The v3.2.0 HIRS release requires that the HIRS Provisioner be updated to V.3.2.0 in order to work with the ACA V 3.2.0
PC Client RIM files previously created with either the tcg_rim_tool or the RIM Tool v1.0 will need to be recreated using Rim Tool v1.1 due to a bug that both tools had with saving the Base RIM with extra white spacing.
ACA:
New Features:
- New table column sorting and data export options on the ACA portal:
- Can search on specific table columns
- Can now search dates
- Can select/delete multiple certificates/rims from tables.
- Export to exel, csv, pdf
- Links added to RIM detials page if embedded certificate is present
- Added a policy setting for enhanced logging collection
- Added new help pages
Updates:
- Removed the tcg_rim_tool in favor of the RIM Tool app (https://github.com/nsacyber/RIM-Tool)
- Updated to Java 25 and Bootstrap 5
- Migrated from JSP to Thymeleaf
- Updated various support libraries/dependencies
- updated TCG Event Log processing to inlcude new events details
Provisioner:
- Updated HIRS Provisioner to DOTNET 10
Bug Fixes/Error processing improvements:
- Fixed a bug with whitespaces being erronously removed from Swidtag/Base RIM files prior to signature verification
- Fixed a bug with Certificate DNs comma processing when matching DNs
- Fixed a bug with Provisioner handshakes to the ACA
- Fixed log when RIMs have incorrect Manuacturer or Model and RIMs are not matched to TCG Event Logs for provisioning
- Update TCG Eventlog processsing to ignore content data parsing issues as long as Event Digests are valid.
- Shows embedded certificates on the RIM details page
- Checks for embedded certificates within swidtag's/Base RIM files
- Handles missing RIM Bundle from provisioning process
- EK Certificate detials page shows TPM Security Assertions properly
- Updated use of AKI for certificate validation during validation
- Fixed RIM updates when updated RIM sent from provisioner
- Allow PEM files with extra text to be uploaded
- Handles detection of non-unique Root CA SKI's