Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
@ 2019-10-24 19:14 Mimi Zohar
  2019-10-24 19:24 ` Mimi Zohar
  2019-10-28 20:30 ` Jarkko Sakkinen
  0 siblings, 2 replies; 10+ messages in thread
From: Mimi Zohar @ 2019-10-24 19:14 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Mimi Zohar, David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel

Create, save and load trusted keys test

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Change log v1:
- Replace the directions for using Trousers to take ownership of the TPM
with directions for using the IBM TSS.
- Differentiate between different types of errors.  Recent bug is causing
"add_key: Timer expired".
---
 tools/testing/selftests/tpm2/Makefile            |   2 +-
 tools/testing/selftests/tpm2/test_trustedkeys.sh | 109 +++++++++++++++++++++++
 2 files changed, 110 insertions(+), 1 deletion(-)
 create mode 100755 tools/testing/selftests/tpm2/test_trustedkeys.sh

diff --git a/tools/testing/selftests/tpm2/Makefile b/tools/testing/selftests/tpm2/Makefile
index 1a5db1eb8ed5..055bf62510b5 100644
--- a/tools/testing/selftests/tpm2/Makefile
+++ b/tools/testing/selftests/tpm2/Makefile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
 include ../lib.mk
 
-TEST_PROGS := test_smoke.sh test_space.sh
+TEST_PROGS := test_smoke.sh test_space.sh test_trustedkey.sh
 TEST_PROGS_EXTENDED := tpm2.py tpm2_tests.py
diff --git a/tools/testing/selftests/tpm2/test_trustedkeys.sh b/tools/testing/selftests/tpm2/test_trustedkeys.sh
new file mode 100755
index 000000000000..dc7df7467670
--- /dev/null
+++ b/tools/testing/selftests/tpm2/test_trustedkeys.sh
@@ -0,0 +1,109 @@
+#!/bin/sh
+
+VERBOSE="${VERBOSE:-1}"
+TRUSTEDKEY1="$(mktemp -u XXXX).blob"
+TRUSTEDKEY2="$(mktemp -u XXXX).blob"
+ERRMSG="$(mktemp -u XXXX)"
+trap "echo PRETRAP" SIGINT SIGTERM SIGTSTP
+trap "{ rm -f $TRUSTEDKEY1 $TRUSTEDKEY2 $ERRMSG; }" EXIT
+
+log_info()
+{
+        [ $VERBOSE -ne 0 ] && echo "[INFO] $1"
+}
+
+# The ksefltest framework requirement returns 0 for PASS.
+log_pass()
+{
+        [ $VERBOSE -ne 0 ] && echo "$1 [PASS]"
+        exit 0
+}
+
+# The ksefltest framework requirement returns 1 for FAIL.
+log_fail()
+{
+        [ $VERBOSE -ne 0 ] && echo "$1 [FAIL]"
+        exit 1
+}
+
+# The ksefltest framework requirement returns 4 for SKIP.
+log_skip()
+{
+        [ $VERBOSE -ne 0 ] && echo "$1"
+        exit 4
+}
+
+is_tpm1()
+{
+	local pcrs_path="/sys/class/tpm/tpm0/device/pcrs"
+	if [ ! -f "$pcrs_path" ]; then
+		pcrs_path="/sys/class/misc/tpm0/device/pcrs"
+	fi
+
+	if [ ! -f "$pcrs_path" ]; then
+		log_skip "TPM 1.2 chip not found"
+	fi
+}
+
+takeownership_info()
+{
+	log_info "creating trusted key failed, probably requires taking TPM ownership:"
+	which tss1oiap > /dev/null 2>&1 || \
+		log_info "    tss1oiap not found, install IBM TSS"
+
+	log_info "    export TPM_DEVICE=/dev/tpm0"
+	log_info "    export TPM_ENCRYPT_SESSIONS=0"
+
+	log_info "    OIAP=\$(tss1oiap | cut -d' ' -f 2)"
+	log_info "    tss1takeownership -se0 \$OIAP 0"
+	log_fail "creating trusted key"
+}
+
+test_trustedkey()
+{
+	#local keyid="$(keyctl add trusted kmk-test "new 64" @u)" &> $ERRMSG
+	local keyid="$(keyctl add trusted kmk-test "new 64" @u 2> $ERRMSG)"
+
+	grep -E -q "add_key: Operation not permitted" $ERRMSG
+	if [ $? -eq 0 ]; then
+		takeownership_info
+	fi
+
+	grep -E -q "add_key: " $ERRMSG
+	if [ $? -eq 0 ]; then
+		log_info "`cat ${ERRMSG}`"
+		log_fail "creating trusted key"
+	fi
+	
+	if [ -z "$keyid" ]; then
+		log_fail "creating trusted key failed"
+	fi
+	log_info "creating trusted key succeeded"
+
+	# save newly created trusted key and remove from keyring
+	keyctl pipe "$keyid" > "$TRUSTEDKEY1"
+	keyctl unlink "$keyid" &> /dev/null
+
+	keyid=$(keyctl add trusted kmk-test "load `cat $TRUSTEDKEY1`" @u)
+	if [ $? -eq 0 ]; then
+		log_info "loading trusted key succeeded"
+	else
+		log_fail "loading trusted key failed"
+	fi
+
+	# save loaded trusted key and remove from keyring again
+	keyctl pipe "$keyid" > "$TRUSTEDKEY2"
+	keyctl unlink "$keyid" &> /dev/null
+
+	# compare trusted keys
+	diff "$TRUSTEDKEY1" "$TRUSTEDKEY2" &> /dev/null
+	ret=$?
+	if [ $ret -eq 0 ]; then
+		log_pass "trusted key test succeeded"
+	else
+		log_fail "trusted key test failed"
+	fi
+}
+
+is_tpm1
+test_trustedkey
-- 
2.7.5


