go-attestation/ci/setup_tpm12_simulator.sh

#!/bin/bash
#
###############################################################################
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
#
# Builds/installs a TPM 1.2 simulator + trousers, on a debian-based system.
# USAGE: ./setup_tpm12_simulator.sh <working dir>
set -e

SIMULATOR_TARBALL_URL="https://sourceforge.net/projects/ibmswtpm/files/tpm4769tar.gz/download"
SIMULATOR_TAR_SHA256="bb0a3f8003ca8ba71eb4a0852f0eb35a112297e28fce8e166412d4b2202c5010"

if [[ "${1}" == "" ]]; then
  >&2 echo "Error: Must specify the working directory as the first argument."
  exit 1
fi

PROJECT_ROOT=$(pwd)
BUILD_BASE="${1%/}" # Trim any trailing slash.
SIMULATOR_SRC="${BUILD_BASE}/simulator"

setup_build_base () {
  if [[ ! -d "${BUILD_BASE}" ]] && [[ -e "${BUILD_BASE}" ]]; then
    >&2 echo "Error: '${BUILD_BASE}' is not a directory."
    exit 1
  fi
  if [[ ! -e "${BUILD_BASE}" ]]; then
    mkdir -pv "${BUILD_BASE}"
  fi

  sudo apt-get -y install libssl-dev build-essential make trousers libtool autoconf tpm-tools
}

fetch_simulator () {
  TARBALL="${BUILD_BASE}/sim.tar.gz"

  if [[ ! -f "${TARBALL}" ]]; then
    wget -q -O "${TARBALL}" "${SIMULATOR_TARBALL_URL}"
  fi

  HSH=$(sha256sum "${TARBALL}" | cut -d" " -f1)
  if [[ "${HSH}" != "${SIMULATOR_TAR_SHA256}" ]]; then
    >&2 echo "'${TARBALL}' does not match expected SHA256."
    >&2 echo "Got: ${HSH}"
    >&2 echo "Want: ${SIMULATOR_TAR_SHA256}"
    exit 2
  fi

  mkdir -pv "${SIMULATOR_SRC}"
  tar -zxf "${TARBALL}" --directory "${SIMULATOR_SRC}"
}

build_simulator () {
  cp -v "${SIMULATOR_SRC}/tpm/makefile-tpm" "${SIMULATOR_SRC}/tpm/Makefile"
  cd "${SIMULATOR_SRC}/tpm" && make -j4
  cd "${SIMULATOR_SRC}/libtpm" && ./autogen
  cd "${SIMULATOR_SRC}/libtpm" && ./configure
  cd "${SIMULATOR_SRC}/libtpm" && make -j4
}

run_simulator () {
  mkdir -pv "${BUILD_BASE}/NVRAM"
  export TPM_PORT='6545'
  export TPM_PATH="${BUILD_BASE}/NVRAM"
  export TPM_SERVER_NAME='localhost'
  export TPM_SERVER_PORT='6545'
  ${SIMULATOR_SRC}/tpm/tpm_server &
  SIM_PID=$!
  echo "${SIM_PID}" > "${BUILD_BASE}/sim_pid"
  disown
  sleep 2
}

setup_tpm () {
  echo "Initializing the TPM..."
  ${SIMULATOR_SRC}/libtpm/utils/tpminit
  echo "Starting the TPM..."
  ${SIMULATOR_SRC}/libtpm/utils/tpmbios -cs

  ${SIMULATOR_SRC}/libtpm/utils/tpminit
  ${SIMULATOR_SRC}/libtpm/utils/tpmbios -cs
}

run_tcsd () {
  export TCSD_TCP_DEVICE_PORT='6545'
  sudo -E -u tss -g tss /usr/sbin/tcsd -f -e &
  TCSD_PID=$!
  echo "${TCSD_PID}" > "${BUILD_BASE}/tcsd_pid"
  disown
  sleep 1
  tpm_createek
  tpm_takeownership -yz
  tpm_nvdefine -i 268496896 -z -s 3800 -p OWNERWRITE
  go run -v "${PROJECT_ROOT}/ci/gen_ekcert.go"
  sleep 1
}

setup_build_base
fetch_simulator
build_simulator
run_simulator
setup_tpm
run_tcsd
Add CI script for setting up TPM 1.2 simulator 2019-04-02 18:04:13 +00:00			`#!/bin/bash`
			`#`
			`###############################################################################`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`################################################################################`
			`#`
			`# Builds/installs a TPM 1.2 simulator + trousers, on a debian-based system.`
			`# USAGE: ./setup_tpm12_simulator.sh <working dir>`
			`set -e`

			`SIMULATOR_TARBALL_URL="https://sourceforge.net/projects/ibmswtpm/files/tpm4769tar.gz/download"`
			`SIMULATOR_TAR_SHA256="bb0a3f8003ca8ba71eb4a0852f0eb35a112297e28fce8e166412d4b2202c5010"`

			`if [[ "${1}" == "" ]]; then`
			`>&2 echo "Error: Must specify the working directory as the first argument."`
			`exit 1`
			`fi`

Implement full coverage for TPM 1.2 tests. (#7) * Generate and store a fake EK certificate in TPM 1.2 test setup. * Fix run of gen_ekcert.go * Write out NVRAM cert header when generating ek cert * Remove build flag gating tpm12 tests. 2019-04-04 22:33:00 +00:00			`PROJECT_ROOT=$(pwd)`
Add CI script for setting up TPM 1.2 simulator 2019-04-02 18:04:13 +00:00			`BUILD_BASE="${1%/}" # Trim any trailing slash.`
			`SIMULATOR_SRC="${BUILD_BASE}/simulator"`

