tests/test_tpm2_chroot_cuse - third_party/github.com/stefanberger/swtpm - Git at Google

 #!/usr/bin/env bash

 # For the license, see the LICENSE file in the root directory.

 if [ "$(id -u)" -ne 0 ]; then
         echo "Need to be root to run this test."
         exit 77
 fi

 if [ "$(uname -s)" != "Linux" ]; then
 	# Due to using /proc/<pid>/root
 	echo "This test only runs only Linux."
 	exit 77
 fi

 if [ -z "$(type -P df)" ]; then
 	echo "This test requires the 'df' tool."
 	exit 77
 fi

 ROOT=${abs_top_builddir:-$(dirname "$0")/..}
 TESTDIR=${abs_top_testdir:-$(dirname "$0")}

 SWTPM=swtpm
 SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
 PID_FILE=/${SWTPM}.pid
 VTPM_NAME="vtpm-test-chroot"
 SWTPM_DEV_NAME="/dev/${VTPM_NAME}"

 source ${TESTDIR}/common
 source ${TESTDIR}/test_common
 source ${TESTDIR}/test_cuse

 skip_test_no_tpm20 "${SWTPM_EXE}"

 trap "cleanup" SIGTERM EXIT

 function cleanup()
 {
 	rm -rf $TPMDIR
 	if [ -n "$PID" ]; then
 		kill_quiet -SIGTERM $PID 2>/dev/null
 	fi
 }

 for OPTION in --chroot -R; do
 	TPMDIR="$(mktemp -d)" || exit 1

 	# CUSE TPM will only work if the filesystem does not have 'nodev' option
 	mnt=$(df $TPMDIR | tail -n 1 | gawk '{print $1" "$6}')
 	if [ -z "${mnt}" ]; then
 		echo " Error: Could not determine filesystem and mount point of $TPMDIR"
 		exit 1
 	fi
 	nodev="$(grep -E "^${mnt} " /proc/mounts |
 		 gawk '{print ","$4","}' |
 		 grep ",nodev,")"
 	if [ -n "${nodev}" ]; then
 		echo " Error: '${mnt}' is mounted with nodev option. Skipping test."
 		exit 77
 	fi

 	mkdir $TPMDIR/dev
 	mknod -m 0666 $TPMDIR/dev/urandom c 1 9
 	mknod -m 0666 $TPMDIR/dev/cuse c 10 203

 	$SWTPM_EXE cuse \
 		-n "$SWTPM_DEV_NAME" \
 		"$OPTION" $TPMDIR \
 		--tpmstate dir=/ \
 		--pid file=$PID_FILE \
 		--tpm2 \
 		--flags not-need-init \
 		${SWTPM_TEST_SECCOMP_OPT} &>/dev/null &

 	if wait_for_file $TPMDIR/$PID_FILE 3; then
 		echo "Error: CUSE TPM did not write pidfile."
 		exit 1
 	fi

 	PID=$(ps aux |
 		grep "cuse" |
 		grep " ${SWTPM_DEV_NAME}" |
 		grep -v grep |
 		gawk '{print $2}')

 	validate_pidfile $PID $TPMDIR/$PID_FILE

 	if [ "$(readlink /proc/$PID/root)" != $TPMDIR ]; then
 		echo "Test 1 failed: Unexpected chroot dir"
 		exit 1
 	fi

 	if [ ! -f ${TPMDIR}/tpm2-00.permall ]; then
 		echo "Missing state file"
 		exit 1
 	fi

 	echo "Test $OPTION passed"
 	cleanup
 done
	#!/usr/bin/env bash

	# For the license, see the LICENSE file in the root directory.

	if [ "$(id -u)" -ne 0 ]; then
	echo "Need to be root to run this test."
	exit 77
	fi

	if [ "$(uname -s)" != "Linux" ]; then
	# Due to using /proc/<pid>/root
	echo "This test only runs only Linux."
	exit 77
	fi

	if [ -z "$(type -P df)" ]; then
	echo "This test requires the 'df' tool."
	exit 77
	fi

	ROOT=${abs_top_builddir:-$(dirname "$0")/..}
	TESTDIR=${abs_top_testdir:-$(dirname "$0")}

	SWTPM=swtpm
	SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
	PID_FILE=/${SWTPM}.pid
	VTPM_NAME="vtpm-test-chroot"
	SWTPM_DEV_NAME="/dev/${VTPM_NAME}"

	source ${TESTDIR}/common
	source ${TESTDIR}/test_common
	source ${TESTDIR}/test_cuse

	skip_test_no_tpm20 "${SWTPM_EXE}"

	trap "cleanup" SIGTERM EXIT

	function cleanup()
	{
	rm -rf $TPMDIR
	if [ -n "$PID" ]; then
	kill_quiet -SIGTERM $PID 2>/dev/null
	fi
	}

	for OPTION in --chroot -R; do
	TPMDIR="$(mktemp -d)" \|\| exit 1

	# CUSE TPM will only work if the filesystem does not have 'nodev' option
	mnt=$(df $TPMDIR \| tail -n 1 \| gawk '{print $1" "$6}')
	if [ -z "${mnt}" ]; then
	echo " Error: Could not determine filesystem and mount point of $TPMDIR"
	exit 1
	fi
	nodev="$(grep -E "^${mnt} " /proc/mounts \|
	gawk '{print ","$4","}' \|
	grep ",nodev,")"
	if [ -n "${nodev}" ]; then
	echo " Error: '${mnt}' is mounted with nodev option. Skipping test."
	exit 77
	fi

	mkdir $TPMDIR/dev
	mknod -m 0666 $TPMDIR/dev/urandom c 1 9
	mknod -m 0666 $TPMDIR/dev/cuse c 10 203

	$SWTPM_EXE cuse \
	-n "$SWTPM_DEV_NAME" \
	"$OPTION" $TPMDIR \
	--tpmstate dir=/ \
	--pid file=$PID_FILE \
	--tpm2 \
	--flags not-need-init \
	${SWTPM_TEST_SECCOMP_OPT} &>/dev/null &

	if wait_for_file $TPMDIR/$PID_FILE 3; then
	echo "Error: CUSE TPM did not write pidfile."
	exit 1
	fi

	PID=$(ps aux \|
	grep "cuse" \|
	grep " ${SWTPM_DEV_NAME}" \|
	grep -v grep \|
	gawk '{print $2}')

	validate_pidfile $PID $TPMDIR/$PID_FILE

	if [ "$(readlink /proc/$PID/root)" != $TPMDIR ]; then
	echo "Test 1 failed: Unexpected chroot dir"
	exit 1
	fi

	if [ ! -f ${TPMDIR}/tpm2-00.permall ]; then
	echo "Missing state file"
	exit 1
	fi

	echo "Test $OPTION passed"
	cleanup
	done