Enable IBM TSS2 test via package for Bionic

.travis.yml

@@ -26,7 +26,6 @@ addons:
         - libtasn1-dev
         - socat
         - findutils
-        - tpm-tools
         - gnutls-dev
         - gnutls-bin
         - libasan2
@@ -42,6 +41,11 @@ addons:
     branch_pattern: coverity_scan
 before_install:
   - test $TRAVIS_BRANCH != coverity_scan -o ${TRAVIS_JOB_NUMBER##*.} = 1 || exit 0
+  - |
+    if [ "$(uname -s)" = "Linux" ]; then
+      sudo rm -rf /dev/tpm* # This is a work-around for Bionic where trousers otherwise fails to install
+      sudo apt-get -y install trousers tpm-tools
+    fi
 script:
   - if [ ! -d libtpms ]; then git clone https://github.com/stefanberger/libtpms; fi
   - cd libtpms
@@ -56,6 +60,7 @@ script:
   - ./autogen.sh ${CONFIG}
       && ${SUDO} make clean
       && export SWTPM_TEST_EXPENSIVE=${SWTPM_TEST_EXPENSIVE:-1}
+      && export SWTPM_TEST_IBMTSS2=${SWTPM_TEST_IBMTSS2:-0}
       && ${SUDO} make -j$(${NPROC:-nproc}) ${CHECK} VERBOSE=1
   - if [ -n "${RUN_TEST}" ]; then
         sudo make install
@@ -74,11 +79,14 @@ matrix:
            RUN_TEST="1"
       before_script:
       - pep8 $(find . -type f | grep -E "\.py$")
-    - env: PREFIX="/usr"
+    - dist: bionic
+      env: PREFIX="/usr"
            CONFIG="--with-openssl --prefix=/usr --enable-test-coverage"
            SUDO="sudo"
            CHECK="check"
+           SWTPM_TEST_IBMTSS2="1"
       before_script:
+      - sudo apt-get -y install tss2
       - sudo pip install cpp-coveralls
       - p=$PWD; while [ "$PWD" != "/" ]; do chmod o+x . &>/dev/null ; cd .. ; done; cd $p
         && sudo mkdir src/swtpm/.libs

src/swtpm_setup/swtpm_setup.sh.in

@@ -406,7 +406,7 @@ start_tpm()
 			ctr2=0
 			while [ -f "${pidfile}" ]; do
 			        # test the connection to swtpm
-				(exec 100<>"/dev/tcp/localhost/$TPM_PORT") 2>/dev/null
+				(exec 100<>"/dev/tcp/127.0.0.1/$TPM_PORT") 2>/dev/null
 				if [ $? -ne 0 ]; then
 					if [ $ctr2 -eq 40 ]; then
 						stop_tpm 0
@@ -532,12 +532,12 @@ EOF
 		stop_tcsd 1
 		case "$(id -u)" in
 		0)
-			$TCSD -c "$TCSD_CONFIG" -e -f &>/dev/null &
+			TCSD_TCP_DEVICE_HOSTNAME=127.0.0.1 $TCSD -c "$TCSD_CONFIG" -e -f &>/dev/null &
 			TCSD_PID=$!
 			;;
 		*)
 			# for tss user, use the wrapper
-			$TCSD -c "$TCSD_CONFIG" -e -f &>/dev/null &
+			TCSD_TCP_DEVICE_HOSTNAME=127.0.0.1 $TCSD -c "$TCSD_CONFIG" -e -f &>/dev/null &
 			#if [ $? -ne  0]; then
 			#	swtpm_tcsd_launcher -c $TCSD_CONFIG -e -f &>/dev/null &
 			#fi
@@ -549,7 +549,7 @@ EOF
 		# disappeared (bad); whatever happens first
 	        ctr2=0
 	        while :; do
-			(exec 100<>"/dev/tcp/localhost/$TSS_TCSD_PORT") 2>/dev/null
+			(exec 100<>"/dev/tcp/127.0.0.1/$TSS_TCSD_PORT") 2>/dev/null
 			if [ $? -ne 0 ]; then
 				if [ $ctr2 -eq 40 ]; then
 					stop_tcsd 0

tests/test_tpm12

@@ -30,9 +30,9 @@ TESTLOG=${WORKDIR}/test.log
 
 # variables used by the TPM 1.2 test suite
 TPM_SERVER_PORT=65440
-TPM_SERVER_NAME=localhost
+TPM_SERVER_NAME=127.0.0.1
 SLAVE_TPM_PORT=65442
-SLAVE_TPM_SERVER=localhost
+SLAVE_TPM_SERVER=127.0.0.1
 
