HIRS/.ci/setup/container/setup_tpm2provisioner_dotnet.sh

#!/bin/bash
#########################################################################################
#  Script to setup the TPM Provisioner.NET for System Tests
#########################################################################################

# Setting configurations
. ./.ci/docker/.env

set -a

set -e
echo "*** Setting up TPM emulator for the TPM2 Provisioner *** "

# Wait for ACA to boot
echo "*** Waiting for ACA to spin up at address ${HIRS_ACA_PORTAL_IP} on port ${HIRS_ACA_PORTAL_PORT} ..."
  until [ "`curl --silent -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep 'HTTP/1.1 200'`" != "" ]; do
    sleep 1;
  done
  echo "*** ACA is up!"

## Un-package Provisioner.NET RPM
yes | dnf install HIRS_Provisioner.NET/hirs/bin/Release/net6.0/linux-x64/HIRS_Provisioner.NET.2.2.0.linux-x64.rpm -y > /dev/null

# Initiate startup for IBMTSS Tools
pushd /ibmtss/utils
tpm2_startup -T mssim -c &
sleep 5
tpm2_nvdefine -T mssim -C o -a 0x2000A -s $(cat /hirs/.ci/setup/certs/ek_cert.der | wc -c) 0x1c00002
tpm2_nvwrite -T mssim -C o -i /hirs/.ci/setup/certs/ek_cert.der 0x1c00002
popd

# Writing to Provisioner.Net configurations file for modified aca port and efi prefix
cat <<APPSETTINGS_FILE > /usr/share/hirs/appsettings.json
{
  "auto_detect_tpm":  "TRUE",
  "aca_address_port": "https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}",
  "efi_prefix": "/ci_test/boot/efi",
  "paccor_output_file": "",
  "event_log_file":  "",
  "hardware_manifest_collectors": "paccor_scripts",

  "Serilog": {
    "Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],
    "Enrich": [ "FromLogContext", "WithMachineName", "WithProcessId", "WithThreadId" ],
    "MinimumLevel": {
      "Default": "Debug",
      "Override": {
        "Microsoft": "Warning",
        "System": "Warning"
      }
    },
    "WriteTo": [
      {
        "Name": "Console",
        "Args": {
          "outputTemplate": "{Message}{NewLine}",
          "theme": "Serilog.Sinks.SystemConsole.Themes.SystemConsoleTheme::Grayscale, Serilog.Sinks.Console",
          "restrictedToMinimumLevel": "Information"
        }
      },
      {
        "Name": "File",
        "Args": {
          "path": "hirs.log",
          "rollingInterval": "Day",
          "retainedFileCountLimit": 5
        }
      }
    ]
  }
}
APPSETTINGS_FILE
cp /usr/share/hirs/appsettings.json /usr/share/hirs/appsettings_default.json
cat <<APPSETTINGS_FILE_HW > /usr/share/hirs/appsettings_hw.json
{
  "auto_detect_tpm":  "TRUE",
  "aca_address_port": "https://172.19.0.2:8443",
  "efi_prefix": "/ci_test/boot/efi",
  "paccor_output_file": "/ci_test/hw.json",
  "event_log_file":  "/ci_test/binary_bios_measurements",
  "hardware_manifest_collectors": "",
  "linux_bios_vendor_file": "/ci_test/dmi/id/bios_vendor",
  "linux_bios_version_file": "/ci_test/dmi/id/bios_version",
  "linux_bios_date_file": "/ci_test/dmi/id/bios_date",
  "linux_sys_vendor_file": "/ci_test/dmi/id/sys_vendor",
  "linux_product_name_file": "/ci_test/dmi/id/product_name",
  "linux_product_version_file": "/ci_test/dmi/id/product_version",
  "linux_product_serial_file": "/ci_test/dmi/id/product_serial",

  "Serilog": {
    "Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],
    "Enrich": [ "FromLogContext", "WithMachineName", "WithProcessId", "WithThreadId" ],
    "MinimumLevel": {
      "Default": "Debug",
      "Override": {
        "Microsoft": "Warning",
        "System": "Warning"
      }
    },
    "WriteTo": [
      {
        "Name": "Console",
        "Args": {
          "outputTemplate": "{Message}{NewLine}",
          "theme": "Serilog.Sinks.SystemConsole.Themes.SystemConsoleTheme::Grayscale, Serilog.Sinks.Console",
          "restrictedToMinimumLevel": "Information"
        }
      },
      {
        "Name": "File",
        "Args": {
          "path": "hirs.log",
          "rollingInterval": "Day",
          "retainedFileCountLimit": 5
        }
      }
    ]
  }
}
APPSETTINGS_FILE_HW

# Triggering a single provision for test
echo "==========="
echo "*** INITIAL TEST: Single Provision with Default Policy:"
echo "==========="
/usr/share/hirs/tpm_aca_provision --tcp --ip 127.0.0.1:2321 --sim
Adding system test for provision using Provisioner.NET (#748) * Adding run script, Dockerfile, and container setup script for provisioning with TPM Simulator and Provisioner.Net * Replacing Docker container setup script with Docker Compose .yml file with respective configurations in related files * Adding system_test.yml for GitHub actions to run system tests upon V3 branch pushes. Modifying related files accordingly * Replacing V2 ACA with V3 ACA built from Rocky 9 2024-05-01 18:20:51 +00:00			`#!/bin/bash`
			`#########################################################################################`
			`# Script to setup the TPM Provisioner.NET for System Tests`
			`#########################################################################################`

