-
Notifications
You must be signed in to change notification settings - Fork 131
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests: Apply patches to IBM TSS2 test suite
Apply patches to the IBM TSS2 test suite rather than using sed on its files and other types of file manipulations. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
- Loading branch information
1 parent
e5bb6f4
commit e78c9db
Showing
11 changed files
with
464 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 72 additions & 0 deletions
72
tests/patches/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
From 850ce946fc5ba79f03d46e8cb7695dcadb5f397d Mon Sep 17 00:00:00 2001 | ||
From: Stefan Berger <stefanb@linux.vnet.ibm.com> | ||
Date: Fri, 26 Feb 2021 18:45:57 -0500 | ||
Subject: [PATCH 1/9] Deactivate test cases accessing rootcerts.txt | ||
|
||
rootcerts.txt contains files in a drive we don't have access to | ||
--- | ||
utils/regtests/testcredential.sh | 18 +++++++++--------- | ||
utils/regtests/testunseal.sh | 4 ++-- | ||
2 files changed, 11 insertions(+), 11 deletions(-) | ||
|
||
diff --git a/utils/regtests/testcredential.sh b/utils/regtests/testcredential.sh | ||
index cb9fec0..16fd66a 100755 | ||
--- a/utils/regtests/testcredential.sh | ||
+++ b/utils/regtests/testcredential.sh | ||
@@ -300,9 +300,9 @@ NVNAME=( | ||
${PREFIX}createek -high -pwde eee -pwdk kkk ${CALG[i]} -cp -noflush > run.out | ||
checkSuccess $? | ||
|
||
- echo "Validate the ${CALG[i]} EK certificate against the root" | ||
- ${PREFIX}createek -high ${CALG[i]} -root certificates/rootcerts.txt > run.out | ||
- checkSuccess $? | ||
+ #echo "Validate the ${CALG[i]} EK certificate against the root" | ||
+ #${PREFIX}createek -high ${CALG[i]} -root certificates/rootcerts.txt > run.out | ||
+ #checkSuccess $? | ||
|
||
echo "Create a signing key under the ${CALG[i]} EK using the password" | ||
${PREFIX}create -hp 80000001 -si -pwdp kkk > run.out | ||
@@ -402,9 +402,9 @@ NVNAME=( | ||
${PREFIX}createek -high -pwde eee -pwdk kkk ${CALG[i]} -cp -noflush > run.out | ||
checkSuccess $? | ||
|
||
- echo "Validate the ${CALG[i]} EK certificate against the root" | ||
- ${PREFIX}createek -high ${CALG[i]} -root certificates/rootcerts.txt > run.out | ||
- checkSuccess $? | ||
+ #echo "Validate the ${CALG[i]} EK certificate against the root" | ||
+ #${PREFIX}createek -high ${CALG[i]} -root certificates/rootcerts.txt > run.out | ||
+ #checkSuccess $? | ||
|
||
echo "Create a signing key under the ${CALG[i]} EK using the password" | ||
${PREFIX}create -hp 80000001 -si -pwdp kkk > run.out | ||
@@ -540,9 +540,9 @@ NVNAME=( | ||
${PREFIX}createek ${ALG} -pwde eee -cp -noflush > run.out | ||
checkSuccess $? | ||
|
||
- echo "Validate the ${ALG} EK certificate against the root" | ||
- ${PREFIX}createek ${ALG} -root certificates/rootcerts.txt > run.out | ||
- checkSuccess $? | ||
+ #echo "Validate the ${ALG} EK certificate against the root" | ||
+ #${PREFIX}createek ${ALG} -root certificates/rootcerts.txt > run.out | ||
+ #checkSuccess $? | ||
|
||
echo "Start a policy session" | ||
${PREFIX}startauthsession -se p > run.out | ||
diff --git a/utils/regtests/testunseal.sh b/utils/regtests/testunseal.sh | ||
index aae3d4e..1755740 100755 | ||
--- a/utils/regtests/testunseal.sh | ||
+++ b/utils/regtests/testunseal.sh | ||
@@ -724,8 +724,8 @@ echo "" | ||
|
||
echo "PROVISION: Create the EK for the salted session 80000000" | ||
if [ ${CRYPTOLIBRARY} == "openssl" ]; then | ||
-${PREFIX}createek -rsa 2048 -cp -noflush -root certificates/rootcerts.txt > run.out | ||
-elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then | ||
+#${PREFIX}createek -rsa 2048 -cp -noflush -root certificates/rootcerts.txt > run.out | ||
+#elif [ ${CRYPTOLIBRARY} == "mbedtls" ]; then | ||
${PREFIX}createek -rsa 2048 -cp -noflush > run.out | ||
fi | ||
checkSuccess $? | ||
