mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-18 18:56:29 +00:00
Updated system tests from changes in latest Master build. (#187)
This commit is contained in:
busaboy1340
GitHub
parent
7c6a533764
commit
6a59033768
38
.ci/setup/addFaultyComponentsForPBaseCertB.py
Normal file
38
.ci/setup/addFaultyComponentsForPBaseCertB.py
Normal file
@ -0,0 +1,38 @@
|
||||
# Add faulty components to the PACCOR generated JSON componentsFile.
|
||||
# This will be used to create a bad platform certificate.
|
||||
|
||||
import json
|
||||
import pprint
|
||||
|
||||
try:
|
||||
badComponent = '00030003'
|
||||
pcDir = '/var/hirs/pc_generation/'
|
||||
paccorComponentsFile = 'componentsFile'
|
||||
pBaseJsonFileOut = 'PBaseCertB.componentlist.json'
|
||||
|
||||
# Open the paccor components file
|
||||
with open(pcDir + paccorComponentsFile, "r") as f:
|
||||
|
||||
# Load the info from the componentsFile
|
||||
data = json.load(f)
|
||||
print("The %s info:" % (paccorComponentsFile))
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(data)
|
||||
|
||||
# Find the component to use as "FAULTY"
|
||||
for component in data['COMPONENTS']:
|
||||
if component['COMPONENTCLASS']['COMPONENTCLASSVALUE'] == badComponent:
|
||||
print("Creating FAULTY component for: " + component['MODEL'])
|
||||
component['MODEL'] += "-FAULTY"
|
||||
print("New JSON value: " + component['MODEL'])
|
||||
break
|
||||
|
||||
# Write the new JSON file to be used in creating the PBaseCertB certificate.
|
||||
with open(pcDir + pBaseJsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, pBaseJsonFileOut))
|
||||
json.dump(data, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(data)
|
||||
|
||||
except Exception as ex:
|
||||
print("=== ERROR generating PBaseCertB JSON files: %s" % (ex.message))
|
||||
190
.ci/setup/createDeltaComponentsForPBaseCertA.py
Normal file
190
.ci/setup/createDeltaComponentsForPBaseCertA.py
Normal file
@ -0,0 +1,190 @@
|
||||
# Create JSON files needed to create the following certificates:
|
||||
# PBaseCertA - Good Base
|
||||
# SIDeltaCertA1 - Good Delta
|
||||
# SIDeltaCertA2 - Bad Delta
|
||||
# SIDeltaCertA2Resolved - Good Delta
|
||||
# SIDeltaCertA3 - Good Delta
|
||||
# VARDeltaCertA1 - Good Delta
|
||||
# VARDeltaCertA2 - Bad Delta
|
||||
# VARDeltaCertA2Resolved - Good Delta
|
||||
|
||||
import sys
|
||||
import json
|
||||
import copy
|
||||
import pprint
|
||||
|
||||
try:
|
||||
minNumOfComponents = 3
|
||||
maxComponentsToFind = 2
|
||||
numComponentsFound = 0
|
||||
delComponent1AtIndex = 0
|
||||
delComponent2AtINdex = 0
|
||||
badComponent = '00030003'
|
||||
pcDir = '/var/hirs/pc_generation/'
|
||||
paccorComponentsFile = 'componentsFile'
|
||||
pBaseJsonFileOut = 'PBaseCertA.componentlist.json'
|
||||
siDeltaA1JsonFileOut = 'SIDeltaCertA1.componentlist.json'
|
||||
siDeltaA2JsonFileOut = 'SIDeltaCertA2.componentlist.json'
|
||||
siDeltaA2ResolvedJsonFileOut = 'SIDeltaCertA2.resolved.componentlist.json'
|
||||
siDeltaA3JsonFileOut = 'SIDeltaCertA3.componentlist.json'
|
||||
varDeltaA1JsonFileOut = 'VARDeltaCertA1.componentlist.json'
|
||||
varDeltaA2JsonFileOut = 'VARDeltaCertA2.componentlist.json'
|
||||
varDeltaA2ResolvedJsonFileOut = 'VARDeltaCertA2.resolved.componentlist.json'
|
||||
|
||||
# Open the paccor components file
|
||||
with open(pcDir + paccorComponentsFile, "r") as f:
|
||||
|
||||
# Load the info from the componentsFile
|
||||
data = json.load(f)
|
||||
print("The %s info:" % (paccorComponentsFile))
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(data)
|
||||
|
||||
# Initialize the base/delta structures
|
||||
pBaseComponentDict = copy.deepcopy(data)
|
||||
siDeltaA1ComponentDict = copy.deepcopy(data)
|
||||
siDeltaA2ComponentDict = copy.deepcopy(data)
|
||||
siDeltaA2ResolvedComponentDict = copy.deepcopy(data)
|
||||
siDeltaA3ComponentDict = copy.deepcopy(data)
|
||||
varDeltaA1ComponentDict = copy.deepcopy(data)
|
||||
numOfComponents = len(data['COMPONENTS'])
|
||||
|
||||
print("Total number of components: %d." % numOfComponents)
|
||||
|
||||
# Need at least three components to run system tests
|
||||
if numOfComponents < minNumOfComponents:
|
||||
raise Exception("Need at least %d components to run system tests!" % minNumOfComponents)
|
||||
else:
|
||||
print("Splitting into 1 base and multiple delta JSON files to generate the certs...")
|
||||
|
||||
# Setup good base...
|
||||
# Delete the last two components for PBaseCertA certificate
|
||||
#del pBaseComponentDict['COMPONENTS'][len(pBaseComponentDict['COMPONENTS'])-2:]
|
||||
|
||||
# Setup good base. Find the first two components that have a Serial included.
|
||||
for i in range(len(pBaseComponentDict['COMPONENTS'])):
|
||||
print("Current component[%d]:" % i)
|
||||
pp.pprint(pBaseComponentDict['COMPONENTS'][i])
|
||||
if 'SERIAL' in pBaseComponentDict['COMPONENTS'][i]:
|
||||
print("SERIAL found: %s" % pBaseComponentDict['COMPONENTS'][i]['SERIAL'])
|
||||
numComponentsFound += 1
|
||||
else:
|
||||
print("SERIAL not found.")
|
||||
|
||||
tmpComponent = copy.deepcopy(pBaseComponentDict['COMPONENTS'][i])
|
||||
|
||||
# Check if we found 2 components
|
||||
if numComponentsFound == 1:
|
||||
delComponent1AtIndex = i
|
||||
|
||||
# Use component for the SIDeltaA1
|
||||
del siDeltaA1ComponentDict['COMPONENTS'][:]
|
||||
siDeltaA1ComponentDict['COMPONENTS'].append(tmpComponent)
|
||||
siDeltaA1ComponentDict['COMPONENTS'][0]['STATUS'] = "ADDED"
|
||||
|
||||
elif numComponentsFound == 2:
|
||||
delComponent2AtIndex = i
|
||||
|
||||
# Use component for the VARDeltaA1
|
||||
del varDeltaA1ComponentDict['COMPONENTS'][:]
|
||||
varDeltaA1ComponentDict['COMPONENTS'].append(tmpComponent)
|
||||
varDeltaA1ComponentDict['COMPONENTS'][0]['STATUS'] = "ADDED"
|
||||
break
|
||||
|
||||
# Delete the two components from pBaseComponentDict
|
||||
del pBaseComponentDict['COMPONENTS'][delComponent2AtIndex]
|
||||
del pBaseComponentDict['COMPONENTS'][delComponent1AtIndex]
|
||||
|
||||
# Setup bad and good delta...
|
||||
# Create SIDeltaA2 with one component, MODEL as "-FAULTY", STATUS as "MODIFIED"
|
||||
# Create SIDeltaA2_resolved with one component, MODEL as "-FAULTY", STATUS as "REMOVED"
|
||||
del siDeltaA2ComponentDict['COMPONENTS'][:]
|
||||
del siDeltaA2ResolvedComponentDict['COMPONENTS'][:]
|
||||
for component in data['COMPONENTS']:
|
||||
if component['COMPONENTCLASS']['COMPONENTCLASSVALUE'] == badComponent:
|
||||
siDeltaA2Component = copy.copy(component)
|
||||
siDeltaA2Component['STATUS'] = "MODIFIED"
|
||||
siDeltaA2Component['MODEL'] += "-FAULTY"
|
||||
siDeltaA2ComponentDict['COMPONENTS'].append(siDeltaA2Component)
|
||||
|
||||
siDeltaA2ResolvedComponent = copy.copy(siDeltaA2Component)
|
||||
siDeltaA2ResolvedComponent['STATUS'] = "REMOVED"
|
||||
siDeltaA2ResolvedComponentDict['COMPONENTS'].append(siDeltaA2ResolvedComponent)
