Skip to content

PC Client RIM quick start script for Linux#40

Open
iadgovuser26 wants to merge 4 commits intomainfrom
issue_38_lqstart
Open

PC Client RIM quick start script for Linux#40
iadgovuser26 wants to merge 4 commits intomainfrom
issue_38_lqstart

Conversation

@iadgovuser26
Copy link
Copy Markdown
Collaborator

@iadgovuser26 iadgovuser26 commented Apr 7, 2026

Adds a script to the script folder that generates a PC Client RIM based upon the device its run from:

  1. Checks that RIM_Tool and openssl are installed.
  2. Pulls the last TPM Event Log and uses it as a Support RIM file.
  3. Generates a Root Certificate and RIM Signer Certificate
  4. Creates a json config file for the RIM_Tool using Manufacturer, Model, and SN of he current device.
  5. Creates/Signs a PC Client base RIM

Notes:

  • Requires RIM_Tool to be installed via rpm package
  • Requires openssl to be installed
  • -h option lsists optional parameters
  • Requires admin privileges to run
  • Uses /opt/rimtool/local as a working folder
  • Will not overwrite CA or Signing cert if they already exist
  • Only currently supports RSA 3072
  • Base RIM and Support RIM are placed in the working folder
  • Supports a verbose mode
  • Can use the -l parameter to supply custom support rim

Example use:

sudo quick_pcrim.sh -h
 
 Create a quick test for a PC Client Rim Bundle based upon your local device
  Syntax: sh aca_setup.sh [-h|--help|-l |--rimel]
  options:
    -h  | --help   Print this help
     -l  | --rimel  Optional path to the PC Client support RIM file
    -v  | --verbose  Verbose output

chubtub
chubtub approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@chubtub chubtub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Script works as expected.

iadgovuser62
iadgovuser62 reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@iadgovuser62 iadgovuser62 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as expected. Some minor consistency suggestions.

Comment thread scripts/quick_pcrim.sh
DEFAULT_SRIM="/sys/kernel/security/tpm0/$TPM_EVENT_LOG"
RIM_CONF="rim_fields.json"
ORIG_CONFIG_FILE="/opt/rimtool/data/pcrim/rim_fields.json"
USE_RM_FILE=NO
Copy link
Copy Markdown
Collaborator

@iadgovuser62 iadgovuser62 Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be USE_RIMEL_FILE=false as how it is in the rest of the script?

Comment thread scripts/quick_pcrim.sh
shift # past argument
;;
-*|--*)
echo "aca_setup.sh: Unknown option $1"
Copy link
Copy Markdown
Collaborator

@iadgovuser62 iadgovuser62 Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change to quick_pcrim.sh

Comment thread scripts/quick_pcrim.sh
RIM_SIGNER="RIM_Test_Signer"
RIM_SIGNER_CERT="BaseRIMTestCA.example.com.pem"
SIG_ALG="rsa:2048"
DAYS_VALID="3652"
Copy link
Copy Markdown
Collaborator

@iadgovuser62 iadgovuser62 Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this redundant? Since there is already a DAYS variable that is used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iadgovuser62 iadgovuser62 iadgovuser62 left review comments

@chubtub chubtub chubtub approved these changes

@iadgovuser59 iadgovuser59 Awaiting requested review from iadgovuser59

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iadgovuser26 @chubtub @iadgovuser62