mirror of
https://github.com/stefanberger/swtpm.git
synced 2025-08-22 19:04:35 +00:00
930c7ba16e
The Ubuntu (PPA) build system executes the build on an environment that has problems with seccomp profiles. It does not allow us to run the test suite with swtpm applying its seccomp profile since it fails with a 'bad system call' error. To work around this we introduce the env. variable SWTPM_TEST_SECCOMP_OPT that we can set to "--seccomp action=none" to avoid having swtpm apply it seccomp profile. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
153 lines
4.5 KiB
Bash
Executable File
153 lines
4.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# For the license, see the LICENSE file in the root directory.
|
|
|
|
ROOT=${abs_top_builddir:-$(dirname "$0")/..}
|
|
TESTDIR=${abs_top_testdir:=$(dirname "$0")}
|
|
SRCDIR=${abs_top_srcdir:-$(dirname "$0")/..}
|
|
|
|
PARAMETERS=(
|
|
""
|
|
"--createek"
|
|
"--take-ownership"
|
|
"--createek --lock-nvram"
|
|
"--take-ownership --lock-nvram"
|
|
"--lock-nvram"
|
|
"--take-ownership --ownerpass OOO"
|
|
"--take-ownership --srkpass SSS"
|
|
"--take-ownership --ownerpass OO --srkpass SS"
|
|
"--take-ownership --lock-nvram --display"
|
|
"--display"
|
|
"--lock-nvram --display"
|
|
"--take-ownership --srk-well-known"
|
|
"--take-ownership --owner-well-known"
|
|
"--take-ownership --srk-well-known --owner-well-known"
|
|
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display"
|
|
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile.txt"
|
|
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt"
|
|
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile ${TESTDIR}/data/keyfile256bit.txt --cipher aes-256-cbc"
|
|
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile ${TESTDIR}/data/pwdfile.txt --cipher aes-256-cbc"
|
|
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --keyfile-fd 100 --cipher aes-256-cbc"
|
|
"--createek --create-ek-cert --create-platform-cert --lock-nvram --config ${TESTDIR}/swtpm_setup.conf --vmid test --display --pwdfile-fd 101 --cipher aes-256-cbc"
|
|
)
|
|
|
|
# Open read-only file descriptors referenced in test cases
|
|
exec 100<${TESTDIR}/data/keyfile256bit.txt
|
|
exec 101<${TESTDIR}/data/pwdfile.txt
|
|
|
|
FILESIZES=(
|
|
1185
|
|
1605
|
|
2066
|
|
1605
|
|
2066
|
|
1185
|
|
2066
|
|
2066
|
|
2066
|
|
2066
|
|
1185
|
|
1185
|
|
2066
|
|
2066
|
|
2066
|
|
1721
|
|
1788
|
|
1788
|
|
1820
|
|
1820
|
|
1820
|
|
1820
|
|
)
|
|
|
|
if [ "$(id -u)" -ne 0 ]; then
|
|
echo "Need to be root to run this test."
|
|
exit 77
|
|
fi
|
|
|
|
source ${TESTDIR}/common
|
|
source ${TESTDIR}/test_config
|
|
|
|
SWTPM=swtpm
|
|
SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
|
|
SWTPM_IOCTL=${SWTPM_IOCTL:-$ROOT/src/swtpm_ioctl/swtpm_ioctl}
|
|
TCSD=$(type -P tcsd)
|
|
TPMDIR=$(mktemp -d)
|
|
SWTPM_SETUP_CONF=$SRCDIR/etc/swtpm_setup.conf
|
|
# filesystem privileges require to run swtpm_setup as root during test
|
|
TPMAUTHORING="$ROOT/src/swtpm_setup/swtpm_setup --config ${SWTPM_SETUP_CONF} --runas root"
|
|
PATH=${ROOT}/src/swtpm_bios:${TESTDIR}:$PATH
|
|
|
|
trap "cleanup" SIGTERM EXIT
|
|
|
|
if test "$TCSD" = ""; then
|
|
echo "TCSD executable 'tcsd' was not found in path."
|
|
exit 1
|
|
fi
|
|
|
|
function cleanup()
|
|
{
|
|
rm -rf $TPMDIR
|
|
}
|
|
|
|
chown $TSS_USER:$TSS_GROUP $TPMDIR 2>/dev/null
|
|
if [ $? -ne 0 ]; then
|
|
echo "Could not change ownership of $TPMDIR to $TSS_USER:$TSS_GROUP." \
|
|
"You need to be root."
|
|
exit 1
|
|
fi
|
|
|
|
# swtpm_setup.conf points to the local create_certs.sh
|
|
# For create_certs.sh to be found (with out full path)
|
|
# add this directory to the PATH
|
|
PATH=$PATH:$PWD
|
|
|
|
for (( i=0; i<${#PARAMETERS[*]}; i++)); do
|
|
rm -rf $TPMDIR/*
|
|
echo -n "Test $i: "
|
|
$TPMAUTHORING \
|
|
--tpm-state $TPMDIR \
|
|
--tpm "$SWTPM_EXE socket ${SWTPM_TEST_SECCOMP_OPT}" \
|
|
--swtpm_ioctl "$SWTPM_IOCTL" \
|
|
${PARAMETERS[$i]} 2>&1 >/dev/null
|
|
|
|
if [ $? -ne 0 ]; then
|
|
echo "ERROR: Test with parameters '${PARAMETERS[$i]}' failed."
|
|
exit 1
|
|
elif [ ! -f $TPMDIR/tpm-00.permall ]; then
|
|
echo "ERROR: Test with parameters '${PARAMETERS[$i]}' did not
|
|
produce file $TPMDIR/tpm-00.permall."
|
|
exit 1
|
|
fi
|
|
|
|
FILESIZE=$(get_filesize $TPMDIR/tpm-00.permall)
|
|
if [ ${FILESIZE} -ne ${FILESIZES[$i]} ]; then
|
|
echo "ERROR: Unexpected file size of $FILESIZE, "\
|
|
"expected ${FILESIZES[$i]}. Parameters: ${PARAMETERS[$i]}"
|
|
exit 1
|
|
fi
|
|
|
|
# Make sure the state is encrypted when a key was given.
|
|
# We expect sequences of 4 0-bytes in unencrypted state
|
|
# and no such sequences in encrypted state.
|
|
nullseq="$(cat $TPMDIR/tpm-00.permall | \
|
|
od -t x1 -A n | tr -d '\n' |
|
|
grep "00 00 00 00")"
|
|
if [[ "${PARAMETERS[$i]}" =~ (keyfile|pwdfile) ]]; then
|
|
if [ -n "${nullseq}" ]; then
|
|
echo "ERROR: State file is not encrypted with" \
|
|
"parameters '${PARAMETERS[$i]}'"
|
|
fi
|
|
else
|
|
if [ -z "${nullseq}" ]; then
|
|
echo "ERROR: State must not be encrypted with" \
|
|
"parameters '${PARAMETERS[$i]}'"
|
|
fi
|
|
fi
|
|
|
|
echo "SUCCESS with parameters '${PARAMETERS[$i]}'."
|
|
done
|
|
|
|
exec 100>&-
|
|
exec 101>&-
|