mirror of
https://github.com/stefanberger/swtpm.git
synced 2025-08-22 19:04:35 +00:00
093248eb4d
Add an option to have the storage backend use fsync whenever state is written to disk. Advertise this capability with 'tpmstate-dir-backend-opt-fsync' and adjust a test case. Only support for the directory-backend is implemented. Extend the swtpm man page with a description of this new option. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
91 lines
2.7 KiB
Bash
Executable File
91 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# For the license, see the LICENSE file in the root directory.
|
|
#set -x
|
|
|
|
ROOT=${abs_top_builddir:-$(pwd)/..}
|
|
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
|
|
|
|
PATH=$ROOT/src/swtpm:$PATH
|
|
|
|
source "${TESTDIR}/common"
|
|
[ "${SWTPM_IFACE}" == "cuse" ] && source "${TESTDIR}/test_cuse"
|
|
|
|
if ! msg="$(${SWTPM_EXE} "${SWTPM_IFACE}" --print-capabilities 2>&1)"; then
|
|
echo "Error: Could not pass --print-capabilities"
|
|
echo "${msg}"
|
|
exit 1
|
|
fi
|
|
|
|
if has_seccomp_support "${SWTPM_EXE}"; then
|
|
seccomp='"cmdarg-seccomp", '
|
|
fi
|
|
if [ "${SWTPM_IFACE}" != "cuse" ]; then
|
|
noncuse='"tpm-send-command-header", '
|
|
fi
|
|
|
|
exp='\{ "type": "swtpm", '\
|
|
'"features": \[ "tpm-1.2",( "tpm-2.0",)? '${noncuse}'"flags-opt-startup", '\
|
|
'"flags-opt-disable-auto-shutdown", "ctrl-opt-terminate", '${seccomp}'"cmdarg-key-fd", '\
|
|
'"cmdarg-pwd-fd", "cmdarg-print-states", "cmdarg-chroot", "cmdarg-migration", '\
|
|
'"nvram-backend-dir", "nvram-backend-file", "cmdarg-print-info", '\
|
|
'"tpmstate-opt-lock", "tpmstate-dir-backend-opt-backup", '\
|
|
'"tpmstate-dir-backend-opt-fsync" \], '\
|
|
'"profiles": \{ \}, '\
|
|
'"version": "[^"]*" \}'
|
|
if ! [[ ${msg} =~ ${exp} ]]; then
|
|
echo "Unexpected response from ${SWTPM_IFACE} TPM to --print-capabilities:"
|
|
echo "Actual : ${msg}"
|
|
echo "Expected : ${exp}"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Test 1: OK"
|
|
|
|
if ! msg="$(${SWTPM_SETUP} --print-capabilities 2>&1)"; then
|
|
echo "Error: Could not pass --print-capabilities"
|
|
echo "${msg}"
|
|
exit 1
|
|
fi
|
|
|
|
# The are some variable parameters at the end, use regex
|
|
exp='\{ "type": "swtpm_setup", '\
|
|
'"features": \[ "tpm-1.2",( "tpm-2.0",)? "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd", '\
|
|
'"tpm12-not-need-root", "cmdarg-write-ek-cert-files", "cmdarg-create-config-files", '\
|
|
'"cmdarg-reconfigure-pcr-banks"'\
|
|
'(, "tpm2-rsa-keysize-2048")?(, "tpm2-rsa-keysize-3072")?(, "tpm2-rsa-keysize-4096")?, '\
|
|
'"cmdarg-profile", "cmdarg-profile-remove-disabled" \], '\
|
|
'"profiles": \[ [^]]*\], '\
|
|
'"version": "[^"]*" \}'
|
|
if ! [[ ${msg} =~ ${exp} ]]; then
|
|
echo "Unexpected response from ${SWTPM_SETUP} to --print-capabilities:"
|
|
echo "Actual : ${msg}"
|
|
echo "Expected : ${exp}"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Test 2: OK"
|
|
|
|
# SWTPM_CERT may be run by valgrind
|
|
if [ -x "$(type -P "$(echo "${SWTPM_CERT}" | cut -d" " -f1)" )" ]; then
|
|
if ! msg="$(${SWTPM_CERT} --print-capabilities 2>&1)"; then
|
|
echo "Error: Could not pass --print-capabilities to ${SWTPM_CERT}"
|
|
echo "${msg}"
|
|
exit 1
|
|
fi
|
|
|
|
exp='\{ "type": "swtpm_cert", "features": \[ "cmdarg-signkey-pwd", "cmdarg-parentkey-pwd" \], "version": "[^"]*" \}'
|
|
if ! [[ "${msg}" =~ ${exp} ]]; then
|
|
echo "Unexpected response from ${SWTPM_CERT} to --print-capabilities:"
|
|
echo "Actual : ${msg}"
|
|
echo "Expected : ${exp}"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Test 3: OK"
|
|
else
|
|
echo "Test 3: SKIP -- ${SWTPM_CERT} not found or not an executable"
|
|
fi
|
|
|
|
exit 0
|