tests: allow running ibmtss2 tests against installed version

Run against the installed version only when SWTPM_TEST_IBMTSS is set to the directory that has the tests, otherwise, build the known version. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
stefanberger · Aug 27, 2024 · 6033966 · 6033966
1 parent 0da1dcc
commit 6033966
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 39 deletions.
diff --git a/tests/Readme.md b/tests/Readme.md
@@ -23,6 +23,10 @@ variable only has an effect if `SWTPM_TEST_EXPENSIVE=1` is set.
  - test_tpm2_save_load_state_2
  - test_tpm2_save_load_state_3
 
+To run against an installed IBM TSS test suite, you may set the
+`SWTPM_TEST_IBMTSS` to the location of the test suite, such as
+`/usr/libexec/installed-tests/ibmtss`.
+
 Some tests require root rights, especially those involving the CUSE TPM
 and the vTPM proxy device. To run these and all the other ones you
 can use the following command line:

diff --git a/tests/test_tpm2_ibmtss2 b/tests/test_tpm2_ibmtss2
@@ -45,52 +45,57 @@ SWTPM_SERVER_NO_DISCONNECT="1" run_swtpm "${SWTPM_INTERFACE}" \
 	--flags not-need-init \
 	--profile name=default-v1
 
+revision=$(run_swtpm_ioctl "${SWTPM_INTERFACE}" --info 1 |
+			   sed 's/.*,"revision":\([^\}]*\).*/\1/')
+
 pushd "${WORKDIR}" &>/dev/null || exit 1
 
-git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss
+function build_ibmtss2() {
+	git clone https://git.code.sf.net/p/ibmtpm20tss/tss ibmtpm20tss-tss
 
-pushd ibmtpm20tss-tss &>/dev/null || exit 1
+	pushd ibmtpm20tss-tss &>/dev/null || exit 1
 
-if ! git checkout tags/v2.3.2; then
-	echo "'Git checkout' failed."
-	exit 1
-fi
+	if ! git checkout tags/v2.3.2; then
+		echo "'Git checkout' failed."
+		exit 1
+	fi
 
-# To be able to apply the patches we need to to set some variables
-# for user that don't have this set up properly
-git config --local user.name test
-git config --local user.email test@test.test
+	# To be able to apply the patches we need to to set some variables
+	# for user that don't have this set up properly
+	git config --local user.name test
+	git config --local user.email test@test.test
 
-# Nuvoton commands are not supported
-git am < "${PATCHESDIR}/0012-Disable-Nuvoton-commands.patch"
+	# Nuvoton commands are not supported
+	git am < "${PATCHESDIR}/0012-Disable-Nuvoton-commands.patch"
 
-# A v2.0.1 bug work-around:
-# We cannot run the EK certificate tests since rootcerts.txt points to
-# files we do not have
-git am < "${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch"
+	# A v2.0.1 bug work-around:
+	# We cannot run the EK certificate tests since rootcerts.txt points to
+	# files we do not have
+	git am < "${PATCHESDIR}/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch"
 
-# Implement 'powerup' for swtpm
-git am < "${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch"
+	# Implement 'powerup' for swtpm
+	git am < "${PATCHESDIR}/0002-Implement-powerup-for-swtpm.patch"
 
-# set CRYPTOLIBRARY=openssl
-git am < "${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch"
+	# set CRYPTOLIBRARY=openssl
+	git am < "${PATCHESDIR}/0003-Set-CRYPTOLIBRARY-to-openssl.patch"
 
-# Store and restore volatile state at every step
-git am < "${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch"
+	# Store and restore volatile state at every step
+	git am < "${PATCHESDIR}/0004-Store-and-restore-volatile-state-at-every-step.patch"
 
-# Disable 'Events' test
-git am < "${PATCHESDIR}/0005-Disable-tests-related-to-events.patch"
+	# Disable 'Events' test
+	git am < "${PATCHESDIR}/0005-Disable-tests-related-to-events.patch"
 
-if openssl version | grep -q -E "^OpenSSL 3"; then
-	git am < "${PATCHESDIR}/0010-Adjust-test-cases-for-OpenSSL-3.patch"
-fi
+	if openssl version | grep -q -E "^OpenSSL 3"; then
+		git am < "${PATCHESDIR}/0010-Adjust-test-cases-for-OpenSSL-3.patch"
+	fi
 
-autoreconf --force --install
-unset CFLAGS LDFLAGS LIBS
-./configure --disable-tpm-1.2
-make -j4
+	autoreconf --force --install
+	unset CFLAGS LDFLAGS LIBS
+	./configure --disable-tpm-1.2
+	make -j4
 
-pushd utils || exit 1
+	popd &>/dev/null || exit 1
+}
 
 export TPM_SERVER_NAME=127.0.0.1
 export TPM_INTERFACE_TYPE=socsim
@@ -99,12 +104,32 @@ export TPM_PLATFORM_PORT=${SWTPM_CTRL_PORT}
 
 export SWTPM_IOCTL
 
-if ! ./startup; then
-	echo "Startup of TPM2 failed"
-	exit 1
-fi
+if [ -d "$SWTPM_TEST_IBMTSS" ]; then
+	# assume tss is installed with the default prefix
+	if ! tssstartup; then
+		echo "Startup of TPM2 failed"
+		exit 1
+	fi
 
-OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}"
+    OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}"
+	"$SWTPM_TEST_IBMTSS"/tssreg.sh \
+		--swtpm \
+		--without-ecc \
+		--without-nuvoton \
+		--without-events \
+		--rev "$revision" \
+		-a 2>&1 | tee "${REGLOG}"
+else
+	build_ibmtss2
+	pushd ibmtpm20tss-tss/utils || exit 1
+	if ! ./startup; then
+		echo "Startup of TPM2 failed"
+		exit 1
+	fi
+
+	OPENSSL_ENABLE_SHA1_SIGNATURES=1 ./reg.sh -a 2>&1 | tee "${REGLOG}"
+	popd &>/dev/null || exit 1
+fi
 
 ret=0
 
@@ -125,8 +150,6 @@ if wait_process_gone "${SWTPM_PID}" 4; then
 	ret=1
 fi
 
-popd &>/dev/null || exit 1
-popd &>/dev/null || exit 1
 popd &>/dev/null || exit 1
 
 [ $ret -eq 0 ] && echo "OK"