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-24 19:14 [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test Mimi Zohar
@ 2019-10-24 19:24 ` Mimi Zohar
  2019-10-28 20:35   ` Jarkko Sakkinen
  2019-10-28 20:30 ` Jarkko Sakkinen
  1 sibling, 1 reply; 10+ messages in thread
From: Mimi Zohar @ 2019-10-24 19:24 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel, Eric Biggers

Hi Jarkko,

Please note that I'm seeing "add_key: Timer expired" frequently.  This
is something new.  I have no idea if this is a new TPM or keys
regression.

Mimi


On Thu, 2019-10-24 at 15:14 -0400, Mimi Zohar wrote:
> Create, save and load trusted keys test
> 
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> 
> Change log v1:
> - Replace the directions for using Trousers to take ownership of the TPM
> with directions for using the IBM TSS.
> - Differentiate between different types of errors.  Recent bug is causing
> "add_key: Timer expired".
> ---
>  tools/testing/selftests/tpm2/Makefile            |   2 +-
>  tools/testing/selftests/tpm2/test_trustedkeys.sh | 109 +++++++++++++++++++++++
>  2 files changed, 110 insertions(+), 1 deletion(-)
>  create mode 100755 tools/testing/selftests/tpm2/test_trustedkeys.sh
> 
> diff --git a/tools/testing/selftests/tpm2/Makefile b/tools/testing/selftests/tpm2/Makefile
> index 1a5db1eb8ed5..055bf62510b5 100644
> --- a/tools/testing/selftests/tpm2/Makefile
> +++ b/tools/testing/selftests/tpm2/Makefile
> @@ -1,5 +1,5 @@
>  # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
>  include ../lib.mk
>  
> -TEST_PROGS := test_smoke.sh test_space.sh
> +TEST_PROGS := test_smoke.sh test_space.sh test_trustedkey.sh
>  TEST_PROGS_EXTENDED := tpm2.py tpm2_tests.py
> diff --git a/tools/testing/selftests/tpm2/test_trustedkeys.sh b/tools/testing/selftests/tpm2/test_trustedkeys.sh
> new file mode 100755
> index 000000000000..dc7df7467670
> --- /dev/null
> +++ b/tools/testing/selftests/tpm2/test_trustedkeys.sh
> @@ -0,0 +1,109 @@
> +#!/bin/sh
> +
> +VERBOSE="${VERBOSE:-1}"
> +TRUSTEDKEY1="$(mktemp -u XXXX).blob"
> +TRUSTEDKEY2="$(mktemp -u XXXX).blob"
> +ERRMSG="$(mktemp -u XXXX)"
> +trap "echo PRETRAP" SIGINT SIGTERM SIGTSTP
> +trap "{ rm -f $TRUSTEDKEY1 $TRUSTEDKEY2 $ERRMSG; }" EXIT
> +
> +log_info()
> +{
> +        [ $VERBOSE -ne 0 ] && echo "[INFO] $1"
> +}
> +
> +# The ksefltest framework requirement returns 0 for PASS.
> +log_pass()
> +{