			`setup_build_base () {`
			`if [[ ! -d "${BUILD_BASE}" ]] && [[ -e "${BUILD_BASE}" ]]; then`
			`>&2 echo "Error: '${BUILD_BASE}' is not a directory."`
			`exit 1`
			`fi`
			`if [[ ! -e "${BUILD_BASE}" ]]; then`
			`mkdir -pv "${BUILD_BASE}"`
			`fi`

Make TPM 1.2 test setup take ownership & define space for the EK cert (#6) 2019-04-03 23:07:03 +00:00			`sudo apt-get -y install libssl-dev build-essential make trousers libtool autoconf tpm-tools`
Add CI script for setting up TPM 1.2 simulator 2019-04-02 18:04:13 +00:00			`}`

			`fetch_simulator () {`
			`TARBALL="${BUILD_BASE}/sim.tar.gz"`

			`if [[ ! -f "${TARBALL}" ]]; then`
			`wget -q -O "${TARBALL}" "${SIMULATOR_TARBALL_URL}"`
			`fi`

			`HSH=$(sha256sum "${TARBALL}" \| cut -d" " -f1)`
			`if [[ "${HSH}" != "${SIMULATOR_TAR_SHA256}" ]]; then`
			`>&2 echo "'${TARBALL}' does not match expected SHA256."`
			`>&2 echo "Got: ${HSH}"`
			`>&2 echo "Want: ${SIMULATOR_TAR_SHA256}"`
			`exit 2`
			`fi`

			`mkdir -pv "${SIMULATOR_SRC}"`
			`tar -zxf "${TARBALL}" --directory "${SIMULATOR_SRC}"`
			`}`

			`build_simulator () {`
			`cp -v "${SIMULATOR_SRC}/tpm/makefile-tpm" "${SIMULATOR_SRC}/tpm/Makefile"`
			`cd "${SIMULATOR_SRC}/tpm" && make -j4`
Implement CI scripts for TPM 1.2 simulator and tcsd. (#2) * Implement CI scripts for TPM 1.2 simulator and tcsd. * Set tcsd env vars in run_tcsd() 2019-04-02 23:31:00 +00:00			`cd "${SIMULATOR_SRC}/libtpm" && ./autogen`
			`cd "${SIMULATOR_SRC}/libtpm" && ./configure`
			`cd "${SIMULATOR_SRC}/libtpm" && make -j4`
			`}`

			`run_simulator () {`
			`mkdir -pv "${BUILD_BASE}/NVRAM"`
			`export TPM_PORT='6545'`
			`export TPM_PATH="${BUILD_BASE}/NVRAM"`
			`export TPM_SERVER_NAME='localhost'`
			`export TPM_SERVER_PORT='6545'`
			`${SIMULATOR_SRC}/tpm/tpm_server &`
			`SIM_PID=$!`
			`echo "${SIM_PID}" > "${BUILD_BASE}/sim_pid"`
			`disown`
			`sleep 2`
			`}`

			`setup_tpm () {`
Make TPM 1.2 test setup take ownership & define space for the EK cert (#6) 2019-04-03 23:07:03 +00:00			`echo "Initializing the TPM..."`
			`${SIMULATOR_SRC}/libtpm/utils/tpminit`
Implement CI scripts for TPM 1.2 simulator and tcsd. (#2) * Implement CI scripts for TPM 1.2 simulator and tcsd. * Set tcsd env vars in run_tcsd() 2019-04-02 23:31:00 +00:00			`echo "Starting the TPM..."`
Make TPM 1.2 test setup take ownership & define space for the EK cert (#6) 2019-04-03 23:07:03 +00:00			`${SIMULATOR_SRC}/libtpm/utils/tpmbios -cs`

			`${SIMULATOR_SRC}/libtpm/utils/tpminit`
			`${SIMULATOR_SRC}/libtpm/utils/tpmbios -cs`
Implement CI scripts for TPM 1.2 simulator and tcsd. (#2) * Implement CI scripts for TPM 1.2 simulator and tcsd. * Set tcsd env vars in run_tcsd() 2019-04-02 23:31:00 +00:00			`}`

			`run_tcsd () {`
			`export TCSD_TCP_DEVICE_PORT='6545'`
			`sudo -E -u tss -g tss /usr/sbin/tcsd -f -e &`
			`TCSD_PID=$!`
			`echo "${TCSD_PID}" > "${BUILD_BASE}/tcsd_pid"`
			`disown`
Make TPM 1.2 test setup take ownership & define space for the EK cert (#6) 2019-04-03 23:07:03 +00:00			`sleep 1`
			`tpm_createek`
			`tpm_takeownership -yz`
Implement full coverage for TPM 1.2 tests. (#7) * Generate and store a fake EK certificate in TPM 1.2 test setup. * Fix run of gen_ekcert.go * Write out NVRAM cert header when generating ek cert * Remove build flag gating tpm12 tests. 2019-04-04 22:33:00 +00:00			`tpm_nvdefine -i 268496896 -z -s 3800 -p OWNERWRITE`
			`go run -v "${PROJECT_ROOT}/ci/gen_ekcert.go"`
Make TPM 1.2 test setup take ownership & define space for the EK cert (#6) 2019-04-03 23:07:03 +00:00			`sleep 1`
Add CI script for setting up TPM 1.2 simulator 2019-04-02 18:04:13 +00:00			`}`

			`setup_build_base`
			`fetch_simulator`
			`build_simulator`
Implement CI scripts for TPM 1.2 simulator and tcsd. (#2) * Implement CI scripts for TPM 1.2 simulator and tcsd. * Set tcsd env vars in run_tcsd() 2019-04-02 23:31:00 +00:00			`run_simulator`
			`setup_tpm`
			`run_tcsd`