This is required, because when TPM HW available (i.e. -c /dev/tpm0), evmctl ima_boot_aggregate returns sha1:xxxx. skip requires to move cleanup(). Signed-off-by: Petr Vorel <petr.vorel@xxxxxxxxx> --- Hi Mimi, this Fixes problems on current Debian, which has still disabled CONFIG_IMA (FYI [1]). I was not able to figure out how to get it working with sample-* files, but maybe there is a way. Although it sound strange, people may want to build and check evmctl even on a system with disabled CONFIG_IMA (both Debian and Ubuntu have outdated ima-evm-utils (1.1)). Kind regards, Petr [1] https://bugs.debian.org/972459 linux: Reenable CONFIG_IMA tests/boot_aggregate.test | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test index 42ed7b4..5fd4204 100755 --- a/tests/boot_aggregate.test +++ b/tests/boot_aggregate.test @@ -26,21 +26,6 @@ TSSDIR="$(dirname -- "$(which tssstartup)")" PCRFILE="/sys/class/tpm/tpm0/device/pcrs" MISC_PCRFILE="/sys/class/misc/tpm0/device/pcrs" -if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then - ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements" -else - BINARY_BIOS_MEASUREMENTS="./sample-binary_bios_measurements-pcrs-8-9" - ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9" - export TPM_INTERFACE_TYPE="socsim" - export TPM_COMMAND_PORT=2321 - export TPM_PLATFORM_PORT=2322 - export TPM_SERVER_NAME="localhost" - - # swtpm uses the raw, unencapsulated packet format - export TPM_SERVER_TYPE="raw" - -fi - # Only stop this test's software TPM cleanup() { if [ -n "${SWTPM_PID}" ]; then @@ -165,6 +150,26 @@ check() { return "$FAIL" } +if [ ! -d "/sys/kernel/security/ima" ]; then + echo "${CYAN}SKIP: CONFIG_IMA not enabled${NORM}" + exit "$SKIP" +fi + +if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then + ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements" +else + BINARY_BIOS_MEASUREMENTS="./sample-binary_bios_measurements-pcrs-8-9" + ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9" + export TPM_INTERFACE_TYPE="socsim" + export TPM_COMMAND_PORT=2321 + export TPM_PLATFORM_PORT=2322 + export TPM_SERVER_NAME="localhost" + + # swtpm uses the raw, unencapsulated packet format + export TPM_SERVER_TYPE="raw" + +fi + # Start and initialize a software TPM as needed if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then if [ -f "$PCRFILE" ] || [ -f "$MISC_PCRFILE" ]; then -- 2.27.0.rc0