 SWTPM_INTERFACE=socket+socket
 

tests/test_tpm2_ibmtss2

@@ -8,7 +8,7 @@ ROOT=${abs_top_builddir:-$(pwd)/..}
 TESTDIR=${abs_top_testdir:-$(dirname "$0")}
 
 SWTPM_SERVER_PORT=65426
-SWTPM_SERVER_NAME=localhost
+SWTPM_SERVER_NAME=127.0.0.1
 SWTPM_CTRL_PORT=65427
 SWTPM_INTERFACE=socket+socket
 
@@ -94,7 +94,7 @@ if [ $revision -gt 0 ]; then
 	popd &>/dev/null
 fi
 
-export TPM_SERVER_NAME=localhost
+export TPM_SERVER_NAME=127.0.0.1
 export TPM_INTERFACE_TYPE=socsim
 export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT}
 export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}

tests/test_tpm2_save_load_state_3

@@ -62,9 +62,11 @@ function test_nvram_state()
 	local create="$1"
 	local check="$2"
 
-	local i res rc act exp
+	local i res rc act exp ody
 
 	if [ $create -eq 1 ]; then
+		# the 1st and 2nd spaces are 'orderly' and will be cleared by reset
+		ody="+at ody"
 		for ((i=0; i < 10; i++)); do
 			printf "Creating NVRAM location 01%06x\n" $i
 			# the '+at wd' allows us to only write once
@@ -74,12 +76,17 @@ function test_nvram_state()
 				-pwdn nnn \
 				+at wst \
 				+at wd \
+				$ody \
 				-hi o >/dev/null
 			if [ $? -ne 0 ]; then
 				echo "Error: nvdefinespace failed for i = $i."
 				exit 1
 			fi
 
+			if [ $i -eq 1 ]; then
+				ody=""
+			fi
+
 			${TOOLSPATH}/${PREFIX}nvwrite \
 				-ha $(printf "01%06x" $i) \
 				-ic "Hello TPM2" \
@@ -121,13 +128,35 @@ function test_nvram_state()
 	fi
 
 	if [ $check -eq 1 ]; then
-		for ((i=0; i < 10; i++)); do
+		local last=0
+
+		if [ $create -eq 0 ]; then
+			last=2
+		fi
+
+		# The orderly indices must not be readable UNLESS they were just
+		# created. In the latter case we skip this first loop here.
+		for ((i=0; i < last; i++)); do
+			printf "Checking orderly NVRAM location 01%06x after reset\n" $i
+			${TOOLSPATH}/${PREFIX}nvread \
+				-ha $(printf "01%06x" $i) \
+				-pwdn nnn \
+				-sz 10 > $TMPFILE
+			if [ $? -eq 0 ]; then
+				echo "Error: nvread succeeded for orderly NVRAM index; i = $i"
+				cat $TMPFILE
+				exit 1
+			fi
+		done
+
+		# test the non-orderly indices OR orderly we just created above
+		for ((i=last; i < 10; i++)); do
 			printf "Checking NVRAM location 01%06x\n" $i
 			${TOOLSPATH}/${PREFIX}nvread \
 				-ha $(printf "01%06x" $i) \
 				-pwdn nnn \
 				-sz 10 > $TMPFILE
-			if [ $? -ne  0 ]; then
+			if [ $? -ne 0 ]; then
 				echo "Error: nvread failed for i = $i"
 				cat $TMPFILE
 				exit 1
@@ -670,8 +699,9 @@ function test_primary_volatile_load()
 }
 
 export TPM_SERVER_TYPE=raw
+export TPM_SERVER_NAME=127.0.0.1
 export TPM_INTERFACE_TYPE=socsim
-export TPM_COMMAND_PORT=65533
+export TPM_COMMAND_PORT=55533
 export TPM_DATA_DIR=$TPMDIR
 export TPM_SESSION_ENCKEY="807e2bfe898ddaed8fa6310e716a24dc" # for sessions