When returncode 0x922 is received from NVWrite then retry the command so
that it gets the expected error code from failing to provide a password.
When checking the lockout counter, increase the numbers now.
Patched versions of libtpms may not return 0x922 anymore, so write the code
that it can test both cases.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
libtpms v0.11 will support RSA-4096 keys. Adjust the test case
regex for optional output of 'tpm2-rsa-keysize-4096'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To keep the IBMTSS2 test running, set OPENSSL_ENABLE_SHA1_SIGNATURES=1
on swtpm so that it is allowed to sign a SHA1 and does not create
and error.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The IBMTSS2 tests suite creates signatures over SHA1 that may now fail on
RHEL 9.x and CentOS 9. To have these tests succeed set
OPENSSL_ENABLE_SHA1_SIGNATURES=1 so the tests do not need to be modified
and also check that the TPM 2 can handle SHA1 signatures as before.
'swtpm socket --tpm2' should set this environment variable automatically
if needed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To keep the older version of the IBM TSS2 test suite working, remove the
unnecessary include of openssl/engine.h to allow it to compile with more
recent versions of OpenSSL where this header file is missing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of libtpms produced smaller initial state files.
Therefore, use a regular expression to compare the sizes.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
swtpm <0.8 tried to lock the .lock file when executing --print-states,
which then failed when another swtpm was holding the lock. This adds
a test case for this scenario.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add support for --disable-tests to disable the tests and the checking
for tools that only need to be installed for the tests. Keep the tests
enabled as default as it was before.
Resolves: https://github.com/stefanberger/swtpm/issues/843
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some test cases can be run as root, so rearrange the order of the
test cases so that not all of them are skipped if the test case
runs as 'root'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of libtpms need to have another patch applied that disables
x509 certificate creation (0013-Disable-x509-test-cases-part2.patch).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
certtool emits the following message if --verify-profile is not
passed:
Note that no verification profile was selected. In the future the medium profile will be enabled by default.
Use --verify-profile low to apply the default verification of NORMAL priority string.
Pass the --verify-profile option if certtool supports it (since ~3.6.12).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the test_ctrlchannel3 to test for automatic termination of swtpm
upon loss of control channel connection.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Switch to SOCK_STREAM for the CMD_SET_DATAFD socketpair where the one
end is passed to swtpm to test that this type of socket will cause
automatic termination of swtpm when the connection is lost. This is also
the socket type that QEMU uses.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the capabilities JSON and show the support for the terminate
parameter of the --ctrl option.
Adjust test cases.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a test case that monitors the locking of the storage by swtpm using the
directory storage backend to ensure that the lock is taken at the right
time and released when required.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement CMD_LOCK_STORAGE / PTM_LOCK_STORAGE for a user to be able to
lock the storage of the storage backend (if supported) after its lock
has been released for example when the 'savestate' blob was received
while the TPM state was migrated.
Also adjust test case and extend man pages.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Advertise the capability of supporting the --migration option
in the capabilies JSON that now has the cmdarg-migration verb:
$ swtpm socket --print-capabilities | jq
{
"type": "swtpm",
"features": [
"tpm-1.2",
"tpm-2.0",
"tpm-send-command-header",
"flags-opt-startup",
"flags-opt-disable-auto-shutdown",
"cmdarg-seccomp",
"cmdarg-key-fd",
"cmdarg-pwd-fd",
"cmdarg-print-states",
"cmdarg-migration",
"nvram-backend-dir",
"nvram-backend-file"
],
"version": "0.8.0"
}
Adjust test cases and extend man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of fallocate do not support the --posix option that the test
needs. If --posix is not supported, skip the test.
Also check for availability of the losetup tool.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Advertise the availability of the chroot option with the cmdarg-chroot
verb. Document it in the man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The CUSE TPM test will not work if the filesystem the test case runs
on is mounted with the 'nodev' option since the CUSE TPM can then
not use /tmp/.../dev/cuse.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add an option to enter a chroot after starting swtpm. This is useful for
sandboxing purposes. When this option is used, it is expected that swtpm
is started as root and the --runas option is used to subsequently drop
privileges (otherwise the chroot could be escaped).
Signed-off-by: Jennifer Herbert <jennifer.herbert@citrix.com>
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Add a test case that checks that swtpm sends a TPM2_Shutdown() to the
TPM 2 upon abrupt re-initialization (CMD_INIT) or graceful shutdown
(control channel, CMD_SHUTDOWN) of the TPM 2 and avoids a potential
dictionary attack (DA) lock-out. A previously sent command failing
authorization with DA implications would otherwise trigger the
TPM_PT_LOCKOUT_COUNTER to increase by '1' if the TPM 2 was not properly
shut down by the client (guest OS) with a TPM2_Shutdown() command.
The test case tests whether a TPM2_Shutdown() is now sent before a reset.
The defined password-protected NVRAM area has the DA flag set and the test
case tries to read from it without providing a password. If we didn't send
the TPM2_Shutdown() before the test cases sends the reset (CMD_INIT), then
the dictionary attack lockout counter would be increased by one. With the
instrumentation in the previous patch the automatically sent
TPM2_Shutdown() keeps the counter at 0.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Introduce disable-auto-shutdown flag for the --flags option to disable
the sending of TPM2_Shutdown() if swtpm determines that it needs to send
this command to a TPM 2 before device reset or swtpm program termination.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Restrict the opening of the CUSE device to one single file descriptor. We
can modify the CUSE TPM in this way since the kernel's /dev/tpm0 cannot be
opened multiple times, either, and the CUSE TPM should behave in the same
way.
Adjust test the partial reads case to only open CUSE device file once by
using a python program. Close the open file descriptor 100 before using
swtpm_ioctl to avoid failures.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Move swtpm_open_cmddev call into swtpm_cmd_tx since the latter function is
always called in a subshell that previously inherited the file descriptor
opened by the test cases. Remove swtpm_cmd_tx from nearly all test cases
and also remove closing of file descriptor 100 via 'exec 100>&-' from test
cases since this is not necessary anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Commit 6559a902 implemented support for the startup-xyz flags for the CUSE
interface but the capability has not been advertised.
Adjust test cases to reflect the new verb being shown for
--print-capabilities.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
