On Wed, Jun 24, 2020 at 07:38:29PM -0300, Bruno Meneguele wrote:
> boot_aggregate test make use of a software TPM 2.0 in case it doesn't find
> any /dev/tpm0 in the system or if the test is ran as a normal user. However,
> when the system has a discrete TPM 1.2 and the user runs the test with a
> non-root user evmctl fails to return the software TPM 2.0 boot aggregate
> value because it tries to access TPM 1.2 the sysfs PCRs file and,
> consequently, the test fails. Thus TPM 2.0 log test is not supported on
> systems with a discrete TPM 1.2
>
> Signed-off-by: Bruno Meneguele <bmeneg@xxxxxxxxxx>
> ---
Should've added the changelog note, but considering it doesn't make git
history, for those reviewing the patch:
v1->v2:
- fixed a statement in commit log only.
> tests/boot_aggregate.test | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
> index fe0c9aa..43de67d 100755
> --- a/tests/boot_aggregate.test
> +++ b/tests/boot_aggregate.test
> @@ -23,6 +23,8 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH
> . ./functions.sh
> _require evmctl
> TSSDIR="$(dirname -- "$(which tssstartup)")"
> +PCRFILE="/sys/class/tpm/tpm0/device/pcrs"
> +MISC_PCRFILE="/sys/class/misc/tpm0/device/pcrs"
>
> if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then
> ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements"
> @@ -133,6 +135,11 @@ check() {
>
> # Start and initialize a software TPM as needed
> if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then
> + if [ -f "$PCRFILE" ] || [ -f "$MISC_PCRFILE" ]; then
> + echo "${CYAN}SKIP: system has discrete TPM 1.2, sample TPM 2.0 event log test not supported.${NORM}"
> + exit "$SKIP"
> + fi
> +
> swtpm_start
> error=$?
> if [ $error -eq "$SKIP" ]; then
> --
> 2.26.2
>
--
bmeneg
PGP Key: http://bmeneg.com/pubkey.txt
Attachment:
signature.asc
Description: PGP signature
