FAPI TEST: Rework the execution of FAPI integration tests #2716
Conversation
Due to tcti_libtpms->response_len and tcti_libtpms->response_buffer_len are size_t. We cannot convert the (size_t *) to (uint32_t *) on big-endian platforms. Thus we create temp uint32_t variables. Make the call and then assign it back to size_t variables. This commit partially fix the test failure on big-endian platforms. Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
JuergenReppSIT
changed the title
JuergenReppSIT
force-pushed
the
test-use-libtpms-on-big-endian
branch
from
1b61f57
to
75a6372
Compare
| @@ -313,7 +318,7 @@ static uint32_t spi_tpm_helper_read_sts_reg(TSS2_TCTI_SPI_HELPER_CONTEXT* ctx) | |||
| { | |||
| uint32_t status = 0; | |||
| spi_tpm_helper_read_reg(ctx, TCTI_SPI_HELPER_TPM_STS_REG, &status, sizeof(status)); | |||
| return status; | |||
| return LE_TO_HOST_32(status); | |||
There was a problem hiding this comment.
Would we not need this elsewhere, too? I think did_vid/status in these two calls need to be turned from little endian to host endianness:
tpm2-tss/src/tss2-tcti/tcti-spi-helper.c
Lines 718 to 721 in 182b027
tpm2-tss/src/tss2-tcti/tcti-spi-helper.c
Lines 319 to 321 in 182b027
If I am not mistaken, we might also want to add unit tests to catch stuff like that.
| @@ -2,6 +2,10 @@ | |||
| /* | |||
| * Copyright 2020 Fraunhofer SIT. All rights reserved. | |||
| */ | |||
| #ifdef HAVE_CONFIG_H | |||
| @@ -24,6 +24,11 @@ if [ -z "$WITH_CRYPTO" ]; then | |||
| export WITH_CRYPTO="ossl" | |||
| fi | |||
|
|
|||
| little_endian=$(echo -n I | od -to2 | awk 'FNR==1{ print substr($2,6,1)}') | |||
| if [ $little_endian -eq 0 ]; then | |||
| export CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS --with-integrationtcti=libtpms" | |||
There was a problem hiding this comment.
At some point, we probably want to test against libtpms by default (regardless of endianness).
|
|
||
| LOG_INFO("Test returned %i", ret); | ||
| if (ret) goto error; | ||
|
|
||
| size = asprintf(&remove_cmd, "rm -r -f %s", tmpdir); | ||
| #if !defined(FAPI_NONTPM) && !defined(DLOPEN) | ||
| test_ctx->test_esys_ctx.esys_ctx = test_ctx->fapi_ctx->esys; |
There was a problem hiding this comment.
Is this necessary? We already have the following in test_fapi_setup():
(*test_ctx)->test_esys_ctx.esys_ctx = (*test_ctx)->fapi_ctx->esys;There was a problem hiding this comment.
yes that's necessary because in some FAPI integration tests a new esys context is created.
| } | ||
| #endif | ||
|
|
||
| size = asprintf(&remove_cmd, "rm -r -f %s", test_ctx->tmpdir); |
There was a problem hiding this comment.
Should we not move the following into test_fapi_teardown()?
size = asprintf(&remove_cmd, "rm -r -f %s", test_ctx->tmpdir);
if (size < 0) {
LOG_ERROR("Out of memory");
ret = EXIT_ERROR;
goto error;
}
if (system(remove_cmd) != 0) {
LOG_ERROR("Directory %s can't be deleted.", test_ctx->tmpdir);
ret = EXIT_ERROR;
goto error;
}There was a problem hiding this comment.
I did put only things without error check to test_fapi_teardown
test/integration/test-common.c
Outdated
| @@ -582,3 +580,14 @@ test_esys_teardown(TSS2_TEST_ESYS_CONTEXT *test_ctx) | |||
| free(test_ctx); | |||
| } | |||
| } | |||
|
|
|||
| void | |||
| test_fapi_esys_teardown(TSS2_TEST_ESYS_CONTEXT *test_ctx) | |||
There was a problem hiding this comment.
