On Sun, Aug 16, 2020 at 03:36:27PM -0400, Mimi Zohar wrote:
> The "boot_aggregate.test" requires either a hardware or software TPM.
> Support using the swtpm, if packaged for the distro, in addition to
> tpm_server.
>
> Note: Some travis/<distro>.sh scripts are links to other scripts.
> Don't fail the build of the linked script if the swtpm package doesn't
> exist.
>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> ---
> .travis.yml | 2 +-
> tests/boot_aggregate.test | 40 ++++++++++++++++++++++++++++-----------
> travis/fedora.sh | 1 +
> 3 files changed, 31 insertions(+), 12 deletions(-)
>
> diff --git a/.travis.yml b/.travis.yml
> index 849fcb6ba822..9bea5d19bd0e 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -75,4 +75,4 @@ before_install:
> script:
> - INSTALL="${DISTRO%%:*}"
> - INSTALL="${INSTALL%%/*}"
> - - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh"
> + - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh"
> diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
> index 43de67de1468..ce310b6ae5b4 100755
> --- a/tests/boot_aggregate.test
> +++ b/tests/boot_aggregate.test
> @@ -33,6 +33,10 @@ else
> ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9"
> export TPM_INTERFACE_TYPE="socsim"
> export TPM_COMMAND_PORT=2321
> + export TPM_PLATFORM_PORT=2322
> + export TPM_SERVER_NAME="localhost"
> + export TPM_SERVER_TYPE="raw"
> +
> fi
>
> # Only stop this test's software TPM. Preferred method: "tsstpmcmd -stop"
> @@ -48,22 +52,36 @@ cleanup() {
>
> # Try to start a software TPM if needed.
> swtpm_start() {
> - local swtpm
> + local swtpm swtpm1
>
> swtpm="$(which tpm_server)"
> - if [ -z "${swtpm}" ]; then
> - echo "${CYAN}SKIP: Softare TPM (tpm_server) not found${NORM}"
> + swtpm1="$(which swtpm)"
> + if [ -z "${swtpm}" ] && [ -z "${swptm1}" ]; then
> + echo "${CYAN}SKIP: Softare TPM (tpm_server and swtpm) not found${NORM}"
> return "$SKIP"
> fi
>
> - pgrep tpm_server
> - if [ $? -eq 0 ]; then
> - echo "INFO: Software TPM (tpm_server) already running"
> - return 114
> - else
> - echo "INFO: Starting software TPM: ${swtpm}"
> - ${swtpm} > /dev/null 2>&1 &
> - SWTPM_PPID=$!
> + if [ ! -z "${swtpm1}" ]; then
> + pgrep swtpm1
> + if [ $? -eq 0 ]; then
> + echo "INFO: Software TPM (swtpm) already running"
> + return 114
> + else
> + echo "INFO: Starting software TPM: ${swtpm1}"
> + mkdir ./myvtpm
> + ${swtpm1} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 &
> + SWTPM_PPID=$!
> + fi
> + elif [ ! -z "${swtpm}" ]; then
> + pgrep swtpm
> + if [ $? -eq 0 ]; then
> + echo "INFO: Software TPM (tpm_server) already running"
> + return 114
> + else
> + echo "INFO: Starting software TPM: ${swtpm}"
> + ${swtpm} > /dev/null 2>&1 &
> + SWTPM_PPID=$!
> + fi
> fi
> return 0
> }
> diff --git a/travis/fedora.sh b/travis/fedora.sh
> index d3459e408d81..f9ee9bed7bc1 100755
> --- a/travis/fedora.sh
> +++ b/travis/fedora.sh
> @@ -41,6 +41,7 @@ yum -y install \
> which
>
> yum -y install docbook5-style-xsl || true
> +yum -y install swtpm || true
>
just fyi..
centos:7 doesn't has swtpm while centos:{latest,8} does.
Should we consider getting it built manually? I can take a look on it if
desirable.
> # FIXME: debug
> echo "find /tss2_esys.h"
> --
> 2.18.4
>
With "swptm1" fixed:
Acked-by: Bruno Meneguele <bmeneg@xxxxxxxxxx>
Thanks Mimi.
--
bmeneg
PGP Key: http://bmeneg.com/pubkey.txt
Attachment:
signature.asc
Description: PGP signature
