Create initial system test for Base/Delta Platform Certificates (#170)

* Add creation of bad base platform certificate.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Updated script to add faulty components to bad base certificate.

* Updated addFaultyComponents script.

* Add Base/Delta system tests to .travis.yml

* Disable unit tests to decrease CI time.

* Cleaned up code.

* Cleaned up code.

* Delete system_test_Driver.py

.ci/docker/docker-compose-tpm2-base-delta.yml

@@ -0,0 +1,57 @@
+---
+# Run YAML Lint to verify this file prior to check-in.
+
+version: "3.1"
+
+services:
+   aca:
+      image: hirs/hirs-ci:aca
+      container_name: hirs-aca
+      volumes:
+         - ../../:/HIRS
+      ports:
+         - "${HIRS_ACA_PORTAL_PORT}:${HIRS_ACA_PORTAL_CONTAINER_PORT}"
+      entrypoint: /bin/bash -c
+      command: [HIRS/.ci/setup/setup-aca.sh]
+      hostname: ${HIRS_ACA_HOSTNAME}
+      networks:
+         hirs_aca_system_tests:
+            ipv4_address: ${HIRS_ACA_PORTAL_IP}
+            aliases:
+               - ${HIRS_ACA_HOSTNAME}
+
+   tpm2provisioner:
+      image: hirs/hirs-ci:tpm2provisioner
+      container_name: hirs-aca-provisioner-tpm2
+      depends_on:
+         - aca
+      volumes:
+         - ../../:/HIRS
+      entrypoint: /bin/bash -c
+      command: [HIRS/.ci/setup/setup-tpm2provisioner-base-delta.sh;
+                HIRS/.ci/system-tests/systems-test-centos7-tpm2-base-delta.sh]
+      devices:
+         - "/dev/mem:/dev/mem"
+      cap_add:
+         - sys_rawio
+      networks:
+         hirs_aca_system_tests:
+            ipv4_address: ${HIRS_ACA_PROVISIONER_TPM2_IP}
+      environment:
+         - HIRS_ACA_PROVISIONER_TPM2_IP=${HIRS_ACA_PROVISIONER_TPM2_IP}
+         - TPM_ENABLED=${TPM_ENABLED}
+         - IMA_ENABLED=${IMA_ENABLED}
+         - HIRS_ACA_PORTAL_IP=${HIRS_ACA_PORTAL_IP}
+         - HIRS_ACA_PORTAL_PORT=${HIRS_ACA_PORTAL_PORT}
+         - HIRS_BROKER_PORT=${HIRS_BROKER_PORT}
+         - HIRS_ACA_PORTAL_CONTAINER_PORT=${HIRS_ACA_PORTAL_CONTAINER_PORT}
+         - HIRS_ACA_HOSTNAME=${HIRS_ACA_HOSTNAME}
+         - HIRS_SUBNET=${HIRS_SUBNET}
+
+networks:
+   hirs_aca_system_tests:
+      driver: bridge
+      ipam:
+         driver: default
+         config:
+            - subnet: ${HIRS_SUBNET}

.ci/setup/addFaultyComponents.py

@@ -0,0 +1,28 @@
+# Add faulty components to the PACCOR generated JSON componentsFile.
+# This will be used to create a bad platform certificate.
+# Will not need this once PACCOR supports generation of faulty components.
+
+import json
+
+print("Adding Faulty components...")
+
+try:
+	nicComponent = '00090002'
+	pc_dir = '/var/hirs/pc_generation/'
+
+	with open(pc_dir + "componentsFile", "r") as f:
+
+		data = json.load(f)
+		print(data)
+		components = data['COMPONENTS']
+		for component in components:
+			if component['COMPONENTCLASS']['COMPONENTCLASSVALUE'] == nicComponent:
+				print("Creating FAULTY component for: " + component['MODEL'])
+				component['MODEL'] += "-FAULTY"
+				print("New JSON value: " + component['MODEL'])
+
+	with open(pc_dir + "badComponentsFile", 'w') as outfile:
+		json.dump(data, outfile)
+
+except Exception:
+    print("=== ERROR generating badComponentsFile ===")