> +        [ $VERBOSE -ne 0 ] && echo "$1 [PASS]"
> +        exit 0
> +}
> +
> +# The ksefltest framework requirement returns 1 for FAIL.
> +log_fail()
> +{
> +        [ $VERBOSE -ne 0 ] && echo "$1 [FAIL]"
> +        exit 1
> +}
> +
> +# The ksefltest framework requirement returns 4 for SKIP.
> +log_skip()
> +{
> +        [ $VERBOSE -ne 0 ] && echo "$1"
> +        exit 4
> +}
> +
> +is_tpm1()
> +{
> +	local pcrs_path="/sys/class/tpm/tpm0/device/pcrs"
> +	if [ ! -f "$pcrs_path" ]; then
> +		pcrs_path="/sys/class/misc/tpm0/device/pcrs"
> +	fi
> +
> +	if [ ! -f "$pcrs_path" ]; then
> +		log_skip "TPM 1.2 chip not found"
> +	fi
> +}
> +
> +takeownership_info()
> +{
> +	log_info "creating trusted key failed, probably requires taking TPM ownership:"
> +	which tss1oiap > /dev/null 2>&1 || \
> +		log_info "    tss1oiap not found, install IBM TSS"
> +
> +	log_info "    export TPM_DEVICE=/dev/tpm0"
> +	log_info "    export TPM_ENCRYPT_SESSIONS=0"
> +
> +	log_info "    OIAP=\$(tss1oiap | cut -d' ' -f 2)"
> +	log_info "    tss1takeownership -se0 \$OIAP 0"
> +	log_fail "creating trusted key"
> +}
> +
> +test_trustedkey()
> +{
> +	#local keyid="$(keyctl add trusted kmk-test "new 64" @u)" &> $ERRMSG
> +	local keyid="$(keyctl add trusted kmk-test "new 64" @u 2> $ERRMSG)"
> +
> +	grep -E -q "add_key: Operation not permitted" $ERRMSG
> +	if [ $? -eq 0 ]; then
> +		takeownership_info
> +	fi
> +
> +	grep -E -q "add_key: " $ERRMSG
> +	if [ $? -eq 0 ]; then
> +		log_info "`cat ${ERRMSG}`"
> +		log_fail "creating trusted key"
> +	fi
> +	
> +	if [ -z "$keyid" ]; then
> +		log_fail "creating trusted key failed"
> +	fi
> +	log_info "creating trusted key succeeded"
> +
> +	# save newly created trusted key and remove from keyring
> +	keyctl pipe "$keyid" > "$TRUSTEDKEY1"
> +	keyctl unlink "$keyid" &> /dev/null
> +
> +	keyid=$(keyctl add trusted kmk-test "load `cat $TRUSTEDKEY1`" @u)
> +	if [ $? -eq 0 ]; then
> +		log_info "loading trusted key succeeded"
> +	else
> +		log_fail "loading trusted key failed"
> +	fi
> +
> +	# save loaded trusted key and remove from keyring again
> +	keyctl pipe "$keyid" > "$TRUSTEDKEY2"
> +	keyctl unlink "$keyid" &> /dev/null
> +
> +	# compare trusted keys
> +	diff "$TRUSTEDKEY1" "$TRUSTEDKEY2" &> /dev/null
> +	ret=$?
> +	if [ $ret -eq 0 ]; then
> +		log_pass "trusted key test succeeded"
> +	else
> +		log_fail "trusted key test failed"
> +	fi
> +}
> +
> +is_tpm1
> +test_trustedkey


