| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
On x86 this doesn't matter but on aarch64 we need to make sure UEFI
is used so that /sys/kernel/security/tpm0/binary_bios_measurements
is there which is required for TEST-70-TPM2.
|
| |
|
|
|
| |
If we're not running the test as root, stick to using a virtual
machine, as mkosi can't do rootless nspawn yet.
|
| |
|
|
| |
Let's not add the dependency unless required.
|
| |
|
|
|
|
|
| |
Let's make this behave more like all the rest of the meson stuff.
This also is the first step to making it a bit more flexible so we
can define integration tests in different ways as will be seen in
the next commits.
|
| |
|
|
| |
Update test to check systemd-cryptenroll --tpm2-device-key= enrollment.
|
| |
|
|
|
|
|
|
|
| |
In TEST-70-TPM2, test systemd-cryptenroll --tpm2-seal-key-handle using the
default (0) as well as the SRK handle (0x81000001), and test using a non-SRK
handle index after creating and persisting a primary key.
In test/test-tpm2, test tpm2_seal() and tpm2_unseal() using default (0), the SRK
handle, and a transient handle.
|
| |
|
|
|
|
| |
This module is only available on PPC hw, so avoid trying to load it elsewhere, as it generates a misleading error message in the logs:
modprobe: FATAL: Module tpm_ibmvtpm not found in directory /lib/modules/5.15.0-83-generic
|
| |
|
|
|
| |
Since this test intentionally provides an incorrect PIN, the DA lockout counter
is incremented; the test needs to reset it so there is no DA lockout.
|
| |
|
|
| |
No functional change.
|
| | |
|
| |
|
|
| |
And hide it all behind $TEST_SETUP_SWTPM.
|
| |
|
|
| |
TEST-01-BASIC
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Since the library is dlopen()ed by libpthread and required during
pthread_exit()/pthread_cancel(), let's install it explicitly if available to
avoid unexpected fails in tests. This also consolidates all related
workarounds for this library across the test scripts.
|
| |
|
|
|
|
|
| |
TEST-70 specified its own EXIT handler, which replaced the
`cleanup_loopdev` handler, so the loop device was always hanging around
once this test was run. Let's use the new `add_at_exit_handler()` stuff
to mitigate this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Ubuntu, cryptsetup does not link against libgcc_s.so.1 which leads to
the following test failure in TEST-70-TPM2:
systemd[1]: Starting testsuite-70.service...
systemd[329]: testsuite-70.service: Executing: /usr/lib/systemd/tests/testdata/units/testsuite-70.sh
testsuite-70.sh[329]: + export SYSTEMD_LOG_LEVEL=debug
testsuite-70.sh[329]: + SYSTEMD_LOG_LEVEL=debug
testsuite-70.sh[329]: + img=/var/tmp/test.img
testsuite-70.sh[329]: + dd if=/dev/zero of=/var/tmp/test.img bs=1024k count=20 status=none
testsuite-70.sh[329]: + echo -n passphrase
testsuite-70.sh[329]: + cryptsetup luksFormat -q --use-urandom /var/tmp/test.img /tmp/passphrase
testsuite-70.sh[333]: libgcc_s.so.1 must be installed for pthread_exit to work
testsuite-70.sh[329]: /usr/lib/systemd/tests/testdata/units/testsuite-70.sh:
line 12: 333 Aborted (core dumped) cryptsetup luksFormat -q --use-urandom $img /tmp/passphrase
To fix this, manually install libgcc_s.so.1 to the test image if running
on Debian-like systems.
|
|
|
Add tests for enrolling and unlocking. Various cases are tested:
- Default PCR 7 policy w/o PIN, good and bad cases (wrong PCR)
- PCR 7 + PIN policy, good and bad cases (wrong PCR, wrong PIN)
- Non-default PCR 0+7 policy w/o PIN, good and bad cases (wrong PCR 0)
v2: rename test, fix tss2 library installation, fix CI failures
v3: fix ppc64, load module
|