.ci/setup/setup-tpm2provisioner-base-delta.sh

@@ -0,0 +1,157 @@
+#!/bin/bash
+
+# Script to setup the TPM2 Provisioner Docker Image for Integration Tests
+set -e
+
+# Wait for ACA to boot
+echo "Waiting for ACA to spin up..."
+until [ "`curl --silent --connect-timeout 1 -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep '302 Found'`" != "" ]; do
+  :
+done
+echo "ACA is up!"
+
+# Function to install TPM2 Provisioner packages.
+function InstallProvisioner {
+	echo "===========Installing TPM2 Provisioner Packages...==========="
+
+	pushd /HIRS
+	if [ ! -d package/rpm/RPMS ]; then
+    	./package/package.centos.sh
+	fi
+	yum install -y package/rpm/RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.el7.x86_64.rpm
+	popd
+}
+
+# Function to initialize the TPM2 Emulator with a bad base certificate
+function InitTpm2Emulator {
+	echo "===========Initializing TPM2 Emulator with bad base certificate...==========="
+
+	mkdir -p /var/run/dbus
+	if [ -e /var/run/dbus/pid ]; then
+	  rm /var/run/dbus/pid
+	fi
+
+	if [ -e /var/run/dbus/system_bus_socket ]; then
+	  rm /var/run/dbus/system_bus_socket
+	fi
+
+	# Start the DBus
+	dbus-daemon --fork --system
+	echo "DBus started"
+
+	# Give DBus time to start up
+	sleep 5
+
+	/ibmtpm/src/./tpm_server &
+	echo "TPM Emulator started"
+
+	tpm2-abrmd -t socket &
+	echo "TPM2-Abrmd started"
+
+	# Give ABRMD time to start and register on the DBus
+	sleep 5
+
+	# EK and PC Certificate
+	ek_cert_der="/HIRS/.ci/setup/certs/ek_cert.der"
+	platform_cert="badPlatformCertificate.der"
+
+    echo "Creating Bad Base Platform Cert..."
+    PC_DIR=/var/hirs/pc_generation
+    mkdir -p $PC_DIR
+	/opt/paccor/scripts/allcomponents.sh > $PC_DIR/componentsFile
+	echo
+    echo "PACCOR generated components file:"
+    cat $PC_DIR/componentsFile
+
+    #Add bad components and create badComponentsFile used below
+    python /HIRS/.ci/setup/addFaultyComponents.py
+	/opt/paccor/scripts/referenceoptions.sh > $PC_DIR/optionsFile
+	/opt/paccor/scripts/otherextensions.sh > $PC_DIR/extensionsFile
+	/opt/paccor/bin/observer -c $PC_DIR/badComponentsFile -p $PC_DIR/optionsFile -e $ek_cert_der -f $PC_DIR/observerFile
+	/opt/paccor/bin/signer -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/setup/certs/ca.key -P /HIRS/.ci/setup/certs/ca.crt -f $PC_DIR/$platform_cert
+
+    echo
+    echo "Generated bad components file:"
+    cat $PC_DIR/badComponentsFile
+
+	if tpm2_nvlist | grep -q 0x1c00002; then
+	  echo "Released NVRAM for EK."
+	  tpm2_nvrelease -x 0x1c00002 -a 0x40000001
