add 4 guest test td attestation TCs and improve overall test logic

guest-test/guest.test_executor.sh

@@ -31,19 +31,34 @@ EOF
 
 # function based on sshpass to scp $1 source_code_dir and compile $2 test_binary in Guest VM
 guest_test_source_code() {
-  sshpass -e scp -P "$PORT" -o StrictHostKeyChecking=no -r "$1" root@localhost:"$GUEST_TEST_DIR"
+  sshpass -e ssh -p "$PORT" -o StrictHostKeyChecking=no root@localhost << EOF
+    mkdir -p $GUEST_TEST_DIR/$1
+EOF
+  sshpass -e scp -P "$PORT" -o StrictHostKeyChecking=no -r "$1"/* root@localhost:"$GUEST_TEST_DIR/$1"
   sshpass -e ssh -p "$PORT" -o StrictHostKeyChecking=no root@localhost << EOF
     source $GUEST_TEST_DIR/common.sh
-    cd $GUEST_TEST_DIR/$1
-    make || die "Failed to compile source code $1"
+    cd $GUEST_TEST_DIR
+    cd $1
+    dnf list installed gcc || dnf install -y gcc || \
+    { die "Failed to install gcc in guest os"; return 1; }
+    dnf list installed glibc-static || dnf install -y glibc-static || \
+    { die "Failed to install glibc-static in guest os"; return 1; }
+    make || { die "Failed to compile source code $1"; return 1; }
     if [ -f $2 ]; then
       chmod a+x $2
       cp $2 $GUEST_TEST_DIR
     else
       die "Can't find test binary $2"
+      return 1
     fi
 EOF
+ERR_NUM=$?
+if [ $ERR_NUM -eq 0 ]; then
   test_print_trc "Guest VM test source code and binary prepare complete"
+  return 0
+else
+  return 1
+fi
 }
 
 # function based on sshpass to execute $1 test_script.sh and potential $2 script params in Guest VM
@@ -73,6 +88,18 @@ EOF
   test_print_trc "Guest VM closed properly after test"
 }
 
+guest_attest_test() {
+  selftest_item=$1
+  guest_test_prepare tdx/tdx_attest_check.sh
+  guest_test_source_code tdx/tdx_attest_test_suite tdx_guest_test || \
+  { die "Failed to prepare guest test source code for $selftest_item"; return 1; }
+  guest_test_entry tdx_attest_check.sh "-t $selftest_item" || \
+  { die "Failed on $TESTCASE tdx_attest_check.sh -t $selftest_item"; return 1; }
+  if [[ $GCOV == "off" ]]; then
+    guest_test_close
+  fi
+}
+
 ###################### Do Works ######################
 cd "$(dirname "$0")" 2>/dev/null || exit 1
 source ../.env
@@ -95,11 +122,27 @@ case "$TESTCASE" in
     guest_test_prepare guest_test.sh
     guest_test_source_code test_source_code_dir_example test_binary_example
     guest_test_entry guest_test.sh "-t $TESTCASE" || \
-    die "Failed on GUEST_TESTCASE_EXAMPLE guest_test.sh -t $TESTCASE"
+    die "Failed on $TESTCASE guest_test.sh -t $TESTCASE"
     if [[ $GCOV == "off" ]]; then
       guest_test_close
     fi
     ;;
+  TD_ATTEST_VERIFY_REPORT)
+    guest_attest_test "global.verify_report" || \
+    die "Failed on $TESTCASE"
+    ;;
+  TD_ATTEST_VERITY_REPORTMAC)
+    guest_attest_test "global.verify_reportmac" || \
+    die "Failed on $TESTCASE"
+    ;;
+  TD_ATTEST_VERIFY_RTMR_EXTEND)
+    guest_attest_test "global.verify_rtmr_extend" || \
+    die "Failed on $TESTCASE"
+    ;;
+  TD_ATTEST_VERIFY_QUOTE)
+    guest_attest_test "global.verify_quote" || \
+    die "Failed on $TESTCASE"
+    ;;
   :)
     test_print_err "Must specify the test scenario option by [-t]"
     usage && exit 1

guest-test/guest.test_launcher.sh

@@ -75,7 +75,7 @@ EOF
 }
 
 guest_kernel_reboot() {
-	sshpass -e ssh -p "$PORT" -o StrictHostKeyChecking=no root@localhost << EOF
+  sshpass -e ssh -p "$PORT" -o StrictHostKeyChecking=no root@localhost << EOF
     systemctl reboot --reboot-argument=now
 EOF
 }
@@ -86,11 +86,11 @@ source ../.env
 
 ## PART 0: prepare test prerequisites ##
 if [ ! "$(which sshpass)" ]; then
-        dnf install -y sshpass > /dev/null
-        apt install -y sshpass > /dev/null
+  dnf install -y sshpass > /dev/null
+  apt install -y sshpass > /dev/null
 else
-        test_print_trc "sshpass prerequisites is ready for use"
-        test_print_trc "VM test is starting now..."
+  test_print_trc "sshpass prerequisites is ready for use"
+  test_print_trc "VM test is starting now..."
 fi
 
