From 5370e6fb28a90f3c3fb00143b8e80fdaf28f67db Mon Sep 17 00:00:00 2001 From: Vitalii Chulak Date: Tue, 27 Feb 2024 14:29:05 +0200 Subject: [PATCH] Added secure boot compatibility Signed-off-by: Vitalii Chulak --- lib/engines/hcktest/hcktest.json | 16 ++++- lib/engines/hcktest/hcktest.jtd.json | 7 +- lib/engines/hcktest/hcktest.rb | 2 +- lib/engines/hcktest/tests.rb | 79 ++++++++++++++++++++++- lib/setupmanagers/hckclient.rb | 9 ++- lib/setupmanagers/qemuhck/qemu_machine.rb | 6 +- lib/setupmanagers/qemuhck/qemuhck.rb | 4 ++ svvp.json | 5 +- 8 files changed, 115 insertions(+), 13 deletions(-) diff --git a/lib/engines/hcktest/hcktest.json b/lib/engines/hcktest/hcktest.json index ca504970..781046bc 100644 --- a/lib/engines/hcktest/hcktest.json +++ b/lib/engines/hcktest/hcktest.json @@ -1,4 +1,18 @@ { "playlists_path": "./playlists", - "filters_path": "./filters/UpdateFilters.sql" + "filters_path": "./filters/UpdateFilters.sql", + "tests_config": [ + { + "tests": [ + "Secure Boot Test - Customized Deployment Basic Test", + "Secure Boot Manual Logo Test", + "Secure Boot Logo Test" + ], + "secure":true + }, + { + "tests": ["none", "none", "none"], + "s3_state": true + } + ] } diff --git a/lib/engines/hcktest/hcktest.jtd.json b/lib/engines/hcktest/hcktest.jtd.json index 44001a03..7d1760f9 100644 --- a/lib/engines/hcktest/hcktest.jtd.json +++ b/lib/engines/hcktest/hcktest.jtd.json @@ -1,6 +1,11 @@ { "properties": { "playlists_path": { "type": "string" }, - "filters_path": { "type": "string" } + "filters_path": { "type": "string" }, + "tests_config": { + "properties": { + "requires_enabled_secure_boot": { "elements": { "type": "string" } } + } + } } } diff --git a/lib/engines/hcktest/hcktest.rb b/lib/engines/hcktest/hcktest.rb index 253f3cdc..9d7f1ccb 100644 --- a/lib/engines/hcktest/hcktest.rb +++ b/lib/engines/hcktest/hcktest.rb @@ -231,7 +231,7 @@ def auto_run ResourceScope.open do |scope| run_and_configure_setup scope client = @client1 - client.run_tests + client.run_tests(@config['tests_config']) client.create_package end end diff --git a/lib/engines/hcktest/tests.rb b/lib/engines/hcktest/tests.rb index e8993061..2e51ebd2 100644 --- a/lib/engines/hcktest/tests.rb +++ b/lib/engines/hcktest/tests.rb @@ -24,6 +24,11 @@ class Tests RESULTS_FILE = 'results.html' RESULTS_YAML = 'results.yaml' RESULTS_REPORT_SECTIONS = %w[chart guest_info rejected_test url].freeze + CONFIG_KEY_TO_MAP = { + 'secure' => :requires_secure_boot, + 's3_state' => :requires_s3_state, + 'uefi' => :requires_uefi_state + }.freeze def initialize(client, support, project, target, tools) @client = client @@ -37,6 +42,7 @@ def initialize(client, support, project, target, tools) @tests_extra = {} @results_template = ERB.new(File.read('lib/templates/report.html.erb')) + @default_run_opts = client.run_opts end def list_tests(log: false) @@ -416,7 +422,75 @@ def load_clients_system_info build_system_info(support_sysinfo) end - def run + def add_normal_class_tests(test_list, classified_tests) + test_list.each do |test| + classified_tests[:normal] << test['name'] unless classified_tests.values.flatten.include?(test['name']) + end + classified_tests + end + + def classified_tests(all_tests) + classified_tests = { + requires_secure_boot: [], + requires_s3_state: [], + normal: [] + } + + @tests_config.each do |config| + config.each do |key, value| + if key == 'tests' + selected_tests = all_tests.select { |test| value.include?(test['name']) } + classified_tests[CONFIG_KEY_TO_MAP[config.keys.last]].concat(selected_tests.map { |test| test['name'] }) + end + end + end + + add_normal_class_tests(all_tests, classified_tests) + end + + def test_class(test_name) + @classified_tests.each do |type, tests| + return type if tests&.include?(test_name) + end + end + + def secure_boot_handler + return if @client.run_opts[:secure] + + @logger.info('Test environment reboot required for secure state. Rebooting...') + @client.setup_manager.stop_client(@client.name) + new_run_opts = @client.run_opts.merge!(secure: true) + @client.setup_manager.run_client(@client.global_scope, @client.name, new_run_opts) + end + + def normal_state + true if @client.run_opts == @default_run_opts + true if @client.run_opts == @default_run_opts.merge(secure: false) + end + + def normal_state_handler + return if normal_state + + @logger.info('Test environment reboot required for normal state. Rebooting...') + @client.setup_manager.stop_client(@client.name) + new_run_opts = @client.run_opts.merge!