+	fi
+
+	# Define nvram space to enable loading of EK cert (-x NV Index, -a handle to
+	# authorize [0x40000001 = ownerAuth handle], -s size [defaults to 2048], -t
+	# specifies attribute value in publicInfo struct
+	# [0x2000A = ownerread|ownerwrite|policywrite])
+	size=$(cat $ek_cert_der | wc -c)
+	echo "Define NVRAM location for EK cert of size $size."
+	tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size
+
+	# Load key into TPM nvram
+	echo "Loading EK cert $ek_cert_der into NVRAM."
+	tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der
+
+	if tpm2_nvlist | grep -q 0x1c90000; then
+	  echo "Released NVRAM for PC."
+	  tpm2_nvrelease -x 0x1c90000 -a 0x40000001
+	fi
+
+	# Store the platform certificate in the TPM's NVRAM
+	size=$(cat $PC_DIR/$platform_cert | wc -c)
+	echo "Define NVRAM location for PC cert of size $size."
+	tpm2_nvdefine -x 0x1c90000 -a 0x40000001 -t 0x2000A -s $size
+
+	echo "Loading PC cert $PC_DIR/$platform_cert into NVRAM."
+	tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$platform_cert
+
+	echo "===========TPM2 Emulator Initialization Complete!==========="
+
+	# Set Logging to INFO Level
+	sed -i "s/WARN/INFO/" /etc/hirs/TPM2_Provisioner/log4cplus_config.ini
+}
+
+# Function to update the hirs-site.config file
+function UpdateHirsSiteConfigFile {
+	HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config"
+
+	echo ""
+	echo "===========Updating ${HIRS_SITE_CONFIG}, using values from /HIRS/.ci/docker/.env file...==========="
+	cat /HIRS/.ci/docker/.env
+
+	cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG
+#*******************************************
+#* HIRS site configuration properties file
+#*******************************************
+CLIENT_HOSTNAME=${HIRS_ACA_PROVISIONER_TPM2_IP}
+TPM_ENABLED=${TPM_ENABLED}
+IMA_ENABLED=${IMA_ENABLED}
+
+# Site-specific configuration
+ATTESTATION_CA_FQDN=${HIRS_ACA_HOSTNAME}
+ATTESTATION_CA_PORT=${HIRS_ACA_PORTAL_PORT}
+BROKER_FQDN=${HIRS_ACA_PORTAL_IP}
+BROKER_PORT=${HIRS_BROKER_PORT}
+PORTAL_FQDN=${HIRS_ACA_PORTAL_IP}
+PORTAL_PORT=${HIRS_ACA_PORTAL_PORT}
+
+DEFAULT_SITE_CONFIG_FILE
+
+ echo "===========New HIRS Config File==========="
+ cat /etc/hirs/hirs-site.config
+}
+
+# Install packages
+InstallProvisioner
+
+# Install TPM2 Emulator
+InitTpm2Emulator
+
+# Update the hirs-site.config file
+UpdateHirsSiteConfigFile
+
+echo ""
+echo "TPM2 Emulator NV RAM list"
+tpm2_nvlist
+
+echo ""
+echo "===========HIRS ACA TPM2 Provisioner Setup Complete!==========="

