Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>, Petr Vorel <pvorel@suse.cz>,
	Vitaly Chikunov <vt@altlinux.org>,
	Bruno Meneguele <bmeneg@redhat.com>
Subject: [ima-evm-utils: PATCH 3/5] ima-evm-utils: travis: dependency on TSS for initializing software TPM
Date: Fri, 31 Jul 2020 14:24:06 -0400
Message-ID: <20200731182408.696931-4-zohar@linux.ibm.com> (raw)
In-Reply-To: <20200731182408.696931-1-zohar@linux.ibm.com>

Verifying the "boot_aggregate" requires reading the TPM PCRs for each of
the TPM banks.  In test environments without a physical TPM, a software
TPM may be used, but requires initializing the TPM PCRs.  By walking and
replaying the TPM event log, a software TPM may be properly initialized.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 .travis.yml          | 4 +++-
 tests/install-tss.sh | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100755 tests/install-tss.sh

diff --git a/.travis.yml b/.travis.yml
index fa2a37625d52..0a3476572f74 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,8 +13,10 @@ addons:
    - docbook-xml
 install:
    - ./tests/install-swtpm.sh
+   - ./tests/install-tss.sh
 script:
-   - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check TESTS="ima_hash.test sign_verify.test";
+   - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check;
 
    - tail -3 tests/ima_hash.log;
    - tail -3 tests/sign_verify.log;
+   - tail -3 tests/boot_aggregate.log;
diff --git a/tests/install-tss.sh b/tests/install-tss.sh
new file mode 100755
index 000000000000..c9c179eee6a8
--- /dev/null
+++ b/tests/install-tss.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -ex
+git clone https://git.code.sf.net/p/ibmtpm20tss/tss
+cd tss
+autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make -j$(nproc) && sudo make install
+cd ..
+rm -rf tss
-- 
2.18.4


  parent reply index

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-31 18:24 [ima-evm-utils: PATCH 0/5] initial travis support Mimi Zohar
2020-07-31 18:24 ` [ima-evm-utils: PATCH 1/5] ima-evm-utils: travis: define travis.yml Mimi Zohar
2020-07-31 18:24 ` [ima-evm-utils: PATCH 2/5] ima-evm-utils: travis: download, compile, and install a swTPM Mimi Zohar
2020-07-31 18:24 ` Mimi Zohar [this message]
2020-07-31 18:24 ` [ima-evm-utils: PATCH 4/5] ima-evm-utils: travis: support tpm2-tss Mimi Zohar
2020-07-31 18:24 ` [ima-evm-utils: PATCH 5/5] ima-evm-utils: travis: openssl gost engine Mimi Zohar
2020-07-31 18:56   ` Vitaly Chikunov
2020-07-31 20:18     ` Petr Vorel
2020-07-31 20:26       ` Vitaly Chikunov
2020-07-31 20:40         ` Petr Vorel
2020-07-31 21:06           ` Vitaly Chikunov
2020-07-31 22:32             ` Mimi Zohar
2020-08-03  3:09               ` Mimi Zohar
2020-08-03 13:07                 ` Petr Vorel
2020-08-03 14:29                   ` Mimi Zohar
2020-08-03 16:46                     ` Petr Vorel
2020-08-03 17:16                       ` Mimi Zohar
2020-08-04  7:22                         ` Petr Vorel
2020-08-04  7:54                           ` Petr Vorel
2020-08-04 13:23                             ` Mimi Zohar
2020-08-05  9:42                               ` Petr Vorel
2020-08-05 13:31                                 ` Mimi Zohar
2020-08-05 16:23                                   ` Vitaly Chikunov
2020-08-05 16:18                                 ` Vitaly Chikunov
2020-08-11 17:33                                 ` Petr Vorel
2020-08-11 22:04                                   ` Mimi Zohar
2020-08-12 13:05                                     ` Petr Vorel
2020-08-13 18:15                                       ` Mimi Zohar
2020-08-13 18:28                                         ` Petr Vorel
2020-08-13 20:11                                           ` Mimi Zohar
2020-08-03 16:32               ` Vitaly Chikunov
2020-08-03 16:36                 ` Petr Vorel
2020-08-03 17:26             ` Mimi Zohar
2020-08-03 18:42               ` Vitaly Chikunov
2020-08-03  2:53           ` Mimi Zohar
2020-08-03 13:11             ` Petr Vorel
2020-08-03 14:33               ` Mimi Zohar
2020-08-04 12:05   ` [ima-evm-utils: PATCH v1 " Mimi Zohar
2020-08-04 14:45     ` Vitaly Chikunov
2020-08-04 18:11       ` Mimi Zohar
2020-07-31 20:19 ` [ima-evm-utils: PATCH 0/5] initial travis support Petr Vorel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200731182408.696931-4-zohar@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=bmeneg@redhat.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=pvorel@suse.cz \
    --cc=vt@altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git