I'm a little confused by this. We already have test_esys_teardown() and test_fapi_teardown(). This new function test_fapi_esys_teardown() seems to be never called. Maybe you added this accidentally?
test/integration/main-fapi.c
Outdated
| ret = test_fapi_setup(&test_ctx); | ||
| if (ret != 0) { | ||
| goto error; | ||
| } | ||
|
|
||
| #if !defined(FAPI_NONTPM) && !defined(DLOPEN) | ||
| ret = test_fapi_checks_pre(test_ctx); | ||
| ret = test_fapi_checks_pre(test_ctx); |
Based on tpm2-software#2686 In the function spi_tpm_helper_read_sts_reg the result is converted back to the correct endianess. Addresses tpm2-software#2531 Co-authored-by: Lukas Märdian <slyon@ubuntu.com> Signed-off-by: Juergen Repp <juergen_repp@web.de>
Usage of swtpm caused problems for the the tests on s390x/ubuntu. Therfore the configure option with-integrationtcti to enable the usage of libtpms fot the integration tests was added. The macro AC_C_BIGENDIAN was used to define WORDS_BIGENDIAN which can be used to skip tests which use little endian test data. Signed-off-by: Juergen Repp <juergen_repp@web.de>
Several global variables in fapi-main.c are now declared locally. Signed-off-by: Juergen Repp <juergen_repp@web.de>
* The tests of the TPM state is integrated. * A global FAPI test state was introduced. * The test dlopen-fapi-get-random was executed without the check of the TPM state. Because the esys function used in the test program could not be loaded. Signed-off-by: Juergen Repp <juergen_repp@web.de>
JuergenReppSIT
force-pushed
the
test-use-libtpms-on-big-endian
branch
from
75a6372
to
1a8252b
Compare
|
@joholl I have fixed most of your remarks. We could also completely switch to libtpms as default. It also would be possible to remove the int log compile scripts with the disadvantage that make check could not be started with the tpm servers. |
I would be in favor of removing all scripts surrounding the tests. Maybe a quick idea: Let's keep the capability for this release and drop it on the next release ? |
That sounds reasonable. |
|
@JuergenReppSIT Cool! About getting rid of mssim/swtpm: I'd prefer if we still supported testing against mssim/swtpm. This is because it might be more convenient in some contexts and it might have some upsides (testing against remote etc.). Maybe related: There is a way to reset all three simulators (see below). Just spitballing: Maybe we want to have a future setup where the simulator is started once and then tested against? @AndreasFuchsTPM Maybe we even want to standardize the TCTI reset functionality in the TCTI spec (would mean a v3 of the context). Of course that means only for non-productive TPMs and with tpm2-tss/test/tpmclient/tpmclient.int.c Lines 176 to 205 in 182b027 |
JuergenReppSIT
force-pushed
the
test-use-libtpms-on-big-endian
branch
2 times, most recently
from
1a8252b
to
19c5612
Compare
There was a problem hiding this comment.
So is this ready to merge ?
@JuergenReppSIT @joholl all agree ?
* A CA script for initializing the CA was added. * The EK, the EK certificate and the EK fingerprint is now created in main-fapi.c * The creation of the EK certificate was removed from fint-log-compiler.sh * Unneeded helper programs are removed. Signed-off-by: Juergen Repp <juergen_repp@web.de>
JuergenReppSIT
force-pushed
the
test-use-libtpms-on-big-endian
branch
from
19c5612
to
a155675
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #2716 +/- ##
==========================================
- Coverage 82.57% 82.51% -0.06%
==========================================
Files 368 369 +1
Lines 42986 43128 +142
==========================================
+ Hits 35496 35589 +93
- Misses 7490 7539 +49 ☔ View full report in Codecov by Sentry. |
|
Ready to merge from my perspective :) |
Signed-off-by: Juergen Repp juergen_repp@web.de