.ci/setup/setup-tpm2provisioner.sh

@@ -78,7 +78,7 @@ function InitTpm2Emulator {
 	tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size
 
 	# Load key into TPM nvram
-	echo "Loading EK cert into NVRAM."
+	echo "Loading EK cert $ek_cert_der into NVRAM."
 	tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der
 
 	if tpm2_nvlist | grep -q 0x1c90000; then
@@ -91,7 +91,7 @@ function InitTpm2Emulator {
 	echo "Define NVRAM location for PC cert of size $size."
 	tpm2_nvdefine -x 0x1c90000 -a 0x40000001 -t 0x2000A -s $size
 
-	echo "Loading PC cert into NVRAM."
+	echo "Loading PC cert $PC_DIR/$platform_cert into NVRAM."
 	tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$platform_cert
 
 	echo "===========TPM2 Emulator Initialization Complete!==========="
@@ -139,5 +139,9 @@ InitTpm2Emulator
 # Update the hirs-site.config file
 UpdateHirsSiteConfigFile
 
+echo ""
+echo "TPM2 Emulator NV RAM list"
+tpm2_nvlist
+
 echo ""
 echo "===========HIRS ACA TPM2 Provisioner Setup Complete!==========="

.ci/system-tests/run-system-tests-tpm2-base-delta.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# Script to run the System Tests for HIRS TPM 2.0 Provisioner
+
+set -e
+
+echo ""
+echo "System Tests Starting..."
+echo ""
+
+# Start System Testing Docker Environment
+cd .ci/docker
+
+docker-compose -f docker-compose-tpm2-base-delta.yml up -d
+
+tpm2_container_id="$(docker ps -aqf "name=hirs-aca-provisioner-tpm2")"
+echo "TPM2 Container ID: $tpm2_container_id"
+
+tpm2_container_status="$(docker inspect $tpm2_container_id --format='{{.State.Status}}')"
+echo "TPM2 Container Status: $tpm2_container_status"
+
+while [[ $tpm2_container_status == "running" ]]
+do
+  sleep 20
+
+  # Add status message, so Travis will not time out.
+  # It may timeout if it hasn't received output for more than 10 minutes.
+  echo "Still running tests, please wait..."
+
+  tpm2_container_status="$(docker inspect $tpm2_container_id --format='{{.State.Status}}')"
+done
+
+# Store container exit code
+tpm2_container_exit_code="$(docker inspect $tpm2_container_id --format='{{.State.ExitCode}}')"
+echo "TPM2 Container Exit Code: $tpm2_container_exit_code"
+
+# Display container log
+echo ""
+echo "===========hirs-aca-provisioner-tpm2 System Tests Log:==========="
+docker logs $tpm2_container_id
+
+echo ""
+echo "End of TPM 2.0 System Tests, cleaning up..."
+echo ""
+# Clean up services and network
+docker-compose down
+
+# Clean up dangling containers
+echo "Cleaning up dangling containers..."
+echo ""
+docker ps -a
+echo ""
+docker container prune --force
+echo ""
+
+# Return container exit code
+if [[ $tpm2_container_exit_code == 0 ]]
+then
+    echo "SUCCESS: TPM 2.0 System tests passed"
+    exit 0
+fi
+
+echo "ERROR: System tests failed"
+exit 1

.ci/system-tests/system_test.py

@@ -49,8 +49,10 @@ HIRS_ATTESTATION_CA_PORTAL_URL = "https://" + \
 	"/HIRS_AttestationCAPortal/"
 TEST_LOG_FILE = os.environ.get('TEST_LOG')
 LOG_LEVEL = os.environ.get('LOG_LEVEL')
+
 CA_CERT_LOCATION = "/HIRS/.ci/setup/certs/ca.crt"
 EK_CA_CERT_LOCATION = "/HIRS/.ci/setup/certs/ek_cert.der"
+BAD_BASE_PC_CERT_LOCATION = "/var/hirs/pc_generation/badPlatformCertificate.der"
 USB_STORAGE_FILE_HASH = "e164c378ceb45a62642730be5eb3169a6bfc2d6d"
 USB_STORAGE_FILE_HASH_2 = "e164c378ceb45a62642730be5eb3169a6bfc1234"
 FORMAT = "%(asctime)-15s %(message)s"
@@ -73,7 +75,6 @@ class SystemTest(unittest.TestCase):
 
 	def setUp(self):
 		"""Set the systems tests state up for testing"""
-#         Portal.set_group_appraisal_wait_setting()
         AcaPortal.disable_supply_chain_validations()
 
 	def tearDown(self):
@@ -595,12 +596,15 @@ class SystemTest(unittest.TestCase):
 # 		self.assertTrue(run_hirs_report(CLIENT))
 # 		self.assertEqual(Portal.get_alert_count_from_latest_report(), 0)
 
+	@collectors(['TPM'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_12_attestation_ca_portal_online(self):
 		"""Test that the Attestation CA Portal is online and accessible by making a GET request.
 		    If not online, an exception will be raised since the response code is non-200"""
 		logging.info("*****************beginning of attestation ca portal online test *****************")
 	 	AcaPortal.check_is_online()
 
