Adding Platform Cert Tests and RIM System Tests to V3 (#781)

* Adding Platform Cert and RIM Tests to V3 and modifying workflow file to split those tests into individual steps

.ci/system-tests/container/rim_setup.sh

@@ -11,9 +11,9 @@ ciTestDir="/ci_test"
 tcgDir="$ciTestDir/boot/efi/EFI/tcg"
 
 # Profile selections
-profileDir="/HIRS/.ci/system-tests/profiles/$profile"
+profileDir="/hirs/.ci/system-tests/profiles/$profile"
 defaultDir="$profileDir/default"
-testDir="/HIRS/.ci/system-tests/profiles/$profile/$test"
+testDir="/hirs/.ci/system-tests/profiles/$profile/$test"
 eventLog="$testDir"/"$profile"_"$test"_binary_bios_measurements
 swidDir="$testDir/swidtags"
 rimDir="$testDir/rims"
@@ -30,6 +30,9 @@ mkdir -p $tcgDir/manifest/swidtag/;  # Create the platform cert folder if its no
 rm -f $tcgDir/manifest/swidtag/*;   # clear out any previous data
 
 # Step 1: Copy binary_bios_measurement file
+if [ ! -e "$eventLog" ]; then
+  eventLog="$defaultDir"/laptop_default_binary_bios_measurements
+fi
 echo "eventLog used was  $eventLog"
 cp "$eventLog" "$ciTestEventLog"
 

.ci/system-tests/run_system_tests.sh

@@ -5,7 +5,7 @@
 #    Notes for running manually/locally
 #    1. Uncomment the "cd ../.." line below to make working directory = /HIRS/
 #    2. Run with the desired HIRS branch as an argument (i.e. $./run_system_tests.sh main)
-#########################################################################################
+##########################################################################################
 #cd ../..
 
 # Setting variables
@@ -14,7 +14,7 @@ tpm2_container=hirs-provisioner1-tpm2
 
 # Start System Testing Docker Environment
 echo "********  Setting up for HIRS System Tests for TPM 2.0 ******** "
-docker compose -f ./.ci/docker/docker-compose-system-test.yml up -d
+docker compose -f ./.ci/docker/docker-compose-system-test.yml up --pull "always" -d
 
 # Setting up and Starting ACA + Switching to current/desired branch in ACA Container
 docker exec $aca_container sh -c "/tmp/auto_clone_branch $1 > /dev/null 2>&1 \
@@ -35,8 +35,8 @@ docker exec $tpm2_container sh /hirs/.ci/setup/container/setup_tpm2provisioner_d
 # Initiating System Tests
 echo "******** Setup Complete. Beginning HIRS System Tests. ******** "
 ./.ci/system-tests/tests/aca_policy_tests.sh
-#./.ci/system-tests/tests/platform_cert_tests.sh
-#./.ci/system-tests/tests/rim_system_tests.sh
+./.ci/system-tests/tests/platform_cert_tests.sh
+./.ci/system-tests/tests/rim_system_tests.sh
 
 echo "******** HIRS System Tests Complete ******** "
 

.ci/system-tests/setup_system_tests.sh

@@ -11,7 +11,7 @@ tpm2_container=hirs-provisioner1-tpm2
 
 # Start System Testing Docker Environment
 echo "********  Setting up for HIRS System Tests for TPM 2.0 ******** "
-docker compose -f ./.ci/docker/docker-compose-system-test.yml up -d
+docker compose -f ./.ci/docker/docker-compose-system-test.yml up --pull "always" -d
 
 # Setting up and Starting ACA + Switching to current/desired branch in ACA Container
 docker exec $aca_container sh -c "/tmp/auto_clone_branch $1 > /dev/null 2>&1 \

.ci/system-tests/tests/platform_cert_tests.sh

@@ -3,32 +3,43 @@
 #    HIRS Platform Certificate System Tests
 #
 #########################################################################################
+source ./.ci/system-tests/sys_test_common.sh
 testResult=false
 totalTests=0;
 failedTests=0;
+test="all"
+case $1 in
+    1) test="1" ;;
+    2) test="2" ;;
+    3) test="3" ;;
+esac
 
