* [PATCH 1/2] IMA: Move check_evmctl to setup, add require_evmctl()
@ 2021-03-16 15:05 Petr Vorel
2021-03-16 15:06 ` [PATCH 2/2] IMA/ima_keys.sh: Require evmctl 1.3.2 Petr Vorel
0 siblings, 1 reply; 4+ messages in thread
From: Petr Vorel @ 2021-03-16 15:05 UTC (permalink / raw)
To: ltp
Cc: Petr Vorel, Mimi Zohar, Lakshmi Ramasubramanian, Tushar Sugandhi,
linux-integrity
Helper functions can be reused in other tests.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
.../security/integrity/ima/tests/ima_setup.sh | 43 +++++++++++++++++++
.../security/integrity/ima/tests/ima_tpm.sh | 33 --------------
2 files changed, 43 insertions(+), 33 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
index 59a7ffeac..565f0bc3e 100644
--- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -269,6 +269,49 @@ get_algorithm_digest()
echo "$algorithm|$digest"
}
+# check_evmctl REQUIRED_TPM_VERSION
+# return: 0: evmctl is new enough, 1: version older than required (or version < v0.9)
+check_evmctl()
+{
+ local required="$1"
+
+ local r1="$(echo $required | cut -d. -f1)"
+ local r2="$(echo $required | cut -d. -f2)"
+ local r3="$(echo $required | cut -d. -f3)"
+ [ -z "$r3" ] && r3=0
+
+ tst_is_int "$r1" || tst_brk TBROK "required major version not int ($v1)"
+ tst_is_int "$r2" || tst_brk TBROK "required minor version not int ($v2)"
+ tst_is_int "$r3" || tst_brk TBROK "required patch version not int ($v3)"
+
+ tst_check_cmds evmctl || return 1
+
+ local v="$(evmctl --version | cut -d' ' -f2)"
+ [ -z "$v" ] && return 1
+ tst_res TINFO "evmctl version: $v"
+
+ local v1="$(echo $v | cut -d. -f1)"
+ local v2="$(echo $v | cut -d. -f2)"
+ local v3="$(echo $v | cut -d. -f3)"
+ [ -z "$v3" ] && v3=0
+
+ if [ $v1 -lt $r1 ] || [ $v1 -eq $r1 -a $v2 -lt $r2 ] || \
+ [ $v1 -eq $r1 -a $v2 -eq $r2 -a $v3 -lt $r3 ]; then
+ return 1
+ fi
+ return 0
+}
+
+# require_evmctl REQUIRED_TPM_VERSION
+require_evmctl()
+{
+ local required="$1"
+
+ if ! check_evmctl $required; then
+ tst_brk TCONF "evmctl >= $required required"
+ fi
+}
+
# loop device is needed to use only for tmpfs
TMPDIR="${TMPDIR:-/tmp}"
if [ "$(df -T $TMPDIR | tail -1 | awk '{print $2}')" != "tmpfs" -a -n "$TST_NEEDS_DEVICE" ]; then
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
index 1cc34ddda..71083efd8 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
@@ -52,39 +52,6 @@ setup()
fi
}
-# check_evmctl REQUIRED_TPM_VERSION
-# return: 0: evmctl is new enough, 1: version older than required (or version < v0.9)
-check_evmctl()
-{
- local required="$1"
-
- local r1="$(echo $required | cut -d. -f1)"
- local r2="$(echo $required | cut -d. -f2)"
- local r3="$(echo $required | cut -d. -f3)"
- [ -z "$r3" ] && r3=0
-
- tst_is_int "$r1" || tst_brk TBROK "required major version not int ($v1)"
- tst_is_int "$r2" || tst_brk TBROK "required minor version not int ($v2)"
- tst_is_int "$r3" || tst_brk TBROK "required patch version not int ($v3)"
-
- tst_check_cmds evmctl || return 1
-
- local v="$(evmctl --version | cut -d' ' -f2)"
- [ -z "$v" ] && return 1
- tst_res TINFO "evmctl version: $v"
-
- local v1="$(echo $v | cut -d. -f1)"
- local v2="$(echo $v | cut -d. -f2)"
- local v3="$(echo $v | cut -d. -f3)"
