Skip to content

Commit

Permalink
kola/tests: Add new cl.tpm.eventlog test for the TPM Event log
Browse files Browse the repository at this point in the history
This will only work from GRUB 2.12 onwards, so restrict to 4082+. I
initially wanted to add this check to the existing tpmTest function, but
that wouldn't allow me to restrict the version.

Signed-off-by: James Le Cuirot <[email protected]>
  • Loading branch information
chewi committed Sep 13, 2024
1 parent 7a4dc8b commit 94089fc
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions kola/tests/misc/tpm.go
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,18 @@ func init() {
Distros: []string{"cl"},
MinVersion: semver.Version{Major: 3913, Minor: 0, Patch: 1},
})

runEventLog := func(c cluster.TestCluster) {
eventLogTest(c)
}
register.Register(&register.Test{
Run: runEventLog,
ClusterSize: 0,
Platforms: []string{"qemu"},
Name: "cl.tpm.eventlog",
Distros: []string{"cl"},
MinVersion: semver.Version{Major: 4082, Minor: 0, Patch: 0},
})
}

func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string, variant string) {
Expand Down Expand Up @@ -359,3 +371,25 @@ func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string,
checkIfMountpointIsEncrypted(c, m, "/")
}
}

func eventLogTest(c cluster.TestCluster) {
options := platform.MachineOptions{EnableTPM: true}
var m platform.Machine
var err error
switch pc := c.Cluster.(type) {
// These cases have to be separated because otherwise the golang compiler doesn't type-check
// the case bodies using the proper subtype of `pc`.
case *qemu.Cluster:
m, err = pc.NewMachineWithOptions(nil, options)
case *unprivqemu.Cluster:
m, err = pc.NewMachineWithOptions(nil, options)
default:
c.Fatal("unknown cluster type")
}
if err != nil {
c.Fatal(err)
}

// Verify that the TPM event log is working.
_ = c.MustSSH(m, "sudo tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements")
}

0 comments on commit 94089fc

Please sign in to comment.