added varOsInstall system test

added badVarInstall system test
2025-02-20 17:52:47 +00:00 · 2022-02-03 16:03:15 -05:00 · 2022-02-03 16:03:15 -05:00 · 39a95218e4
commit 39a95218e4
parent b0f85c0a3e
9 changed files with 109 additions and 5 deletions
--- a/.ci/system-tests/aca_policy_tests.sh
+++ b/.ci/system-tests/aca_policy_tests.sh
@ -8,7 +8,7 @@ totalTests=0;
 failedTests=0;

 # Start ACA Policy Tests
-# provision_tpm takes 1 parameter (the expected result): "pass" or "fail"
+# provisionTpm2 takes 1 parameter (the expected result): "pass" or "fail"

 writeToLogs "### ACA POLICY TEST 1: Test ACA default policy  ###"
 setPlatformCerts "laptop" "empty"
--- a/.ci/system-tests/container/rim_setup.sh
+++ b/.ci/system-tests/container/rim_setup.sh
@ -59,8 +59,8 @@ pushd $rimDir > /dev/null
  fi
 popd > /dev/null

-  echo "Contents of tcg swidtag folder $tcgDir/manifest/swidtag/ : $(ls $tcgDir/manifest/swidtag/)"
-  echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)"
+#  echo "Contents of tcg swidtag folder $tcgDir/manifest/swidtag/ : $(ls $tcgDir/manifest/swidtag/)"
+#  echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)"

 #Step 4, run the setpcr script to make the TPM emulator hold values that correspond the binary_bios_measurement file
 #     a: Check if a test specific setpcr.sh file exists. If not use the profiles default script
@ -68,6 +68,6 @@ if [[ ! -f $pcrScript ]]; then
    pcrScript="$testDir/"$profile"_default_setpcrs.sh"
 fi
 sh $pcrScript;
-tpm2_pcrlist -g sha256 
+#tpm2_pcrlist -g sha256 

 # Done with rim_setup
--- a/.ci/system-tests/platform_cert_tests.sh
+++ b/.ci/system-tests/platform_cert_tests.sh
@ -8,7 +8,7 @@ totalTests=0;
 failedTests=0;

 # Start ACA Platform Certificate Tests
-# provision_tpm takes 1 parameter (the expected result): "pass" or "fail"
+# provisionTpm2 takes 1 parameter (the expected result): "pass" or "fail"
 # Note that the aca_policy_tests have already run several Platform Certificate system tests

