mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-30 01:39:05 +00:00
Added ACA tests using uploaded artifacts
This commit is contained in:
parent
621f0b3e4f
commit
c15ee45459
@ -33,6 +33,9 @@ HIRS_CI_TEST_DEFAULT_DMI_ZIP=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/laptop_dmi.zip
|
||||
HIRS_CI_TEST_DEFAULT_HW_JSON_FILE=$HIRS_CI_TEST_DEFAULT_TEST_DIR/laptop_default_hw.json
|
||||
HIRS_CI_TEST_DEFAULT_EVENT_LOG=$HIRS_CI_TEST_DEFAULT_TEST_DIR/laptop_default_binary_bios_measurements
|
||||
HIRS_CI_TEST_DEFAULT_SETPCRS_SH=$HIRS_CI_TEST_DEFAULT_TEST_DIR/laptop_default_setpcrs.sh
|
||||
HIRS_CI_TEST_DEFAULT_PLATFORMCERTS_DIR=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/empty/platformcerts
|
||||
HIRS_CI_TEST_DEFAULT_RIMS_DIR=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/empty/rims
|
||||
HIRS_CI_TEST_DEFAULT_SWIDTAGS_DIR=$HIRS_CI_TEST_DEFAULT_PROFILE_DIR/empty/swidtags
|
||||
|
||||
HIRS_CI_TPM_EK_CERT_FILE=/hirs/.ci/setup/certs/ek_cert.der
|
||||
HIRS_CI_TPM_EK_CERT_NV_ATTR="0x2000A"
|
||||
|
@ -12,7 +12,6 @@
|
||||
|
||||
profile=laptop
|
||||
test=default
|
||||
ciTestDir=$HIRS_CI_TEST_ROOT
|
||||
ciTestHwJsonFile=$HIRS_CI_TEST_HW_JSON_FILE
|
||||
|
||||
# By default save the artifacts in EFI and do not upload to the ACA
|
||||
@ -75,7 +74,7 @@ fi
|
||||
# Ensure platform folder under efi is set up and cleared
|
||||
$HIRS_CI_REPO_ROOT/.ci/system-tests/container/efi_setup.sh -p
|
||||
|
||||
echo "Test is using platform cert(s) from $profile : $test"
|
||||
echo "Platform certs selected from profile: $profile : $test"
|
||||
# Step 1: Copy hw json file, if it exists.
|
||||
if [ -f "$hwJsonFile" ]; then
|
||||
echo "hw file used was $hwJsonFile"
|
||||
@ -87,11 +86,11 @@ dnf install -y unzip &> /dev/null
|
||||
|
||||
# Step 2: Unpack the dmi files.
|
||||
echo "dmi file used was $dmiZip"
|
||||
unzip -o "$dmiZip" -d "$ciTestDir"
|
||||
unzip -o "$dmiZip" -d $HIRS_CI_TEST_ROOT
|
||||
|
||||
# Step 3: Copy the platform cert to tcg folder and or upload it to the ACA
|
||||
if [[ ! -d $pcDir ]]; then
|
||||
pcDir=$profileDir/default/platformcerts;
|
||||
pcDir=$profileDir/default/platformcerts
|
||||
fi
|
||||
|
||||
pushd $pcDir > /dev/null
|
||||
@ -99,9 +98,11 @@ pushd $pcDir > /dev/null
|
||||
if [[ ! -f ".gitignore" ]]; then
|
||||
for cert in * ; do
|
||||
if [ "$PUT_ARTIFACTS_IN_ESP" = YES ]; then
|
||||
echo "Saving $cert to $HIRS_CI_EFI_PATH_PLATFORM"
|
||||
cp $cert $HIRS_CI_EFI_PATH_PLATFORM
|
||||
fi
|
||||
if [ "$UPLOAD_ARTIFACTS" = YES ]; then
|
||||
echo "Uploading $cert to $SERVER_PCERT_POST"
|
||||
curl -k -F "file=@$cert" $SERVER_PCERT_POST
|
||||
fi
|
||||
done
|
||||
|
@ -9,11 +9,7 @@
|
||||
|
||||
profile=laptop
|
||||
test=default
|
||||
ciTestDir=$HIRS_CI_TEST_ROOT
|
||||
ciTestEventLog=$HIRS_CI_TEST_EVENT_LOG_FILE
|
||||
tcgDir=$HIRS_CI_EFI_PATH_TCG
|
||||
tcgSwidDir=$HIRS_CI_EFI_PATH_SWIDTAG
|
||||
tcgRimDir=$HIRS_CI_EFI_PATH_RIM
|
||||
|
||||
# By default save the artifacts in EFI and do not upload to the ACA
|
||||
UPLOAD_ARTIFACTS=NO
|
||||
@ -83,9 +79,11 @@ pushd $swidDir > /dev/null
|
||||
if [[ ! -f ".gitignore" ]]; then
|
||||
for swidtag in * ; do
|
||||
if [ "$PUT_ARTIFACTS_IN_ESP" = YES ]; then
|
||||
cp $swidtag $tcgSwidDir
|
||||
echo "Saving $swidtag to $HIRS_CI_EFI_PATH_SWIDTAG"
|
||||
cp $swidtag $HIRS_CI_EFI_PATH_SWIDTAG
|
||||
fi
|
||||
if [ "$UPLOAD_ARTIFACTS" = YES ]; then
|
||||
echo "Uploading $swidtag to $SERVER_RIM_POST"
|
||||