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-24 19:14 [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test Mimi Zohar
  2019-10-24 19:24 ` Mimi Zohar
@ 2019-10-28 20:30 ` Jarkko Sakkinen
  2019-10-28 20:40   ` Jarkko Sakkinen
  2019-10-28 20:45   ` Mimi Zohar
  1 sibling, 2 replies; 10+ messages in thread
From: Jarkko Sakkinen @ 2019-10-28 20:30 UTC (permalink / raw)
  To: Mimi Zohar
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel

On Thu, Oct 24, 2019 at 03:14:27PM -0400, Mimi Zohar wrote:
> Create, save and load trusted keys test
> 
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> 
> Change log v1:
> - Replace the directions for using Trousers to take ownership of the TPM
> with directions for using the IBM TSS.
> - Differentiate between different types of errors.  Recent bug is causing
> "add_key: Timer expired".
> ---

Is not really usable as a selftest because of 3rd party dependencies.

/Jarkko

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-24 19:24 ` Mimi Zohar
@ 2019-10-28 20:35   ` Jarkko Sakkinen
  0 siblings, 0 replies; 10+ messages in thread
From: Jarkko Sakkinen @ 2019-10-28 20:35 UTC (permalink / raw)
  To: Mimi Zohar
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel, Eric Biggers

On Thu, Oct 24, 2019 at 03:24:06PM -0400, Mimi Zohar wrote:
> Hi Jarkko,
> 
> Please note that I'm seeing "add_key: Timer expired" frequently.  This
> is something new.  I have no idea if this is a new TPM or keys
> regression.

Is it possible to bisect this? I cannot run the test script that you
made at the moment because of dependencies.

I'll try to work on image with BuildRoot that would have TrouSerS.
I recall it had recipe for it. So probably late this week or early
next week I'll be able to help finding the root cause.

/Jarkko

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-28 20:30 ` Jarkko Sakkinen
@ 2019-10-28 20:40   ` Jarkko Sakkinen
  2019-10-28 20:45   ` Mimi Zohar
  1 sibling, 0 replies; 10+ messages in thread
From: Jarkko Sakkinen @ 2019-10-28 20:40 UTC (permalink / raw)
  To: Mimi Zohar
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel

On Mon, Oct 28, 2019 at 10:30:14PM +0200, Jarkko Sakkinen wrote:
> On Thu, Oct 24, 2019 at 03:14:27PM -0400, Mimi Zohar wrote:
> > Create, save and load trusted keys test
> > 
> > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > 
> > Change log v1:
> > - Replace the directions for using Trousers to take ownership of the TPM
> > with directions for using the IBM TSS.
> > - Differentiate between different types of errors.  Recent bug is causing
> > "add_key: Timer expired".
> > ---
> 
> Is not really usable as a selftest because of 3rd party dependencies.

For TPM 2.0 I did write a smoke test for TPM2 trusted keys:

https://github.com/jsakkine-intel/tpm2-scripts

What you need to do is to make a lightweight library for TPM 1.x e.g.
tpm1.py, and use that to implement the test.

For TPM 2.0 I would peek at the tpm2-pcr-policy and keyctl-smoke.sh on
how to implement the without 3rd party deps.

/Jarkko

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-28 20:30 ` Jarkko Sakkinen
  2019-10-28 20:40   ` Jarkko Sakkinen
@ 2019-10-28 20:45   ` Mimi Zohar
  2019-10-29  9:15     ` Jarkko Sakkinen
  1 sibling, 1 reply; 10+ messages in thread
From: Mimi Zohar @ 2019-10-28 20:45 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel

On Mon, 2019-10-28 at 22:30 +0200, Jarkko Sakkinen wrote:
> On Thu, Oct 24, 2019 at 03:14:27PM -0400, Mimi Zohar wrote:
> > Create, save and load trusted keys test
> > 
> > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > 
> > Change log v1:
> > - Replace the directions for using Trousers to take ownership of the TPM
> > with directions for using the IBM TSS.
> > - Differentiate between different types of errors.  Recent bug is causing
> > "add_key: Timer expired".
> > ---
> 
> Is not really usable as a selftest because of 3rd party dependencies.