|
||||
break
|
||||
|
||||
# Setup good delta...
|
||||
# Create SIDeltaA3 with component "REMOVED" from SIDeltaA1
|
||||
del siDeltaA3ComponentDict['COMPONENTS'][:]
|
||||
siDeltaA3ComponentDict['COMPONENTS']= copy.deepcopy(siDeltaA1ComponentDict['COMPONENTS'])
|
||||
siDeltaA3ComponentDict['COMPONENTS'][0]['STATUS'] = "REMOVED"
|
||||
|
||||
# Setup bad delta...
|
||||
# Create VARDeltaA2 with a component that is not in the Base
|
||||
varDeltaA2ComponentDict = copy.deepcopy(varDeltaA1ComponentDict)
|
||||
varDeltaA2ComponentDict['COMPONENTS'][0]['MODEL'] = "This component is not in Base"
|
||||
varDeltaA2ComponentDict['COMPONENTS'][0]['SERIAL'] = "1234567"
|
||||
varDeltaA2ComponentDict['COMPONENTS'][0]['STATUS'] = "ADDED"
|
||||
|
||||
# Setup good delta...
|
||||
# Create VARDeltaA2_resolved
|
||||
varDeltaA2ResolvedComponentDict = copy.deepcopy(varDeltaA2ComponentDict)
|
||||
varDeltaA2ResolvedComponentDict['COMPONENTS'][0]['STATUS'] = "REMOVED"
|
||||
|
||||
# Write the new JSON file to be used in creating the PBaseCertA certificate.
|
||||
with open(pcDir + pBaseJsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, pBaseJsonFileOut))
|
||||
json.dump(pBaseComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(pBaseComponentDict)
|
||||
|
||||
# Write the new JSON file to be used in creating the SIDeltaA1 certificate.
|
||||
with open(pcDir + siDeltaA1JsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, siDeltaA1JsonFileOut))
|
||||
json.dump(siDeltaA1ComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(siDeltaA1ComponentDict)
|
||||
|
||||
# Write the new JSON file to be used in creating the SIDeltaA2 certificate.
|
||||
with open(pcDir + siDeltaA2JsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, siDeltaA2JsonFileOut))
|
||||
json.dump(siDeltaA2ComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(siDeltaA2ComponentDict)
|
||||
|
||||
# Write the new JSON file to be used in creating the SIDeltaA2Resolved certificate.
|
||||
with open(pcDir + siDeltaA2ResolvedJsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, siDeltaA2ResolvedJsonFileOut))
|
||||
json.dump(siDeltaA2ResolvedComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(siDeltaA2ResolvedComponentDict)
|
||||
|
||||
# Write the new JSON file to be used in creating the SIDeltaA3 certificate.
|
||||
with open(pcDir + siDeltaA3JsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, siDeltaA3JsonFileOut))
|
||||
json.dump(siDeltaA3ComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(siDeltaA3ComponentDict)
|
||||
|
||||
# Write the new JSON file to be used in creating the VARDeltaA1 certificate.
|
||||
with open(pcDir + varDeltaA1JsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, varDeltaA1JsonFileOut))
|
||||
json.dump(varDeltaA1ComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(varDeltaA1ComponentDict)
|
||||
|
||||
# Write the new JSON file to be used in creating the VARDeltaA2 certificate.
|
||||
with open(pcDir + varDeltaA2JsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, varDeltaA2JsonFileOut))
|
||||
json.dump(varDeltaA2ComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(varDeltaA2ComponentDict)
|
||||
|
||||
# Write the new JSON file to be used in creating the VARDeltaA2Resolved certificate.
|
||||
with open(pcDir + varDeltaA2ResolvedJsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, varDeltaA2ResolvedJsonFileOut))
|
||||
json.dump(varDeltaA2ResolvedComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(varDeltaA2ResolvedComponentDict)
|
||||
|
||||
except Exception as ex:
|
||||
print("=== ERROR generating PBaseCertA JSON files: %s" % (ex.message))
|
||||
93
.ci/setup/createDeltaComponentsForPBaseCertB.py
Normal file
93
.ci/setup/createDeltaComponentsForPBaseCertB.py
Normal file
@ -0,0 +1,93 @@
|
||||
# Create JSON files needed to create the following certificates:
|
||||
# SIDeltaCertB1 - Bad Delta
|
||||
# VARDeltaCertB1 - Good Delta
|
||||
|
||||
import sys
|
||||
import json
|
||||
import copy
|
||||
import pprint
|
||||
|
||||
try:
|
||||
pcDir = '/var/hirs/pc_generation/'
|
||||
pBaseJsonFileIn = 'PBaseCertB.componentlist.json'
|
||||
siDeltaB1JsonFileOut = 'SIDeltaCertB1.componentlist.json'
|
||||
varDeltaB1JsonFileOut = 'VARDeltaCertB1.componentlist.json'
|
||||
|
||||
# Open the PBaseCertB components file
|
||||
with open(pcDir + pBaseJsonFileIn, "r") as f:
|
||||
|
||||
# Load the info from the componentsFile
|
||||
data = json.load(f)
|
||||
print("The %s info:" % (pBaseJsonFileIn))
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(data)
|
||||
|
||||
# Initialize the structures
|
||||
siDeltaB1ComponentDict = copy.deepcopy(data)
|
||||
varDeltaB1ComponentDict = copy.deepcopy(data)
|
||||
|
||||
# Remove all the components
|
||||
del siDeltaB1ComponentDict['COMPONENTS'][:]
|
||||
del varDeltaB1ComponentDict['COMPONENTS'][:]
|
||||
|
||||
# Find "FAULTY" component from original data; and create the delta JSON files
|
||||
for component in data['COMPONENTS']:
|
||||
if component['MODEL'].__contains__("-FAULTY"):
|
||||
|
||||
print("Found Faulty Component:")
|
||||
pp.pprint(component)
|
||||
|
||||
# Make copy of component for SIDeltaCertB1
|
||||
siDeltaB1Component = copy.copy(component)
|
||||
|
||||
# Change status to be "MODIFIED"
|
||||
print("Updated status to be MODIFIED...")
|
||||
siDeltaB1Component['STATUS'] = "MODIFIED"
|
||||
|
||||
# Add to component SIDeltaCertB1 list
|
||||
print("Adding component to %s list..." % (siDeltaB1JsonFileOut))
|
||||
siDeltaB1ComponentDict['COMPONENTS'].append(siDeltaB1Component)
|
||||
|
||||
# Make copy of component for VARDeltaCertB1
|
||||
varDeltaB1Component_1 = copy.copy(component)
|
||||
|
||||
# Change status to be "REMOVED"
|
||||
print("Updated status to be REMOVED...")
|
||||
varDeltaB1Component_1['STATUS'] = "REMOVED"
|
||||
|
||||
# Add to component VARDeltaCertB1 list
|
||||
print("Adding component to %s list..." % (varDeltaB1JsonFileOut))
|
||||
varDeltaB1ComponentDict['COMPONENTS'].append(varDeltaB1Component_1)
|
||||
|
||||
# Make copy of component for VARDeltaCertB1
|
||||
varDeltaB1Component_2 = copy.copy(component)
|
||||
|
||||
# Change status to be "ADDED"
|
||||
print("Updated status to be ADDED...")
|
||||
varDeltaB1Component_2['STATUS'] = "ADDED"
|
||||
|
||||
# Remove "-FAULTY" substring in the model
|
||||
varDeltaB1Component_2['MODEL'] = varDeltaB1Component_2['MODEL'].replace('-FAULTY', '')
|
||||
print("Removed -FAULTY from component...")
|
||||
|
||||
# Add to component VARDeltaCertB1 list
|
||||
print("Adding component to %s list..." % (varDeltaB1JsonFileOut))
|
||||
varDeltaB1ComponentDict['COMPONENTS'].append(varDeltaB1Component_2)
|
||||
break
|
||||
|
||||
# Write the new JSON file to be used in creating the SIDeltaCertB1 certificate
|
||||
with open(pcDir + siDeltaB1JsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, siDeltaB1JsonFileOut))
|
||||
json.dump(siDeltaB1ComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(siDeltaB1ComponentDict)
|
||||
|
||||
# Write the new JSON file to be used in creating the VARDeltaCertB1 certificate
|
||||
with open(pcDir + varDeltaB1JsonFileOut, 'w') as outfile:
|
||||
print("Writing %s%s ..." % (pcDir, varDeltaB1JsonFileOut))
|
||||
json.dump(varDeltaB1ComponentDict, outfile)
|
||||
pp = pprint.PrettyPrinter(indent=4)
|
||||
pp.pprint(varDeltaB1ComponentDict)
|
||||
|
||||
except Exception as ex:
|
||||
print("=== ERROR generating PBaseCertB JSON files: %s" % (ex.message))
|
||||
@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Script to setup the TPM2 Provisioner Docker Image for Integration Tests
|
||||
# Script to setup the TPM 2.0 Provisioner Docker Image for System Tests Base/Delta(Bad)
|
||||
set -e
|
||||
|
||||
# Wait for ACA to boot
|
||||
@ -45,49 +45,66 @@ function InitTpm2Emulator {
|
||||
/ibmtpm/src/./tpm_server &
|
||||
echo "TPM Emulator started"
|
||||
|
||||
# Give tpm_server time to start and register on the DBus
|
||||
sleep 5
|
||||
|
||||
tpm2-abrmd -t socket &
|
||||
echo "TPM2-Abrmd started"
|
||||
|
||||
# Give ABRMD time to start and register on the DBus
|
||||
sleep 5
|
||||
|
||||
# EK and PC Certificate
|
||||
ek_cert_der="/HIRS/.ci/setup/certs/ek_cert.der"
|
||||
# Certificates
|
||||
ek_cert="/HIRS/.ci/setup/certs/ek_cert.der"
|
||||
ca_key="/HIRS/.ci/setup/certs/ca.key"
|
||||
ca_cert="/HIRS/.ci/setup/certs/ca.crt"
|
||||
platform_cert="PBaseCertB.der"
|
||||
delta_cert="SIDeltaCertB1.der"
|
||||
si_delta_cert_B1="SIDeltaCertB1.der"
|
||||
var_delta_cert_B1="VARDeltaCertB1.der"
|
||||
|
||||
echo "Creating Bad Base Platform Cert $platform_cert..."