+	@collectors(['TPM'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_13_tpm2_initial_provision(self):
 		"""Test that running the tpm2 hirs provisioner works"""
@@ -609,6 +613,8 @@ class SystemTest(unittest.TestCase):
  		provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
        	print("Initial provisioner run output: {0}".format(provisioner_out))
 
+	@collectors(['TPM'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_14_device_info_report_stored_after_provisioning(self):
 		"""Test that running the hirs provisioner results in storing a device info report for
 			the device in the DB"""
@@ -617,6 +623,7 @@ class SystemTest(unittest.TestCase):
  		aca_portal_devices = AcaPortal.get_devices()
 		self.assertEqual(aca_portal_devices['recordsTotal'], 1)
 
+	@collectors(['TPM'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_15_supply_chain_validation_summary_stored_after_second_provisioning(self):
 		"""Test that running the hirs provisioner, a second time, results in storing a supply chain validation
@@ -645,6 +652,7 @@ class SystemTest(unittest.TestCase):
 		devices = AcaPortal.get_devices()
 		self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
 
+	@collectors(['TPM'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_16_ek_info_report(self):
 		"""Test that running the hirs provisioner results in storing EK certs info report for
@@ -655,6 +663,7 @@ class SystemTest(unittest.TestCase):
 		self.assertEqual(cert_list['recordsTotal'], 1)
 		self.assertEqual(cert_list['data'][0]['credentialType'], "TCPA Trusted Platform Module Endorsement")
 
+ 	@collectors(['TPM'], COLLECTOR_LIST)
  	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_17_pk_info_report(self):
 		"""Test that running the hirs provisioner results in storing PK certs info report for
@@ -665,6 +674,7 @@ class SystemTest(unittest.TestCase):
 		self.assertEqual(cert_list['recordsTotal'], 1)
 		self.assertEqual(cert_list['data'][0]['credentialType'], "TCG Trusted Platform Endorsement")
 
+	@collectors(['TPM'], COLLECTOR_LIST)
 	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
 	def test_18_trust_chain_info_report(self):
 		"""Test that running the hirs provisioner results in storing trust chains info report for
@@ -674,6 +684,98 @@ class SystemTest(unittest.TestCase):
 		trust_chain_list = AcaPortal.get_trust_chains()
 		self.assertEqual(trust_chain_list['recordsTotal'], 1)
 
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A1_base_delta(self):
+		"""Test Base/Delta Certificates A1 - Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)"""
+		logging.info("*****************test_19_A1 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A2_base_delta(self):
+		"""Test Base/Delta Certificates A2 - Provisioning with Good Base Platform Cert Base and 1 Delta Cert"""
+		logging.info("*****************test_19_A2 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform Cert Base and 1 Delta Cert")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A3_base_delta(self):
+		"""Test Base/Delta Certificates A3 - Provisioning with Good Base Platform Cert Base and 2 Delta Certs"""
+		logging.info("*****************test_19_A3 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform Cert Base and 2 Delta Certs")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A4_base_delta(self):
+		"""Test Base/Delta Certificates A4 - Provisioning with Good Base Platform Cert and 1 Bad Delta Cert"""
+		logging.info("*****************test_19_A4 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform Cert and 1 Bad Delta Cert")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A5_base_delta(self):
+		"""Test Base/Delta Certificates A5 - Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert"""
+		logging.info("*****************test_19_A5 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A6_base_delta(self):
+		"""Test Base/Delta Certificates A6 - Provisioning with Good Base Platform, 2 Good Delta Certs and
+			1 Bad Delta Cert with non present component"""
+		logging.info("*****************test_19_A6 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert with non present component")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A7_base_delta(self):
+		"""Test Base/Delta Certificates A7 - Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert
+			replacing component from previous, using the Delta as a base certificate"""
+		logging.info("*****************test_19_A7 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_A8_base_delta(self):
+		"""Test Base/Delta Certificates A8 - Attempt to upload Base cert with holder already having a Base Platform Cert associated with it"""
+		logging.info("*****************test_19_A8 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_B1_base_delta(self):
+		"""Test Base/Delta Certificates B1 - Provisioning with Bad Platform Cert Base """
+		logging.info("*****************test_19_B1 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Bad Platform Cert Base")
+		logging.info("Check if ACA is online...")
+		AcaPortal.check_is_online()
+		if is_tpm2(TPM_VERSION):
+			logging.info("Using TPM 2.0")
+			logging.info("Uploading CA cert: " + CA_CERT_LOCATION)
+			AcaPortal.upload_ca_cert(CA_CERT_LOCATION)
+			AcaPortal.enable_supply_chain_validations()
+			provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
+
+		print("Bad Base Certificate provisioner run output: {0}".format(provisioner_out))
+
+		# Provisioning should fail since the PC contains FAULTY components.
+		self.assertIn("Provisioning failed", format(provisioner_out))
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_B2_base_delta(self):
+		"""Test Base/Delta Certificates B2 - Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component unresolved"""
+		logging.info("*****************test_19_B2 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component unresolved")
+
+	@collectors(['BASE_DELTA'], COLLECTOR_LIST)
+	@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
+	def test_19_B3_base_delta(self):
+		"""Test Base/Delta Certificates B3 - Provisioning with Bad Platform Cert Base and 2 Good delta with all component resolved"""
+		logging.info("*****************test_19_B3 - beginning of delta certificate test *****************")
+		logging.info("Provisioning with Bad Platform Cert Base and 2 Good delta with all component resolved")
+
 def make_simple_ima_baseline():
     timestamp = get_current_timestamp()
 

