Bug 1847983
| Summary: | commands 'tpm2_pcrlist' and 'tpm2_nvlist' missing from tpm2-tools package | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Jiri Dluhos <jdluhos> |
| Component: | tpm2-tools | Assignee: | Jerry Snitselaar <jsnitsel> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Vilém Maršík <vmarsik> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.3 | CC: | bhu, core-kernel-mgr, rvr, vmarsik |
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-27 14:35:32 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1842946, 1898189 | ||
|
Description
Jiri Dluhos
2020-06-17 13:45:15 UTC
Can you point me to the test? It will need to be updated. tpm2_pcrlist is now tpm2_pcrread, and tpm2_nvlist was renamed tpm2_nvreadpublic. This was due to a necessary package update for RHELPLAN-37821. An initial look at it, looks like this should solve it:
diff --git a/crypto/tpm/tpm2-tools/runtest.sh b/crypto/tpm/tpm2-tools/runtest.sh
index 0a9eb2db146f..70e1435f216f 100755
--- a/crypto/tpm/tpm2-tools/runtest.sh
+++ b/crypto/tpm/tpm2-tools/runtest.sh
@@ -44,21 +44,21 @@ rlJournalStart
rlPhaseEnd
rlPhaseStart FAIL "Presence"
- rlRun "tpm2_pcrlist"
- COUNT=`tpm2_pcrlist | grep '^ \+[0-9]\+ \+: ' | wc -l`
+ rlRun "tpm2_pcrread -T tabrmd"
+ COUNT=`tpm2_pcrread -T tabrmd | grep '^ \+[0-9]\+ \+: ' | wc -l`
rlAssertGreaterOrEqual "24 PCRS" "$COUNT" 24
rlAssertExists "/dev/tpm0"
rlPhaseEnd
rlPhaseStart FAIL "Functionality"
- rlRun "tpm2_nvlist"
+ rlRun "tpm2_nvreadpublic -T tabrmd"
DATA=`mktemp`
- rlRun "tpm2_getrandom -o $DATA 20" 0 "random number generator"
+ rlRun "tpm2_getrandom -T tabrmd -o $DATA 20" 0 "random number generator"
COUNT=`wc -c "$DATA" | cut -d\ -f1`
rlAssertEquals "random number count" "$COUNT" 20
HASHED=`mktemp -u`
TICKET=`mktemp -u`
- rlRun "tpm2_hash -H n -g 0x0004 -o $HASHED -t $TICKET $DATA" 0 "hashing"
+ rlRun "tpm2_hash -T tabrmd -C n -g 0x0004 -o $HASHED -t $TICKET $DATA" 0 "hashing"
rm -f $DATA $HASHED $TICKET
# need to define persistent objects first
@@ -66,13 +66,13 @@ rlJournalStart
#COUNT=`tpm2_listpersistent | grep key-alg | wc -l`
#rlAssertGreater "persistent objects defined" "$COUNT" 0
- ORIGINAL=`tpm2_pcrlist | grep ' 4 :' | head -n 1`
- rlRun "tpm2_pcrextend 4:sha1=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15" 0 "extending PCR"
- MODIFIED=`tpm2_pcrlist | grep ' 4 :' | head -n 1`
+ ORIGINAL=`tpm2_pcrread -T tabrmd | grep ' 4 :' | head -n 1`
+ rlRun "tpm2_pcrextend -T tabrmd 4:sha1=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15" 0 "extending PCR"
+ MODIFIED=`tpm2_pcrread -T tabrmd | grep ' 4 :' | head -n 1`
rlAssertNotEquals "PCR value changed" "$ORIGINAL" "$MODIFIED"
- COUNT=`tpm2_rc_decode 0x9a2 | grep BAD_AUTH | wc -l`
- rlAssertEquals "tpm2_rc_decode 0x9a2 -> BAD_AUTH" "$COUNT" 1
+ COUNT=`tpm2_rc_decode 0x9a2 | grep "authorization failure" | wc -l`
+ rlAssertEquals "tpm2_rc_decode 0x9a2 -> authorization failure" "$COUNT" 1
rlPhaseEnd
rlPhaseStart FAIL "Data RW"
Thanks a lot! I will try! :-) Note: it seems that the tpm2_hash command is also slightly wrong in the test as it complains that the "-H" switch has no meaning... Hi Jiri, In the patch in comment #2 I changed the tpm2_hash line, replacing -H with -C: - rlRun "tpm2_hash -H n -g 0x0004 -o $HASHED -t $TICKET $DATA" 0 "hashing" + rlRun "tpm2_hash -T tabrmd -C n -g 0x0004 -o $HASHED -t $TICKET $DATA" 0 "hashing" Can you double check that the above line doesn't work? Thanks Jiri, did the above work for you? I'm not sure if I can submit patches against the QE repo or not. Vilem do you have a patch queued up for this already? IIRC you hit the issue as well. Hi Jerry, I used your patch, with a few modifications. It was already too good to be ignored :-) Just need to do a proper RHEL detection, and then push & pull requests on the 3rd version of our Git workflow, to make the code public. How fast do you need it? As long as things are good for you all I'm in no rush and we can just close this when your patch lands. Patch applied to the main test suite; will mark this VERIFIED as soon as the testing run finishes. Thanks to everyone! (also for your patience...) Hi Jiri, just to clarify you have applied the version Vilem has? He modified it some more from the sounds of it. excellent question :-) it seems I have duplicated some work - will compare the results with vilem and update if necessary. Almost forgot to mark this VERIFIED - the new commands work. :-) Thanks everyone involved! |