\tcg_rim_tool\PC_OEM1_rim_signer_rsa_3k_sha384.key -p .\tcg_rim_tool\PC_OEM1_rim_signer_rsa_3k_sha384.pem -o baseRim.swidtag
+
+> rim -v .\baseRim.swidtag -p .\tcg_rim_tool\PC_OEM1_rim_signer_rsa_3k_sha384.pem -t .\tcg_rim_tool\PC_OEM1_Cert_Chain.pem -l .\tcg_rim_tool\TpmLog.bin
+
+
+
+To run the eventlog tool:
+
+elt -f  C:\Windows\Logs\MeasuredBoot\[.log file here] -e
+
+Eventlog files are found here windows:
+C:\Windows\Logs\MeasuredBoot
+
+Example Command would be: 
+> elt -f  C:\Windows\Logs\MeasuredBoot\000000001-000000001.log -e (file name needs to match on on your system)
diff --git a/package/win/tcg-rim-tool/create_hirstools_desktop_shortcut.ps1 b/package/win/tcg-rim-tool/create_hirstools_desktop_shortcut.ps1
@@ -0,0 +1,11 @@
+# Unzip tools in the working directory
+Expand-Archive -Path ..\tcg_rim_tool.zip -DestinationPath .\tcg_rim_tool
+Expand-Archive -Path ..\tcg_eventlog_tool.zip -DestinationPath .\tcg_eventlog_tool
+# Create a shortcut to start the RIM shell
+$WshShell = New-Object -comObject WScript.Shell
+$Shortcut = $WshShell.CreateShortcut("$Home\Desktop\HIRS_tools.lnk")
+$Shortcut.TargetPath = "powershell.exe"
+$ScriptPath = "$PWD\hirsshell.ps1"
+$Shortcut.Arguments = "-ExecutionPolicy Bypass -File `"$ScriptPath`""
+$Shortcut.WorkingDirectory =  "$PWD"
+$Shortcut.Save()
diff --git a/package/win/tcg-rim-tool/eventLog.ps1 b/package/win/tcg-rim-tool/eventLog.ps1
@@ -0,0 +1,11 @@
+# Script to run the tcg_rim_tool in java
+
+$JavaParams = @{
+    FilePath =  'java'
+    ArgumentList = @(
+        '-jar "{0}"' -f "$PWD\tcg_eventlog_tool/tcg_eventlog_tool.jar"
+        "$args"
+    )
+}
+
+Start-Process @JavaParams  -NoNewWindow -Wait
diff --git a/package/win/tcg-rim-tool/hirsshell.ps1 b/package/win/tcg-rim-tool/hirsshell.ps1
@@ -0,0 +1,14 @@
+# Script to start a new shell with a rim alias
+$StartInfo = new-object System.Diagnostics.ProcessStartInfo
+$StartInfo.FileName = "$pshome\powershell.exe"
+$StartInfo.Arguments = "-NoExit -Command 
+               `$Host.UI.RawUI.WindowTitle=`'TCG RIM TOOL`'; 
+               Set-Alias elt '$PWD\eventlog.ps1';
+	       Set-Alias rim '$PWD\rim.ps1';
+               echo 'The TCG RIM TOOL is intended for testing TCG Defined PC Client Reference Integrity Manifests (RIMs)';
+               echo 'for usage type: rim -h';
+	       echo 'for eventlog usage type: elt -h'
+               Set-Location -Path $PWD;
+               function prompt {'HIRS > '};" 
+[System.Diagnostics.Process]::Start($StartInfo)
+
diff --git a/package/win/tcg-rim-tool/rim.ps1 b/package/win/tcg-rim-tool/rim.ps1
@@ -0,0 +1,11 @@
+# Script to run the tcg_rim_tool in java
+
+$JavaParams = @{
+    FilePath =  'java'
+    ArgumentList = @(
+        '-jar "{0}"' -f "$PWD\tcg_rim_tool/tcg_rim_tool.jar"
+        "$args"
+    )
+}
+
+Start-Process @JavaParams  -NoNewWindow -Wait
diff --git a/tools/tcg_eventlog_tool/build.gradle b/tools/tcg_eventlog_tool/build.gradle
@@ -123,4 +123,22 @@ ospackage {
     buildDeb {
         arch = 'amd64'
     }
+
 }
+
+
+task buildZip(type: Zip){
+    dependsOn jar
+    from(tasks.jar.archiveFile){
+        rename( filename ->
+            "${project.name}.jar")
+        into '/'
+    }
+
+    archiveBaseName.set(project.name)
+    destinationDirectory.set(file("$buildDir/distributions"))
+    archiveFileName.set("${project.name}.zip")
+}
+
+buildZip.dependsOn jar
+//build.dependsOn buildZip
diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle
@@ -131,3 +131,38 @@ buildRpm {
 buildDeb {
     arch = 'amd64'
 }
+
+task buildZip(type: Zip){
+    dependsOn jar
+    dependsOn jar
+    from(tasks.jar.archiveFile){
+        rename( filename ->
+                "${project.name}.jar")
+        into '/'
+    }
+    from('./build/resources/test/rim_fields.json'){
+        into '/'
+    }
+    from('../../.ci/tcg-rim-tool/configs/Base_Rim_Config.json'){
+        into '/'
+    }
+    from('../../.ci/tcg-rim-tool/eventlogs/TpmLog.bin'){
+        into '/'
+    }
+    from('../../.ci/tcg-rim-tool/keys/PC_OEM1_rim_signer_rsa_3k_sha384.key'){
+        into '/'
+    }
+    from('../../.ci/tcg-rim-tool/certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem'){
+        into '/'
+    }
+    from('../../.ci/tcg-rim-tool/certs/PC_OEM1_Cert_Chain.pem'){
+        into '/'
+    }
+
+    archiveBaseName.set(project.name)
+    destinationDirectory.set(file("$buildDir/distributions"))
+    archiveFileName.set("${project.name}.zip")
+}
+
+buildZip.dependsOn jar
+//build.dependsOn buildZip