diff --git a/kola/tests/misc/tpm.go b/kola/tests/misc/tpm.go index d1e5a51c6..d8a9a5156 100644 --- a/kola/tests/misc/tpm.go +++ b/kola/tests/misc/tpm.go @@ -302,6 +302,18 @@ func init() { Distros: []string{"cl"}, MinVersion: semver.Version{Major: 3913, Minor: 0, Patch: 1}, }) + + runEventLog := func(c cluster.TestCluster) { + eventLogTest(c) + } + register.Register(®ister.Test{ + Run: runEventLog, + ClusterSize: 0, + Platforms: []string{"qemu"}, + Name: "cl.tpm.eventlog", + Distros: []string{"cl"}, + MinVersion: semver.Version{Major: 4082, Minor: 0, Patch: 0}, + }) } func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string, variant string) { @@ -336,6 +348,7 @@ func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string, checkIfMountpointIsEncrypted(c, m, mountpoint) + // Make sure the change is reboot-safe. This is especially important for the case of an encrypted root disk because the // initramfs decryption is not tested on the first boot, in which the initramfs starts with no encrypted disks and Ignition // only sets up the encryption while in initramfs. @@ -359,3 +372,25 @@ func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string, checkIfMountpointIsEncrypted(c, m, "/") } } + +func eventLogTest(c cluster.TestCluster) { + options := platform.MachineOptions{ EnableTPM: true } + var m platform.Machine + var err error + switch pc := c.Cluster.(type) { + // These cases have to be separated because otherwise the golang compiler doesn't type-check + // the case bodies using the proper subtype of `pc`. + case *qemu.Cluster: + m, err = pc.NewMachineWithOptions(nil, options) + case *unprivqemu.Cluster: + m, err = pc.NewMachineWithOptions(nil, options) + default: + c.Fatal("unknown cluster type") + } + if err != nil { + c.Fatal(err) + } + + // Verify that the TPM event log is working. + _ = c.MustSSH(m, "sudo tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements") +}