#!/usr/bin/env bash if [ "${SWTPM_TEST_EXPENSIVE:-0}" -eq 0 ]; then echo "SWTPM_TEST_EXPENSIVE must be set to run this test." exit 77 fi if [ -z "$(type openssl)" ]; then echo "Openssl command line tool is required." exit 1 fi ROOT=${abs_top_builddir:-$(pwd)/..} TESTDIR=${abs_top_testdir:-$(dirname "$0")} ABSTESTDIR=$(cd "${TESTDIR}" &>/dev/null || exit 1;echo "${PWD}") PATCHESDIR=${ABSTESTDIR}/patches SWTPM_SERVER_PORT=65426 SWTPM_SERVER_NAME=127.0.0.1 SWTPM_CTRL_PORT=65427 SWTPM_INTERFACE=socket+socket function cleanup() { pid=${SWTPM_PID} if [ -n "$pid" ]; then kill_quiet -9 "$pid" fi if [ -n "${WORKDIR}" ]; then rm -rf "${WORKDIR}" fi } trap "cleanup" EXIT source "${TESTDIR}/common" skip_test_no_tpm20 "${SWTPM_EXE}" WORKDIR="$(mktemp -d)" || exit 1 REGLOG=${WORKDIR}/reglog DEFAULT_PROFILE='{"Name":"default-v1"}' SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm "${SWTPM_INTERFACE}" \ --tpm2 \ --tpmstate "dir=${WORKDIR}" \ --flags not-need-init \ --profile "profile=${SWTPM_TEST_PROFILE:-${DEFAULT_PROFILE}}" revision=$(run_swtpm_ioctl "${SWTPM_INTERFACE}" --info 1 | sed 's/.*,"revision":\([^\}]*\).*/\1/') pushd "${WORKDIR}" &>/dev/null || exit 1 function build_ibmtss2() { git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss pushd ibmtpm20tss-tss &>/dev/null || exit 1 if ! git checkout tags/v2.4.0; then echo "'Git checkout' failed." exit 1 fi # To be able to apply the patches we need to to set some variables # for user that don't have this set up properly git config --local user.name test git config --local user.email test@test.test # Nuvoton commands are not supported git am < "${PATCHESDIR}/0012-Disable-Nuvoton-commands.patch" # A v2.0.1 bug work-around: # We cannot run the EK certificate tests since rootcerts.txt points to # files we do not have git am < "${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch" # Implement 'powerup' for swtpm git am < "${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch" # set CRYPTOLIBRARY=openssl git am < "${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch" # Store and restore volatile state at every step git am < "${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch" # Disable 'Events' test git am < "${PATCHESDIR}/0005-Disable-tests-related-to-events.patch" if openssl version | grep -q -E "^OpenSSL 3"; then git am < "${PATCHESDIR}/0010-Adjust-test-cases-for-OpenSSL-3.patch" fi autoreconf --force --install unset CFLAGS LDFLAGS LIBS ./configure --disable-tpm-1.2 make -j4 popd &>/dev/null || exit 1 } export TPM_SERVER_NAME=127.0.0.1 export TPM_INTERFACE_TYPE=socsim export TPM_COMMAND_PORT=${SWTPM_SERVER_PORT} export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT} export SWTPM_IOCTL if [ -d "$SWTPM_TEST_IBMTSS" ]; then for opt in swtpm without-ecc without-nuvoton without-events; do if ! "$SWTPM_TEST_IBMTSS"/tssreg.sh -h | grep -q "${opt}"; then echo "Cannot run test with installed IBM TSS2 test suite since it does not support the --${opt} option." exit 1 fi done # assume tss is installed with the default prefix if ! tssstartup; then echo "Startup of TPM2 failed" exit 1 fi OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}" "$SWTPM_TEST_IBMTSS"/tssreg.sh \ --swtpm \ --without-ecc \ --without-nuvoton \ --without-events \ --rev "$revision" \ -a 2>&1 | tee "${REGLOG}" else build_ibmtss2 pushd ibmtpm20tss-tss/utils || exit 1 if ! ./startup; then echo "Startup of TPM2 failed" exit 1 fi OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}" popd &>/dev/null || exit 1 fi ret=0 if grep -q -E "^ ERROR:" "${REGLOG}"; then echo "There were test failures running the IBM TSS 2 tests" grep -E "^ ERROR:" "${REGLOG}" -B2 -A2 ret=1 fi # Shut down if ! run_swtpm_ioctl "${SWTPM_INTERFACE}" -s; then echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." ret=1 fi if wait_process_gone "${SWTPM_PID}" 4; then echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore." ret=1 fi popd &>/dev/null || exit 1 [ $ret -eq 0 ] && echo "OK" exit $ret