Restore changes accidentally reverted during reconciliation

2025-01-20 03:16:24 +00:00 · 2021-12-08 12:44:46 -08:00 · 2021-12-08 12:44:46 -08:00 · 501de37b33
commit 501de37b33
parent f1f1b84491
13 changed files with 120 additions and 16 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -0,0 +1,66 @@
 on: [push, pull_request]
 name: Test
 jobs:
  test-linux:
    strategy:
      matrix:
        go-version: [1.16.x, 1.17.x]
    runs-on: ubuntu-latest
    steps:
    - name: Install Go
      uses: actions/setup-go@v2
      with:
        go-version: ${{ matrix.go-version }}
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Test
      run: go test ./...
  test-linux-tpm12:
    strategy:
      matrix:
        go-version: [1.16.x, 1.17.x]
    runs-on: ubuntu-latest
    steps:
    - name: Install Go
      uses: actions/setup-go@v2
      with:
        go-version: ${{ matrix.go-version }}
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Install libtspi
      run: sudo apt-get install -y libtspi-dev
    - name: Test
      run: go test -tags tspi ./...
  test-macos:
    strategy:
      matrix:
        go-version: [1.16.x, 1.17.x]
    runs-on: macos-latest
    steps:
    - name: Install Go
      uses: actions/setup-go@v2
      with:
        go-version: ${{ matrix.go-version }}
    - name: Checkout code
      uses: actions/checkout@v2
      # See https://github.com/google/go-tpm-tools#macos-dev
    - name: Install openssl
      run: brew install openssl@1.1
    - name: Link openssl
      run: sudo ln -s $(brew --prefix openssl@1.1)/include/openssl /usr/local/include
    - name: Test
      run: C_INCLUDE_PATH="$(brew --prefix openssl@1.1)/include" LIBRARY_PATH="$(brew --prefix openssl@1.1)/lib" go test ./...
  test-windows:
    strategy:
      matrix:
        go-version: [1.16.x, 1.17.x]
    runs-on: windows-latest
    steps:
    - name: Install Go
      uses: actions/setup-go@v2
      with:
        go-version: ${{ matrix.go-version }}
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Test
      run: go build ./...
--- a/README.md
+++ b/README.md
@ -20,11 +20,19 @@ API changes at any time.
 Please note that this is not an official Google product.
 TPM 1.2 support is best effort, meaning we will accept fixes for TPM 1.2, but
 testing is not covered by CI.
 ## Installation
 The go-attestation package is installable using go get: `go get github.com/google/go-attestation/attest`
-Linux users must install `libtspi` and its headers. This can be installed on debian-based systems using: `sudo apt-get install libtspi-dev`.
+### TPM1.2
 By default, go-attestation does not build in TPM1.2 support on Linux.
 Linux users must install [`libtspi`](http://trousers.sourceforge.net/) and its headers if they need TPM 1.2 support. This can be installed on debian-based systems using: `sudo apt-get install libtspi-dev`.
 Then, build go-attestation with the `tspi` [build tag](https://pkg.go.dev/go/build#hdr-Build_Constraints) `go build --tags=tspi`.
 Windows users can use go-attestation with TPM1.2 by default.
 ## Example: device identity
--- a/attest/activation.go
+++ b/attest/activation.go
@ -36,11 +36,11 @@ type ActivationParameters struct {
 	// TPMVersion holds the version of the TPM, either 1.2 or 2.0.
 	TPMVersion TPMVersion
-	// EK, the endorsement key, describes an asymmetric key who's
+	// EK, the endorsement key, describes an asymmetric key whose
-	// private key is permenantly bound to the TPM.
+	// private key is permanently bound to the TPM.
 	//
 	// Activation will verify that the provided EK is held on the same
-	// TPM as the AK. However, it is the callers responsibility to
+	// TPM as the AK. However, it is the caller's responsibility to
 	// ensure the EK they provide corresponds to the the device which
 	// they are trying to associate the AK with.
 	EK crypto.PublicKey
--- a/attest/application_key_test.go
+++ b/attest/application_key_test.go
@ -12,7 +12,9 @@
 // License for the specific language governing permissions and limitations under
 // the License.
 //go:build (!localtest || !tpm12) && linux && cgo
 // +build !localtest !tpm12
 // +build linux
 // +build cgo
 // NOTE: simulator requires cgo, hence the build tag.
--- a/attest/attest-tool/attest-tool.go
+++ b/attest/attest-tool/attest-tool.go
@ -15,9 +15,9 @@ import (
 	"io/ioutil"
 	"os"
 	"github.com/google/go-attestation/attest"
 	"github.com/google/go-attestation/attest/attest_tool/internal"
 	"github.com/google/certificate-transparency-go/x509"
 	"github.com/google/go-attestation/attest"
 	"github.com/google/go-attestation/attest/attest-tool/internal"
 )
 var (
@ -83,7 +83,7 @@ func selftestCredentialActivation(tpm *attest.TPM, ak *attest.AK) error {
 func selftestAttest(tpm *attest.TPM, ak *attest.AK) error {
 	// This nonce is used in generating the quote. As this is a selftest,
-	// its set to an arbitrary value.