|
||||
PC_DIR=/var/hirs/pc_generation
|
||||
mkdir -p $PC_DIR
|
||||
# PACCOR directory
|
||||
PC_DIR=/var/hirs/pc_generation
|
||||
mkdir -p $PC_DIR
|
||||
|
||||
echo "Running PACCOR to generate local components..."
|
||||
/opt/paccor/scripts/allcomponents.sh > $PC_DIR/componentsFile
|
||||
echo
|
||||
echo "PACCOR generated components file:"
|
||||
cat $PC_DIR/componentsFile
|
||||
|
||||
# Add bad base components and create PBaseCertB.json used below
|
||||
python /HIRS/.ci/setup/addFaultyComponents.py
|
||||
# Add faulty component JSON files needed to generate the certificates
|
||||
python /HIRS/.ci/setup/addFaultyComponentsForPBaseCertB.py
|
||||
echo
|
||||
echo "Generated bad components file:"
|
||||
cat $PC_DIR/PBaseCertB.json
|
||||
|
||||
# Generate certificates in the order they'll be used in the system tests.
|
||||
# And stager the begin dates properly (the -b option for the /opt/paccor/bin/signer)
|
||||
|
||||
# Generate the bad base certificate
|
||||
echo "Generating certificates..."
|
||||
echo "Generating $platform_cert..."
|
||||
/opt/paccor/scripts/referenceoptions.sh > $PC_DIR/optionsFile
|
||||
/opt/paccor/scripts/otherextensions.sh > $PC_DIR/extensionsFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/PBaseCertB.json -p $PC_DIR/optionsFile -e $ek_cert_der -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/PBaseCertB.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/setup/certs/ca.key -P /HIRS/.ci/setup/certs/ca.crt -f $PC_DIR/$platform_cert
|
||||
/opt/paccor/bin/observer -c $PC_DIR/PBaseCertB.componentlist.json -p $PC_DIR/optionsFile -e $ek_cert -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/PBaseCertB.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -f $PC_DIR/$platform_cert
|
||||
echo "Done"
|
||||
|
||||
# Create good delta component and create SIDeltaCertB1.componentlist.json
|
||||
python /HIRS/.ci/setup/createDeltaCertComponents.py
|
||||
python /HIRS/.ci/setup/createDeltaComponentsForPBaseCertB.py
|
||||
echo
|
||||
echo "Generated good delta components file:"
|
||||
cat $PC_DIR/SIDeltaCertB1.componentlist.json
|
||||
|
||||
# Generate the good delta certificate
|
||||
# Generate the SIDeltaCertB1certificate
|
||||
echo "Generating $si_delta_cert_B1..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/SIDeltaCertB1.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$platform_cert -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/SIDeltaCertB1.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/setup/certs/ca.key -P /HIRS/.ci/setup/certs/ca.crt -e $PC_DIR/$platform_cert -f $PC_DIR/$delta_cert
|
||||
/opt/paccor/bin/signer -c $PC_DIR/SIDeltaCertB1.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180201 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$platform_cert -f $PC_DIR/$si_delta_cert_B1
|
||||
echo "Done"
|
||||
|
||||
# Clear nvram for EK
|
||||
# Generate the VARDeltaCertB1 certificate
|
||||
echo "Generating $var_delta_cert_B1..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/VARDeltaCertB1.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$platform_cert -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/VARDeltaCertB1.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180301 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$platform_cert -f $PC_DIR/$var_delta_cert_B1
|
||||
echo "Done"
|
||||
|
||||
# Release EK nvram
|
||||
if tpm2_nvlist | grep -q 0x1c00002; then
|
||||
echo "Released NVRAM for EK."
|
||||
tpm2_nvrelease -x 0x1c00002 -a 0x40000001
|
||||
@ -97,15 +114,15 @@ function InitTpm2Emulator {
|
||||
# authorize [0x40000001 = ownerAuth handle], -s size [defaults to 2048], -t
|
||||
# specifies attribute value in publicInfo struct
|
||||
# [0x2000A = ownerread|ownerwrite|policywrite])
|
||||
size=$(cat $ek_cert_der | wc -c)
|
||||
size=$(cat $ek_cert | wc -c)
|
||||
echo "Define NVRAM location for EK cert of size $size."
|
||||
tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size
|
||||
|
||||
# Load key into TPM nvram
|
||||
echo "Loading EK cert $ek_cert_der into NVRAM."
|
||||
tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der
|
||||
echo "Loading EK cert $ek_cert into NVRAM."
|
||||
tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert
|
||||
|
||||
# Clear nvram for PC
|
||||
# Release PC nvram
|
||||
if tpm2_nvlist | grep -q 0x1c90000; then
|
||||
echo "Released NVRAM for PC."
|
||||
tpm2_nvrelease -x 0x1c90000 -a 0x40000001
|
||||
@ -170,4 +187,3 @@ tpm2_nvlist
|
||||
|
||||
echo ""
|
||||
echo "===========HIRS ACA TPM2 Provisioner Setup Complete!==========="
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Script to setup the TPM2 Provisioner Docker Image for Integration Tests
|
||||
# Script to setup the TPM 2.0 Provisioner Docker Image for System Tests Base/Delta(Good)
|
||||
set -e
|
||||
|
||||
# Wait for ACA to boot
|
||||
@ -22,7 +22,7 @@ function InstallProvisioner {
|
||||
popd
|
||||
}
|
||||
|
||||
# Function to initialize the TPM2 Emulator with a bad base certificate
|
||||
# Function to initialize the TPM2 Emulator with a good base certificate
|
||||
function InitTpm2Emulator {
|
||||
echo "===========Initializing TPM2 Emulator with good base certificate...==========="
|
||||
|
||||
@ -45,35 +45,105 @@ function InitTpm2Emulator {
|
||||
/ibmtpm/src/./tpm_server &
|
||||
echo "TPM Emulator started"
|
||||
|
||||
# Give tpm_server time to start and register on the DBus
|
||||
sleep 5
|
||||
|
||||
tpm2-abrmd -t socket &
|
||||
echo "TPM2-Abrmd started"
|
||||
|
||||
# Give ABRMD time to start and register on the DBus
|
||||
sleep 5
|
||||
|
||||
# EK and PC Certificate
|
||||
ek_cert_der="/HIRS/.ci/setup/certs/ek_cert.der"
|
||||
platform_cert="PBaseCertA.der"
|
||||
# Certificates
|
||||
ek_cert="/HIRS/.ci/setup/certs/ek_cert.der"
|
||||
ca_key="/HIRS/.ci/setup/certs/ca.key"
|
||||
ca_cert="/HIRS/.ci/setup/certs/ca.crt"
|
||||
pBase_certA="PBaseCertA.der"
|
||||
pBase_certB="PBaseCertB.der"
|
||||
si_delta_cert_A1="SIDeltaCertA1.der"
|
||||
si_delta_cert_A2="SIDeltaCertA2.der"
|
||||
si_delta_cert_A2_resolved="SIDeltaCertA2_resolved.der"
|
||||
si_delta_cert_A3="SIDeltaCertA3.der"
|
||||
var_delta_cert_A1="VARDeltaCertA1.der"
|
||||
var_delta_cert_A2="VARDeltaCertA2.der"
|
||||
var_delta_cert_A2_resolved="VARDeltaCertA2_resolved.der"
|
||||
|
||||
echo "Creating Good Base Platform Cert $platform_cert..."
|
||||
PC_DIR=/var/hirs/pc_generation
|
||||
mkdir -p $PC_DIR
|
||||
# PACCOR directory
|
||||
PC_DIR=/var/hirs/pc_generation
|
||||
mkdir -p $PC_DIR
|
||||
|
||||
echo "Running PACCOR to generate local components..."
