[meta-tpm][PATCH 1/5] swtpm: enable seccomp if DISTRO is enabled

[meta-tpm][PATCH 1/5] swtpm: enable seccomp if DISTRO is enabled

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
index 85e4c5d..db6ceee 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
@@ -22,6 +22,7 @@ TSS_GROUP="tss"
 
 PACKAGECONFIG ?= "openssl"
 PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
+PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}"
 PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
 PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
 # expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
-- 
2.25.1

[meta-tpm][PATCH 2/5] security-tpm2-image: add swtpm

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-core/images/security-tpm2-image.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-tpm/recipes-core/images/security-tpm2-image.bb b/meta-tpm/recipes-core/images/security-tpm2-image.bb
index 7e047d1..941a661 100644
--- a/meta-tpm/recipes-core/images/security-tpm2-image.bb
+++ b/meta-tpm/recipes-core/images/security-tpm2-image.bb
@@ -7,6 +7,7 @@ IMAGE_INSTALL = "\
     packagegroup-core-boot \
     packagegroup-security-tpm2 \
     os-release \
+    swtpm \
 "
 
 IMAGE_LINGUAS ?= " "
-- 
2.25.1

[meta-tpm][PATCH 3/5] swtpm: enable gnutls

[Armin Kuster]

needed for cert support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
index db6ceee..03899d8 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
@@ -20,7 +20,7 @@ inherit autotools pkgconfig perlnative
 TSS_USER="tss"
 TSS_GROUP="tss"
 
-PACKAGECONFIG ?= "openssl"
+PACKAGECONFIG ?= "openssl gnutls"
 PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
 PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}"
 PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
@@ -28,7 +28,7 @@ PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
 # expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
 # used by swtpm-create-tpmca (the last two is provided by gnutls)
 # gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
-PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools"
+PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools"
 PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
 PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
 PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
-- 
2.25.1

[meta-tpm][PATCH 4/5] oeqa/swtpm: add swtpm runtime

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/lib/oeqa/runtime/cases/swtpm.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 meta-tpm/lib/oeqa/runtime/cases/swtpm.py

diff --git a/meta-tpm/lib/oeqa/runtime/cases/swtpm.py b/meta-tpm/lib/oeqa/runtime/cases/swtpm.py
new file mode 100644
index 0000000..df47b35
--- /dev/null
+++ b/meta-tpm/lib/oeqa/runtime/cases/swtpm.py
@@ -0,0 +1,24 @@
+# Copyright (C) 2022 Armin Kuster <akuster808@gmail.com>
+#
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.runtime.decorator.package import OEHasPackage
+from oeqa.core.decorator.data import skipIfNotFeature
+
+class SwTpmTest(OERuntimeTestCase):
+    @classmethod
+    def setUpClass(cls):
+        cls.tc.target.run('mkdir /tmp/myvtpm2')
+        cls.tc.target.run('chown tss:root /tmp/myvtpm2')
+
+    @classmethod
+    def tearDownClass(cls):
+        cls.tc.target.run('rm -fr /tmp/myvtpm2')
+
+    @skipIfNotFeature('tpm2','Test tpm2_swtpm_socket requires tpm2 to be in DISTRO_FEATURES')
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    @OEHasPackage(['swtpm'])
+    def test_swtpm2_ek_cert(self):
+            cmd = 'swtpm_setup --tpmstate /tmp/myvtpm2 --create-ek-cert --create-platform-cert --tpm2',
+            status, output = self.target.run(cmd)
+            self.assertEqual(status, 0, msg="swtpm create-ek-cert failed: %s" % output)
-- 
2.25.1

[meta-tpm][PATCH 5/5] oeqa/tpm2: fix and cleanup tests

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/lib/oeqa/runtime/cases/tpm2.py | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
index c2c95e7..e64d19d 100644
--- a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
+++ b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
@@ -1,11 +1,19 @@
-# Copyright (C) 2019 Armin Kuster <akuster808@gmail.com>
+# Copyright (C) 2019 - 2022 Armin Kuster <akuster808@gmail.com>
 #
 from oeqa.runtime.case import OERuntimeTestCase
 from oeqa.core.decorator.depends import OETestDepends
 from oeqa.runtime.decorator.package import OEHasPackage
-
+from oeqa.core.decorator.data import skipIfNotFeature
 
 class Tpm2Test(OERuntimeTestCase):
+    @classmethod
+    def setUpClass(cls):
+        cls.tc.target.run('mkdir /tmp/myvtpm2')
+
+    @classmethod
+    def tearDownClass(cls):
+        cls.tc.target.run('rm -fr /tmp/myvtpm2')
+
     def check_endlines(self, results,  expected_endlines): 
         for line in results.splitlines():
             for el in expected_endlines:
@@ -19,20 +27,19 @@ class Tpm2Test(OERuntimeTestCase):
     @OEHasPackage(['tpm2-tools'])
     @OEHasPackage(['tpm2-abrmd'])
     @OEHasPackage(['swtpm'])
+    @skipIfNotFeature('tpm2','Test tpm2_startup requires tpm2 to be in DISTRO_FEATURES')
     @OETestDepends(['ssh.SSHTest.test_ssh'])
-    def test_tpm2_swtpm_socket(self):
+    def test_tpm2_startup(self):
         cmds = [
-                'mkdir /tmp/myvtpm',
-                'swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init &',
-                'export TPM2TOOLS_TCTI="swtpm:port=2321"',
-                'tpm2_startup -c'
+                'swtpm socket -d --tpmstate dir=/tmp/myvtpm2 --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init',
+                'tpm2_startup -c -T "swtpm:port=2321"',
                ]
 
         for cmd in cmds:
             status, output = self.target.run(cmd)
             self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
 
-    @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket'])
+    @OETestDepends(['tpm2.Tpm2Test.test_tpm2_startup'])
     def test_tpm2_pcrread(self):
          (status, output) = self.target.run('tpm2_pcrread')
          expected_endlines = []
@@ -49,7 +56,7 @@ class Tpm2Test(OERuntimeTestCase):
 
     @OEHasPackage(['p11-kit'])
     @OEHasPackage(['tpm2-pkcs11'])
-    @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket'])
+    @OETestDepends(['tpm2.Tpm2Test.test_tpm2_pcrread'])
     def test_tpm2_pkcs11(self):
          (status, output) = self.target.run('p11-kit list-modules -v')
          self.assertEqual(status, 0, msg="Modules missing: %s" % output)
-- 
2.25.1