 # Start ACA Platform Certificate Tests
 # provisionTpm2 takes 1 parameter (the expected result): "pass" or "fail"
 # Note that the aca_policy_tests have already run several Platform Certificate system tests
 
-writeToLogs "### ACA PLATFORM CERTIFICATE TEST 1: Test a delta Platform Certificate that adds a new memory component ###"
-clearAcaDb
-uploadTrustedCerts
-setPolicyEkPc
-setPlatformCerts "laptop" "deltaPlatMem"
-provisionTpm2 "pass"
-
-writeToLogs "### ACA PLATFORM CERTIFICATE TEST 2: Test a Platform Certificate that is missing a memory component ###"
-clearAcaDb
-uploadTrustedCerts
-setPlatformCerts "laptop" "platCertLight"
-provisionTpm2 "pass"
-
-writeToLogs "### ACA PLATFORM CERTIFICATE TEST 3: Test a Delta Platform Certificate that has a wrong a memory component ###"
-clearAcaDb
-uploadTrustedCerts
-setPlatformCerts "laptop" "badDeltaMem"
-provisionTpm2 "fail"
+if [ "$test" = "1" ] || [ "$test" = "all" ]; then
+    writeToLogs "### ACA PLATFORM CERTIFICATE TEST 1: Test a delta Platform Certificate that adds a new memory component ###"
+    clearAcaDb
+    uploadTrustedCerts
+    setPolicyEkPc
+    setPlatformCerts "laptop" "deltaPlatMem"
+    provisionTpm2 "pass"
+fi
+if [ "$test" = "2" ] || [ "$test" = "all" ]; then
+    writeToLogs "### ACA PLATFORM CERTIFICATE TEST 2: Test a Platform Certificate that is missing a memory component ###"
+    clearAcaDb
+    uploadTrustedCerts
+    setPlatformCerts "laptop" "platCertLight"
+    provisionTpm2 "pass"
+fi
+if [ "$test" = "3" ] || [ "$test" = "all" ]; then
+    writeToLogs "### ACA PLATFORM CERTIFICATE TEST 3: Test a Delta Platform Certificate that has a wrong a memory component ###"
+    clearAcaDb
+    uploadTrustedCerts
+    setPlatformCerts "laptop" "badDeltaMem"
+    provisionTpm2 "fail"
+fi
 
 #  Process Test Results, any single failure will send back a failed result.
 if [[ $failedTests != 0 ]]; then

.ci/system-tests/tests/rim_system_tests.sh

@@ -3,37 +3,48 @@
 #    HIRS Reference Integrity Manifest System Tests
 #
 #########################################################################################
+source ./.ci/system-tests/sys_test_common.sh
 testResult=false
 totalTests=0;
 failedTests=0;
+test="all"
+case $1 in
+    1) test="1" ;;
+    2) test="2" ;;
+    3) test="3" ;;
+esac
 
 # Start ACA Reference Integrity Manifest Tests
 # provisionTpm2 takes 1 parameter (the expected result): "pass" or "fail"
 # Note that the aca_policy_tests have already run several RIM system tests
 
