From ccd62eb9f03b8fae351b7cb56d89e6e07623a1be Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Wed, 20 Nov 2024 13:11:02 +0100 Subject: [PATCH] tests/setup_swtpm.sh: Add script to setup temporary TPM Add the tests/setup_swtpm.sh script which setup a Software TPM in a temporary directory, starts the swtpm socket, and sets the environment TCTI accordingly. This allows the tests to be executed locally, even with the "testing" feature. Unfortunately, it is not possible to cleanup some of the transient objects created during tests, being necessary to cleanup manually between runs by running: $ tpm2_flushcontext -t -l -s Another caveat is that the tests need to run on a single thread to avoid test cases that create objects to run in parallel, which can fill up the TPM memory with transient object contexts. For this, please run the tests on a single thread: $ cargo test --features=testing -- --test-threads=1 The swtpm socket process is stopped when exiting from the started shell. Fixes: #259 Signed-off-by: Anderson Toshiyuki Sasaki --- tests/setup_swtpm.sh | 65 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100755 tests/setup_swtpm.sh diff --git a/tests/setup_swtpm.sh b/tests/setup_swtpm.sh new file mode 100755 index 00000000..aee4d953 --- /dev/null +++ b/tests/setup_swtpm.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash +# SPDX-License-Identifier: Apache-2.0 +# Copyright 2021 Keylime Authors + +# Store the old TCTI setting +OLD_TCTI=$TCTI +OLD_TPM2TOOLS_TCTI=$TPM2TOOLS_TCTI + +set -euf -o pipefail + +if [[ $# -eq 0 ]] || [[ -z "$1" ]]; then + TEMPDIR=$(mktemp -d) + TPMDIR="${TEMPDIR}/tpmdir" + mkdir -p ${TPMDIR} +else + echo "Using TPM state from $1" + TPMDIR=$1 +fi + +# Manufacture a new Software TPM +swtpm_setup --tpm2 \ + --tpmstate ${TPMDIR} \ + --createek --decryption --create-ek-cert \ + --create-platform-cert \ + --lock-nvram \ + --not-overwrite \ + --pcr-banks sha256 \ + --display + +function start_swtpm { + # Initialize the swtpm socket + swtpm socket --tpm2 \ + --tpmstate dir=${TPMDIR} \ + --flags startup-clear \ + --ctrl type=tcp,port=2322 \ + --server type=tcp,port=2321 \ + --log level=1 & + SWTPM_PID=$! +} + +function stop_swtpm { + # Stop swtpm if running + if [[ -n "$SWTPM_PID" ]]; then + echo "Stopping swtpm" + kill $SWTPM_PID + fi +} + +# Set cleanup function to run at exit +function cleanup { + echo "-------- Restore TCTI settings" + TCTI=$OLD_TCTI + TPM2TOOLS_TCTI=$OLD_TPM2TOOLS_TCTI + + echo "-------- Cleanup processes" + stop_swtpm +} +trap cleanup EXIT + +# Set the TCTI to use the swtpm socket +export TCTI=swtpm +export TPM2TOOLS_TCTI=swtpm + +start_swtpm +bash