|
||||
/opt/paccor/scripts/allcomponents.sh > $PC_DIR/componentsFile
|
||||
echo
|
||||
echo "PACCOR generated components file:"
|
||||
cat $PC_DIR/componentsFile
|
||||
|
||||
# Generate the platform base certificate
|
||||
# Split into JSON files needed to generate the certificates
|
||||
python /HIRS/.ci/setup/createDeltaComponentsForPBaseCertA.py
|
||||
echo
|
||||
|
||||
# Generate certificates in the order they'll be used in the system tests.
|
||||
# And stager the begin dates properly (the -b option for the /opt/paccor/bin/signer)
|
||||
echo "Generating certificates..."
|
||||
echo "Generating $pBase_certA..."
|
||||
/opt/paccor/scripts/referenceoptions.sh > $PC_DIR/optionsFile
|
||||
/opt/paccor/scripts/otherextensions.sh > $PC_DIR/extensionsFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/componentsFile -p $PC_DIR/optionsFile -e $ek_cert_der -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/componentsFile -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/setup/certs/ca.key -P /HIRS/.ci/setup/certs/ca.crt -f $PC_DIR/$platform_cert
|
||||
/opt/paccor/bin/observer -c $PC_DIR/PBaseCertA.componentlist.json -p $PC_DIR/optionsFile -e $ek_cert -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/PBaseCertA.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -f $PC_DIR/$pBase_certA
|
||||
echo "Done"
|
||||
|
||||
# Generate the delta certificate
|
||||
#python /HIRS/.ci/setup/createDeltaCertComponents.py
|
||||
# /opt/paccor/bin/observer -c $PC_DIR/SIDeltaCertB1.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$platform_cert -f $PC_DIR/observerFile
|
||||
# /opt/paccor/bin/signer -c $PC_DIR/SIDeltaCertB1.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/setup/certs/ca.key -P /HIRS/.ci/setup/certs/ca.crt -e $PC_DIR/$platform_cert -f $PC_DIR/$delta_cert
|
||||
# Generate the PBaseCertB certificate. Just need to copy from PBaseCertA.
|
||||
echo "Generating $pBase_certB..."
|
||||
cp $PC_DIR/$pBase_certA $PC_DIR/$pBase_certB
|
||||
echo "Done"
|
||||
|
||||
# Generate the SIDeltaCertA1 certificate
|
||||
echo "Generating $si_delta_cert_A1, using $pBase_certA..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/SIDeltaCertA1.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$pBase_certA -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/SIDeltaCertA1.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180201 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$pBase_certA -f $PC_DIR/$si_delta_cert_A1
|
||||
echo "Done"
|
||||
|
||||
# Generate the VARDeltaCertA1 certificate
|
||||
echo "Generating $var_delta_cert_A1, using $pBase_certA..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/VARDeltaCertA1.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$pBase_certA -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/VARDeltaCertA1.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180301 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$pBase_certA -f $PC_DIR/$var_delta_cert_A1
|
||||
echo "Done"
|
||||
|
||||
# Generate the SIDeltaCertA2 certificate
|
||||
echo "Generating $si_delta_cert_A2, using $pBase_certA..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/SIDeltaCertA2.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$pBase_certA -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/SIDeltaCertA2.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180401 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$pBase_certA -f $PC_DIR/$si_delta_cert_A2
|
||||
echo "Done"
|
||||
|
||||
# Generate the SIDeltaCertA2_resolved certificate
|
||||
echo "Generating $si_delta_cert_A2_resolved, using $pBase_certA..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/SIDeltaCertA2.resolved.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$pBase_certA -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/SIDeltaCertA2.resolved.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180501 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$pBase_certA -f $PC_DIR/$si_delta_cert_A2_resolved
|
||||
echo "Done"
|
||||
|
||||
# Generate the VARDeltaCertA2 certificate
|
||||
echo "Generating $var_delta_cert_A2, using $pBase_certA..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/VARDeltaCertA2.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$pBase_certA -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/VARDeltaCertA2.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180601 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$pBase_certA -f $PC_DIR/$var_delta_cert_A2
|
||||
echo "Done"
|
||||
|
||||
# Generate the VARDeltaCertA2_resolved certificate
|
||||
echo "Generating $var_delta_cert_A2_resolved, using $pBase_certA..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/VARDeltaCertA2.resolved.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$pBase_certA -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/VARDeltaCertA2.resolved.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180701 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$pBase_certA -f $PC_DIR/$var_delta_cert_A2_resolved
|
||||
echo "Done"
|
||||
|
||||
# Generate the SIDeltaCertA3 certificate
|
||||
echo "Generating $si_delta_cert_A3, using $si_delta_cert_A1 as Base..."
|
||||
rm -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/SIDeltaCertA3.componentlist.json -p $PC_DIR/optionsFile -e $PC_DIR/$si_delta_cert_A1 -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -c $PC_DIR/SIDeltaCertA3.componentlist.json -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180801 -a 20280101 -N $RANDOM -k $ca_key -P $ca_cert -e $PC_DIR/$si_delta_cert_A1 -f $PC_DIR/$si_delta_cert_A3
|
||||
echo "Done"
|
||||
|
||||
# Release EK nvram
|
||||
if tpm2_nvlist | grep -q 0x1c00002; then
|
||||
echo "Released NVRAM for EK."
|
||||
tpm2_nvrelease -x 0x1c00002 -a 0x40000001
|
||||
@ -83,26 +153,27 @@ function InitTpm2Emulator {
|
||||
# authorize [0x40000001 = ownerAuth handle], -s size [defaults to 2048], -t
|
||||
# specifies attribute value in publicInfo struct
|
||||
# [0x2000A = ownerread|ownerwrite|policywrite])
|
||||
size=$(cat $ek_cert_der | wc -c)
|
||||
size=$(cat $ek_cert | wc -c)
|
||||
echo "Define NVRAM location for EK cert of size $size."
|
||||
tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size
|
||||
|
||||
# Load key into TPM nvram
|
||||
echo "Loading EK cert $ek_cert_der into NVRAM."
|
||||
tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der
|
||||
echo "Loading EK cert $ek_cert into NVRAM."
|
||||
tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert
|
||||
|
||||
# Release PC nvram
|
||||
if tpm2_nvlist | grep -q 0x1c90000; then
|
||||
echo "Released NVRAM for PC."
|
||||
tpm2_nvrelease -x 0x1c90000 -a 0x40000001
|
||||
fi
|
||||
|
||||
# Store the platform certificate in the TPM's NVRAM
|
||||
size=$(cat $PC_DIR/$platform_cert | wc -c)
|
||||
size=$(cat $PC_DIR/$pBase_certA | wc -c)
|
||||
echo "Define NVRAM location for PC cert of size $size."
|
||||
tpm2_nvdefine -x 0x1c90000 -a 0x40000001 -t 0x2000A -s $size
|
||||
|
||||
echo "Loading PC cert $PC_DIR/$platform_cert into NVRAM."
|
||||
tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$platform_cert
|
||||
echo "Loading PC cert $PC_DIR/$pBase_certA into NVRAM."
|
||||
tpm2_nvwrite -x 0x1c90000 -a 0x40000001 $PC_DIR/$pBase_certA
|
||||
|
||||
echo "===========TPM2 Emulator Initialization Complete!==========="
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Script to setup the TPM2 Provisioner Docker Image for Integration Tests
|
||||
# Script to setup the TPM 2.0 Provisioner Docker Image for System Tests
|
||||
set -e
|
||||
|
||||
# Wait for ACA to boot
|
||||
@ -45,24 +45,33 @@ function InitTpm2Emulator {
|
||||
/ibmtpm/src/./tpm_server &
|
||||
echo "TPM Emulator started"
|
||||
|
||||
# Give tpm_server time to start and register on the DBus
|
||||
sleep 5
|
||||
|
||||
tpm2-abrmd -t socket &
|
||||
echo "TPM2-Abrmd started"
|
||||
|
||||
# Give ABRMD time to start and register on the DBus
|
||||
sleep 5
|
||||
|
||||
# EK and PC Certificate
|
||||
ek_cert_der="/HIRS/.ci/setup/certs/ek_cert.der"
|
||||
# Certificates
|
||||
ek_cert="/HIRS/.ci/setup/certs/ek_cert.der"
|
||||
ca_key="/HIRS/.ci/setup/certs/ca.key"
|
||||
ca_cert="/HIRS/.ci/setup/certs/ca.crt"
|
||||
platform_cert="platformAttributeCertificate.der"
|
||||
|
||||
echo "Creating Platform Cert for Container."
|
||||
# PACCOR directory
|
||||
PC_DIR=/var/hirs/pc_generation
|
||||
mkdir -p $PC_DIR
|
||||
|
||||
echo "Running PACCOR to generate local components..."
