diff --git a/guest-test/guest.test_executor.sh b/guest-test/guest.test_executor.sh index 557ccb5d..e0dda3cc 100755 --- a/guest-test/guest.test_executor.sh +++ b/guest-test/guest.test_executor.sh @@ -100,6 +100,16 @@ guest_attest_test() { fi } +guest_tsm_attest() { + test_item=$1 + guest_test_prepare tdx/tdx_attest_check.sh + guest_test_entry tdx_attest_check.sh "-t $test_item" || \ + { die "Failed on $TESTCASE tdx_attest_check.sh -t $test_item"; return 1; } + if [[ $GCOV == "off" ]]; then + guest_test_close + fi +} + ###################### Do Works ###################### cd "$(dirname "$0")" 2>/dev/null || exit 1 source ../.env @@ -169,6 +179,18 @@ case "$TESTCASE" in guest_test_close fi ;; + TD_TSM_ATTEST_QUOTE_PRECHECK) + guest_tsm_attest "tsm.get_quote.precheck" || \ + die "Failed on $TESTCASE" + ;; + TD_TSM_ATTEST_QUOTE) + guest_tsm_attest "tsm.get_quote" || \ + die "Failed on $TESTCASE" + ;; + TD_TSM_ATTEST_QUOTE_NEG) + guest_tsm_attest "tsm.get_quote.negative" || \ + die "Failed on $TESTCASE" + ;; :) test_print_err "Must specify the test scenario option by [-t]" usage && exit 1 diff --git a/guest-test/tdx/tdx_attest_check.sh b/guest-test/tdx/tdx_attest_check.sh index ccde1059..acdd4677 100755 --- a/guest-test/tdx/tdx_attest_check.sh +++ b/guest-test/tdx/tdx_attest_check.sh @@ -15,6 +15,9 @@ SCRIPT_DIR="$( cd "$( dirname "$0" )" && pwd )" echo "$SCRIPT_DIR" source common.sh +# TSM based attest sysfs +tsm_config=/sys/kernel/config/tsm/report + while getopts :t: arg; do case $arg in t) @@ -58,6 +61,101 @@ attest_result() { fi } +tsm_get_quote_pre_check() { + report="$tsm_config"/$1 + mkdir "$report" + # tsm td quote sysfs precheck + if [[ -f "$report"/generation ]] && \ + [[ $(cat "$report"/generation) -eq 0 ]]; then + test_print_trc "TD TSM attest quote generation pre-check correct" + else + die "TD TSM attest quote generation not exists or not equal to 0" + return 1 + fi + if [[ -f "$report"/provider ]] && \ + [[ $(cat "$report"/provider) == "tdx_guest" ]]; then + test_print_trc "TD TSM attest quote provider pre-check correct" + else + die "TD TSM attest quote provider not exists or not equal to 'tdx_guest'" + return 1 + fi + if [[ -f "$report"/inblob ]]; then + test_print_trc "TD TSM attest quote inblob pre-check correct" + else + die "TD TSM attest quote inblob not exists" + return 1 + fi + if [[ -f "$report"/outblob ]]; then + test_print_trc "TD TSM attest quote outblob pre-check correct" + else + die "TD TSM attest quote outblob not exists" + return 1 + fi + rmdir "$report" +} + +tsm_get_quote() { + report="$tsm_config"/$1 + mkdir "$report" + # generate quote check + generation_before=$(cat "$report"/generation) + test_print_trc "tsm quote generation before trigger inblob: $generation_before" + if ! dd if=/dev/urandom bs=64 count=1 > "$report"/inblob; then + die "TD TSM attest quote inblob write failed" + return 1 + else + test_print_trc "TD TSM attest quote triggered success once" + fi + generation_after=$(cat "$report"/generation) + test_print_trc "tsm quote generation after trigger inblob: $generation_after" + if [[ "$generation_after" -gt "$generation_before" ]]; then + test_print_trc "TD TSM attest quote inblob triggered 1 more" + else + die "TD TSM attest quote inblob triggered generation failed" + return 1 + fi + quote_return=$(hexdump -C "$report"/outblob 2>&1 >/dev/null) + test_print_trc "hexdump -C outblob return: $quote_return" + if echo "$quote_return" | grep "Connection timed out"; then + test_print_trc "TD TSM attest quote generated from @inblob success" + else + die "TD TSM attest quote generated by inblob failed" + return 1 + fi + rmdir "$report" +} + +tsm_get_quote_negative() { + report="$tsm_config"/$1 + mkdir "$report" + # negative generate quote check + generation_before=$(cat "$report"/generation) + test_print_trc "tsm quote generation before trigger inblob: $generation_before" + if ! dd if=/dev/urandom bs=32 count=1 > "$report"/inblob; then + die "TD TSM attest quote inblob write failed" + return 1 + else + test_print_trc "TD TSM attest quote triggered success once" + fi + generation_after=$(cat "$report"/generation) + test_print_trc "tsm quote generation after trigger inblob: $generation_after" + if [[ "$generation_after" -gt "$generation_before" ]]; then + test_print_trc "TD TSM attest quote inblob triggered 1 more" + else + die "TD TSM attest quote inblob triggered generation failed" + return 1 + fi + quote_return=$(hexdump -C "$report"/outblob 2>&1 >/dev/null) + test_print_trc "hexdump -C outblob return: $quote_return" + if echo "$quote_return" | grep "Invalid argument"; then + test_print_trc "TD TSM attest quote negative generated from @inblob success" + else + die "TD TSM attest quote negative generated by inblob failed" + return 1 + fi + rmdir "$report" +} + ###################### Do Works ###################### case "$ATTEST_CASE" in @@ -73,6 +171,15 @@ case "$ATTEST_CASE" in global.verify_quote) attest_result "$ATTEST_CASE" ;; + tsm.get_quote.precheck) + tsm_get_quote_pre_check report0 + ;; + tsm.get_quote) + tsm_get_quote report1 + ;; + tsm.get_quote.negative) + tsm_get_quote_negative report2 + ;; :) test_print_err "Must specify the attest case option by [-t]" exit 1 diff --git a/guest-test/tdx/tests b/guest-test/tdx/tests index c7e868a7..414c6ea8 100644 --- a/guest-test/tdx/tests +++ b/guest-test/tdx/tests @@ -13,5 +13,8 @@ guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_ATTEST_VERIFY_REPORT -c guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_ATTEST_VERITY_REPORTMAC -c "accept_memory=lazy" -p off guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_ATTEST_VERIFY_RTMR_EXTEND -c "accept_memory=lazy" -p off guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_ATTEST_VERIFY_QUOTE -c "accept_memory=lazy" -p off +guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_TSM_ATTEST_QUOTE_PRECHECK -c "accept_memory=lazy" -p off +guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_TSM_ATTEST_QUOTE -c "accept_memory=lazy" -p off +guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_TSM_ATTEST_QUOTE_NEG -c "accept_memory=lazy" -p off # case implemented by tdx_speed_test.sh guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_NET_SPEED -c "accept_memory=lazy" -p off \ No newline at end of file