boot_aggregate test make use of a software TPM 2.0 in case it doesn't find
any /dev/tpm0 in the system or if the test is ran as a normal user. However,
when the system has a discrete TPM 1.2 and the user runs the test with a
non-root user evmctl fails to return the software TPM 2.0 boot aggregate
value because it tries to access the sysfs PCRs file and, consequently, the
test fails.
Supporting a software TPM 1.2 involved some more work and new dependency in
other programs to extend the PCRs accordingly. Because of that, just drop
support for this scenario for now.
Signed-off-by: Bruno Meneguele <bmeneg@xxxxxxxxxx>
---
tests/boot_aggregate.test | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
index fe0c9aa..43de67d 100755
--- a/tests/boot_aggregate.test
+++ b/tests/boot_aggregate.test
@@ -23,6 +23,8 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH
. ./functions.sh
_require evmctl
TSSDIR="$(dirname -- "$(which tssstartup)")"
+PCRFILE="/sys/class/tpm/tpm0/device/pcrs"
+MISC_PCRFILE="/sys/class/misc/tpm0/device/pcrs"
if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then
ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements"
@@ -133,6 +135,11 @@ check() {
# Start and initialize a software TPM as needed
if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then
+ if [ -f "$PCRFILE" ] || [ -f "$MISC_PCRFILE" ]; then
+ echo "${CYAN}SKIP: system has discrete TPM 1.2, sample TPM 2.0 event log test not supported.${NORM}"
+ exit "$SKIP"
+ fi
+
swtpm_start
error=$?
if [ $error -eq "$SKIP" ]; then
--
2.26.2