As part of diagnosing trusted keys failure, there is some
hints/directions as to how to take TPM 1.2 ownership, but it does not
take ownership.  The previous version included directions for using
Trousers.  This version provides directions for using the IBM TSS.
 Feel free to include additional hints/directions.

Mimi
   


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-28 20:45   ` Mimi Zohar
@ 2019-10-29  9:15     ` Jarkko Sakkinen
  2019-10-29  9:25       ` Jarkko Sakkinen
  0 siblings, 1 reply; 10+ messages in thread
From: Jarkko Sakkinen @ 2019-10-29  9:15 UTC (permalink / raw)
  To: Mimi Zohar
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel

On Mon, Oct 28, 2019 at 04:45:13PM -0400, Mimi Zohar wrote:
> On Mon, 2019-10-28 at 22:30 +0200, Jarkko Sakkinen wrote:
> > On Thu, Oct 24, 2019 at 03:14:27PM -0400, Mimi Zohar wrote:
> > > Create, save and load trusted keys test
> > > 
> > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > 
> > > Change log v1:
> > > - Replace the directions for using Trousers to take ownership of the TPM
> > > with directions for using the IBM TSS.
> > > - Differentiate between different types of errors.  Recent bug is causing
> > > "add_key: Timer expired".
> > > ---
> > 
> > Is not really usable as a selftest because of 3rd party dependencies.
> 
> As part of diagnosing trusted keys failure, there is some
> hints/directions as to how to take TPM 1.2 ownership, but it does not
> take ownership.  The previous version included directions for using
> Trousers.  This version provides directions for using the IBM TSS.
>  Feel free to include additional hints/directions.

You must write your own minimal user space that can be included
to the kernel. Otherwise, we cannot take it.

/Jarkko

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-29  9:15     ` Jarkko Sakkinen
@ 2019-10-29  9:25       ` Jarkko Sakkinen
  2019-10-29 11:45         ` Jarkko Sakkinen
  0 siblings, 1 reply; 10+ messages in thread
From: Jarkko Sakkinen @ 2019-10-29  9:25 UTC (permalink / raw)
  To: Mimi Zohar
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel

On Tue, Oct 29, 2019 at 11:15:35AM +0200, Jarkko Sakkinen wrote:
> On Mon, Oct 28, 2019 at 04:45:13PM -0400, Mimi Zohar wrote:
> > On Mon, 2019-10-28 at 22:30 +0200, Jarkko Sakkinen wrote:
> > > On Thu, Oct 24, 2019 at 03:14:27PM -0400, Mimi Zohar wrote:
> > > > Create, save and load trusted keys test
> > > > 
> > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > > 
> > > > Change log v1:
> > > > - Replace the directions for using Trousers to take ownership of the TPM
> > > > with directions for using the IBM TSS.
> > > > - Differentiate between different types of errors.  Recent bug is causing
> > > > "add_key: Timer expired".
> > > > ---
> > > 
> > > Is not really usable as a selftest because of 3rd party dependencies.
> > 
> > As part of diagnosing trusted keys failure, there is some
> > hints/directions as to how to take TPM 1.2 ownership, but it does not
> > take ownership.  The previous version included directions for using
> > Trousers.  This version provides directions for using the IBM TSS.
> >  Feel free to include additional hints/directions.
> 
> You must write your own minimal user space that can be included
> to the kernel. Otherwise, we cannot take it.

I'll anyway try to setup user space with TrouSerS so that I can try
it out. BuildRoot has recipe for that but not for IBM TSS 2.0 so I'll
skip that and use my own test script for TPM2 trusted keys.

