From b69484151f97301c98e9d7ded35e1a548914ac9e Mon Sep 17 00:00:00 2001 From: Xeckt Date: Mon, 24 Jun 2024 22:42:40 +0100 Subject: [PATCH 1/6] fix: cobra commands Signed-off-by: Xeckt --- sztp-agent/cmd/cli.go | 33 +++++++++++++++++++++++++++++++++ sztp-agent/cmd/daemon.go | 13 ++++++++----- sztp-agent/cmd/daemon_test.go | 12 +++++------- sztp-agent/cmd/disable.go | 13 ++++++++----- sztp-agent/cmd/disable_test.go | 12 +++++------- sztp-agent/cmd/enable.go | 13 ++++++++----- sztp-agent/cmd/enable_test.go | 12 +++++------- sztp-agent/cmd/run.go | 13 ++++++++----- sztp-agent/cmd/run_test.go | 12 +++++------- sztp-agent/cmd/status.go | 13 ++++++++----- sztp-agent/cmd/status_test.go | 12 +++++------- sztp-agent/main.go | 28 +--------------------------- 12 files changed, 99 insertions(+), 87 deletions(-) create mode 100644 sztp-agent/cmd/cli.go diff --git a/sztp-agent/cmd/cli.go b/sztp-agent/cmd/cli.go new file mode 100644 index 00000000..2bc71abc --- /dev/null +++ b/sztp-agent/cmd/cli.go @@ -0,0 +1,33 @@ +package cmd + +import ( + "log" + "os" + + "github.com/TwiN/go-color" + "github.com/spf13/cobra" +) + +// commands hold a slice of all cobra commands for cli tool +var commands []*cobra.Command + +// RootCmd is the main entrypoint for the cli +func RootCmd() *cobra.Command { + c := &cobra.Command{ + Use: "opi-sztp-agent", + Short: "opi-sztp-agent is the agent command line interface to work with the sztp workflow", + Run: func(cmd *cobra.Command, _ []string) { + err := cmd.Help() + if err != nil { + log.Fatalf(color.InRed("[ERROR]")+"%s", err.Error()) + } + os.Exit(1) + }, + } + + for _, cmd := range commands { + c.AddCommand(cmd) + } + + return c +} diff --git a/sztp-agent/cmd/daemon.go b/sztp-agent/cmd/daemon.go index 32250f2e..d309d9a6 100644 --- a/sztp-agent/cmd/daemon.go +++ b/sztp-agent/cmd/daemon.go @@ -17,8 +17,13 @@ import ( "github.com/spf13/cobra" ) -// NewDaemonCommand returns the daemon command -func NewDaemonCommand() *cobra.Command { +//nolint:gochecknoinits +func init() { + commands = append(commands, Daemon()) +} + +// Daemon returns the daemon command +func Daemon() *cobra.Command { var ( bootstrapURL string serialNumber string @@ -32,7 +37,7 @@ func NewDaemonCommand() *cobra.Command { cmd := &cobra.Command{ Use: "daemon", Short: "Run the daemon command", - RunE: func(c *cobra.Command, _ []string) error { + RunE: func(_ *cobra.Command, _ []string) error { arrayChecker := []string{devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert} if bootstrapURL != "" && dhcpLeaseFile != "" { return fmt.Errorf("'--bootstrap-url' and '--dhcp-lease-file' are mutualy exclusive") @@ -54,8 +59,6 @@ func NewDaemonCommand() *cobra.Command { return fmt.Errorf("must not be folder: %q", filePath) } } - err := c.Help() - cobra.CheckErr(err) a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert) return a.RunCommandDaemon() }, diff --git a/sztp-agent/cmd/daemon_test.go b/sztp-agent/cmd/daemon_test.go index 9d75c1b7..3f639f99 100644 --- a/sztp-agent/cmd/daemon_test.go +++ b/sztp-agent/cmd/daemon_test.go @@ -11,19 +11,17 @@ import ( "github.com/spf13/cobra" ) -func TestNewDaemonCommand(t *testing.T) { +func TestDaemonCommand(t *testing.T) { tests := []struct { name string want *cobra.Command }{ { - name: "TestNewDaemonCommand", + name: "TestDaemonCommand", want: &cobra.Command{ Use: "daemon", Short: "Run the daemon command", - RunE: func(c *cobra.Command, _ []string) error { - err := c.Help() - cobra.CheckErr(err) + RunE: func(_ *cobra.Command, _ []string) error { return nil }, }, @@ -31,8 +29,8 @@ func TestNewDaemonCommand(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := NewDaemonCommand(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { - t.Errorf("NewDaemonCommand() = %v, want %v", got, tt.want) + if got := Daemon(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { + t.Errorf("Daemon() = %v, want %v", got, tt.want) } }) } diff --git a/sztp-agent/cmd/disable.go b/sztp-agent/cmd/disable.go index 3fe22f74..3ce70a4d 100644 --- a/sztp-agent/cmd/disable.go +++ b/sztp-agent/cmd/disable.go @@ -13,8 +13,13 @@ import ( "github.com/spf13/cobra" ) -// NewDisableCommand returns the disable command -func NewDisableCommand() *cobra.Command { +//nolint:gochecknoinits +func init() { + commands = append(commands, Disable()) +} + +// Disable returns the disable command +func Disable() *cobra.Command { var ( bootstrapURL string serialNumber string @@ -28,9 +33,7 @@ func NewDisableCommand() *cobra.Command { cmd := &cobra.Command{ Use: "disable", Short: "Run the disable command", - RunE: func(c *cobra.Command, _ []string) error { - err := c.Help() - cobra.CheckErr(err) + RunE: func(_ *cobra.Command, _ []string) error { a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert) return a.RunCommandDisable() }, diff --git a/sztp-agent/cmd/disable_test.go b/sztp-agent/cmd/disable_test.go index 73d11926..a2d528cb 100644 --- a/sztp-agent/cmd/disable_test.go +++ b/sztp-agent/cmd/disable_test.go @@ -11,19 +11,17 @@ import ( "github.com/spf13/cobra" ) -func TestNewDisableCommand(t *testing.T) { +func TestDisableCommand(t *testing.T) { tests := []struct { name string want *cobra.Command }{ { - name: "TestNewDisableCommand", + name: "TestDisableCommand", want: &cobra.Command{ Use: "disable", Short: "Run the disable command", - RunE: func(c *cobra.Command, _ []string) error { - err := c.Help() - cobra.CheckErr(err) + RunE: func(_ *cobra.Command, _ []string) error { return nil }, }, @@ -31,8 +29,8 @@ func TestNewDisableCommand(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := NewDisableCommand(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { - t.Errorf("NewDisableCommand() = %v, want %v", got, tt.want) + if got := Disable(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { + t.Errorf("Disable() = %v, want %v", got, tt.want) } }) } diff --git a/sztp-agent/cmd/enable.go b/sztp-agent/cmd/enable.go index dbab9542..745bd795 100644 --- a/sztp-agent/cmd/enable.go +++ b/sztp-agent/cmd/enable.go @@ -13,8 +13,13 @@ import ( "github.com/spf13/cobra" ) -// NewEnableCommand returns the enable command -func NewEnableCommand() *cobra.Command { +//nolint:gochecknoinits +func init() { + commands = append(commands, Enable()) +} + +// Enable returns the enable command +func Enable() *cobra.Command { var ( bootstrapURL string serialNumber string @@ -28,9 +33,7 @@ func NewEnableCommand() *cobra.Command { cmd := &cobra.Command{ Use: "enable", Short: "Run the enable command", - RunE: func(c *cobra.Command, _ []string) error { - err := c.Help() - cobra.CheckErr(err) + RunE: func(_ *cobra.Command, _ []string) error { a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert) return a.RunCommandEnable() }, diff --git a/sztp-agent/cmd/enable_test.go b/sztp-agent/cmd/enable_test.go index 4b20f975..f6539776 100644 --- a/sztp-agent/cmd/enable_test.go +++ b/sztp-agent/cmd/enable_test.go @@ -11,19 +11,17 @@ import ( "github.com/spf13/cobra" ) -func TestNewEnableCommand(t *testing.T) { +func TestEnableCommand(t *testing.T) { tests := []struct { name string want *cobra.Command }{ { - name: "TestNewEnableCommand", + name: "TestEnableCommand", want: &cobra.Command{ Use: "enable", Short: "Run the enable command", - RunE: func(c *cobra.Command, _ []string) error { - err := c.Help() - cobra.CheckErr(err) + RunE: func(_ *cobra.Command, _ []string) error { return nil }, }, @@ -31,8 +29,8 @@ func TestNewEnableCommand(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := NewEnableCommand(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { - t.Errorf("NewEnableCommand() = %v, want %v", got, tt.want) + if got := Enable(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { + t.Errorf("Enable() = %v, want %v", got, tt.want) } }) } diff --git a/sztp-agent/cmd/run.go b/sztp-agent/cmd/run.go index 9ae8899e..f3b02c1f 100644 --- a/sztp-agent/cmd/run.go +++ b/sztp-agent/cmd/run.go @@ -17,8 +17,13 @@ import ( "github.com/spf13/cobra" ) -// NewRunCommand returns the run command -func NewRunCommand() *cobra.Command { +//nolint:gochecknoinits +func init() { + commands = append(commands, Run()) +} + +// Run returns the run command +func Run() *cobra.Command { var ( bootstrapURL string serialNumber string @@ -32,7 +37,7 @@ func NewRunCommand() *cobra.Command { cmd := &cobra.Command{ Use: "run", Short: "Exec the run command", - RunE: func(c *cobra.Command, _ []string) error { + RunE: func(_ *cobra.Command, _ []string) error { arrayChecker := []string{devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert} if bootstrapURL != "" && dhcpLeaseFile != "" { return fmt.Errorf("'--bootstrap-url' and '--dhcp-lease-file' are mutualy exclusive") @@ -54,8 +59,6 @@ func NewRunCommand() *cobra.Command { return fmt.Errorf("must not be folder: %q", filePath) } } - err := c.Help() - cobra.CheckErr(err) a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert) return a.RunCommand() }, diff --git a/sztp-agent/cmd/run_test.go b/sztp-agent/cmd/run_test.go index ef58ccaf..f59b36ca 100644 --- a/sztp-agent/cmd/run_test.go +++ b/sztp-agent/cmd/run_test.go @@ -11,19 +11,17 @@ import ( "github.com/spf13/cobra" ) -func TestNewRunCommand(t *testing.T) { +func TestRunCommand(t *testing.T) { tests := []struct { name string want *cobra.Command }{ { - name: "TestNewRunCommand", + name: "TestRunCommand", want: &cobra.Command{ Use: "run", Short: "Exec the run command", - RunE: func(c *cobra.Command, _ []string) error { - err := c.Help() - cobra.CheckErr(err) + RunE: func(_ *cobra.Command, _ []string) error { return nil }, }, @@ -31,8 +29,8 @@ func TestNewRunCommand(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := NewRunCommand(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { - t.Errorf("NewRunCommand() = %v, want %v", got, tt.want) + if got := Run(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { + t.Errorf("Run() = %v, want %v", got, tt.want) } }) } diff --git a/sztp-agent/cmd/status.go b/sztp-agent/cmd/status.go index 0e5e1d6f..cf5043a7 100644 --- a/sztp-agent/cmd/status.go +++ b/sztp-agent/cmd/status.go @@ -13,8 +13,13 @@ import ( "github.com/spf13/cobra" ) -// NewStatusCommand returns the status command -func NewStatusCommand() *cobra.Command { +//nolint:gochecknoinits +func init() { + commands = append(commands, Status()) +} + +// Status returns the status command +func Status() *cobra.Command { var ( bootstrapURL