|
||||
/opt/paccor/scripts/allcomponents.sh > $PC_DIR/componentsFile
|
||||
/opt/paccor/scripts/referenceoptions.sh > $PC_DIR/optionsFile
|
||||
/opt/paccor/scripts/otherextensions.sh > $PC_DIR/extensionsFile
|
||||
/opt/paccor/bin/observer -c $PC_DIR/componentsFile -p $PC_DIR/optionsFile -e $ek_cert_der -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280101 -N $RANDOM -k /HIRS/.ci/setup/certs/ca.key -P /HIRS/.ci/setup/certs/ca.crt -f $PC_DIR/$platform_cert
|
||||
|
||||
echo "Generating $platform_cert..."
|
||||
/opt/paccor/bin/observer -c $PC_DIR/componentsFile -p $PC_DIR/optionsFile -e $ek_cert -f $PC_DIR/observerFile
|
||||
/opt/paccor/bin/signer -o $PC_DIR/observerFile -x $PC_DIR/extensionsFile -b 20180101 -a 20280201 -N $RANDOM -k $ca_key -P $ca_cert -f $PC_DIR/$platform_cert
|
||||
|
||||
if tpm2_nvlist | grep -q 0x1c00002; then
|
||||
echo "Released NVRAM for EK."
|
||||
@ -73,13 +82,13 @@ function InitTpm2Emulator {
|
||||
# authorize [0x40000001 = ownerAuth handle], -s size [defaults to 2048], -t
|
||||
# specifies attribute value in publicInfo struct
|
||||
# [0x2000A = ownerread|ownerwrite|policywrite])
|
||||
size=$(cat $ek_cert_der | wc -c)
|
||||
size=$(cat $ek_cert | wc -c)
|
||||
echo "Define NVRAM location for EK cert of size $size."
|
||||
tpm2_nvdefine -x 0x1c00002 -a 0x40000001 -t 0x2000A -s $size
|
||||
|
||||
# Load key into TPM nvram
|
||||
echo "Loading EK cert $ek_cert_der into NVRAM."
|
||||
tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert_der
|
||||
echo "Loading EK cert $ek_cert into NVRAM."
|
||||
tpm2_nvwrite -x 0x1c00002 -a 0x40000001 $ek_cert
|
||||
|
||||
if tpm2_nvlist | grep -q 0x1c90000; then
|
||||
echo "Released NVRAM for PC."
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Script to run the System Tests Base/Delta for HIRS TPM 2.0 Provisioner
|
||||
# Script to run the System Tests Base/Delta(Bad) for HIRS TPM 2.0 Provisioner
|
||||
|
||||
set -e
|
||||
|
||||
echo ""
|
||||
echo "System Tests Base/Delta TPM 2.0 Starting..."
|
||||
echo "System Tests Base/Delta(Bad) TPM 2.0 Starting..."
|
||||
echo ""
|
||||
|
||||
# Start System Testing Docker Environment
|
||||
@ -40,7 +40,7 @@ echo "===========hirs-aca-provisioner-tpm2 System Tests Log:==========="
|
||||
docker logs $tpm2_container_id
|
||||
|
||||
echo ""
|
||||
echo "End of Base/Delta TPM 2.0 System Tests, cleaning up..."
|
||||
echo "End of System Tests Base/Delta(Bad) TPM 2.0 , cleaning up..."
|
||||
echo ""
|
||||
# Clean up services and network
|
||||
docker-compose down
|
||||
@ -56,9 +56,9 @@ echo ""
|
||||
# Return container exit code
|
||||
if [[ $tpm2_container_exit_code == 0 ]]
|
||||
then
|
||||
echo "SUCCESS: Base/Delta TPM 2.0 System Tests passed"
|
||||
echo "SUCCESS: System Tests Base/Delta(Bad) TPM 2.0 passed"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "ERROR: Base/Delta TPM 2.0 System Tests failed"
|
||||
echo "ERROR: System Tests Base/Delta(Bad) TPM 2.0 failed"
|
||||
exit 1
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Script to run the System Tests Base/Delta for HIRS TPM 2.0 Provisioner
|
||||
# Script to run the System Tests Base/Delta(Good) for HIRS TPM 2.0 Provisioner
|
||||
|
||||
set -e
|
||||
|
||||
echo ""
|
||||
echo "System Tests Base/Delta TPM 2.0 Starting..."
|
||||
echo "System Tests Base/Delta(Good) TPM 2.0 Starting..."
|
||||
echo ""
|
||||
|
||||
# Start System Testing Docker Environment
|
||||
@ -40,7 +40,7 @@ echo "===========hirs-aca-provisioner-tpm2 System Tests Log:==========="
|
||||
docker logs $tpm2_container_id
|
||||
|
||||
echo ""
|
||||
echo "End of Base/Delta TPM 2.0 System Tests, cleaning up..."
|
||||
echo "End of System Tests Base/Delta(Good) TPM 2.0, cleaning up..."
|
||||
echo ""
|
||||
# Clean up services and network
|
||||
docker-compose down
|
||||
@ -56,9 +56,9 @@ echo ""
|
||||
# Return container exit code
|
||||
if [[ $tpm2_container_exit_code == 0 ]]
|
||||
then
|
||||
echo "SUCCESS: Base/Delta TPM 2.0 System Tests passed"
|
||||
echo "SUCCESS: System Tests Base/Delta(Good) TPM 2.0 passed"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "ERROR: Base/Delta TPM 2.0 System Tests failed"
|
||||
echo "ERROR: System Tests Base/Delta(Good) TPM 2.0 failed"
|
||||
exit 1
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
set -e
|
||||
|
||||
echo ""
|
||||
echo "System Tests Starting..."
|
||||
echo "System Tests TPM 2.0 Starting..."
|
||||
echo ""
|
||||
|
||||
# Start System Testing Docker Environment
|
||||
@ -40,7 +40,7 @@ echo "===========hirs-aca-provisioner-tpm2 System Tests Log:==========="
|
||||
docker logs $tpm2_container_id
|
||||
|
||||
echo ""
|
||||
echo "End of TPM 2.0 System Tests, cleaning up..."
|
||||
echo "End of System Tests TPM 2.0, cleaning up..."
|
||||
echo ""
|
||||
# Clean up services and network
|
||||
docker-compose down
|
||||
@ -56,9 +56,9 @@ echo ""
|
||||
# Return container exit code
|
||||
if [[ $tpm2_container_exit_code == 0 ]]
|
||||
then
|
||||
echo "SUCCESS: TPM 2.0 System tests passed"
|
||||
echo "SUCCESS: System Tests TPM 2.0 passed"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "ERROR: System tests failed"
|
||||
echo "ERROR: System Tests TPM 2.0 failed"
|
||||
exit 1
|
||||
|
||||
@ -52,7 +52,17 @@ LOG_LEVEL = os.environ.get('LOG_LEVEL')
|
||||
|
||||
CA_CERT_LOCATION = "/HIRS/.ci/setup/certs/ca.crt"
|
||||
EK_CA_CERT_LOCATION = "/HIRS/.ci/setup/certs/ek_cert.der"
|
||||
PBaseCertA_LOCATION = "/var/hirs/pc_generation/PBaseCertA.der"
|
||||
PBaseCertB_LOCATION = "/var/hirs/pc_generation/PBaseCertB.der"
|
||||
SIDeltaCertA1_LOCATION = "/var/hirs/pc_generation/SIDeltaCertA1.der"
|
||||
SIDeltaCertA2_LOCATION = "/var/hirs/pc_generation/SIDeltaCertA2.der"
|
||||
SIDeltaCertA2_resolved_LOCATION = "/var/hirs/pc_generation/SIDeltaCertA2_resolved.der"
|
||||
SIDeltaCertA3_LOCATION = "/var/hirs/pc_generation/SIDeltaCertA3.der"
|
||||
VARDeltaCertA1_LOCATION = "/var/hirs/pc_generation/VARDeltaCertA1.der"
|
||||
VARDeltaCertA2_LOCATION = "/var/hirs/pc_generation/VARDeltaCertA2.der"
|
||||
VARDeltaCertA2_resolved_LOCATION = "/var/hirs/pc_generation/VARDeltaCertA2_resolved.der"
|
||||
SIDeltaCertB1_LOCATION = "/var/hirs/pc_generation/SIDeltaCertB1.der"
|
||||
VARDeltaCertB1_LOCATION = "/var/hirs/pc_generation/VARDeltaCertB1.der"
|
||||
|
||||
USB_STORAGE_FILE_HASH = "e164c378ceb45a62642730be5eb3169a6bfc2d6d"
|
||||
USB_STORAGE_FILE_HASH_2 = "e164c378ceb45a62642730be5eb3169a6bfc1234"
|
||||
@ -688,77 +698,239 @@ class SystemTest(unittest.TestCase):
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A1_base_delta(self):
|
||||
"""Test Base/Delta Certificates A1 - Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)"""
|
||||
"""Test Delta Certificates A1 - Provisioning with Good Base Platform Cert (via Platform Cert on TPM Emulator)"""
|
||||
logging.info("*****************test_19_A1 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)")
|
||||
logging.info("Provisioning with Good Base Platform Cert (via Platform Cert on TPM Emulator)")
|
||||
|
||||
logging.info("Check if ACA is online...")