/Jarkko

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-29  9:25       ` Jarkko Sakkinen
@ 2019-10-29 11:45         ` Jarkko Sakkinen
  2019-10-29 11:49           ` Jarkko Sakkinen
  0 siblings, 1 reply; 10+ messages in thread
From: Jarkko Sakkinen @ 2019-10-29 11:45 UTC (permalink / raw)
  To: Mimi Zohar
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel

On Tue, Oct 29, 2019 at 11:25:16AM +0200, Jarkko Sakkinen wrote:
> I'll anyway try to setup user space with TrouSerS so that I can try
> it out. BuildRoot has recipe for that but not for IBM TSS 2.0 so I'll
> skip that and use my own test script for TPM2 trusted keys.

Busybox version of mktemp gives this error message:

  mktemp: Invalid argument

I get that three times.

Then I get non-existent directory error from line 65 but it is probably
consequence of the previous errors.

This the help for mktemp:

"
Usage: mktemp [-dt] [-p DIR] [TEMPLATE]

Create a temporary file with name based on TEMPLATE and print its name.
TEMPLATE must end with XXXXXX (e.g. [/dir/]nameXXXXXX).
Without TEMPLATE, -t tmp.XXXXXX is assumed.

	-d	Make directory, not file
	-q	Fail silently on errors
	-t	Prepend base directory name to TEMPLATE
	-p DIR	Use DIR as a base directory (implies -t)
	-u	Do not create anything; print a name

Base directory is: -p DIR, else $TMPDIR, else /tmp
"

Use total six X's seems to fix the problem.

/Jarkko

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test
  2019-10-29 11:45         ` Jarkko Sakkinen
@ 2019-10-29 11:49           ` Jarkko Sakkinen
  0 siblings, 0 replies; 10+ messages in thread
From: Jarkko Sakkinen @ 2019-10-29 11:49 UTC (permalink / raw)
  To: Mimi Zohar
  Cc: David Howells, Petr Vorel, shuah, James Bottomley,
	linux-integrity, linux-kselftest, linux-kernel

On Tue, Oct 29, 2019 at 01:45:35PM +0200, Jarkko Sakkinen wrote:
> On Tue, Oct 29, 2019 at 11:25:16AM +0200, Jarkko Sakkinen wrote:
> > I'll anyway try to setup user space with TrouSerS so that I can try
> > it out. BuildRoot has recipe for that but not for IBM TSS 2.0 so I'll
> > skip that and use my own test script for TPM2 trusted keys.
> 
> Busybox version of mktemp gives this error message:
> 
>   mktemp: Invalid argument
> 
> I get that three times.
> 
> Then I get non-existent directory error from line 65 but it is probably
> consequence of the previous errors.
> 
> This the help for mktemp:
> 
> "
> Usage: mktemp [-dt] [-p DIR] [TEMPLATE]
> 
> Create a temporary file with name based on TEMPLATE and print its name.
> TEMPLATE must end with XXXXXX (e.g. [/dir/]nameXXXXXX).
> Without TEMPLATE, -t tmp.XXXXXX is assumed.
> 
> 	-d	Make directory, not file
> 	-q	Fail silently on errors
> 	-t	Prepend base directory name to TEMPLATE
> 	-p DIR	Use DIR as a base directory (implies -t)
> 	-u	Do not create anything; print a name
> 
> Base directory is: -p DIR, else $TMPDIR, else /tmp
> "
> 
> Use total six X's seems to fix the problem.

OK, I fixes that issue and then I end up with:

  [INFO] add_key: No such device

Anyway, got further.

/Jarkko

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, back to index

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-24 19:14 [PATCH v1] selftest/trustedkeys: TPM 1.2 trusted keys test Mimi Zohar
2019-10-24 19:24 ` Mimi Zohar
2019-10-28 20:35   ` Jarkko Sakkinen
2019-10-28 20:30 ` Jarkko Sakkinen
2019-10-28 20:40   ` Jarkko Sakkinen
2019-10-28 20:45   ` Mimi Zohar
2019-10-29  9:15     ` Jarkko Sakkinen
2019-10-29  9:25       ` Jarkko Sakkinen
2019-10-29 11:45         ` Jarkko Sakkinen
2019-10-29 11:49           ` Jarkko Sakkinen

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git