string serialNumber string @@ -28,9 +33,7 @@ func NewStatusCommand() *cobra.Command { cmd := &cobra.Command{ Use: "status", Short: "Run the status command", - RunE: func(c *cobra.Command, _ []string) error { - err := c.Help() - cobra.CheckErr(err) + RunE: func(_ *cobra.Command, _ []string) error { a := secureagent.NewAgent(bootstrapURL, serialNumber, dhcpLeaseFile, devicePassword, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert) return a.RunCommandStatus() }, diff --git a/sztp-agent/cmd/status_test.go b/sztp-agent/cmd/status_test.go index 4f9b3629..b2d30b74 100644 --- a/sztp-agent/cmd/status_test.go +++ b/sztp-agent/cmd/status_test.go @@ -11,19 +11,17 @@ import ( "github.com/spf13/cobra" ) -func TestNewStatusCommand(t *testing.T) { +func TestStatusCommand(t *testing.T) { tests := []struct { name string want *cobra.Command }{ { - name: "TestNewStatusCommand", + name: "TestStatusCommand", want: &cobra.Command{ Use: "status", Short: "Run the status command", - RunE: func(c *cobra.Command, _ []string) error { - err := c.Help() - cobra.CheckErr(err) + RunE: func(_ *cobra.Command, _ []string) error { return nil }, }, @@ -31,8 +29,8 @@ func TestNewStatusCommand(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := NewStatusCommand(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { - t.Errorf("NewStatusCommand() = %v, want %v", got, tt.want) + if got := Status(); !reflect.DeepEqual(got.Commands(), tt.want.Commands()) { + t.Errorf("Status() = %v, want %v", got, tt.want) } }) } diff --git a/sztp-agent/main.go b/sztp-agent/main.go index 89775993..6fad6045 100644 --- a/sztp-agent/main.go +++ b/sztp-agent/main.go @@ -13,36 +13,10 @@ import ( "github.com/opiproject/sztp/sztp-agent/cmd" "log" - "os" - - "github.com/spf13/cobra" ) func main() { - command := newCommand() - if err := command.Execute(); err != nil { + if err := cmd.RootCmd().Execute(); err != nil { log.Fatalf(color.InRed("[ERROR]")+"%s", err.Error()) } } - -func newCommand() *cobra.Command { - c := &cobra.Command{ - Use: "opi-sztp-agent", - Short: "opi-sztp-agent is the agent command line interface to work with the sztp workflow", - Run: func(cmd *cobra.Command, _ []string) { - err := cmd.Help() - if err != nil { - log.Fatalf(color.InRed("[ERROR]")+"%s", err.Error()) - } - os.Exit(1) - }, - } - - c.AddCommand(cmd.NewDaemonCommand()) - c.AddCommand(cmd.NewRunCommand()) - c.AddCommand(cmd.NewStatusCommand()) - c.AddCommand(cmd.NewEnableCommand()) - c.AddCommand(cmd.NewDisableCommand()) - - return c -} From e1c781e7b857dea8f7b5ae64b4ed8ac1c81bc76d Mon Sep 17 00:00:00 2001 From: Bhoopesh Date: Fri, 28 Jun 2024 04:19:52 +0530 Subject: [PATCH 2/6] feat: add PR Template Signed-off-by: Bhoopesh --- .github/PULL_REQUEST_TEMPLATE.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..d54ffb4e --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,26 @@ + + +## Proposed changes + +Summarize your changes here to communicate with the maintainers and make sure to put the link of that issue + +## Types of changes + +What types of changes does your code introduce to the repo? Put an `x` in the boxes that apply +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Bugfix (non-breaking change which fixes an issue) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] Documentation Update (if none of the other choices applies) + +## Checklist + +Put an `x` in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code. +- [ ] I have