[guest-test] New Test: add 3 new TCs of TSM based TD attest quote

add 3 new testcases of TSM based TD attestation get quote related, which is already upstreamed in mainline kernel [Test Components] tdx [Test Types] func [Supported Devices] spr,emr,gnr,srf Signed-off-by: Hongyu Ning <[email protected]>
intel · Nov 17, 2023 · 1e2009b · 1e2009b
1 parent be896c5
commit 1e2009b
Show file tree

Hide file tree

Showing 3 changed files with 132 additions and 0 deletions.
diff --git a/guest-test/guest.test_executor.sh b/guest-test/guest.test_executor.sh
@@ -100,6 +100,16 @@ guest_attest_test() {
   fi
 }
 
+guest_tsm_attest() {
+  test_item=$1
+  guest_test_prepare tdx/tdx_attest_check.sh
+  guest_test_entry tdx_attest_check.sh "-t $test_item" || \
+  { die "Failed on $TESTCASE tdx_attest_check.sh -t $test_item"; return 1; }
+  if [[ $GCOV == "off" ]]; then
+    guest_test_close
+  fi
+}
+
 ###################### Do Works ######################
 cd "$(dirname "$0")" 2>/dev/null || exit 1
 source ../.env
@@ -169,6 +179,18 @@ case "$TESTCASE" in
       guest_test_close
     fi
     ;;
+  TD_TSM_ATTEST_QUOTE_PRECHECK)
+    guest_tsm_attest "tsm.get_quote.precheck" || \
+    die "Failed on $TESTCASE"
+    ;;
+  TD_TSM_ATTEST_QUOTE)
+    guest_tsm_attest "tsm.get_quote" || \
+    die "Failed on $TESTCASE"
+    ;;
+  TD_TSM_ATTEST_QUOTE_NEG)
+    guest_tsm_attest "tsm.get_quote.negative" || \
+    die "Failed on $TESTCASE"
+    ;;
   :)
     test_print_err "Must specify the test scenario option by [-t]"
     usage && exit 1

diff --git a/guest-test/tdx/tdx_attest_check.sh b/guest-test/tdx/tdx_attest_check.sh
@@ -15,6 +15,9 @@ SCRIPT_DIR="$( cd "$( dirname "$0" )" && pwd )"
 echo "$SCRIPT_DIR"
 source common.sh
 
+# TSM based attest sysfs
+tsm_config=/sys/kernel/config/tsm/report
+
 while getopts :t: arg; do
   case $arg in
     t)
@@ -58,6 +61,101 @@ attest_result() {
   fi
 }
 