 writeToLogs "### ACA PLATFORM CERTIFICATE TEST 1: Test a delta Platform Certificate that adds a new memory component ###"
--- a/.ci/system-tests/profiles/laptop/varOsInstall/rims/laptop_varOsInstall_oem.1.rimel
+++ b/.ci/system-tests/profiles/laptop/varOsInstall/rims/laptop_varOsInstall_oem.1.rimel
--- a/.ci/system-tests/profiles/laptop/varOsInstall/rims/laptop_varOsInstall_var.1.rimel
+++ b/.ci/system-tests/profiles/laptop/varOsInstall/rims/laptop_varOsInstall_var.1.rimel
--- a/.ci/system-tests/profiles/laptop/varOsInstall/swidtags/laptop_varOsInstall_oem.1.swidtag
+++ b/.ci/system-tests/profiles/laptop/varOsInstall/swidtags/laptop_varOsInstall_oem.1.swidtag
@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Dell5580" patch="false" supplemental="false" tagId="hirs.swid.SwidTags.dell5580.oem" tagVersion="1" version="0.1" versionScheme="multipartnumeric" xml:lang="en">
+  <Entity name="OEM1" regid="www.example.com" role="softwareCreator tagCreator"/>
+  <Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
+  <Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="0.1" n8060:edition="0.1" n8060:product="Dell 5580" n8060:revision="0.1" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Dell Inc." rim:platformModel="Latitude 5580"/>
+  <Payload>
+    <Directory name="/boot/tcg/rim/support">
+      <File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="a1704e9cd5727c5429d16bc2829e2890aa358c59b4f3d2e191c3eaa751520ce8" name="dell5580_varOSInstall_oem.1.rimel" size="17569"/>
+    </Directory>
+  </Payload>
+  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+    <SignedInfo>
+      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+      <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <Reference URI="">
+        <Transforms>
+          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+        </Transforms>
+        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <DigestValue>YwIGXKSKuII5sXcCa9fcwU6kr7u6HwTYHp58jfPJ5ic=</DigestValue>
+      </Reference>
+    </SignedInfo>
+    <SignatureValue>KiCrZx3Pe//AJv97y9a7/APfNB24AWhOMvd4mcxPzMdkz7XEKvi93CWHqvGXmzoLthHwy6O6pPEO
+2vl8fgt8URZdx7FGRWNZMmOep91KsVvTnm64//BU+/4yvwvDSGwnDrZOWugeDYg8G+hAnVY/KFMb
+WM+pyND8K6Qw0HkIDh3iitk/luE2TElGNZEx30VUa/5W4DxL2NYPMlquJYD4nZorqU/uEpSo2HED
+T7qF9UV5tJWnrOclJH7DkCy/b1u+mcxmjfRmRemwBUHS3bbG11prgLwTMvV5jYJnDct+O/mc7CF3
+X0DP//wO4qziqK04kXLPZewB1wD2zknM35hORw==</SignatureValue>
+    <KeyInfo>
+      <KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
+      <KeyValue>
+        <RSAKeyValue>
+          <Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
+xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
+dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
+otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
+jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
+          <Exponent>AQAB</Exponent>
+        </RSAKeyValue>
+      </KeyValue>
+    </KeyInfo>
+  </Signature>
+</SoftwareIdentity>
--- a/.ci/system-tests/profiles/laptop/varOsInstall/swidtags/laptop_varOsInstall_var.1.swidtag
+++ b/.ci/system-tests/profiles/laptop/varOsInstall/swidtags/laptop_varOsInstall_var.1.swidtag
@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Dell5580" patch="false" supplemental="true" tagId="hirs.swid.SwidTags.dell5580.var" tagVersion="1" version="0.1" xml:lang="en">
+  <Entity name="VAR1" regid="www.example.com" role="softwareCreator tagCreator"/>
+  <Link href="hirs.swid.SwidTags.dell5580.oem" rel="requires"/>
+  <Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="0.1" n8060:edition="0.1" n8060:product="Dell 5580" n8060:revision="0.1" rim:BindingSpec="PC Client RIM" rim:BindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Dell Inc." rim:platformModel="Latitude 5580" rim:rimLinkHash="4Jocgla7QhDNd0Fs+nDfBUTLQsltTgd6Yob5ChlDg74="/>
+  <Payload>
+    <Directory name="/boot/tcg/rim/support">
+      <File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="aad27380fa51f42130057cdc524f16da3e5cd959a59fc2b3574470069b95a15e" name="dell5580_varOSInstall_var.1.rimel" size="2613"/>
+    </Directory>
+  </Payload>
+  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+    <SignedInfo>
+      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+      <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+      <Reference URI="">
+        <Transforms>
+          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+        </Transforms>
+        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+        <DigestValue>F5FruNNKqjgKSP6BOF7YUaBs9dSN8+HnYdpuYoBSWF8=</DigestValue>
+      </Reference>
+    </SignedInfo>
+    <SignatureValue>mXABBSi1haZdZZKg3OzdaLi0jZFp0A78YmFqMtaTdSTNBI/xwrzy1rIIdEc7JWqy5emAcfr2abgc
+4AgOIkmcJgYD8AECcmWVloANi7uT03l4e4FMVmDL8l/Cu/93yt/+5MJeWcu3HQvwbIPkYqOqXTNu
+kWVvLr8KG0v42t+TRn38O1+EDGwHlDL/705SYZwvNP12Z7+b7FKizUisn5WZC77mzJ1/9m49aiqn
+mqf56NxmHuA3uhFShfjaIwoljWVLDCt3/fkrM9WSsk3tX7c8g+QhKn4ygqiMn7gI48HH0PGbbA5q
+mg5c9Farqs0mbGR4WTvXjXioSFV5NYkcdoFfmQ==</SignatureValue>
+    <KeyInfo>
+      <KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
+      <KeyValue>
+        <RSAKeyValue>
+          <Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
+xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
+dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
+otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
+jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
+          <Exponent>AQAB</Exponent>
+        </RSAKeyValue>
+      </KeyValue>
+    </KeyInfo>
+  </Signature>
+</SoftwareIdentity>
--- a/.ci/system-tests/rim_system_tests.sh
+++ b/.ci/system-tests/rim_system_tests.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+#########################################################################################
+#    HIRS Reference Integrity Manifest System Tests
+#
+#########################################################################################
+testResult=false
+totalTests=0;
+failedTests=0;
+
+# Start ACA Reference Integrity Manifest Tests
+# provisionTpm2 takes 1 parameter (the expected result): "pass" or "fail"
+# Note that the aca_policy_tests have already run several RIM system tests
+
+writeToLogs "### ACA RIM TEST 1: Test a RIM from an OEM and a Supplemental RIM from a VAR ###"
+clearAcaDb
+uploadTrustedCerts
+setPolicyEkPcFw
+setPlatformCerts "laptop" "varOsInstall"
+provisionTpm2 "pass"
--- a/.ci/system-tests/run_system_tests.sh
+++ b/.ci/system-tests/run_system_tests.sh
@ -38,6 +38,7 @@ echo "******** Setup Complete Begin HIRS System Tests ******** "

 source aca_policy_tests.sh
 source platform_cert_tests.sh
+source rim_system_tests.sh


 echo "******** HIRS System Tests Complete ******** "