signed the commit for DCO to be passed. +- [ ] Lint and unit tests pass locally with my changes +- [ ] I have added tests that prove my fix is effective or that my feature works (if appropriate) +- [ ] I have added necessary documentation (if appropriate) + +## Dependency +- Please add the links to the dependent PR need to be merged before this (if any). + +## Special notes for your reviewer: From fd911e237591dfac773f98b20e40758aa2e1907b Mon Sep 17 00:00:00 2001 From: Boris Glimcher Date: Mon, 1 Jul 2024 15:36:45 +0300 Subject: [PATCH 3/6] refactor: move sztp-server content to top level in preparation to move next agent code up level this is for better versioning and visibility Signed-off-by: Boris Glimcher --- {sztp-server/config => config}/first-configuration.xml | 0 .../config => config}/first-post-configuration-script.sh | 0 .../config => config}/first-pre-configuration-script.sh | 0 {sztp-server/config => config}/second-configuration.xml | 0 .../config => config}/second-post-configuration-script.sh | 0 .../config => config}/second-pre-configuration-script.sh | 0 .../config => config}/sztpd.redirect.json.template | 0 .../config => config}/sztpd.running.json.template | 0 {sztp-server/config => config}/third-configuration.xml | 0 .../config => config}/third-post-configuration-script.sh | 0 .../config => config}/third-pre-configuration-script.sh | 0 docker-compose.yml | 8 ++++---- {sztp-server => scripts}/docker-entrypoint.sh | 0 13 files changed, 4 insertions(+), 4 deletions(-) rename {sztp-server/config => config}/first-configuration.xml (100%) rename {sztp-server/config => config}/first-post-configuration-script.sh (100%) rename {sztp-server/config => config}/first-pre-configuration-script.sh (100%) rename {sztp-server/config => config}/second-configuration.xml (100%) rename {sztp-server/config => config}/second-post-configuration-script.sh (100%) rename {sztp-server/config => config}/second-pre-configuration-script.sh (100%) rename {sztp-server/config => config}/sztpd.redirect.json.template (100%) rename {sztp-server/config => config}/sztpd.running.json.template (100%) rename {sztp-server/config => config}/third-configuration.xml (100%) rename {sztp-server/config => config}/third-post-configuration-script.sh (100%) rename {sztp-server/config => config}/third-pre-configuration-script.sh (100%) rename {sztp-server => scripts}/docker-entrypoint.sh (100%) diff --git a/sztp-server/config/first-configuration.xml b/config/first-configuration.xml similarity index 100% rename from sztp-server/config/first-configuration.xml rename to config/first-configuration.xml diff --git a/sztp-server/config/first-post-configuration-script.sh b/config/first-post-configuration-script.sh similarity index 100% rename from sztp-server/config/first-post-configuration-script.sh rename to config/first-post-configuration-script.sh diff --git a/sztp-server/config/first-pre-configuration-script.sh b/config/first-pre-configuration-script.sh similarity index 100% rename from sztp-server/config/first-pre-configuration-script.sh rename to config/first-pre-configuration-script.sh diff --git a/sztp-server/config/second-configuration.xml b/config/second-configuration.xml similarity index 100% rename from sztp-server/config/second-configuration.xml rename to config/second-configuration.xml diff --git a/sztp-server/config/second-post-configuration-script.sh b/config/second-post-configuration-script.sh similarity index 