curl -k -F "file=@$swidtag" $SERVER_RIM_POST
|
||||
fi
|
||||
done
|
||||
@ -99,9 +97,11 @@ pushd $rimDir > /dev/null
|
||||
if [[ ! -f ".gitignore" ]]; then
|
||||
for rim in * ; do
|
||||
if [ "$PUT_ARTIFACTS_IN_ESP" = YES ]; then
|
||||
cp $rim $tcgRimDir
|
||||
echo "Saving $rim to $HIRS_CI_EFI_PATH_RIM"
|
||||
cp $rim $HIRS_CI_EFI_PATH_RIM
|
||||
fi
|
||||
if [ "$UPLOAD_ARTIFACTS" = YES ]; then
|
||||
echo "Uploading $rim to $SERVER_RIM_POST"
|
||||
curl -k -F "file=@$rim" $SERVER_RIM_POST
|
||||
fi
|
||||
done
|
||||
|
@ -115,16 +115,22 @@ resetTpmForNewTest() {
|
||||
|
||||
# Places platform cert(s) held in the test folder(s) in the provisioners tcg folder
|
||||
setPlatformCerts() {
|
||||
docker exec -i $tpm2_container /bin/bash -c "$HIRS_CI_REPO_ROOT/.ci/system-tests/container/pc_setup.sh $@"
|
||||
OPTIONS="$@"
|
||||
echo "Asking container $tpm2_container to run pc_setup.sh $OPTIONS"
|
||||
docker exec -i $tpm2_container /bin/bash -c "$HIRS_CI_REPO_ROOT/.ci/system-tests/container/pc_setup.sh $OPTIONS"
|
||||
}
|
||||
|
||||
# Places RIM files held in the test folder in the provisioners tcg folder
|
||||
setRims() {
|
||||
docker exec -i $tpm2_container /bin/bash -c "$HIRS_CI_REPO_ROOT/.ci/system-tests/container/rim_setup.sh $@"
|
||||
OPTIONS="$@"
|
||||
echo "Asking container $tpm2_container to run rim_setup.sh $OPTIONS"
|
||||
docker exec -i $tpm2_container /bin/bash -c "$HIRS_CI_REPO_ROOT/.ci/system-tests/container/rim_setup.sh $OPTIONS"
|
||||
}
|
||||
|
||||
setAppsettings() {
|
||||
docker exec -i $tpm2_container /bin/bash -c "source $HIRS_CI_REPO_ROOT/.ci/setup/container/tpm2_common.sh; setCiHirsAppsettingsFile $@"
|
||||
OPTIONS="$@"
|
||||
echo "Asking container $tpm2_container to set the appsettings file with options: $OPTIONS"
|
||||
docker exec -i $tpm2_container /bin/bash -c "source $HIRS_CI_REPO_ROOT/.ci/setup/container/tpm2_common.sh; setCiHirsAppsettingsFile $OPTIONS"
|
||||
}
|
||||
|
||||
# Writes to the Action ouput, ACA log, and Provisioner Log
|
||||
|
@ -25,6 +25,10 @@ esac
|
||||
if [ "$test" = "1" ] || [ "$test" = "all" ]; then
|
||||
writeToLogs "### ACA POLICY TEST 1: Test ACA default policy ###"
|
||||
writeToLogs "Now using default appsettings"
|
||||
clearAcaDb
|
||||
resetTpmForNewTest
|
||||
setAppsettings
|
||||
setPolicyNone
|
||||
setPlatformCerts -p "laptop" -t "empty"
|
||||
provisionTpm2 "pass"
|
||||
fi
|
||||
@ -78,6 +82,26 @@ if [ "$test" = "8" ] || [ "$test" = "all" ]; then
|
||||
setRims -p "laptop" -t "default"
|
||||
provisionTpm2 "pass"
|
||||
fi
|
||||
if [ "$test" = "9" ] || [ "$test" = "all" ]; then
|
||||
writeToLogs "### ACA POLICY TEST 9: Test valid PC and RIM with PC only uploaded ###"
|
||||
clearAcaDb
|
||||
resetTpmForNewTest
|
||||
setPolicyEkPcFw
|
||||
uploadTrustedCerts
|
||||
setPlatformCerts -p "laptop" -t "default" -u -n
|
||||
setRims -p "laptop" -t "default"
|
||||
provisionTpm2 "pass"
|
||||
fi
|
||||
if [ "$test" = "10" ] || [ "$test" = "all" ]; then
|
||||
writeToLogs "### ACA POLICY TEST 10: Test valid PC and RIM with RIM only uploaded ###"
|
||||
clearAcaDb
|
||||
resetTpmForNewTest
|
||||
setPolicyEkPcFw
|
||||
uploadTrustedCerts
|
||||
setPlatformCerts -p "laptop" -t "default"
|
||||
setRims -p "laptop" -t "default" -u -n
|
||||
provisionTpm2 "pass"
|
||||
fi
|
||||
|
||||
# Process Test Results, any single failure will send back a failed result.
|
||||
if [[ $failedTests != 0 ]]; then
|
||||
|
Loading…
Reference in New Issue
Block a user