-writeToLogs "### ACA RIM TEST 1: Test a RIM from an OEM and a Supplemental RIM from a VAR ###"
-clearAcaDb
-uploadTrustedCerts
-setPolicyEkPcFw
-setPlatformCerts "laptop" "varOsInstall"
-setRims "laptop" "varOsInstall" "clear"
-provisionTpm2 "pass"
-
-writeToLogs "### ACA RIM TEST 2: Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR ###"
-clearAcaDb
-uploadTrustedCerts
-setPolicyEkPcFw
-setPlatformCerts "laptop" "badOemInstall"
-setRims "laptop" "badOemInstall" "clear"
-provisionTpm2 "fail"
-
-writeToLogs "### ACA RIM TEST 3: Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement ###"
-clearAcaDb
-uploadTrustedCerts
-setPolicyEkPcFw
-setPlatformCerts "laptop" "badVarInstall"
-setRims "laptop" "badVarInstall" "clear"
-provisionTpm2 "fail"
+if [ "$test" = "1" ] || [ "$test" = "all" ]; then
+    writeToLogs "### ACA RIM TEST 1: Test a RIM from an OEM and a Supplemental RIM from a VAR ###"
+    clearAcaDb
+    uploadTrustedCerts
+    setPolicyEkPcFw
+    setPlatformCerts "laptop" "varOsInstall"
+    setRims "laptop" "varOsInstall" "clear"
+    provisionTpm2 "pass"
+fi
+if [ "$test" = "2" ] || [ "$test" = "all" ]; then
+    writeToLogs "### ACA RIM TEST 2: Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR ###"
+    clearAcaDb
+    uploadTrustedCerts
+    setPolicyEkPcFw
+    setPlatformCerts "laptop" "badOemInstall"
+    setRims "laptop" "badOemInstall" "clear"
+    provisionTpm2 "fail"
+fi
+if [ "$test" = "3" ] || [ "$test" = "all" ]; then
+    writeToLogs "### ACA RIM TEST 3: Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement ###"
+    clearAcaDb
+    uploadTrustedCerts
+    setPolicyEkPcFw
+    setPlatformCerts "laptop" "badVarInstall"
+    setRims "laptop" "badVarInstall" "clear"
+    provisionTpm2 "fail"
+fi
 
 #  Process Test Results, any single failure will send back a failed result.
 if [[ $failedTests != 0 ]]; then

.github/workflows/system_test.yml

@@ -74,6 +74,46 @@ jobs:
       #   shell: bash
       #   run: |
       #     .ci/system-tests/tests/aca_policy_tests.sh
+      - name: ACA PLATFORM CERTIFICATE TEST 1 - Test a delta Platform Certificate that adds a new memory component
+        continue-on-error: true
+        shell: bash
+        run: |
+          .ci/system-tests/tests/platform_cert_tests.sh 1
+      - name: ACA PLATFORM CERTIFICATE TEST 2 - Test a Platform Certificate that is missing a memory component
+        continue-on-error: true
+        shell: bash
+        run: |
+          .ci/system-tests/tests/platform_cert_tests.sh 2
+      - name: ACA PLATFORM CERTIFICATE TEST 3 - Test a Delta Platform Certificate that has a wrong a memory component
+        continue-on-error: true
+        shell: bash
+        run: |
+          .ci/system-tests/tests/platform_cert_tests.sh 3
+      # - name: All Platform Cert Tests 1-3
+      #   continue-on-error: true
+      #   shell: bash
+      #   run: |
+      #     .ci/system-tests/tests/platform_cert_tests.sh
+      - name: ACA RIM TEST 1 - Test a RIM from an OEM and a Supplemental RIM from a VAR
+        continue-on-error: true
+        shell: bash
+        run: |
+          .ci/system-tests/tests/rim_system_tests.sh 1
+      - name: ACA RIM TEST 2 - Test a RIM from an OEM with a bad reference measurement and a Supplemental RIM from a VAR
+        continue-on-error: true
+        shell: bash
+        run: |
+          .ci/system-tests/tests/rim_system_tests.sh 2
+      - name: ACA RIM TEST 3 - Test a RIM from an OEM and a Supplemental RIM from a VAR with a bad reference measurement
+        continue-on-error: true
+        shell: bash
+        run: |
+          .ci/system-tests/tests/rim_system_tests.sh 3
+      # - name: All RIM System Tests 1-3
+      #   continue-on-error: true
+      #   shell: bash
+      #   run: |
+      #     .ci/system-tests/tests/rim_system_tests.sh
       - name: Copy System Test Log files
         continue-on-error: true
         shell: bash