TEST_DESCRIPTION="cryptenroll/cryptsetup with TPM2 devices"
IMAGE_NAME="tpm2"
TEST_NO_NSPAWN=1
+TEST_SETUP_SWTPM=1
TEST_REQUIRE_INSTALL_TESTS=0
# shellcheck source=test/test-functions
inst_binary openssl
}
-TEST_70_TPM_DEVICE="tpm-tis"
-if [[ "$(uname -m)" == "ppc64le" ]]; then
- # tpm-spapr support was introduced in qemu 5.0.0. Skip test for old qemu versions.
- qemu_min_version "5.0.0" || exit 0
- TEST_70_TPM_DEVICE="tpm-spapr"
-fi
-
-TEST_70_at_exit() {
- [[ -n "${TEST_70_SWTPM_PID:-}" ]] && kill "$TEST_70_SWTPM_PID" &>/dev/null
- [[ -n "${TEST_70_TPM_STATE:-}" ]] && rm -rf "$TEST_70_TPM_STATE"
-}
-
-TEST_70_TPM_STATE="$(mktemp -d)"
-swtpm socket --tpm2 --tpmstate dir="$TEST_70_TPM_STATE" --ctrl type=unixio,path="$TEST_70_TPM_STATE/sock" &
-TEST_70_SWTPM_PID=$!
-add_at_exit_handler TEST_70_at_exit
-QEMU_OPTIONS+=" -chardev socket,id=chrtpm,path=$TEST_70_TPM_STATE/sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device $TEST_70_TPM_DEVICE,tpmdev=tpm0"
-
do_test "$@"
# Run the EXIT handlers in reverse order
for ((i = ${#_AT_EXIT_HANDLERS[@]} - 1; i >= 0; i--)); do
ddebug "Running EXIT handler '${_AT_EXIT_HANDLERS[$i]}'"
- "${_AT_EXIT_HANDLERS[$i]}"
+ eval "${_AT_EXIT_HANDLERS[$i]}"
done
}
trap _at_exit EXIT
add_at_exit_handler() {
- local handler="${1?}"
-
- if [[ "$(type -t "$handler")" != "function" ]]; then
- dfatal "'$handler' is not a function"
- exit 1
- fi
-
- _AT_EXIT_HANDLERS+=("$handler")
+ _AT_EXIT_HANDLERS+=("${1:?}")
}
# Decide if we can (and want to) run qemu with KVM acceleration.
fi
}
+qemu_setup_swtpm_socket() {
+ local pid state_dir tpm_device
+
+ if ! tpm_device="$(qemu_get_tpm_device)"; then
+ dinfo "Found QEMU version is too old for TPM2 on ppc64le"
+ exit 0
+ fi
+
+ state_dir="$(mktemp -d)"
+ swtpm socket --tpm2 --tpmstate dir="$state_dir" --ctrl type=unixio,path="$state_dir/sock" &
+ pid=$!
+ if ! kill -0 "$pid"; then
+ echo >&2 "Failed to setup swtpm socket"
+ return 1
+ fi
+
+ dinfo "Started swtpm as PID $pid with state dir $state_dir"
+
+ add_at_exit_handler "kill -TERM $pid 2>/dev/null; rm -rf '$state_dir'"
+
+ QEMU_OPTIONS+=" -chardev socket,id=chrtpm,path=$state_dir/sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device $tpm_device,tpmdev=tpm0"
+ dinfo "Configured emulated TPM2 device $tpm_device"
+
+ return 0
+}
+
+qemu_get_tpm_device() {
+ local tpm_device="tpm-tis"
+
+ if [[ "$(uname -m)" == "ppc64le" ]]; then
+ # tpm-spapr support was introduced in qemu 5.0.0
+ if ! qemu_min_version "5.0.0"; then
+ return 1
+ fi
+
+ tpm_device="tpm-spapr"
+ fi
+
+ echo "$tpm_device"
+ return 0
+}
+
# Compares argument #1=X.Y.Z (X&Y&Z = numeric) to the version of the installed qemu
# returns 0 if newer or equal
# returns 1 if older
find_qemu_bin || return 1
+ if get_bool "${TEST_SETUP_SWTPM:-}"; then
+ qemu_setup_swtpm_socket || return 1
+ fi
+
# Umount initdir to avoid concurrent access to the filesystem
_umount_dir "$initdir"
projects / thirdparty / systemd.git / commitdiff
