1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-20 18:04:03 +03:00

18 Commits

Author SHA1 Message Date
Daan De Meyer
37412c952d TEST-70-TPM2: Use UEFI firmware if available
On x86 this doesn't matter but on aarch64 we need to make sure UEFI
is used so that /sys/kernel/security/tpm0/binary_bios_measurements
is there which is required for TEST-70-TPM2.

(cherry picked from commit 98f2a332cb1a3efc3b2e8a5914a895a0a051bda4)
2024-07-05 20:00:04 +02:00
Daan De Meyer
1e5a1bbe02 test: Run tests that don't need a vm in systemd-nspawn
If we're not running the test as root, stick to using a virtual
machine, as mkosi can't do rootless nspawn yet.
2024-05-29 14:10:50 +02:00
Daan De Meyer
1d9b8f3476 test: Only add tpm2.target dependency to TEST-70-TPM2.service
Let's not add the dependency unless required.
2024-05-14 15:36:49 +02:00
Daan De Meyer
5748f13e54 test: Rework integration test definitions
Let's make this behave more like all the rest of the meson stuff.
This also is the first step to making it a bit more flexible so we
can define integration tests in different ways as will be seen in
the next commits.
2024-05-14 12:43:28 +02:00
Dan Streetman
803e95932f test: update TEST-70 with systemd-cryptenroll calculated TPM2 enrollment
Update test to check systemd-cryptenroll --tpm2-device-key= enrollment.
2023-11-07 12:29:36 -05:00
Dan Streetman
adcd3266ec test: add tests for systemd-cryptenroll --tpm2-seal-key-handle
In TEST-70-TPM2, test systemd-cryptenroll --tpm2-seal-key-handle using the
default (0) as well as the SRK handle (0x81000001), and test using a non-SRK
handle index after creating and persisting a primary key.

In test/test-tpm2, test tpm2_seal() and tpm2_unseal() using default (0), the SRK
handle, and a transient handle.
2023-10-10 05:56:45 -04:00
Dan Streetman
948d460ea6 test: only load tpm_ibmvtpm kernel module on PowerPC hw
This module is only available on PPC hw, so avoid trying to load it elsewhere, as it generates a misleading error message in the logs:

modprobe: FATAL: Module tpm_ibmvtpm not found in directory /lib/modules/5.15.0-83-generic
2023-09-19 00:38:10 +01:00
Dan Streetman
9071d6b1a3 test: Add DA lockout handling to TEST-70-TPM2
Since this test intentionally provides an incorrect PIN, the DA lockout counter
is incremented; the test needs to reset it so there is no DA lockout.
2023-07-08 01:13:29 +01:00
Frantisek Sumsal
70bdf6e661 test: introduce test_require_bin() and use it
No functional change.
2023-06-05 16:50:13 +02:00
Frantisek Sumsal
97d7af86b5 test: fix indentation 2023-06-05 16:50:13 +02:00
Frantisek Sumsal
18fa5c8283 test: move TPM2-related setup stuff into test-functions
And hide it all behind $TEST_SETUP_SWTPM.
2023-06-05 16:50:13 +02:00
Yu Watanabe
294c20198b test: replace Makefile for several tests with symlink to the one for TEST-01-BASIC 2023-05-20 05:42:24 +09:00
Lennart Poettering
f44ed151c6 test: add simple integration test for checking PCR extension works as it should 2023-01-17 09:42:16 +01:00
Lennart Poettering
7c46b19718 TEST-70-TPM2: add test for new signed TPM2 PCR policies 2022-09-08 16:34:27 +02:00
Frantisek Sumsal
5f347d3160 test: install libgcc_s.so.1 explicitly if available
Since the library is dlopen()ed by libpthread and required during
pthread_exit()/pthread_cancel(), let's install it explicitly if available to
avoid unexpected fails in tests. This also consolidates all related
workarounds for this library across the test scripts.
2022-08-02 18:28:35 +02:00
Frantisek Sumsal
0a62b8f705 test: avoid overriding an already existing EXIT handler
TEST-70 specified its own EXIT handler, which replaced the
`cleanup_loopdev` handler, so the loop device was always hanging around
once this test was run. Let's use the new `add_at_exit_handler()` stuff
to mitigate this.
2022-07-07 20:17:34 +02:00
Nick Rosbrook
ddbc88188c test: copy libgcc_s.so.1 to TPM2 test image on Debian-like systems
On Ubuntu, cryptsetup does not link against libgcc_s.so.1 which leads to
the following test failure in TEST-70-TPM2:

 systemd[1]: Starting testsuite-70.service...
 systemd[329]: testsuite-70.service: Executing: /usr/lib/systemd/tests/testdata/units/testsuite-70.sh
 testsuite-70.sh[329]: + export SYSTEMD_LOG_LEVEL=debug
 testsuite-70.sh[329]: + SYSTEMD_LOG_LEVEL=debug
 testsuite-70.sh[329]: + img=/var/tmp/test.img
 testsuite-70.sh[329]: + dd if=/dev/zero of=/var/tmp/test.img bs=1024k count=20 status=none
 testsuite-70.sh[329]: + echo -n passphrase
 testsuite-70.sh[329]: + cryptsetup luksFormat -q --use-urandom /var/tmp/test.img /tmp/passphrase
 testsuite-70.sh[333]: libgcc_s.so.1 must be installed for pthread_exit to work
 testsuite-70.sh[329]: /usr/lib/systemd/tests/testdata/units/testsuite-70.sh:
     line 12: 333 Aborted (core dumped) cryptsetup luksFormat -q --use-urandom $img /tmp/passphrase

To fix this, manually install libgcc_s.so.1 to the test image if running
on Debian-like systems.
2022-07-02 15:01:30 +01:00
Grigori Goronzy
fd8b924820 cryptenroll: add tests for TPM2 unlocking
Add tests for enrolling and unlocking. Various cases are tested:

- Default PCR 7 policy w/o PIN, good and bad cases (wrong PCR)
- PCR 7 + PIN policy, good and bad cases (wrong PCR, wrong PIN)
- Non-default PCR 0+7 policy w/o PIN, good and bad cases (wrong PCR 0)

v2: rename test, fix tss2 library installation, fix CI failures
v3: fix ppc64, load module
2022-03-15 21:17:00 +01:00