From 16f38751ca246c049a11ae9b8818382c32b5f4f5 Mon Sep 17 00:00:00 2001
From: Cyrus <24922493+cyrus-dev@users.noreply.github.com>
Date: Wed, 17 Jun 2020 13:33:02 -0400
Subject: [PATCH] [#265] Skip ima pcr (#267)

* Added temp code edit to ignore IMA pcr during firmware validation

* Removed redundant check
---
 .../SupplyChainValidationServiceImpl.java     | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
index 220e29b30..324421d07 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
@@ -259,12 +259,6 @@ public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredent
         return summary;
     }
 
-            /**
-             * TDM: I need to compare the manufacturer id, name and model load
-             * that RIM file and associated eventlog, pull that flag for sha 1
-             * or 256 and then compare pcrs
-             */
-
     /**
      * This method is a sub set of the validate supply chain method and focuses
      * on the specific multibase validation check for a delta chain. This method
@@ -320,6 +314,7 @@ private SupplyChainValidation validatePcPolicy(
         }
         return subPlatformScv;
     }
+    private static final int IMA_TEN = 9;
 
     private SupplyChainValidation validateFirmware(final PlatformCredential pc,
             final IssuedAttestationCertificate attCert) {
@@ -356,22 +351,27 @@ private SupplyChainValidation validateFirmware(final PlatformCredential pc,
                             .toArray(new String[swid.getPcrValues().size()]);
                 }
 
+                int imaValue = IMA_TEN;
                 String pcrNum;
                 String pcrValue;
                 if (baseline[0].length() == TPMMeasurementRecord.SHA_BYTE_LENGTH) {
                     for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
                         pcrNum = pcrs1[i + 1].split(":")[0].trim();
                         pcrValue = pcrs1[i + 1].split(":")[1].trim();
-                        if (!baseline[i].equals(pcrValue)) {
-                            sb.append(String.format(failureMsg, pcrNum));
+                        if (i != imaValue) {
+                            if (!baseline[i].equals(pcrValue)) {
+                                sb.append(String.format(failureMsg, pcrNum));
+                            }
                         }
                     }
                 } else if (baseline[0].length() == TPMMeasurementRecord.SHA_256_BYTE_LENGTH) {
                     for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
                         pcrNum = pcrs256[i + 1].split(":")[0].trim();
                         pcrValue = pcrs256[i + 1].split(":")[1].trim();
-                        if (!baseline[i].equals(pcrValue)) {
-                            sb.append(String.format(failureMsg, pcrNum));
+                        if (i != imaValue) {
+                            if (!baseline[i].equals(pcrValue)) {
+                                sb.append(String.format(failureMsg, pcrNum));
+                            }
                         }
                     }
                 }