- [ -z "$v3" ] && v3=0
-
- if [ $v1 -lt $r1 ] || [ $v1 -eq $r1 -a $v2 -lt $r2 ] || \
- [ $v1 -eq $r1 -a $v2 -eq $r2 -a $v3 -lt $r3 ]; then
- return 1
- fi
- return 0
-}
-
# prints major version: 1: TPM 1.2, 2: TPM 2.0
# or nothing on TPM-bypass (no TPM device)
# WARNING: Detecting TPM 2.0 can fail due kernel not exporting TPM 2.0 files.
--
2.30.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] IMA/ima_keys.sh: Require evmctl 1.3.2
2021-03-16 15:05 [PATCH 1/2] IMA: Move check_evmctl to setup, add require_evmctl() Petr Vorel
@ 2021-03-16 15:06 ` Petr Vorel
2021-03-16 16:25 ` Lakshmi Ramasubramanian
2021-03-23 7:30 ` Petr Vorel
0 siblings, 2 replies; 4+ messages in thread
From: Petr Vorel @ 2021-03-16 15:06 UTC (permalink / raw)
To: ltp
Cc: Petr Vorel, Mimi Zohar, Lakshmi Ramasubramanian, Tushar Sugandhi,
linux-integrity
Test requires fix 19b77c8 ("ima-evm-utils: Fix reading of sigfile").
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
testcases/kernel/security/integrity/ima/tests/ima_keys.sh | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
index c9eef4b68..aba1711a5 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
@@ -92,7 +92,9 @@ test1()
# that the certificate is measured correctly by IMA.
test2()
{
- tst_require_cmds evmctl keyctl openssl
+ tst_require_cmds keyctl openssl
+
+ require_evmctl "1.3.2"
local cert_file="$TST_DATAROOT/x509_ima.der"
local keyring_name="key_import_test"
--
2.30.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] IMA/ima_keys.sh: Require evmctl 1.3.2
2021-03-16 15:06 ` [PATCH 2/2] IMA/ima_keys.sh: Require evmctl 1.3.2 Petr Vorel
@ 2021-03-16 16:25 ` Lakshmi Ramasubramanian
2021-03-23 7:30 ` Petr Vorel
1 sibling, 0 replies; 4+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-03-16 16:25 UTC (permalink / raw)
To: Petr Vorel, ltp; +Cc: Mimi Zohar, Tushar Sugandhi, linux-integrity
On 3/16/21 8:06 AM, Petr Vorel wrote:
> Test requires fix 19b77c8 ("ima-evm-utils: Fix reading of sigfile").
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> testcases/kernel/security/integrity/ima/tests/ima_keys.sh | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
> index c9eef4b68..aba1711a5 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
> @@ -92,7 +92,9 @@ test1()
> # that the certificate is measured correctly by IMA.
> test2()
> {
> - tst_require_cmds evmctl keyctl openssl
> + tst_require_cmds keyctl openssl
> +
> + require_evmctl "1.3.2"
>
> local cert_file="$TST_DATAROOT/x509_ima.der"
> local keyring_name="key_import_test"
>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
-lakshmi
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] IMA/ima_keys.sh: Require evmctl 1.3.2
2021-03-16 15:06 ` [PATCH 2/2] IMA/ima_keys.sh: Require evmctl 1.3.2 Petr Vorel
2021-03-16 16:25 ` Lakshmi Ramasubramanian
@ 2021-03-23 7:30 ` Petr Vorel
1 sibling, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2021-03-23 7:30 UTC (permalink / raw)
To: ltp; +Cc: Mimi Zohar, Lakshmi Ramasubramanian, Tushar Sugandhi, linux-integrity
Hi all,
> Test requires fix 19b77c8 ("ima-evm-utils: Fix reading of sigfile").
FYI patchset merged.
Kind regards,
Petr
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-23 7:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-16 15:05 [PATCH 1/2] IMA: Move check_evmctl to setup, add require_evmctl() Petr Vorel
2021-03-16 15:06 ` [PATCH 2/2] IMA/ima_keys.sh: Require evmctl 1.3.2 Petr Vorel
2021-03-16 16:25 ` Lakshmi Ramasubramanian
2021-03-23 7:30 ` Petr Vorel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).