[ima-evm-utils:,3/5] ima-evm-utils: travis: dependency on TSS for initializing software TPM

Commit Message

Mimi Zohar July 31, 2020, 6:24 p.m. UTC

Verifying the "boot_aggregate" requires reading the TPM PCRs for each of
the TPM banks.  In test environments without a physical TPM, a software
TPM may be used, but requires initializing the TPM PCRs.  By walking and
replaying the TPM event log, a software TPM may be properly initialized.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 .travis.yml          | 4 +++-
 tests/install-tss.sh | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100755 tests/install-tss.sh

Patch

diff --git a/.travis.yml b/.travis.yml
index fa2a37625d52..0a3476572f74 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,8 +13,10 @@  addons:
    - docbook-xml
 install:
    - ./tests/install-swtpm.sh
+   - ./tests/install-tss.sh
 script:
-   - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check TESTS="ima_hash.test sign_verify.test";
+   - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check;
 
    - tail -3 tests/ima_hash.log;
    - tail -3 tests/sign_verify.log;
+   - tail -3 tests/boot_aggregate.log;
diff --git a/tests/install-tss.sh b/tests/install-tss.sh
new file mode 100755
index 000000000000..c9c179eee6a8
--- /dev/null
+++ b/tests/install-tss.sh
@@ -0,0 +1,8 @@ 
+#!/bin/sh
+
+set -ex
+git clone https://git.code.sf.net/p/ibmtpm20tss/tss
+cd tss
+autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make -j$(nproc) && sudo make install
+cd ..
+rm -rf tss