			`# Setting configurations`
			`. ./.ci/docker/.env`

			`set -a`

			`set -e`
			`echo "* Setting up TPM emulator for the TPM2 Provisioner * "`

			`# Wait for ACA to boot`
			`echo "*** Waiting for ACA to spin up at address ${HIRS_ACA_PORTAL_IP} on port ${HIRS_ACA_PORTAL_PORT} ..."`
			until [ "`curl --silent -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal \| grep 'HTTP/1.1 200'`" != "" ]; do
			`sleep 1;`
			`done`
			`echo "*** ACA is up!"`

[#775] Adding Policy Tests to V3 (#776) * Adding ACA Policy tests with modifications to related files * Separating the system tests setup from the tests themselves + Splitting up ACA Policy Tests into different steps in workflow file * Creating separate script for setting up system tests in workflow, and one script for running system tests locally. Adding details to system test steps. 2024-06-07 10:28:25 +00:00			`## Un-package Provisioner.NET RPM`
			`yes \| dnf install HIRS_Provisioner.NET/hirs/bin/Release/net6.0/linux-x64/HIRS_Provisioner.NET.2.2.0.linux-x64.rpm -y > /dev/null`
Adding system test for provision using Provisioner.NET (#748) * Adding run script, Dockerfile, and container setup script for provisioning with TPM Simulator and Provisioner.Net * Replacing Docker container setup script with Docker Compose .yml file with respective configurations in related files * Adding system_test.yml for GitHub actions to run system tests upon V3 branch pushes. Modifying related files accordingly * Replacing V2 ACA with V3 ACA built from Rocky 9 2024-05-01 18:20:51 +00:00
[#775] Adding Policy Tests to V3 (#776) * Adding ACA Policy tests with modifications to related files * Separating the system tests setup from the tests themselves + Splitting up ACA Policy Tests into different steps in workflow file * Creating separate script for setting up system tests in workflow, and one script for running system tests locally. Adding details to system test steps. 2024-06-07 10:28:25 +00:00			`# Initiate startup for IBMTSS Tools`
			`pushd /ibmtss/utils`
			`tpm2_startup -T mssim -c &`
			`sleep 5`
			`tpm2_nvdefine -T mssim -C o -a 0x2000A -s $(cat /hirs/.ci/setup/certs/ek_cert.der \| wc -c) 0x1c00002`
			`tpm2_nvwrite -T mssim -C o -i /hirs/.ci/setup/certs/ek_cert.der 0x1c00002`
			`popd`
Adding system test for provision using Provisioner.NET (#748) * Adding run script, Dockerfile, and container setup script for provisioning with TPM Simulator and Provisioner.Net * Replacing Docker container setup script with Docker Compose .yml file with respective configurations in related files * Adding system_test.yml for GitHub actions to run system tests upon V3 branch pushes. Modifying related files accordingly * Replacing V2 ACA with V3 ACA built from Rocky 9 2024-05-01 18:20:51 +00:00
			`# Writing to Provisioner.Net configurations file for modified aca port and efi prefix`
			`cat <<APPSETTINGS_FILE > /usr/share/hirs/appsettings.json`
			`{`
			`"auto_detect_tpm": "TRUE",`
			`"aca_address_port": "https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}",`
[#775] Adding Policy Tests to V3 (#776) * Adding ACA Policy tests with modifications to related files * Separating the system tests setup from the tests themselves + Splitting up ACA Policy Tests into different steps in workflow file * Creating separate script for setting up system tests in workflow, and one script for running system tests locally. Adding details to system test steps. 2024-06-07 10:28:25 +00:00			`"efi_prefix": "/ci_test/boot/efi",`
Adding system test for provision using Provisioner.NET (#748) * Adding run script, Dockerfile, and container setup script for provisioning with TPM Simulator and Provisioner.Net * Replacing Docker container setup script with Docker Compose .yml file with respective configurations in related files * Adding system_test.yml for GitHub actions to run system tests upon V3 branch pushes. Modifying related files accordingly * Replacing V2 ACA with V3 ACA built from Rocky 9 2024-05-01 18:20:51 +00:00			`"paccor_output_file": "",`
			`"event_log_file": "",`
			`"hardware_manifest_collectors": "paccor_scripts",`