|
||||
AcaPortal.check_is_online()
|
||||
|
||||
logging.info("Uploading CA cert: " + CA_CERT_LOCATION)
|
||||
AcaPortal.upload_ca_cert(CA_CERT_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A1_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Verify device supply chain appraisal result is PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A2_base_delta(self):
|
||||
"""Test Base/Delta Certificates A2 - Provisioning with Good Base Platform Cert Base and 1 Delta Cert"""
|
||||
"""Test Delta Certificates A2 - Attempt to upload Base cert with holder already having a Base Platform Cert associated with it"""
|
||||
logging.info("*****************test_19_A2 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base and 1 Delta Cert")
|
||||
logging.info("Attempt to upload PBaseCertB, with PBaseCertA already loaded in the ACA.")
|
||||
|
||||
print("test_19_A2_base_delta. PBaseCertA has already been loaded. Attempting to upload second Platform Cert: %s" % (PBaseCertB_LOCATION))
|
||||
|
||||
# Confirm there is one Platform Base Cert already loaded
|
||||
cert_list = AcaPortal.get_pk_certs()
|
||||
self.assertEqual(cert_list['recordsTotal'], 1)
|
||||
print("Number of Platform certs: %d" % (cert_list['recordsTotal']))
|
||||
self.assertEqual(cert_list['data'][0]['credentialType'], "TCG Trusted Platform Endorsement")
|
||||
self.assertEqual(cert_list['data'][0]['platformType'], "Base")
|
||||
|
||||
# Try uploading a second Platform Base Cert
|
||||
print("Attempting to upload a second Platform Base Cert...")
|
||||
AcaPortal.upload_pk_cert(PBaseCertB_LOCATION)
|
||||
|
||||
# Confirm Platform Base Cert has not been loaded
|
||||
cert_list = AcaPortal.get_pk_certs()
|
||||
self.assertEqual(cert_list['recordsTotal'], 1)
|
||||
print("Number of Platform certs: %d" % (cert_list['recordsTotal']))
|
||||
self.assertEqual(cert_list['data'][0]['credentialType'], "TCG Trusted Platform Endorsement")
|
||||
self.assertEqual(cert_list['data'][0]['platformType'], "Base")
|
||||
|
||||
if (cert_list['recordsTotal'] == 1):
|
||||
print ("SUCCESS.")
|
||||
else:
|
||||
print ("FAILED.")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A3_base_delta(self):
|
||||
"""Test Base/Delta Certificates A3 - Provisioning with Good Base Platform Cert Base and 2 Delta Certs"""
|
||||
"""Test Delta Certificates A3 - Provisioning with Good Base Platform Cert Base and 1 Delta Cert"""
|
||||
logging.info("*****************test_19_A3 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base and 2 Delta Certs")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base and 1 Delta Cert")
|
||||
|
||||
# Verify device supply chain appraisal result is PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
# Upload the SIDeltaCertA1 and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertA1_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A3_base_delta run output: {0}".format(provisioner_out))
|
||||
supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries()
|
||||
|
||||
# Verify this is one SCVS record indicating PASS
|
||||
self.assertEqual(supply_chain_validation_summaries['recordsTotal'], 2)
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][0]['overallValidationResult'], "PASS")
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][1]['overallValidationResult'], "PASS")
|
||||
|
||||
# Verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A4_base_delta(self):
|
||||
"""Test Base/Delta Certificates A4 - Provisioning with Good Base Platform Cert and 1 Bad Delta Cert"""
|
||||
"""Test Delta Certificates A4 - Provisioning with Good Base Platform Cert Base and 2 Delta Certs"""
|
||||
logging.info("*****************test_19_A4 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert and 1 Bad Delta Cert")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base and 2 Delta Certs")
|
||||
|
||||
# Verify device supply chain appraisal result is PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
# Upload the VARDeltaCertA1 and provision
|
||||
AcaPortal.upload_pk_cert(VARDeltaCertA1_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A4_base_delta run output: {0}".format(provisioner_out))
|
||||
supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries()
|
||||
|
||||
# Verify this is one SCVS record indicating PASS
|
||||
self.assertEqual(supply_chain_validation_summaries['recordsTotal'], 3)
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][0]['overallValidationResult'], "PASS")
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][1]['overallValidationResult'], "PASS")
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][2]['overallValidationResult'], "PASS")
|
||||
|
||||
# Verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A5_base_delta(self):
|
||||
"""Test Base/Delta Certificates A5 - Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert"""
|
||||
"""Test Delta Certificates A5 - Provisioning with Good Base Platform Cert and 1 Bad Delta Cert"""
|
||||
logging.info("*****************test_19_A5 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert")
|
||||
logging.info("Provisioning with Good Base Platform Cert and 1 Bad Delta Cert")
|
||||
|
||||
# TODO: Determine if we need this test
|
||||
|
||||
# # Verify device supply chain appraisal result is PASS
|
||||
# devices = AcaPortal.get_devices()
|
||||
# self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
#
|
||||
# # Upload the VARDelta cert and provision
|
||||
# AcaPortal.upload_pk_cert(SIDeltaCertA2_LOCATION)
|
||||
# AcaPortal.enable_supply_chain_validations()
|
||||
# provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
#
|
||||
# print("test_19_A4_base_delta SHOULD FAIL provisioning!!")
|
||||
# print("test_19_A4_base_delta run output: {0}".format(provisioner_out))
|
||||
#
|
||||
# # Provisioning should fail since the Delta contains a bad component.
|
||||
# self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A6_base_delta(self):
|
||||
"""Test Base/Delta Certificates A6 - Provisioning with Good Base Platform, 2 Good Delta Certs and
|
||||
1 Bad Delta Cert with non present component"""
|
||||
"""Test Delta Certificates A6 - Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert"""
|
||||
logging.info("*****************test_19_A6 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert with non present component")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert")
|
||||
|
||||
# Verify device supply chain appraisal result is PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
# Upload the SIDeltaCertA2 and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertA2_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A6_base_delta SHOULD FAIL provisioning using: %s" % (SIDeltaCertA2_LOCATION))
|
||||
print("test_19_A6_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Provisioning should fail since the Delta contains a bad component.
|
||||
self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
|
||||
# Upload the SIDeltaCertA2_resolved and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertA2_resolved_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A6_base_delta SHOULD PASS provisioning using: %s" % (SIDeltaCertA2_resolved_LOCATION))
|
||||
print("test_19_A6_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A7_base_delta(self):
|
||||
"""Test Base/Delta Certificates A7 - Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert
|
||||
replacing component from previous, using the Delta as a base certificate"""
|
||||
"""Test Delta Certificates A7 - Provisioning with Good Base Platform, 2 Good Delta Certs and
|
||||
1 Bad Delta Cert with non present component"""
|
||||
logging.info("*****************test_19_A7 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert with non present component")
|
||||
|
||||
# Upload the VARDeltaCertA2 and provision
|
||||
AcaPortal.upload_pk_cert(VARDeltaCertA2_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A7_base_delta SHOULD FAIL provisioning using: %s" % (VARDeltaCertA2_LOCATION))
|
||||
print("test_19_A7_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Provisioning should fail since the Delta contains a component thats not in the Base
|
||||
self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
|
||||
# Upload the VARDeltaCertA2_resolved and provision
|
||||
AcaPortal.upload_pk_cert(VARDeltaCertA2_resolved_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A7_base_delta SHOULD PASS provisioning using: %s" % (VARDeltaCertA2_resolved_LOCATION))
|
||||
print("test_19_A7_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A8_base_delta(self):
|
||||
"""Test Base/Delta Certificates A8 - Attempt to upload Base cert with holder already having a Base Platform Cert associated with it"""
|
||||
"""Test Delta Certificates A8 - Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert
|
||||
replacing component from previous, using the Delta as a base certificate"""
|
||||
logging.info("*****************test_19_A8 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate")
|
||||
|
||||
# Upload the SIDeltaCertA3 and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertA3_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A8_base_delta run output: {0}".format(provisioner_out))
|
||||
supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries()
|
||||
|
||||
# Verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_BAD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_B1_base_delta(self):
|
||||
"""Test Base/Delta Certificates B1 - Provisioning with Bad Platform Cert Base """
|
||||
logging.info("*****************test_19_B1 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Bad Platform Cert Base")
|
||||
|
||||
logging.info("Check if ACA is online...")
