tests/setup_swtpm.sh: Add script to setup temporary TPM

ansasaki · ansasaki · commit 500966b04b49 · 2024-12-03T10:06:33.000+01:00
Add the tests/setup_swtpm.sh script which setup a Software TPM in a temporary directory, starts the swtpm socket, and sets the environment TCTI accordingly. This allows the tests to be executed locally, even with the "testing" feature. Unfortunately, it is not possible to cleanup some of the transient objects created during tests, being necessary to cleanup manually between runs by running: $ tpm2_flushcontext -t -l -s Another caveat is that the tests need to run on a single thread to avoid test cases that create objects to run in parallel, which can fill up the TPM memory with transient object contexts. For this, please run the tests on a single thread: $ cargo test --features=testing -- --test-threads=1 The swtpm socket process is stopped when exiting from the started shell. Fixes: #259 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
diff --git a/tests/setup_swtpm.sh b/tests/setup_swtpm.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0
+# Copyright 2021 Keylime Authors
+
+# Store the old TCTI setting
+OLD_TCTI=$TCTI
+OLD_TPM2TOOLS_TCTI=$TPM2TOOLS_TCTI
+
+set -euf -o pipefail
+
+if [[ $# -eq 0 ]] || [[ -z "$1" ]]; then
+    TEMPDIR=$(mktemp -d)
+    TPMDIR="${TEMPDIR}/tpmdir"
+    mkdir -p ${TPMDIR}
+else
+    echo "Using TPM state from $1"
+    TPMDIR=$1
+fi
+
+# Manufacture a new Software TPM
+swtpm_setup --tpm2 \
+    --tpmstate ${TPMDIR} \
+    --createek --decryption --create-ek-cert \
+    --create-platform-cert \
+    --lock-nvram \
+    --not-overwrite \
+    --pcr-banks sha256 \
+    --display
+
+function start_swtpm {
+    # Initialize the swtpm socket
+    swtpm socket --tpm2 \
+        --tpmstate dir=${TPMDIR} \
+        --flags startup-clear \
+        --ctrl type=tcp,port=2322 \
+        --server type=tcp,port=2321 \
+        --log level=1 &
+    SWTPM_PID=$!
+}
+
+function stop_swtpm {
+    # Stop swtpm if running
+    if [[ -n "$SWTPM_PID" ]]; then
+        echo "Stopping swtpm"
+        kill $SWTPM_PID
+    fi
+}
+
+# Set cleanup function to run at exit
+function cleanup {
+    echo "-------- Restore TCTI settings"
+    TCTI=$OLD_TCTI
+    TPM2TOOLS_TCTI=$OLD_TPM2TOOLS_TCTI
+
+    echo "-------- Cleanup processes"
+    stop_swtpm
+}
+trap cleanup EXIT
+
+# Set the TCTI to use the swtpm socket
+export TCTI=swtpm
+export TPM2TOOLS_TCTI=swtpm
+
+start_swtpm
+bash