100% rename from sztp-server/config/second-post-configuration-script.sh rename to config/second-post-configuration-script.sh diff --git a/sztp-server/config/second-pre-configuration-script.sh b/config/second-pre-configuration-script.sh similarity index 100% rename from sztp-server/config/second-pre-configuration-script.sh rename to config/second-pre-configuration-script.sh diff --git a/sztp-server/config/sztpd.redirect.json.template b/config/sztpd.redirect.json.template similarity index 100% rename from sztp-server/config/sztpd.redirect.json.template rename to config/sztpd.redirect.json.template diff --git a/sztp-server/config/sztpd.running.json.template b/config/sztpd.running.json.template similarity index 100% rename from sztp-server/config/sztpd.running.json.template rename to config/sztpd.running.json.template diff --git a/sztp-server/config/third-configuration.xml b/config/third-configuration.xml similarity index 100% rename from sztp-server/config/third-configuration.xml rename to config/third-configuration.xml diff --git a/sztp-server/config/third-post-configuration-script.sh b/config/third-post-configuration-script.sh similarity index 100% rename from sztp-server/config/third-post-configuration-script.sh rename to config/third-post-configuration-script.sh diff --git a/sztp-server/config/third-pre-configuration-script.sh b/config/third-pre-configuration-script.sh similarity index 100% rename from sztp-server/config/third-pre-configuration-script.sh rename to config/third-pre-configuration-script.sh diff --git a/docker-compose.yml b/docker-compose.yml index 2ecf6c54..bc7f519d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,8 +13,8 @@ services: volumes: - server-certs:/certs - ./images:/media - - ./sztp-server/config:/mnt - - ./sztp-server/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh + - ./config:/mnt + - ./scripts/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh entrypoint: /usr/local/bin/docker-entrypoint.sh environment: SZTPD_INIT_PORT: 6080 @@ -40,8 +40,8 @@ services: condition: service_completed_successfully volumes: - server-certs:/certs - - ./sztp-server/config/sztpd.redirect.json.template:/mnt/sztpd.redirect.json.template - - ./sztp-server/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh + - ./config/sztpd.redirect.json.template:/mnt/sztpd.redirect.json.template + - ./scripts/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh entrypoint: /usr/local/bin/docker-entrypoint.sh environment: SZTPD_INIT_PORT: 6080 diff --git a/sztp-server/docker-entrypoint.sh b/scripts/docker-entrypoint.sh similarity index 100% rename from sztp-server/docker-entrypoint.sh rename to scripts/docker-entrypoint.sh From d746488bdfd218c2d05ec2a949fce2eb7c92cf77 Mon Sep 17 00:00:00 2001 From: Boris Glimcher <36732377+glimchb@users.noreply.github.com> Date: Tue, 2 Jul 2024 19:01:03 -0400 Subject: [PATCH 4/6] docs(tpm): add more examples for key management Signed-off-by: Boris Glimcher <36732377+glimchb@users.noreply.github.com> --- doc/qemu_tpm_setup.md | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/doc/qemu_tpm_setup.md b/doc/qemu_tpm_setup.md index ddce5f87..dbd274ad 100644 --- a/doc/qemu_tpm_setup.md +++ b/doc/qemu_tpm_setup.md @@ -99,7 +99,11 @@ qemu-system-x86_64 -smp 2 -cdrom init.iso -m 1G \ --nographic ``` -Login using fedora/fedora and run few tests +Login using `fedora/fedora` and run few tests + +### Testing TPM device + +Sanity checks ```bash [fedora@fed38 ~]$ dmesg | grep -i tpm @@ -113,4 +117,39 @@ crw-rw----. 