-- | ||
2.26.2 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
From f0f9aec53193b1c81f2de2cc9cc52a0c82afa523 Mon Sep 17 00:00:00 2001 | ||
From: Stefan Berger <stefanb@linux.vnet.ibm.com> | ||
Date: Sun, 28 Feb 2021 16:39:51 -0500 | ||
Subject: [PATCH 2/9] Implement powerup for swtpm | ||
|
||
--- | ||
utils/reg.sh | 12 ++++++++++++ | ||
utils/regtests/inittpm.sh | 4 ++-- | ||
utils/regtests/testevent.sh | 2 +- | ||
utils/regtests/testnvpin.sh | 4 ++-- | ||
utils/regtests/testpcr.sh | 2 +- | ||
utils/regtests/testshutdown.sh | 6 +++--- | ||
6 files changed, 21 insertions(+), 9 deletions(-) | ||
|
||
diff --git a/utils/reg.sh b/utils/reg.sh | ||
index 048863b..61f23d9 100755 | ||
--- a/utils/reg.sh | ||
+++ b/utils/reg.sh | ||
@@ -1,6 +1,12 @@ | ||
#!/bin/bash | ||
# | ||
|
||
+SWTPM_IOCTL=${SWTPM_IOCTL:-$(type -P swtpm_ioctl)} | ||
+if [ -z "${SWTPM_IOCTL}" ]; then | ||
+ echo "SWTPM_IOCTL not set and could not find swtpm_ioctl in PATH" | ||
+ exit 1 | ||
+fi | ||
+ | ||
################################################################################# | ||
# # | ||
# TPM2 regression test # | ||
@@ -244,6 +250,12 @@ initprimary() | ||
checkSuccess $? | ||
} | ||
|
||
+powerup() | ||
+{ | ||
+ ${SWTPM_IOCTL} -i --tcp ${TPM_SERVER_NAME}:${TPM_PLATFORM_PORT} | ||
+ return $? | ||
+} | ||
+export -f powerup | ||
|
||
export -f checkSuccess | ||
export -f checkWarning | ||
diff --git a/utils/regtests/inittpm.sh b/utils/regtests/inittpm.sh | ||
index eaefab4..2c87bb2 100755 | ||
--- a/utils/regtests/inittpm.sh | ||
+++ b/utils/regtests/inittpm.sh | ||
@@ -46,7 +46,7 @@ echo "Initialize TPM" | ||
echo "" | ||
|
||
echo "Power cycle" | ||
-${PREFIX}powerup > run.out | ||
+powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "Startup" | ||
@@ -62,7 +62,7 @@ ${PREFIX}pcrallocate +sha1 +sha256 +sha384 +sha512 > run.out | ||
checkSuccess $? | ||
|
||
echo "Power cycle" | ||
-${PREFIX}powerup > run.out | ||
+powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "Startup" | ||
diff --git a/utils/regtests/testevent.sh b/utils/regtests/testevent.sh | ||
index 6336920..6d78ba5 100755 | ||
--- a/utils/regtests/testevent.sh | ||
+++ b/utils/regtests/testevent.sh | ||
@@ -66,7 +66,7 @@ do | ||
do | ||
|
||
echo "Power cycle to reset IMA PCR" | ||
- ${PREFIX}powerup > run.out | ||
+ powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "Startup" | ||
diff --git a/utils/regtests/testnvpin.sh b/utils/regtests/testnvpin.sh | ||
index 89d14a7..c045af1 100755 | ||
--- a/utils/regtests/testnvpin.sh | ||
+++ b/utils/regtests/testnvpin.sh | ||
@@ -240,7 +240,7 @@ ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out | ||
checkFailure $? | ||
|
||
echo "Reboot" | ||
-${PREFIX}powerup > run.out | ||
+powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "Startup" | ||
@@ -448,7 +448,7 @@ ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out | ||
checkFailure $? | ||
|
||
echo "Reboot" | ||
-${PREFIX}powerup > run.out | ||
+powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "Startup" | ||
diff --git a/utils/regtests/testpcr.sh b/utils/regtests/testpcr.sh | ||
index ef8fa2c..e2ac737 100755 | ||
--- a/utils/regtests/testpcr.sh | ||
+++ b/utils/regtests/testpcr.sh | ||
@@ -191,7 +191,7 @@ do | ||
checkSuccess $? | ||
|
||
echo "powerup" | ||
- ${PREFIX}powerup > run.out | ||
+ powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "startup" | ||
diff --git a/utils/regtests/testshutdown.sh b/utils/regtests/testshutdown.sh | ||
index 566471b..7be9f1c 100755 | ||
--- a/utils/regtests/testshutdown.sh | ||
+++ b/utils/regtests/testshutdown.sh | ||
@@ -147,7 +147,7 @@ ${PREFIX}shutdown -s > run.out | ||
checkSuccess $? | ||
|
||
echo "Power cycle" | ||
-${PREFIX}powerup > run.out | ||
+powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "Startup state" | ||
@@ -255,7 +255,7 @@ ${PREFIX}shutdown -s > run.out | ||
