systemd/SOURCES/0491-test-add-simple-integr...

From 994451b5e3010e2b12c01522bed9cc246304696e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 16 Dec 2022 16:25:34 +0100
Subject: [PATCH] test: add simple integration test for checking PCR extension
 works as it should

(cherry picked from commit f44ed151c6c203f01a9fe8623b282ecd4ef2e0a9)

Related: RHEL-16182
---
 test/TEST-70-TPM2/test.sh  |  1 +
 test/units/testsuite-70.sh | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/test/TEST-70-TPM2/test.sh b/test/TEST-70-TPM2/test.sh
index 7c19821ad2..f448a4a5f1 100755
--- a/test/TEST-70-TPM2/test.sh
+++ b/test/TEST-70-TPM2/test.sh
@@ -20,6 +20,7 @@ test_append_files() {
         install_dmevent
         generate_module_dependencies
         inst_binary tpm2_pcrextend
+        inst_binary tpm2_pcrread
         inst_binary openssl
 }
 
diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh
index 89cd2a3f82..3b4d66b686 100755
--- a/test/units/testsuite-70.sh
+++ b/test/units/testsuite-70.sh
@@ -155,6 +155,36 @@ else
     echo "/usr/lib/systemd/systemd-measure or PCR sysfs files not found, skipping signed PCR policy test case"
 fi
 
+if [ -e /usr/lib/systemd/systemd-pcrphase ] && \
+       [ -f /sys/class/tpm/tpm0/pcr-sha256/11 ]; then
+
+    # Let's measure the machine ID
+    tpm2_pcrread sha256:15 -Q -o /tmp/oldpcr15
+    mv /etc/machine-id /etc/machine-id.save
+    echo 994013bf23864ee7992eab39a96dd3bb >/etc/machine-id
+    SYSTEMD_FORCE_MEASURE=1 /usr/lib/systemd/systemd-pcrphase --machine-id
+    mv /etc/machine-id.save /etc/machine-id
+    tpm2_pcrread sha256:15 -Q -o /tmp/newpcr15
+
+    # And check it matches expectations
+    ( cat /tmp/oldpcr15 ;
+      echo -n "machine-id:994013bf23864ee7992eab39a96dd3bb" | openssl dgst -binary -sha256 ) | openssl dgst -binary -sha256 | cmp - /tmp/newpcr15
+
+    rm /tmp/oldpcr15 /tmp/newpcr15
+
+    # And similar for the boot phase measurement into PCR 11
+    tpm2_pcrread sha256:11 -Q -o /tmp/oldpcr11
+    SYSTEMD_FORCE_MEASURE=1 /usr/lib/systemd/systemd-pcrphase foobar
+    tpm2_pcrread sha256:11 -Q -o /tmp/newpcr11
+
+    ( cat /tmp/oldpcr11 ;
+      echo -n "foobar" | openssl dgst -binary -sha256 ) | openssl dgst -binary -sha256 | cmp - /tmp/newpcr11
+
+    rm /tmp/oldpcr11 /tmp/newpcr11
+else
+    echo "/usr/lib/systemd/systemd-pcrphase or PCR sysfs files not found, skipping PCR extension test case"
+fi
+
 echo OK >/testok
 
 exit 0
import systemd-252-32.el9_4 6 months ago			`From 994451b5e3010e2b12c01522bed9cc246304696e Mon Sep 17 00:00:00 2001`
			`From: Lennart Poettering <lennart@poettering.net>`
			`Date: Fri, 16 Dec 2022 16:25:34 +0100`
			`Subject: [PATCH] test: add simple integration test for checking PCR extension`
			`works as it should`

			`(cherry picked from commit f44ed151c6c203f01a9fe8623b282ecd4ef2e0a9)`

			`Related: RHEL-16182`
			`---`
			`test/TEST-70-TPM2/test.sh \| 1 +`
			`test/units/testsuite-70.sh \| 30 ++++++++++++++++++++++++++++++`
			`2 files changed, 31 insertions(+)`

			`diff --git a/test/TEST-70-TPM2/test.sh b/test/TEST-70-TPM2/test.sh`
			`index 7c19821ad2..f448a4a5f1 100755`
			`--- a/test/TEST-70-TPM2/test.sh`
			`+++ b/test/TEST-70-TPM2/test.sh`
			`@@ -20,6 +20,7 @@ test_append_files() {`
			`install_dmevent`
			`generate_module_dependencies`
			`inst_binary tpm2_pcrextend`
			`+ inst_binary tpm2_pcrread`
			`inst_binary openssl`
			`}`

			`diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh`
			`index 89cd2a3f82..3b4d66b686 100755`
			`--- a/test/units/testsuite-70.sh`
			`+++ b/test/units/testsuite-70.sh`
			`@@ -155,6 +155,36 @@ else`
			`echo "/usr/lib/systemd/systemd-measure or PCR sysfs files not found, skipping signed PCR policy test case"`
			`fi`

			`+if [ -e /usr/lib/systemd/systemd-pcrphase ] && \`
			`+ [ -f /sys/class/tpm/tpm0/pcr-sha256/11 ]; then`
			`+`
			`+ # Let's measure the machine ID`
			`+ tpm2_pcrread sha256:15 -Q -o /tmp/oldpcr15`
			`+ mv /etc/machine-id /etc/machine-id.save`
			`+ echo 994013bf23864ee7992eab39a96dd3bb >/etc/machine-id`
			`+ SYSTEMD_FORCE_MEASURE=1 /usr/lib/systemd/systemd-pcrphase --machine-id`
			`+ mv /etc/machine-id.save /etc/machine-id`
			`+ tpm2_pcrread sha256:15 -Q -o /tmp/newpcr15`
			`+`
			`+ # And check it matches expectations`
			`+ ( cat /tmp/oldpcr15 ;`
			`+ echo -n "machine-id:994013bf23864ee7992eab39a96dd3bb" \| openssl dgst -binary -sha256 ) \| openssl dgst -binary -sha256 \| cmp - /tmp/newpcr15`
			`+`
			`+ rm /tmp/oldpcr15 /tmp/newpcr15`
			`+`
			`+ # And similar for the boot phase measurement into PCR 11`
			`+ tpm2_pcrread sha256:11 -Q -o /tmp/oldpcr11`
			`+ SYSTEMD_FORCE_MEASURE=1 /usr/lib/systemd/systemd-pcrphase foobar`
			`+ tpm2_pcrread sha256:11 -Q -o /tmp/newpcr11`
			`+`
			`+ ( cat /tmp/oldpcr11 ;`
			`+ echo -n "foobar" \| openssl dgst -binary -sha256 ) \| openssl dgst -binary -sha256 \| cmp - /tmp/newpcr11`
			`+`
			`+ rm /tmp/oldpcr11 /tmp/newpcr11`
			`+else`
			`+ echo "/usr/lib/systemd/systemd-pcrphase or PCR sysfs files not found, skipping PCR extension test case"`
			`+fi`
			`+`
			`echo OK >/testok`

			`exit 0`