def verify()

in src/local_gpu_verifier/src/verifier/rim/__init__.py [0:0]

• 42 lines of code
• 11 McCabe index (conditional complexity)

    def verify(self, version, settings, schema_path = ''): 
        """ Performs the schema validation if it is successful then signature verification is done.
        If both tests passed then returns True, otherwise returns False.
        
        Arguments:
            version (str) : the driver/vbios version of the required RIM.
            settings (config.HopperSettings): the object containing the various config info.
            base_RIM_path (str) : the path to the base RIM. Default value is None.
            schema_path (str) : the path to the swidtag schema xsd file. Default value is "swid_schema_2015.xsd".
        
        Returns :
            [bool] : True if schema validation and signature verification passes, otherwise returns False.
        """
        assert type(version) is str
        assert type(schema_path) is str

        if schema_path == "":
            schema_path = os.path.join(os.path.dirname(__file__), 'swidSchema2015.xsd')

        if not schema_path or not os.path.isfile(schema_path):
            info_log.error("There is a problem in the path to the swid schema. Please provide a valid the path to the swid schema.")
            raise FileNotFoundError("\t\tSWID schema file not found.")

        if self.validate_schema(schema_path = schema_path):
            info_log.info("\t\t\tRIM Schema validation passed.")

            if self.rim_name == 'driver':
                settings.mark_driver_rim_schema_validated()
            else:
                settings.mark_vbios_rim_schema_validated()

            if version != self.colloquialVersion.lower():
                info_log.warning(f"\t\t\tThe {self.rim_name} version in the RIM file is not matching with the installed {self.rim_name} version.")
            else:
                if self.rim_name == 'driver':
                    settings.mark_rim_driver_version_as_matching()
                else:
                    settings.mark_rim_vbios_version_as_matching()

                event_log.debug(f"The {self.rim_name} version in the RIM file is matching with the installed {self.rim_name} version.")

            rim_cert_chain = self.extract_certificates()
            # Reading the RIM root certificate.
            with open(os.path.join(settings.ROOT_CERT_DIR, settings.RIM_ROOT_CERT), 'r') as root_cert_file:
                root_cert_data = root_cert_file.read()

            if self.rim_name == 'driver':
                mode = BaseSettings.Certificate_Chain_Verification_Mode.DRIVER_RIM_CERT
            else:
                mode = BaseSettings.Certificate_Chain_Verification_Mode.VBIOS_RIM_CERT

            rim_cert_chain.append(crypto.load_certificate(type = crypto.FILETYPE_PEM, buffer = root_cert_data))
            rim_cert_chain_verification_status = CcAdminUtils.verify_certificate_chain(rim_cert_chain,
                                                                                       settings,
                                                                                       mode)
            if not rim_cert_chain_verification_status:
                raise RIMCertChainVerificationError(f"\t\t\t{self.rim_name} RIM cert chain verification failed")

            info_log.info(f"\t\t\t{self.rim_name} RIM certificate chain verification successful.")

            rim_cert_chain_ocsp_revocation_status, gpu_attestation_warning = CcAdminUtils.ocsp_certificate_chain_validation(rim_cert_chain, settings, mode)

            if not rim_cert_chain_ocsp_revocation_status:
                raise RIMCertChainOCSPVerificationError(f"\t\t\t{self.rim_name} RIM cert chain ocsp status verification failed.")

            return self.verify_signature(settings), gpu_attestation_warning

        else:            
            raise RIMSchemaValidationError(f"\t\t\tSchema validation of {self.rim_name} RIM failed.")