(secure: false) + @client.setup_manager.run_client(@client.global_scope, @client.name, new_run_opts) + end + + def prepare_test_environment(test_name) + @logger.info("Test environment preparing for #{test_name}, state: #{test_class(test_name)}") + secure_boot_handler if test_class(test_name) == :requires_secure_boot + # check_and_handle_s3_state + normal_state if test_class(test_name) == :normal + end + + def sort_by_class(tests) + @classified_tests = classified_tests(tests) + tests.sort_by { |test| test_class(test['name']) } + end + + def run(config = nil) + @tests_config = config @total = @tests.count load_clients_system_info @@ -424,9 +498,10 @@ def run @last_done = [] - tests = @tests + tests = sort_by_class(@tests) tests.each do |test| @logger.info("Adding to queue: #{test['name']} (#{test['id']}) [#{test['estimatedruntime']}]") + prepare_test_environment(test['name']) queue_test(test, wait: true) list_tests handle_test_running diff --git a/lib/setupmanagers/hckclient.rb b/lib/setupmanagers/hckclient.rb index a3f13d39..53c7c782 100644 --- a/lib/setupmanagers/hckclient.rb +++ b/lib/setupmanagers/hckclient.rb @@ -14,10 +14,11 @@ class HCKClient # Client cooldown sleep after thread is joined in seconds CLIENT_COOLDOWN_SLEEP = 60 - attr_reader :name, :kit + attr_reader :name, :kit, :global_scope, :setup_manager, :run_opts attr_writer :support def initialize(setup_manager, scope, studio, name, run_opts) + @setup_manager = setup_manager @project = setup_manager.project @logger = @project.logger @studio = studio @@ -27,6 +28,8 @@ def initialize(setup_manager, scope, studio, name, run_opts) @logger.info("Starting client #{name}") @runner = setup_manager.run_client(scope, @name, run_opts) scope << self + @global_scope = scope + @run_opts = run_opts end def keep_snapshot @@ -37,10 +40,10 @@ def add_target_to_project @target = Targets.new(self, @project, @tools, @pool).add_target_to_project end - def run_tests + def run_tests(config) @tests = Tests.new(self, @support, @project, @target, @tools) @tests.list_tests(log: true) - @tests.run + @tests.run(config) end def create_package diff --git a/lib/setupmanagers/qemuhck/qemu_machine.rb b/lib/setupmanagers/qemuhck/qemu_machine.rb index 7d1e9597..5c93e1c9 100644 --- a/lib/setupmanagers/qemuhck/qemu_machine.rb +++ b/lib/setupmanagers/qemuhck/qemu_machine.rb @@ -655,6 +655,10 @@ def dump_commands create_run_script(file_name, content.join) end + def stop + @runner.vm_abort + end + def run(scope, run_opts = nil) @run_opts = validate_run_opts(run_opts.to_h) @keep_alive = run_opts[:keep_alive] @@ -676,7 +680,7 @@ def run(scope, run_opts = nil) scope.transaction do |tmp_scope| hostfwd = Hostfwd.new(@options['slirp'], [@monitor_port, @vnc_port]) tmp_scope << hostfwd - Runner.new(tmp_scope, @logger, self, @run_name, @run_opts) + @runner = Runner.new(tmp_scope, @logger, self, @run_name, @run_opts) end end end diff --git a/lib/setupmanagers/qemuhck/qemuhck.rb b/lib/setupmanagers/qemuhck/qemuhck.rb index 9ce7d980..84d24a26 100644 --- a/lib/setupmanagers/qemuhck/qemuhck.rb +++ b/lib/setupmanagers/qemuhck/qemuhck.rb @@ -136,6 +136,10 @@ def run_client(scope, name, run_opts = nil) @clients_vm[name].run(scope, run_opts) end + def stop_client(name) + @clients_vm[name].stop + end + def run_hck_studio(scope, run_opts) HCKStudio.new(self, scope, run_opts) { @studio_vm.find_world_ip } end diff --git a/svvp.json b/svvp.json index 18e1757c..b71f7415 100644 --- a/svvp.json +++ b/svvp.json @@ -3,8 +3,7 @@ "drivers": [ "NetKVM", "vioscsi", - "fwcfg64", - "tpm" + "fwcfg64" ], "reject_test_names": [ "__Windows_11_22H2_reject_test_names", @@ -21,7 +20,6 @@ "TPM 2.0 UEFI Preboot Interface Test", "TPM 2.0 EK Certificate Tests", "Hardware Security Testability Interface Test", - "Secure Boot Logo Test", "TPM 2.0 Platform Crypto Provider Key Storage Provider Test", "ACPI Logo Test", "Profile Interrupt Test", @@ -31,7 +29,6 @@ "USB Generic HID Test", "USB Type-C ACPI Validation", "Boot from USB (ServerOperating System)", - "Secure Boot Manual Logo Test", "Debug Capability Test (Logo)", "LoadGen Server Stress - Run First - Set Machine Policies", "LoadGen Server Stress - Run Last - Reset Machine Policies",