checkSuccess $? | ||
|
||
echo "Power cycle" | ||
-${PREFIX}powerup > run.out | ||
+powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "Startup clear" | ||
@@ -331,7 +331,7 @@ ${PREFIX}shutdown -c > run.out | ||
checkSuccess $? | ||
|
||
echo "Power cycle" | ||
-${PREFIX}powerup > run.out | ||
+powerup > run.out | ||
checkSuccess $? | ||
|
||
echo "Startup clear" | ||
-- | ||
2.26.2 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
From b233462f3fe53d2209a1e2aad7f196979cea00e5 Mon Sep 17 00:00:00 2001 | ||
From: Stefan Berger <stefanb@linux.vnet.ibm.com> | ||
Date: Sun, 28 Feb 2021 16:35:56 -0500 | ||
Subject: [PATCH 3/9] Set CRYPTOLIBRARY to openssl | ||
|
||
--- | ||
utils/reg.sh | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/utils/reg.sh b/utils/reg.sh | ||
index 61f23d9..33e3299 100755 | ||
--- a/utils/reg.sh | ||
+++ b/utils/reg.sh | ||
@@ -264,7 +264,7 @@ export WARN | ||
export PREFIX | ||
export -f initprimary | ||
# hack because the mbedtls port is incomplete | ||
-export CRYPTOLIBRARY=`${PREFIX}getcryptolibrary` | ||
+export CRYPTOLIBRARY=openssl | ||
|
||
# example for running scripts with encrypted sessions, see TPM_SESSION_ENCKEY=getrandom below | ||
export TPM_SESSION_ENCKEY | ||
-- | ||
2.26.2 | ||
|
65 changes: 65 additions & 0 deletions
65
tests/patches/0004-Store-volatile-state-at-every-step.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
From 223a78820b10fcce8b65d5827d1699dab49e45e1 Mon Sep 17 00:00:00 2001 | ||
From: Stefan Berger <stefanb@linux.vnet.ibm.com> | ||
Date: Sun, 28 Feb 2021 16:42:11 -0500 | ||
Subject: [PATCH 4/9] Store volatile state at every step | ||
|
||
--- | ||
utils/reg.sh | 14 +++++++++++++- | ||
1 file changed, 13 insertions(+), 1 deletion(-) | ||
|
||
diff --git a/utils/reg.sh b/utils/reg.sh | ||
index 33e3299..de7e181 100755 | ||
--- a/utils/reg.sh | ||
+++ b/utils/reg.sh | ||
@@ -124,6 +124,13 @@ printUsage () | ||
echo "-51 Events" | ||
} | ||
|
||
+storeVolatileState() | ||
+{ | ||
+ echo ">>> Storing volatile state <<<" | ||
+ ${SWTPM_IOCTL} -v --tcp ${TPM_SERVER_NAME}:${TPM_PLATFORM_PORT} | ||
+} | ||
+export -f storeVolatileState | ||
+ | ||
checkSuccess() | ||
{ | ||
if [ $1 -ne 0 ]; then | ||
@@ -133,7 +140,7 @@ if [ $1 -ne 0 ]; then | ||
else | ||
echo " INFO:" | ||
fi | ||
- | ||
+storeVolatileState | ||
} | ||
|
||
# FIXME should not increment past 254 | ||
@@ -146,6 +153,7 @@ if [ $1 -ne 0 ]; then | ||
else | ||
echo " INFO:" | ||
fi | ||
+storeVolatileState | ||
} | ||
|
||
checkFailure() | ||
@@ -157,6 +165,7 @@ if [ $1 -eq 0 ]; then | ||
else | ||
echo " INFO:" | ||
fi | ||
+storeVolatileState | ||
} | ||
|
||
cleanup() | ||
@@ -252,6 +261,9 @@ initprimary() | ||
|
||
powerup() | ||
{ | ||
+ ${SWTPM_IOCTL} -i --tcp ${TPM_SERVER_NAME}:${TPM_PLATFORM_PORT} | ||
+ # Do it a 2nd time now that the previously store volatile state is gone | ||
+ # Now startup must be sent to the TPM again | ||
${SWTPM_IOCTL} -i --tcp ${TPM_SERVER_NAME}:${TPM_PLATFORM_PORT} | ||
return $? | ||
} | ||
-- | ||
2.26.2 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
From 19ce952c3a7205585bed8cb063dc2b1f23434ba4 Mon Sep 17 00:00:00 2001 | ||
From: Stefan Berger <stefanb@linux.vnet.ibm.com> | ||
Date: Sun, 28 Feb 2021 16:33:02 -0500 | ||
Subject: [PATCH 5/9] Disable tests related to 'events' | ||
|
||
--- | ||
utils/regtests/testevent.sh | 1 + | ||
1 file changed, 1 insertion(+) | ||
|
||
diff --git a/utils/regtests/testevent.sh b/utils/regtests/testevent.sh | ||
index 6d78ba5..9252161 100755 | ||
--- a/utils/regtests/testevent.sh | ||
+++ b/utils/regtests/testevent.sh | ||
@@ -1,5 +1,6 @@ | ||
#!/bin/bash | ||
# | ||
+exit 0 | ||
|
||
################################################################################# | ||
# # | ||
-- | ||
2.26.2 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.