diff --git a/.ci/setup/setup-tpm2provisioner.sh b/.ci/setup/setup-tpm2provisioner.sh index 7735fba7..5e44ae5f 100755 --- a/.ci/setup/setup-tpm2provisioner.sh +++ b/.ci/setup/setup-tpm2provisioner.sh @@ -4,33 +4,43 @@ # ######################################################################################### set -e -pushd / +pushd / > /dev/null echo "Setting up TPM emulator for the TPM2 Provisioner" # Function to make and install TPM 2.0 Provisioner packages function InstallProvisioner { echo "===========Installing TPM 2.0 Provisioner Packages...===========" - pushd /HIRS + pushd /HIRS > /dev/null echo "Building the HIRS Provisioner ..." mkdir -p /HIRS/logs/provisioner/ sh package/package.centos.sh &> /HIRS/logs/provisioner/provisioner_build.log echo "Installing the HIRS Provisioner ..." yum install -y package/rpm/RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.el7.x86_64.rpm - popd + popd > /dev/null } # use ibm tss to properly clear tpm pcr values function setTpmPcrValues { mkdir /ibmtss -pushd /ibmtss +pushd /ibmtss > /dev/null echo "Installing IBM TSS to set the TPM simulator intial values correctly..." wget --no-check-certificate https://downloads.sourceforge.net/project/ibmtpm20tss/ibmtss1.5.0.tar.gz > /dev/null tar -zxvf ibmtss1.5.0.tar.gz > /dev/null cd utils make -f makefiletpmc > /dev/null cd ../utils - ./startup -popd + ./startup +popd > /dev/null +} + +# Set default values tcg_boot_properties +function setTcgProperties { +propFile="/etc/hirs/tcg_boot.properties"; + +echo "tcg.rim.dir=/boot/tcg/manifest/rim/" > $propFile; +echo "tcg.swidtag.dir=/boot/tcg/manifest/swidtag/" >> $propFile; +echo "tcg.cert.dir=/boot/tcg/cert/platform/" >> $propFile; +echo "tcg.event.file=/sys/kernel/security/tpm0/binary_bios_measurements" >> $propFile; } # Function to initialize the TPM 2.0 Emulator @@ -136,7 +146,7 @@ function WaitForAca { # Wait for ACA to boot echo "Waiting for ACA to spin up at address ${HIRS_ACA_PORTAL_IP} on port ${HIRS_ACA_PORTAL_PORT} ..." until [ "`curl --silent --connect-timeout 1 -I -k https://${HIRS_ACA_PORTAL_IP}:${HIRS_ACA_PORTAL_PORT}/HIRS_AttestationCAPortal | grep '302 Found'`" != "" ]; do - sleep 5; + sleep 1; #echo "Checking on the ACA..." done echo "ACA is up!" @@ -152,6 +162,11 @@ InstallProvisioner echo "TPM2 Provisioner container running:" echo "Contents of /etc/hirs is $(ls -al /etc/hirs)"; +setTcgProperties + +echo "TPM2 Provisioner container running:" +echo "Contents of /etc/hirs is $(ls -al /etc/hirs)"; + # Install TPM 2.0 Emulator InitTpm2Emulator diff --git a/.ci/system-tests/container/rim_setup.sh b/.ci/system-tests/container/rim_setup.sh index 3da11acf..1fcf9d06 100644 --- a/.ci/system-tests/container/rim_setup.sh +++ b/.ci/system-tests/container/rim_setup.sh @@ -19,25 +19,10 @@ echo "Test is using RIM files from $profile : $test" # update tcg_boot.properties to use test specific binary_bios_measurement file eventLog="$testDir"/"$profile"_"$test"_binary_bios_measurements -propFile="/etc/hirs/tcg_boot.properties"; -#echo "propFile = $propFile" - -# tcg_boot_properties is being erased, so recreate for now ...... -#echo "tcg.rim.dir=/boot/tcg/manifest/rim/" > $propFile; -#echo "tcg.swidtag.dir=/boot/tcg/manifest/swidtag/" >> $propFile; -#echo "tcg.cert.dir=/boot/tcg/cert/platform/" >> $propFile; -#echo "tcg.event.file=/sys/kernel/security/tpm0/binary_bios_measurements" >> $propFile; - -#echo "eventLog = $eventLog" -#echo "Contents of /etc/hirs is $(ls -al /etc/hirs)"; -#echo "Contents of $propFile before sed is $(cat $propFile)"; sed -i "s:tcg.event.file=.*:tcg.event.file=$eventLog:g" "$propFile" #echo "Contents of $propFile after sed is $(cat $propFile)"; -#echo "======================" - -#echo "Contents of/boot/tcg/cert/platform/ is $(ls /boot/tcg/cert/platform/) : " # Step 2: Copy Base RIM files to the TCG folder pushd $testDir/swidtags/ > /dev/null @@ -62,7 +47,6 @@ popd > /dev/null # echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)" #Step 4, run the setpcr script to make the TPM emulator hold values that correspond the binary_bios_measurement file -#echo "Setting PCR register 0 - 23 for test $profile : $test" sh $testDir/"$profile"_"$test"_setpcrs.sh #tpm2_pcrlist -g sha256