1 root tss 253, 65536 Jun 18 23:17 /dev/tpmrm0 [fedora@fed38 ~]$ sudo tpm2_clear [fedora@fed38 ~]$ sudo tpm2_selftest + +[fedora@fed38 ~]$ sudo tpm2_getcap algorithms | grep -A 9 'sha384' +sha384: + value: 0xC + asymmetric: 0 + symmetric: 0 + hash: 1 + object: 0 + reserved: 0x0 + signing: 0 + encrypting: 0 + method: 0 +``` + +Working with Keys, from + +```bash +[fedora@fed38 ~]$ sudo tpm2_createek -G rsa -c ek_rsa.ctx +[fedora@fed38 ~]$ sudo tpm2_createak -C ek_rsa.ctx -G rsa -g sha256 -s rsassa -c ak_rsa.ctx +loaded-key: + name: 000b42319d115beaaa57c3f2b385d8cb1e2e6834b65e5da97be1e8339a74a053d7ff + qualified name: 000b1f2b91b573baeb8d3e37b9ce48eafb0542bde0ff2fac9366f31bf178680440e6 +[fedora@fed38 ~]$ sudo tpm2_evictcontrol -c ak_rsa.ctx 0x81000000 +persistent-handle: 0x81000000 +action: persisted + +[fedora@fed38 ~]$ sudo tpm2_getcap handles-persistent +- 0x81000000 + +[fedora@fed38 ~]$ sudo tpm2_evictcontrol -C o -c 0x81000000 +persistent-handle: 0x81000000 +action: evicted +[fedora@fed38 ~]$ sudo tpm2_getcap handles-persistent +[fedora@fed38 ~]$ + ``` From 9d9e332032b9234c2f49623957b9f02ebd2ad1ff Mon Sep 17 00:00:00 2001 From: Boris Glimcher <36732377+glimchb@users.noreply.github.com> Date: Tue, 2 Jul 2024 19:33:03 -0400 Subject: [PATCH 5/6] docs(tpm): add more examples for key management Signed-off-by: Boris Glimcher <36732377+glimchb@users.noreply.github.com> --- doc/qemu_tpm_setup.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/doc/qemu_tpm_setup.md b/doc/qemu_tpm_setup.md index dbd274ad..7121cabd 100644 --- a/doc/qemu_tpm_setup.md +++ b/doc/qemu_tpm_setup.md @@ -152,4 +152,45 @@ action: evicted [fedora@fed38 ~]$ sudo tpm2_getcap handles-persistent [fedora@fed38 ~]$ +[fedora@fed38 ~]$ sudo tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-algorithm=ecc256:aes128cfb --key-context=tpm_primary_key.ctx --attributes="decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda|restricted" -V +name-alg: + value: sha256 + raw: 0xb +attributes: + value: fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda|restricted|decrypt + raw: 0x30472 +type: + value: ecc + raw: 0x23 +curve-id: + value: NIST p256 + raw: 0x3 +kdfa-alg: + value: null + raw: 0x10 +kdfa-halg: + value: (null) + raw: 0x0 +scheme: + value: null + raw: 0x10 +scheme-halg: + value: (null) + raw: 0x0 +sym-alg: + value: aes + raw: 0x6 +sym-mode: + value: cfb + raw: 0x43 +sym-keybits: 128 +x: 50ae5635be637d617fb1d9499fda0b618b63e8f27cc750ec65bcb9d9655e08e2 +y: 531a72b1039f2441bfb59f9086119b0c50d3fa7acd86d432325dd8726b4b22e6 +[fedora@fed38 ~]$ sudo tpm2_evictcontrol -C o 0x81020004 -c tpm_primary_key.ctx -V +persistent-handle: 0x81020004 +action: persisted +[fedora@fed38 ~]$ sudo tpm2_getcap handles-persistent +- 0x81000000 +- 0x81020004 + ``` From aa2f32099246b8df31d5b62b4cc1a8a436fbd08c Mon Sep 17 00:00:00 2001 From: Boris Glimcher <36732377+glimchb@users.noreply.github.com> Date: Tue, 2 Jul 2024 19:52:36 -0400 Subject: [PATCH 6/6] docs(tpm): add more examples for key management Signed-off-by: Boris Glimcher <36732377+glimchb@users.noreply.github.com> --- doc/qemu_tpm_setup.md | 59 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 55 insertions(+), 4 deletions(-) diff --git a/doc/qemu_tpm_setup.md b/doc/qemu_tpm_setup.md index 7121cabd..7a6a6396 100644 --- a/doc/qemu_tpm_setup.md +++ b/doc/qemu_tpm_setup.md @@ -135,23 +135,25 @@ Working with Keys, from