			`"Serilog": {`
			`"Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],`
			`"Enrich": [ "FromLogContext", "WithMachineName", "WithProcessId", "WithThreadId" ],`
			`"MinimumLevel": {`
			`"Default": "Debug",`
			`"Override": {`
			`"Microsoft": "Warning",`
			`"System": "Warning"`
			`}`
			`},`
			`"WriteTo": [`
			`{`
			`"Name": "Console",`
			`"Args": {`
			`"outputTemplate": "{Message}{NewLine}",`
			`"theme": "Serilog.Sinks.SystemConsole.Themes.SystemConsoleTheme::Grayscale, Serilog.Sinks.Console",`
			`"restrictedToMinimumLevel": "Information"`
			`}`
			`},`
			`{`
			`"Name": "File",`
			`"Args": {`
			`"path": "hirs.log",`
			`"rollingInterval": "Day",`
			`"retainedFileCountLimit": 5`
			`}`
			`}`
			`]`
			`}`
			`}`
			`APPSETTINGS_FILE`
[#775] Adding Policy Tests to V3 (#776) * Adding ACA Policy tests with modifications to related files * Separating the system tests setup from the tests themselves + Splitting up ACA Policy Tests into different steps in workflow file * Creating separate script for setting up system tests in workflow, and one script for running system tests locally. Adding details to system test steps. 2024-06-07 10:28:25 +00:00			`cp /usr/share/hirs/appsettings.json /usr/share/hirs/appsettings_default.json`
			`cat <<APPSETTINGS_FILE_HW > /usr/share/hirs/appsettings_hw.json`
			`{`
			`"auto_detect_tpm": "TRUE",`
			`"aca_address_port": "https://172.19.0.2:8443",`
			`"efi_prefix": "/ci_test/boot/efi",`
			`"paccor_output_file": "/ci_test/hw.json",`
			`"event_log_file": "/ci_test/binary_bios_measurements",`
			`"hardware_manifest_collectors": "",`
			`"linux_bios_vendor_file": "/ci_test/dmi/id/bios_vendor",`
			`"linux_bios_version_file": "/ci_test/dmi/id/bios_version",`
			`"linux_bios_date_file": "/ci_test/dmi/id/bios_date",`
			`"linux_sys_vendor_file": "/ci_test/dmi/id/sys_vendor",`
			`"linux_product_name_file": "/ci_test/dmi/id/product_name",`
			`"linux_product_version_file": "/ci_test/dmi/id/product_version",`
			`"linux_product_serial_file": "/ci_test/dmi/id/product_serial",`
Adding system test for provision using Provisioner.NET (#748) * Adding run script, Dockerfile, and container setup script for provisioning with TPM Simulator and Provisioner.Net * Replacing Docker container setup script with Docker Compose .yml file with respective configurations in related files * Adding system_test.yml for GitHub actions to run system tests upon V3 branch pushes. Modifying related files accordingly * Replacing V2 ACA with V3 ACA built from Rocky 9 2024-05-01 18:20:51 +00:00
[#775] Adding Policy Tests to V3 (#776) * Adding ACA Policy tests with modifications to related files * Separating the system tests setup from the tests themselves + Splitting up ACA Policy Tests into different steps in workflow file * Creating separate script for setting up system tests in workflow, and one script for running system tests locally. Adding details to system test steps. 2024-06-07 10:28:25 +00:00			`"Serilog": {`
			`"Using": [ "Serilog.Sinks.Console", "Serilog.Sinks.File" ],`
			`"Enrich": [ "FromLogContext", "WithMachineName", "WithProcessId", "WithThreadId" ],`
			`"MinimumLevel": {`
			`"Default": "Debug",`
			`"Override": {`
			`"Microsoft": "Warning",`
			`"System": "Warning"`
			`}`
			`},`
			`"WriteTo": [`
			`{`
			`"Name": "Console",`
			`"Args": {`
			`"outputTemplate": "{Message}{NewLine}",`
			`"theme": "Serilog.Sinks.SystemConsole.Themes.SystemConsoleTheme::Grayscale, Serilog.Sinks.Console",`
			`"restrictedToMinimumLevel": "Information"`
			`}`
			`},`
			`{`
			`"Name": "File",`
			`"Args": {`
			`"path": "hirs.log",`
			`"rollingInterval": "Day",`
			`"retainedFileCountLimit": 5`
			`}`
			`}`
			`]`
			`}`
			`}`
			`APPSETTINGS_FILE_HW`
Adding system test for provision using Provisioner.NET (#748) * Adding run script, Dockerfile, and container setup script for provisioning with TPM Simulator and Provisioner.Net * Replacing Docker container setup script with Docker Compose .yml file with respective configurations in related files * Adding system_test.yml for GitHub actions to run system tests upon V3 branch pushes. Modifying related files accordingly * Replacing V2 ACA with V3 ACA built from Rocky 9 2024-05-01 18:20:51 +00:00
[#775] Adding Policy Tests to V3 (#776) * Adding ACA Policy tests with modifications to related files * Separating the system tests setup from the tests themselves + Splitting up ACA Policy Tests into different steps in workflow file * Creating separate script for setting up system tests in workflow, and one script for running system tests locally. Adding details to system test steps. 2024-06-07 10:28:25 +00:00			`# Triggering a single provision for test`
			`echo "==========="`
			`echo "*** INITIAL TEST: Single Provision with Default Policy:"`
			`echo "==========="`
			`/usr/share/hirs/tpm_aca_provision --tcp --ip 127.0.0.1:2321 --sim`