Merge pull request #435 from iadgovuser26/deltaPlat

[#434] Adds initial Platform Certificate tests

.ci/system-tests/container/pc_setup.sh

@@ -1,30 +1,44 @@
 #!/bin/bash
 #########################################################################################
-#   Setup for platform certificate tests
-#
+#   Setup for platform certificates for testing
+#   Copies platform certs (Base and Delta) to the tcg directory
 #########################################################################################
 
 profile=$1
 test=$2
 compscript="$profile"_"$test"_allcomponents.sh
 hwlist="$profile"_"$test"_hw.json
-mkdir -p /boot/tcg/cert/platform/;  # Create the platform cert folder if its not there
-rm -f /boot/tcg/cert/platform/*;   # clear out any previous data
+# Current TCG folder for platform certs, likely to change with release of the next FIM specification
+tcgDir=/boot/tcg/cert/platform/
+mkdir -p $tcgDir;  # Create the platform cert folder if its not there
+rm -f $tcgDir*;    # Clear out any previous data
 
 echo "Test is using platform cert(s) from $profile : $test"
 
-# Step 1: Copy allcomponents script to the paccor/scripts folder
-cp -f /HIRS/.ci/system-tests/profiles/$profile/$test/$compscript /opt/paccor/scripts/allcomponents.sh;
+# Step 1: Copy allcomponents script to the paccor/scripts folder if there is one.
+# Use the default if test does not have a test specific file.
 
-# Step 2: Copy allcomponents json file to the paccor/scripts folder
-cp  -f /HIRS/.ci/system-tests/profiles/$profile/$test/$hwlist /opt/paccor/scripts/$hwlist ;
+allCompScript=/HIRS/.ci/system-tests/profiles/$profile/$test/$compscript
+if [ ! -f "$allCompScript" ]; then
+  allCompScript=/HIRS/.ci/system-tests/profiles/"$profile"/default/"$profile"_default_allcomponents.sh
+fi
+cp -f $allCompScript /opt/paccor/scripts/allcomponents.sh;
+
+# Step 2: Copy allcomponents json file to the paccor/scripts folder if there is one
+# Use the default if test does not have a test specific file.
+
+allCompJson=/HIRS/.ci/system-tests/profiles/$profile/$test/$hwlist;
+if [ ! -f "$allCompJson" ]; then
+      allCompJson=/HIRS/.ci/system-tests/profiles/"$profile"/default/"$profile"_default_hw.json
+fi
+cp  -f $allCompJson /opt/paccor/scripts/$hwlist ;
 
 # Step 3: Copy the platform cert to tcg folder on boot drive
 pushd /HIRS/.ci/system-tests/profiles/$profile/$test/platformcerts/ > /dev/null
-#skip copy of platform cert if .gitigore exists (empty profile)
+# Skip copy of platform cert if .gitigore exists (empty profile)
 if [[ ! -f ".gitignore" ]]; then
     for cert in * ; do
-          cp -f $cert /boot/tcg/cert/platform/$cert;
+          cp -f $cert $tcgDir$cert;
     done
 fi
 

.ci/system-tests/platform_cert_tests.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+#########################################################################################
+#    HIRS Platform Certificate System Tests
+#
+#########################################################################################
+testResult=false
+totalTests=0;
+failedTests=0;
+
+# Start ACA Platform Certificate Tests
+# provision_tpm takes 1 parameter (the expected result): "pass" or "fail"
+# Note that the aca_policy_tests have already run several Platform Certificate system tests
+
+writeToLogs "### ACA PLATFORM CERTIFICATE TEST 1: Test a delta Platform Certificate that adds a new memory component ###"
+clearAcaDb
+uploadTrustedCerts
+setPolicyEkPc
+setPlatformCerts "laptop" "deltaPlatMem"
+provisionTpm2 "pass"
+
+writeToLogs "### ACA PLATFORM CERTIFICATE TEST 2: Test a Platform Certificate that is missing a memory component ###"
+clearAcaDb
+uploadTrustedCerts
+setPlatformCerts "laptop" "platCertLight"
+provisionTpm2 "pass"
+
+writeToLogs "### ACA PLATFORM CERTIFICATE TEST 3: Test a Delta Platform Certificate that has a wrong a memory component ###"
+clearAcaDb
+uploadTrustedCerts
+setPlatformCerts "laptop" "badDeltaMem"
+provisionTpm2 "fail"
+
+#  Process Test Results, any single failure will send back a failed result.
+if [[ $failedTests != 0 ]]; then
+    export TEST_STATUS=1;
+    echo "****  $failedTests out of $totalTests Platform Certificate Tests Failed! ****"
+  else
+    echo "****  $totalTests Platform Certificate Tests Passed! ****"
+fi

.ci/system-tests/profiles/laptop/badDeltaMem/README.md

@@ -0,0 +1,8 @@
+HIRS system test:
+
+Category: Platform Certificate
+
+Test Description: Test for a delta platform certificate illustrating a certificate that contains a component that does not match a component on the device.
+
+Expected Test result: fail
+

.ci/system-tests/profiles/laptop/default/README.md

@@ -0,0 +1,8 @@
+HIRS system test:
+
+Category: Platform Certificate
+
+Test Description: Basice Test for a valid Platform Certificate and RIM bundle.
+
+Expected Test result: pass
+

.ci/system-tests/profiles/laptop/deltaPlatMem/README.md

@@ -0,0 +1,6 @@
+HIRS system test:
+
+Category: Platform Certificate
+
+Test Description: Test for a Delta Platform Certificate illustrating a delta certificate with one memory component addition (1 add)
+

.ci/system-tests/profiles/laptop/platCertLight/README.md

@@ -0,0 +1,8 @@
+HIRS system test:
+
+Category: Platform Certificate
+
+Test Description: Test for a delta platform certificate illustrating a certificate that contains a component that does not match a component on the device.
+
+Expected Test result: fail
+

.ci/system-tests/run_system_tests.sh

@@ -37,6 +37,8 @@ docker exec $tpm2_container /HIRS/.ci/setup/setup_tpm2provisioner.sh
 echo "******** Setup Complete Begin HIRS System Tests ******** "
 
 source aca_policy_tests.sh
+source platform_cert_tests.sh
+
 
 echo "******** HIRS System Tests Complete ******** "