+	// it's set to an arbitrary value.
 	nonce := []byte{1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8}
 	pub, err := attest.ParseAKPublic(tpm.Version(), ak.AttestationParameters().Public)
--- a/attest/attest-tool/internal/eventlog/secureboot_test.go
+++ b/attest/attest-tool/internal/eventlog/secureboot_test.go
@ -20,7 +20,7 @@ import (
 	"testing"
 	"github.com/google/go-attestation/attest"
-	"github.com/google/go-attestation/attest/attest_tool/internal"
+	"github.com/google/go-attestation/attest/attest-tool/internal"
 )
 func parseEvents(t *testing.T, testdata string) []attest.Event {
--- a/attest/attest_simulated_tpm20_test.go
+++ b/attest/attest_simulated_tpm20_test.go
@ -12,7 +12,9 @@
 // License for the specific language governing permissions and limitations under
 // the License.
 //go:build (!localtest || !tpm12) && linux && cgo
 // +build !localtest !tpm12
 // +build linux
 // +build cgo
 // NOTE: simulator requires cgo, hence the build tag.
--- a/attest/certification_test.go
+++ b/attest/certification_test.go
@ -12,6 +12,11 @@
 // License for the specific language governing permissions and limitations under
 // the License.
 //go:build (!localtest || !tpm12) && linux && cgo
 // +build !localtest !tpm12
 // +build linux
 // +build cgo
 package attest
 import (
--- a/attest/eventlog.go
+++ b/attest/eventlog.go
@ -115,10 +115,10 @@ func (e EventType) String() string {
 }
 // Event is a single event from a TCG event log. This reports descrete items such
-// as BIOs measurements or EFI states.
+// as BIOS measurements or EFI states.
 //
 // There are many pitfalls for using event log events correctly to determine the
-// state of a machine[1]. In general it's must safer to only rely on the raw PCR
+// state of a machine[1]. In general it's much safer to only rely on the raw PCR
 // values and use the event log for debugging.
 //
 // [1] https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md
@ -222,7 +222,7 @@ func (e *EventLog) Events(hash HashAlg) []Event {
 // Verify replays the event log against a TPM's PCR values, returning the
 // events which could be matched to a provided PCR value.
 //
-// PCRs provide no security guarentees unless they're attested to have been
+// PCRs provide no security guarantees unless they're attested to have been
 // generated by a TPM. Verify does not perform these checks.
 //
 // An error is returned if the replayed digest for events with a given PCR
@ -407,7 +407,7 @@ func extend(pcr PCR, replay []byte, e rawEvent, locality byte) (pcrDigest []byte
 // replayPCR replays the event log for a specific PCR, using pcr and
 // event digests with the algorithm in pcr. An error is returned if the
 // replayed values do not match the final PCR digest, or any event tagged
-// with that PCR does not posess an event digest with the specified algorithm.
+// with that PCR does not possess an event digest with the specified algorithm.
 func replayPCR(rawEvents []rawEvent, pcr PCR) ([]Event, bool) {
 	var (
 		replay    []byte
@ -531,7 +531,7 @@ func ParseEventLog(measurementLog []byte) (*EventLog, error) {
 		// Switch to parsing crypto agile events. Don't include this in the
 		// replayed events since it intentionally doesn't extend the PCRs.
 		//
-		// Note that this doesn't actually guarentee that events have SHA256
+		// Note that this doesn't actually guarantee that events have SHA256
 		// digests.
 		parseFn = parseRawEvent2
 		el.specIDEvent = specID
--- a/attest/key_linux.go
+++ b/attest/key_linux.go
@ -12,7 +12,7 @@
 // License for the specific language governing permissions and limitations under
 // the License.
-// +build linux,!gofuzz,cgo
+// +build linux,!gofuzz,cgo,tspi
 package attest
--- a/attest/tpm.go
+++ b/attest/tpm.go
@ -256,7 +256,7 @@ func readAllPCRs20(tpm io.ReadWriter, alg tpm2.Algorithm) (map[uint32][]byte, er
 	out := map[uint32][]byte{}
 	// The TPM 2.0 spec says that the TPM can partially fulfill the
-	// request. As such, we repeat the command up to 8 times to get all
+	// request. As such, we repeat the command up to 24 times to get all
 	// 24 PCRs.
 	for i := 0; i < numPCRs; i++ {
 		// Build a selection structure, specifying all PCRs we do
--- a/attest/tpm12_linux.go
+++ b/attest/tpm12_linux.go
@ -12,7 +12,7 @@
 // License for the specific language governing permissions and limitations under
 // the License.
-// +build linux,!gofuzz,cgo
+// +build linux,!gofuzz,cgo,tspi
 package attest
--- a/ci/run.sh
+++ b/ci/run.sh
@ -0,0 +1,21 @@
 #!/bin/bash -e
 1>&2 echo "-----
 WARNING: The TPM 1.2 simulator no longer builds with newer versions of openssl.
 These scripts are kept for posterity, but likely won't build on new OS
 versions.
 ----"
 export PROJECT_ROOT="$( pwd )"
 TMPDIR="$( mktemp -d )"
 SIM_DIR="${TMPDIR}/tpm12_sim"
 TEST_ROOT="${TMPDIR}/tests_base"
 mkdir -pv "${SIM_DIR}"
 ./ci/setup_tpm12_simulator.sh "${SIM_DIR}"
 ./ci/setup_tests_fs.sh "${TEST_ROOT}"
 go test -v ./... -- --testTPM12
 ./ci/shutdown_tpm12_simulator.sh "${SIM_DIR}"