.ci/system-tests/systems-test-centos7-tpm2-base-delta.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+export CLIENT_OS=centos7
+export CLIENT_HOSTNAME=hirs-client-$CLIENT_OS-tpm2
+
+export SERVER_OS=$CLIENT_OS
+export SERVER_HOSTNAME=hirs-appraiser-$SERVER_OS
+
+export ENABLED_COLLECTORS=BASE_DELTA
+export TPM_VERSION=2.0
+
+$SCRIPT_DIR/systems-test.core.sh

.ci/system-tests/systems-test-centos7-tpm2.sh

@@ -8,7 +8,7 @@ export CLIENT_HOSTNAME=hirs-client-$CLIENT_OS-tpm2
 export SERVER_OS=$CLIENT_OS
 export SERVER_HOSTNAME=hirs-appraiser-$SERVER_OS
 
-export ENABLED_COLLECTORS=
+export ENABLED_COLLECTORS=TPM
 export TPM_VERSION=2.0
 
 $SCRIPT_DIR/systems-test.core.sh

.travis.yml

@@ -32,7 +32,7 @@ cache:
 install: true
 
 script:
-  - docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash -c "cd /HIRS; ./gradlew :$SUBPROJECT:build"
+  - docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:centos7 /bin/bash -c "cd /HIRS; ./gradlew :$SUBPROJECT:build -x test"
 
 jobs:
   include:
@@ -40,11 +40,6 @@ jobs:
       script: docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:ubuntu18 /bin/bash -c "cd /HIRS; ./package/package.ubuntu.sh"
       env: null
       name: "Package Ubuntu"
-#     TODO: Explore reason behind Building/Packaging Failing on Amazon Linux
-#    - stage: Packaging and System Tests
-#      script: docker run --rm -v $(pwd):/HIRS hirs/hirs-ci:amazonlinux2 /bin/bash -c "cd /HIRS; ./package/package.centos.sh"
-#      env: null
-#      name: "Package Amazon Linux"
     - stage: Packaging and System Tests
       script: .ci/system-tests/./run-system-tests.sh
       env: null
@@ -53,3 +48,7 @@ jobs:
       script: .ci/system-tests/./run-system-tests-tpm2.sh
       env: null
       name: "System Tests TPM2"
+    - stage: Packaging and System Tests
+      script: .ci/system-tests/./run-system-tests-tpm2-base-delta.sh
+      env: null
+      name: "System Tests TPM2 Base/Delta"