From b0f85c0a3efd7a94af38bec3d4598b2c99b0b60c Mon Sep 17 00:00:00 2001 From: lareine Date: Thu, 3 Feb 2022 15:30:10 -0500 Subject: [PATCH] Added intial RIM Test script cleanup --- .ci/system-tests/container/pc_setup.sh | 12 +++++- .ci/system-tests/container/rim_setup.sh | 50 +++++++++++++++++-------- 2 files changed, 46 insertions(+), 16 deletions(-) diff --git a/.ci/system-tests/container/pc_setup.sh b/.ci/system-tests/container/pc_setup.sh index 20697ad1..6a13a348 100644 --- a/.ci/system-tests/container/pc_setup.sh +++ b/.ci/system-tests/container/pc_setup.sh @@ -6,8 +6,14 @@ profile=$1 test=$2 +tcgDir="/boot/tcg" compscript="$profile"_"$test"_allcomponents.sh hwlist="$profile"_"$test"_hw.json +testDir="/HIRS/.ci/system-tests/profiles/$profile/$test" +pcDir=$testDir/platformcerts +profileDir="/HIRS/.ci/system-tests/profiles/$profile" + + # Current TCG folder for platform certs, likely to change with release of the next FIM specification tcgDir=/boot/tcg/cert/platform/ mkdir -p $tcgDir; # Create the platform cert folder if its not there @@ -34,7 +40,11 @@ fi cp -f $allCompJson /opt/paccor/scripts/$hwlist ; # Step 3: Copy the platform cert to tcg folder on boot drive -pushd /HIRS/.ci/system-tests/profiles/$profile/$test/platformcerts/ > /dev/null +# a: See if test specific swidtag folder exists, if not use the defualt folder +if [[ ! -d $pcDir ]]; then + pcDir=$profileDir/default/platformcerts; +fi +pushd $pcDir > /dev/null # Skip copy of platform cert if .gitigore exists (empty profile) if [[ ! -f ".gitignore" ]]; then for cert in * ; do diff --git a/.ci/system-tests/container/rim_setup.sh b/.ci/system-tests/container/rim_setup.sh index 82b11691..49947efb 100644 --- a/.ci/system-tests/container/rim_setup.sh +++ b/.ci/system-tests/container/rim_setup.sh @@ -7,34 +7,50 @@ profile=$1 test=$2 tcgDir="/boot/tcg" -testDir="/HIRS/.ci/system-tests/profiles/$profile/$test" propFile="/etc/hirs/tcg_boot.properties"; +profileDir="/HIRS/.ci/system-tests/profiles/$profile" +defaultDir="$profile/default" +testDir="/HIRS/.ci/system-tests/profiles/$profile/$test" eventLog="$testDir"/"$profile"_"$test"_binary_bios_measurements +swidDir="$testDir/swidtags" +rimDir="$testDir/rims" +pcrScript="$testDir/"$profile"_"$test"_setpcrs.sh" +echo "Test is using RIM files from $profile : $test" + +# Make sure TCG defined RIM folders exist and are cleared out mkdir -p $tcgDir/manifest/rim/; # Create the platform cert folder if its not there -rm -f $tcgDir/manifest/rim/*; # clear out any previous data +rm -f $tcgDir/manifest/rim/*; # clear out any previous data mkdir -p $tcgDir/manifest/swidtag/; # Create the platform cert folder if its not there rm -f $tcgDir/manifest/swidtag/*; # clear out any previous data -echo "Test is using RIM files from $profile : $test" +# Step 1: Update the tcg_boot.properties to use test specific binary_bios_measurement file +# a: if file does not exist in the test folder then use the default measurement file +# b: change the property file to point to the the test file -# update tcg_boot.properties to use test specific binary_bios_measurement file +if [[ ! -f "$eventLog" ]]; then + eventLog="$defaultDir"/"$profile"_default_binary_bios_measurements +fi sed -i "s:tcg.event.file=.*:tcg.event.file=$eventLog:g" "$propFile" -#echo "Contents of $propFile after sed is $(cat $propFile)"; - # Step 2: Copy Base RIM files to the TCG folder -pushd $testDir/swidtags/ > /dev/null - +# a: See if test specific swidtag folder exists, if not use the defualt folder +if [[ ! -d $swidDir ]]; then + swidDir=$defaultDir/swidtags; +fi +pushd $swidDir > /dev/null if [[ ! -f ".gitignore" ]]; then for swidtag in * ; do cp -f $swidtag $tcgDir/manifest/swidtag/$swidtag; done fi popd > /dev/null -# Step 3: Copy Support RIM files to the TCG folder -pushd $testDir/rims/ > /dev/null +# Step 3: Copy Support RIM files to the TCG folder in the same mannor +if [[ ! -d $rimDir ]]; then + rimDir=$defaultDir/rims; +fi +pushd $rimDir > /dev/null if [[ ! -f ".gitignore" ]]; then for rim in * ; do @@ -43,11 +59,15 @@ pushd $testDir/rims/ > /dev/null fi popd > /dev/null -# echo "Contents of tcg swidtag folder $tcgDir/manifest/swidtag/ : $(ls $tcgDir/manifest/swidtag/)" -# echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)" + echo "Contents of tcg swidtag folder $tcgDir/manifest/swidtag/ : $(ls $tcgDir/manifest/swidtag/)" + echo "Contents of tcg rim folder tcgDir/manifest/rim/: $(ls $tcgDir/manifest/rim/)" #Step 4, run the setpcr script to make the TPM emulator hold values that correspond the binary_bios_measurement file -sh $testDir/"$profile"_"$test"_setpcrs.sh -#tpm2_pcrlist -g sha256 +# a: Check if a test specific setpcr.sh file exists. If not use the profiles default script +if [[ ! -f $pcrScript ]]; then + pcrScript="$testDir/"$profile"_default_setpcrs.sh" +fi +sh $pcrScript; +tpm2_pcrlist -g sha256 -# Done with rim_setup \ No newline at end of file +# Done with rim_setup \ No newline at end of file