[#896] WIP: Add Platform Certificate Class Registry support to the ACA

[ThatSilentCoder]

Description

This issue covers necessary adjustments for the ACA to process the class registry information. This will include support for the TCG, PCI, SMBIOS, and Storage class registries.

Test Instructions:

1. Pull this branch in your favorite IDE and create a TPM Provisioner RPM/Debian (if you are on a Linux distribution):

   If on an Rhel-based distro:

   cd ~/HIRS_Provisioner.NET/hirs
   
   dotnet rpm -r linux-x64 -c Release
   

   If on a Debian-based distro:

   cd ~/HIRS_Provisioner.NET/hirs
   
   dotnet deb -r linux-x64 -c Release
   

2. Now go to the directory that holds the newly created RPM/Debian file:

   cd ~/HIRS/HIRS_Provisioner.NET/hirs/bin/Release/net8.0/linux-x64
   

3. Install the RPM/Debian file on your system:

   If on an Rhel-based distro:

   sudo dnf install HIRS_Provisioner.NET*rpm
   

   If on a Debian-based distro:

   sudo apt install HIRS_Provisioner.NET*deb
   

4. Now go to the hirs-aca.service file and change the following line to the next line for testing purposes (the -d flag
   will allow us to debug the installed application from our favorite IDE):

   From:

   ExecStart=/usr/bin/bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w
   

   To:

   ExecStart=/usr/bin/bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -d -w
   

5. Create an RPM/Debian file:

   If on an Rhel-based distro:

   ./gradlew clean buildRpm
   

   If on a Debian-based distro:

   ./gradlew clean buildDeb
   

6. Go to the distrubitions directory:

   cd git/HIRS/HIRS_AttestationCAPortal/build/distributions/
   

7. Install your newly built RPM/Debian file:

   If on an Rhel-based distro:

   sudo dnf install HIRS*rpm
   

   If on a Debian-based distro:

   sudo apt install HIRS*deb
   

8. Verify that the two new applications are installed on your system:

   For the Debugged-version of the HIRS-ACA:

   If on an Rhel-based distro:

   dnf list installed | grep -i "HIRS_Attestation"
   

   If on a Debian-based distro:

   apt list --installed | grep -i "HIRS_Attestation"
   

   For the latest and greatest HIRS_Provisioner:

   If on an Rhel-based distro:

   dnf list installed | grep -i "HIRS_Provisioner.NET"
   

   If on a Debian-based distro:

   apt list --installed | grep -i "HIRS_Provisioner.NET"
   

9. Open up Intellij, pull this branch in the IDE, go to the top where it says Run and then click on Edit Configurations, a window with the title of Run/Debug Configurations will pop-up.

10. Click on the plus sign at the upper left corner of the window and click on Remote JVM Debug. Make sure to set Host to localhost and port to 9123. Make sure to set module classpath to HIRS.HIRS_AttestationCAPortal.

11. Last but not least, click on the plug sign on the box that's right after the words Before Launch and click on Launch Web Browser. Hit apply and then hit ok. Now every time you run the debugged version of the application, the site will pop up on your default browser.

12. Now go the Policy Page and enable the following options: Endorsement Credential Validation , Platform Credential Validation and Platform Attribute Credential Validation.

13. In order to see the new component classes, we will have to setup some breakpoints in the code. Set a breakpoint in the following lines:

• Line 309 in SupplyChainCredentialValidator.java
• Line 766 in IdentityClaimProcessor.java

15. After setting the breakpoints, in a terminal window enter sudo tpm_aca_provision and step through the code. You will see in the bottom window where it lists the variables and their values that the ACA now recognizes the new component registries. The two new ones you should see are: STORAGE_COMPONENT_REGISTRY (2.23.133.18.3.4) and PCIE_BASED_COMPONENT_REGISTRY (2.23.133.18.3.5).

Issues this PR addresses:

Closes #898