|
||||
AcaPortal.check_is_online()
|
||||
if is_tpm2(TPM_VERSION):
|
||||
logging.info("Using TPM 2.0")
|
||||
logging.info("Uploading CA cert: " + CA_CERT_LOCATION)
|
||||
AcaPortal.upload_ca_cert(CA_CERT_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("Bad Base Certificate provisioner run output: {0}".format(provisioner_out))
|
||||
logging.info("Uploading CA cert: " + CA_CERT_LOCATION)
|
||||
AcaPortal.upload_ca_cert(CA_CERT_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_B1_base_delta SHOULD FAIL provisioning using: %s" % (PBaseCertB_LOCATION))
|
||||
print("test_19_B1_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Provisioning should fail since the PC contains FAULTY components.
|
||||
self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
@ -766,24 +938,24 @@ class SystemTest(unittest.TestCase):
|
||||
@collectors(['BASE_DELTA_BAD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_B2_base_delta(self):
|
||||
"""Test Base/Delta Certificates B2 - Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component resolved"""
|
||||
"""Test Base/Delta Certificates B2 - Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component unresolved"""
|
||||
logging.info("*****************test_19_B2 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component resolved")
|
||||
logging.info("Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component unresolved")
|
||||
|
||||
# Verify device supply chain appraisal result is FAIL
|
||||
#devices = AcaPortal.get_devices()
|
||||
#self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "FAIL")
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "FAIL")
|
||||
|
||||
# Upload the delta platform cert and provision
|
||||
#AcaPortal.upload_pk_cert(SIDeltaCertB1_LOCATION)
|
||||
#AcaPortal.enable_supply_chain_validations()
|
||||
#provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
# Upload the SIDeltaCertB1 and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertB1_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
#print("Bad Base/Good Delta Certificate run output: {0}".format(provisioner_out))
|
||||
print("test_19_B2_base_delta SHOULD FAIL provisioning using: %s" % (SIDeltaCertB1_LOCATION))
|
||||
print("test_19_B2_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Verify device has been updated with supply chain appraisal of PASS
|
||||
#devices = AcaPortal.get_devices()
|
||||
#self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
# Provisioning should fail since the delta contains FAULTY component.
|
||||
self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
|
||||
@collectors(['BASE_DELTA_BAD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
@ -792,6 +964,21 @@ class SystemTest(unittest.TestCase):
|
||||
logging.info("*****************test_19_B3 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Bad Platform Cert Base and 2 Good delta with all component resolved")
|
||||
|
||||
# Verify device supply chain appraisal result is FAIL
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "FAIL")
|
||||
|
||||
# Upload the VARDeltaCertB1 and provision
|
||||
AcaPortal.upload_pk_cert(VARDeltaCertB1_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_B3_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Verify device has been updated with supply chain appraisal of PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
def make_simple_ima_baseline():
|
||||
timestamp = get_current_timestamp()
|
||||
|
||||
|
||||
@ -37,14 +37,15 @@ else:
|
||||
|
||||
# Change to point to your HIRS directory
|
||||
HOME_DIR = "/HIRS/"
|
||||
HIRS_ACA_PORTAL_IP="172.17.0.2"
|
||||
|
||||
# Change accordingly
|
||||
#COLLECTOR_LIST = None
|
||||
#COLLECTOR_LIST = ["IMA"]
|
||||
#COLLECTOR_LIST = ["TPM"]
|
||||
#COLLECTOR_LIST = ["IMA", "TPM"]
|
||||
#COLLECTOR_LIST = ["BASE_DELTA_GOOD"]
|
||||
COLLECTOR_LIST = ["BASE_DELTA_BAD"]
|
||||
COLLECTOR_LIST = ["BASE_DELTA_GOOD"]
|
||||
#COLLECTOR_LIST = ["BASE_DELTA_BAD"]
|
||||
|
||||
FORMAT = "%(asctime)-15s %(message)s"
|
||||
provisioner_out = None
|
||||
@ -54,9 +55,6 @@ HIRS_ACA_PROVISIONER_TPM2_IP="172.19.0.4"
|
||||
TPM_ENABLED=True
|
||||
IMA_ENABLED=False
|
||||
|
||||
# Change accordingly
|
||||
HIRS_ACA_PORTAL_IP="172.17.0.2"
|
||||
|
||||
HIRS_ACA_PORTAL_PORT="8443"
|
||||
HIRS_BROKER_PORT="61616"
|
||||
HIRS_ACA_PORTAL_CONTAINER_PORT="80"
|
||||
@ -75,8 +73,17 @@ HIRS_ATTESTATION_CA_PORTAL_URL = "https://" + \
|
||||
|
||||
CA_CERT_LOCATION = HOME_DIR + ".ci/setup/certs/ca.crt"
|
||||
EK_CA_CERT_LOCATION = HOME_DIR + ".ci/setup/certs/ek_cert.der"
|
||||
SIDeltaCertB1_LOCATION = "/var/hirs/pc_generation/SIDeltaCertB1.der"
|
||||
|
||||
PBaseCertA_LOCATION = HOME_DIR + "PBaseCertA.der"
|
||||
PBaseCertB_LOCATION = HOME_DIR + "PBaseCertB.der"
|
||||
SIDeltaCertA1_LOCATION = HOME_DIR + "SIDeltaCertA1.der"
|
||||
SIDeltaCertA2_resolved_LOCATION = HOME_DIR + "SIDeltaCertA2_resolved.der"
|
||||
SIDeltaCertA2_LOCATION = HOME_DIR + "SIDeltaCertA2.der"
|
||||
SIDeltaCertA3_LOCATION = HOME_DIR + "SIDeltaCertA3.der"
|
||||
VARDeltaCertA1_LOCATION = HOME_DIR + "VARDeltaCertA1.der"
|
||||
VARDeltaCertA2_LOCATION = HOME_DIR + "VARDeltaCertA2.der"
|
||||
VARDeltaCertA2_resolved_LOCATION = HOME_DIR + "VARDeltaCertA2_resolved.der"
|
||||
SIDeltaCertB1_LOCATION = HOME_DIR + "SIDeltaCertB1.der"
|
||||
VARDeltaCertB1_LOCATION = HOME_DIR + "VARDeltaCertB1.der"
|
||||
|
||||
TEST_LOG_FILE= HOME_DIR + ".ci/system-tests/test_logs/system_test_" + CLIENT_OS + ".log"
|
||||
LOG_LEVEL="logging.INFO"
|
||||
@ -104,7 +111,7 @@ class SystemTest(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
"""Set the systems tests state up for testing"""
|
||||
AcaPortal.disable_supply_chain_validations()
|
||||
#AcaPortal.disable_supply_chain_validations()
|
||||
|
||||
def tearDown(self):
|
||||
"""Tears down the state for testing"""
|
||||
@ -355,71 +362,203 @@ class SystemTest(unittest.TestCase):
|
||||
trust_chain_list = AcaPortal.get_trust_chains()
|
||||
self.assertEqual(trust_chain_list['recordsTotal'], 1)
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A0_base_delta(self):
|
||||
"""Test Delta Certificates A0 - Provisioning with Good Base Platform Cert Base (via ACA upload)"""
|
||||
logging.info("*****************test_19_A0 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base (via ACA upload)")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A1_base_delta(self):
|
||||
"""Test Delta Certificates A1 - Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)"""
|
||||
logging.info("*****************test_19_A1 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)")
|
||||
logging.info("Provisioning with Good Base Platform Cert (via Platform Cert on TPM Emulator)")
|
||||
|
||||
logging.info("Check if ACA is online...")
|
||||
AcaPortal.check_is_online()
|
||||
|
||||
logging.info("Uploading CA cert: " + CA_CERT_LOCATION)
|
||||
AcaPortal.upload_ca_cert(CA_CERT_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A1_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Verify device supply chain appraisal result is PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A2_base_delta(self):
|
||||
"""Test Delta Certificates A2 - Provisioning with Good Base Platform Cert Base and 1 Delta Cert"""
|
||||
logging.info("*****************test_19_A2 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base and 1 Delta Cert")
|
||||
"""Test Delta Certificates A2 - Attempt to upload Base cert with holder already having a Base Platform Cert associated with it"""
|
||||
logging.info("*****************test_19_A8 - beginning of delta certificate test *****************")
|
||||
logging.info("Attempt to upload PBaseCertA, with PBaseCertA already loaded in the ACA.")
|
||||
|
||||
print("test_19_A2_base_delta Platform Cert has already been loaded. Attempting to upload second Platform Cert: %s" % (PBaseCertA_LOCATION))
|
||||
|
||||
# Confirm there is a Platform Cert already loaded
|
||||
cert_list = AcaPortal.get_pk_certs()
|
||||
self.assertEqual(cert_list['recordsTotal'], 1)
|
||||
self.assertEqual(cert_list['data'][0]['credentialType'], "TCG Trusted Platform Endorsement")
|
||||
self.assertEqual(cert_list['data'][0]['platformType'], "Base")
|
||||
|
||||
# Try uploading a second Platform Base Cert
|
||||
AcaPortal.upload_pk_cert(PBaseCertA_LOCATION)
|
||||
|
||||
# Confirm Platform Base Cert has not been loaded
|
||||
cert_list = AcaPortal.get_pk_certs()
|
||||
self.assertEqual(cert_list['recordsTotal'], 1)
|
||||
self.assertEqual(cert_list['data'][0]['credentialType'], "TCG Trusted Platform Endorsement")
|
||||
self.assertEqual(cert_list['data'][0]['platformType'], "Base")
|
||||
|
||||
if (cert_list['recordsTotal'] == 1):
|
||||
print ("SUCCESS.")