+tsm_get_quote_pre_check() {
+  report="$tsm_config"/$1
+  mkdir "$report"
+  # tsm td quote sysfs precheck
+  if [[ -f "$report"/generation ]] && \
+    [[ $(cat "$report"/generation) -eq 0 ]]; then
+    test_print_trc "TD TSM attest quote generation pre-check correct"
+  else
+    die "TD TSM attest quote generation not exists or not equal to 0"
+    return 1
+  fi
+  if [[ -f "$report"/provider ]] && \
+    [[ $(cat "$report"/provider) == "tdx_guest" ]]; then
+    test_print_trc "TD TSM attest quote provider pre-check correct"
+  else
+    die "TD TSM attest quote provider not exists or not equal to 'tdx_guest'"
+    return 1
+  fi
+  if [[ -f "$report"/inblob ]]; then
+    test_print_trc "TD TSM attest quote inblob pre-check correct"
+  else
+    die "TD TSM attest quote inblob not exists"
+    return 1
+  fi
+  if [[ -f "$report"/outblob ]]; then
+    test_print_trc "TD TSM attest quote outblob pre-check correct"
+  else
+    die "TD TSM attest quote outblob not exists"
+    return 1
+  fi
+  rmdir "$report"
+}
+
+tsm_get_quote() {
+  report="$tsm_config"/$1
+  mkdir "$report"
+  # generate quote check
+  generation_before=$(cat "$report"/generation)
+  test_print_trc "tsm quote generation before trigger inblob: $generation_before"
+  if ! dd if=/dev/urandom bs=64 count=1 > "$report"/inblob; then
+    die "TD TSM attest quote inblob write failed"
+    return 1
+  else
+    test_print_trc "TD TSM attest quote triggered success once"
+  fi
+  generation_after=$(cat "$report"/generation)
+  test_print_trc "tsm quote generation after trigger inblob: $generation_after"
+  if [[ "$generation_after" -gt "$quote_before" ]]; then
+    test_print_trc "TD TSM attest quote inblob triggered 1 more"
+  else
+    die "TD TSM attest quote inblob triggered generation failed"
+    return 1
+  fi
+  quote_return=$(hexdump -C "$report"/outblob 2>&1 >/dev/null)
+  test_print_trc "hexdump -C outblob return: $quote_return"
+  if echo "$quote_return" | grep "Connection timed out"; then
+    test_print_trc "TD TSM attest quote generated from @inblob success"
+  else
+    die "TD TSM attest quote generated by inblob failed"
+    return 1
+  fi
+  rmdir "$report"
+}
+
+tsm_get_quote_negative() {
+  report="$tsm_config"/$1
+  mkdir "$report"
+  # negative generate quote check
+  generation_before=$(cat "$report"/generation)
+  test_print_trc "tsm quote generation before trigger inblob: $generation_before"
+  if ! dd if=/dev/urandom bs=32 count=1 > "$report"/inblob; then
+    die "TD TSM attest quote inblob write failed"
+    return 1
+  else
+    test_print_trc "TD TSM attest quote triggered success once"
+  fi
+  generation_after=$(cat "$report"/generation)
+  test_print_trc "tsm quote generation after trigger inblob: $generation_after"
+  if [[ "$generation_after" -gt "$generation_before" ]]; then
+    test_print_trc "TD TSM attest quote inblob triggered 1 more"
+  else
+    die "TD TSM attest quote inblob triggered generation failed"
+    return 1
+  fi
+  quote_return=$(hexdump -C "$report"/outblob 2>&1 >/dev/null)
+  test_print_trc "hexdump -C outblob return: $quote_return"
+  if echo "$quote_return" | grep "Invalid argument"; then
+    test_print_trc "TD TSM attest quote negative generated from @inblob success"
+  else
+    die "TD TSM attest quote negative generated by inblob failed"
+    return 1
+  fi
+  rmdir "$report"
+}
+
 ###################### Do Works ######################
 
 case "$ATTEST_CASE" in
@@ -73,6 +171,15 @@ case "$ATTEST_CASE" in
   global.verify_quote)
     attest_result "$ATTEST_CASE"
     ;;
+  tsm.get_quote.precheck)
+    tsm_get_quote_pre_check report0
+    ;;
+  tsm.get_quote)
+    tsm_get_quote report1
+    ;;
+  tsm.get_quote.negative)
+    tsm_get_quote_negative report2
+    ;;
   :)
     test_print_err "Must specify the attest case option by [-t]"
     exit 1

diff --git a/guest-test/tdx/tests b/guest-test/tdx/tests
@@ -13,5 +13,8 @@ guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_ATTEST_VERIFY_REPORT -c
 guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_ATTEST_VERITY_REPORTMAC -c "accept_memory=lazy" -p off
 guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_ATTEST_VERIFY_RTMR_EXTEND -c "accept_memory=lazy" -p off
 guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_ATTEST_VERIFY_QUOTE -c "accept_memory=lazy" -p off
+guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_TSM_ATTEST_QUOTE_PRECHECK -c "accept_memory=lazy" -p off
+guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_TSM_ATTEST_QUOTE -c "accept_memory=lazy" -p off
+guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_TSM_ATTEST_QUOTE_NEG -c "accept_memory=lazy" -p off
 # case implemented by tdx_speed_test.sh
 guest.test_launcher.sh -v 1 -s 1 -m 1 -d on -t tdx -x TD_NET_SPEED -c "accept_memory=lazy" -p off