|
||||
else:
|
||||
print ("FAILED.")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A3_base_delta(self):
|
||||
"""Test Delta Certificates A3 - Provisioning with Good Base Platform Cert Base and 2 Delta Certs"""
|
||||
"""Test Delta Certificates A3 - Provisioning with Good Base Platform Cert Base and 1 Delta Cert"""
|
||||
logging.info("*****************test_19_A3 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base and 2 Delta Certs")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base and 1 Delta Cert")
|
||||
|
||||
# Verify device supply chain appraisal result is PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
# Upload the SIDelta cert and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertA1_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A3_base_delta run output: {0}".format(provisioner_out))
|
||||
supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries()
|
||||
# verify this is one SCVS record indicating PASS
|
||||
self.assertEqual(supply_chain_validation_summaries['recordsTotal'], 2)
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][0]['overallValidationResult'], "PASS")
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][1]['overallValidationResult'], "PASS")
|
||||
# verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A4_base_delta(self):
|
||||
"""Test Delta Certificates A4 - Provisioning with Good Base Platform Cert and 1 Bad Delta Cert"""
|
||||
"""Test Delta Certificates A4 - Provisioning with Good Base Platform Cert Base and 2 Delta Certs"""
|
||||
logging.info("*****************test_19_A4 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform Cert and 1 Bad Delta Cert")
|
||||
logging.info("Provisioning with Good Base Platform Cert Base and 2 Delta Certs")
|
||||
|
||||
# Verify device supply chain appraisal result is PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
# Upload the VARDelta cert and provision
|
||||
AcaPortal.upload_pk_cert(VARDeltaCertA1_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A4_base_delta run output: {0}".format(provisioner_out))
|
||||
supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries()
|
||||
# verify this is one SCVS record indicating PASS
|
||||
self.assertEqual(supply_chain_validation_summaries['recordsTotal'], 3)
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][0]['overallValidationResult'], "PASS")
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][1]['overallValidationResult'], "PASS")
|
||||
self.assertEqual(supply_chain_validation_summaries['data'][2]['overallValidationResult'], "PASS")
|
||||
# verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A5_base_delta(self):
|
||||
"""Test Delta Certificates A5 - Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert"""
|
||||
"""Test Delta Certificates A5 - Provisioning with Good Base Platform Cert and 1 Bad Delta Cert"""
|
||||
logging.info("*****************test_19_A5 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert")
|
||||
logging.info("Provisioning with Good Base Platform Cert and 1 Bad Delta Cert")
|
||||
|
||||
# TODO: Determine if we need this test
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A6_base_delta(self):
|
||||
"""Test Delta Certificates A6 - Provisioning with Good Base Platform, 2 Good Delta Certs and
|
||||
1 Bad Delta Cert with non present component"""
|
||||
"""Test Delta Certificates A6 - Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert"""
|
||||
logging.info("*****************test_19_A6 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert with non present component")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert")
|
||||
|
||||
# Verify device supply chain appraisal result is PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
# Upload the SIDeltaCertA2 and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertA2_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A6_base_delta SHOULD FAIL provisioning using: %s" % (SIDeltaCertA2_LOCATION))
|
||||
print("test_19_A6_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Provisioning should fail since the Delta contains a bad component.
|
||||
self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
|
||||
# Upload the SIDeltaCertA2_resolved cert and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertA2_resolved_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A6_base_delta SHOULD PASS provisioning using: %s" % (SIDeltaCertA2_resolved_LOCATION))
|
||||
print("test_19_A6_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A7_base_delta(self):
|
||||
"""Test Delta Certificates A7 - Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert
|
||||
replacing component from previous, using the Delta as a base certificate"""
|
||||
"""Test Delta Certificates A7 - Provisioning with Good Base Platform, 2 Good Delta Certs and
|
||||
1 Bad Delta Cert with non present component"""
|
||||
logging.info("*****************test_19_A7 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert with non present component")
|
||||
|
||||
# Upload the VARDeltaCertA2 and provision
|
||||
AcaPortal.upload_pk_cert(VARDeltaCertA2_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A7_base_delta SHOULD FAIL provisioning using: %s" % (VARDeltaCertA2_LOCATION))
|
||||
print("test_19_A7_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Provisioning should fail since the Delta contains a component thats not in the Base
|
||||
self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
|
||||
# Upload the VARDeltaCertA2_resolved and provision
|
||||
AcaPortal.upload_pk_cert(VARDeltaCertA2_resolved_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A7_base_delta SHOULD PASS provisioning using: %s" % (VARDeltaCertA2_resolved_LOCATION))
|
||||
print("test_19_A7_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_GOOD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_A8_base_delta(self):
|
||||
"""Test Delta Certificates A8 - Attempt to upload Base cert with holder already having a Base Platform Cert associated with it"""
|
||||
"""Test Delta Certificates A8 - Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert
|
||||
replacing component from previous, using the Delta as a base certificate"""
|
||||
logging.info("*****************test_19_A8 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate")
|
||||
|
||||
# Upload the SIDeltaCertA3 and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertA3_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_A8_base_delta run output: {0}".format(provisioner_out))
|
||||
supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries()
|
||||
|
||||
# Verify device has been updated with supply chain appraisal result
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
@collectors(['BASE_DELTA_BAD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
def test_19_B1_base_delta(self):
|
||||
@ -428,6 +567,7 @@ class SystemTest(unittest.TestCase):
|
||||
logging.info("Provisioning with Bad Platform Cert Base")
|
||||
logging.info("Check if ACA is online...")
|
||||
AcaPortal.check_is_online()
|
||||
|
||||
if is_tpm2(TPM_VERSION):
|
||||
logging.info("Using TPM 2.0")
|
||||
logging.info("Uploading CA cert: " + CA_CERT_LOCATION)
|
||||
@ -437,7 +577,7 @@ class SystemTest(unittest.TestCase):
|
||||
|
||||
print("test_19_B1_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Provisioning should fail since the PC contains FAULTY components.
|
||||
# Provisioning should fail since the PC contains FAULTY component.
|
||||
self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
|
||||
@collectors(['BASE_DELTA_BAD'], COLLECTOR_LIST)
|
||||
@ -452,16 +592,16 @@ class SystemTest(unittest.TestCase):
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "FAIL")
|
||||
|
||||
# Upload the delta platform cert and provision
|
||||
# Upload the SIDeltaCertB1 and provision
|
||||
AcaPortal.upload_pk_cert(SIDeltaCertB1_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("Bad Base/Good Delta Certificate run output: {0}".format(provisioner_out))
|
||||
print("test_19_B2_base_delta SHOULD FAIL provisioning using: %s" % (SIDeltaCertB1_LOCATION))
|
||||
print("test_19_B2_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Verify device has been updated with supply chain appraisal of PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
# Provisioning should fail since the delta contains FAULTY component.
|
||||
self.assertIn("Provisioning failed", format(provisioner_out))
|
||||
|
||||
@collectors(['BASE_DELTA_BAD'], COLLECTOR_LIST)
|
||||
@unittest.skipIf(not is_tpm2(TPM_VERSION), "Skipping this test due to TPM Version " + TPM_VERSION)
|
||||
@ -470,6 +610,21 @@ class SystemTest(unittest.TestCase):
|
||||
logging.info("*****************test_19_B3 - beginning of delta certificate test *****************")
|
||||
logging.info("Provisioning with Bad Platform Cert Base and 2 Good delta with all component resolved")
|
||||
|
||||
# Verify device supply chain appraisal result is FAIL
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "FAIL")
|
||||
|
||||
# Upload the VARDeltaCertB1 and provision
|
||||
AcaPortal.upload_pk_cert(VARDeltaCertB1_LOCATION)
|
||||
AcaPortal.enable_supply_chain_validations()
|
||||
provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
|
||||
|
||||
print("test_19_B3_base_delta run output: {0}".format(provisioner_out))
|
||||
|
||||
# Verify device has been updated with supply chain appraisal of PASS
|
||||
devices = AcaPortal.get_devices()
|
||||
self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
|
||||
|
||||
if __name__ == '__main__':
|
||||
suite = unittest.TestLoader().loadTestsFromTestCase(SystemTest)
|
||||
ret = not unittest.TextTestRunner(verbosity=2).run(suite).wasSuccessful()
|
||||
|
||||
Loading…
Reference in New Issue
Block a user