 ## PART 1: get params from qemu.cfg.json and script args ##
@@ -142,7 +142,7 @@ while getopts :v:s:m:d:t:x:c:p:g:h arg; do
       GCOV=$OPTARG
       echo GCOV="\"$GCOV\"" >> "$SCRIPT_DIR"/test_params.py
       ;;
-	  h)
+    h)
       usage && exit 0
       ;;
     :)
@@ -205,13 +205,13 @@ export GCOV
 cd "$SCRIPT_DIR" || die "fail to switch to $SCRIPT_DIR"
 rm -rf /root/.ssh/known_hosts
 while read -r line; do
-	echo "[${VM_TYPE}_vm]: $line"
+  echo "[${VM_TYPE}_vm]: $line"
   # within $TIMEOUT but bypass the very first 2 seconds to avoid unexpected $BOOT_PATTERN match (from parameter handling logic)
-	if [[ $SECONDS -lt $TIMEOUT ]] && [[ $SECONDS -ge 2 ]]; then
-		if [[ $line == $BOOT_PATTERN ]]; then
-			test_print_trc "VM_TYPE: $VM_TYPE, VCPU: $VCPU, SOCKETS: $SOCKETS, MEM: $MEM, DEBUG: $DEBUG, PMU: $PMU, CMDLINE: $CMDLINE, TESTCASE: $TESTCASE, SECONDS: $SECONDS"
+  if [[ $SECONDS -lt $TIMEOUT ]] && [[ $SECONDS -ge 2 ]]; then
+    if [[ $line == $BOOT_PATTERN ]] && [[ $EXEC_FLAG -ne 0 ]]; then
+      test_print_trc "VM_TYPE: $VM_TYPE, VCPU: $VCPU, SOCKETS: $SOCKETS, MEM: $MEM, DEBUG: $DEBUG, PMU: $PMU, CMDLINE: $CMDLINE, TESTCASE: $TESTCASE, SECONDS: $SECONDS"
       EXEC_FLAG=0
-			if ! ./guest.test_executor.sh; then EXEC_FLAG=1 && break; fi # break while read loop in case of TD VM test failure
+      if ! ./guest.test_executor.sh; then EXEC_FLAG=1 && break; fi # break while read loop in case of TD VM test failure
     # err_handlers string matching
     elif [[ $line == $ERR_STR1 ]]; then
       test_print_err "There is $ERR_STR1, test is not fully PASS"
@@ -228,23 +228,16 @@ while read -r line; do
     elif [[ $line == $ERR_STR5 ]]; then
       test_print_wrg "There is $ERR_STR5, please check"
       ERR_FLAG5=1
-		fi
+    fi
     # end of err_handlers string matching
-	elif [[ $SECONDS -ge $TIMEOUT ]]; then # break while read loop in case of TD VM boot timeout (no $BOOT_PATTERN found)
-		break
-	fi
-done < <(if [ "$GCOV" == "off" ]; then timeout "$TIMEOUT" ./guest.qemu_runner.sh; else ./guest.qemu_runner.sh; fi)
+  elif [[ $SECONDS -ge $TIMEOUT ]]; then # break while read loop in case of TD VM boot timeout (no $BOOT_PATTERN found)
+    break
+  fi
+done < <(if [ "$GCOV" == "off" ]; then timeout "$TIMEOUT" ./guest.qemu_runner.sh; \
+  else test_print_trc "${VM_TYPE}vm_$PORT keep alive for gcov data collection" && ./guest.qemu_runner.sh; fi)
 
 ## PART 3: err_handlers error management
 # unexpected error/bug/warning/call trace handling
-if [ $ERR_FLAG1 -ne 0 ]; then
-  die "$VM_TYPE VM test failed with $ERR_STR1, please check |ERROR| in test log for more info"
-fi
-
-if [ $ERR_FLAG2 -ne 0 ]; then
-  die "$VM_TYPE VM test failed with $ERR_STR2, please check |ERROR| in test log for more info"
-fi
-
 if [ $ERR_FLAG3 -ne 0 ]; then
   test_print_wrg "$VM_TYPE VM test hit $ERR_STR3, please check |WARNING| in test log for more info"
 fi
@@ -256,6 +249,15 @@ fi
 if [ $ERR_FLAG5 -ne 0 ]; then
   test_print_wrg "$VM_TYPE VM test hit $ERR_STR5, please check |WARNING| in test log for more info"
 fi
+
+# handle error/bug in the end to avoid missing above warning/call trace info
+if [ $ERR_FLAG1 -ne 0 ]; then
+  die "$VM_TYPE VM test failed with $ERR_STR1, please check |ERROR| in test log for more info"
+fi
+
+if [ $ERR_FLAG2 -ne 0 ]; then
+  die "$VM_TYPE VM test failed with $ERR_STR2, please check |ERROR| in test log for more info"
+fi
 # end of err_handlers error management
 
 ## PART 4: timeout control in case of tdvm boot up failure/test failure ##
@@ -276,27 +278,28 @@ sleep 3
 # time count less or qual than 3 is case b
 # - handling: nothing to do, die for TDVM boot early failure, likely qemu config issue
 if ! guest_kernel_check; then
-	if [ "$SECONDS" -gt 3 ] && [ "$SECONDS" -lt "$TIMEOUT" ] && [ "$EXEC_FLAG" -eq 0 ]; then
-		test_print_trc "$VM_TYPE VM test complete..."
-	elif [ "$SECONDS" -ge "$TIMEOUT" ] && [ "$GCOV" == "on" ]; then
-		pkill "${VM_TYPE}vm_$PORT"
-		die "TEST TIMEOUT!!!!!!!!!!!!"
-	elif [ "$GCOV" == "off" ] && [ "$EXEC_FLAG" -eq 1 ]; then
-		die "$VM_TYPE VM test seems fail at beginning, please check test log"
-	fi
+  if [ "$SECONDS" -gt 3 ] && [ "$SECONDS" -lt "$TIMEOUT" ] && [ "$EXEC_FLAG" -eq 0 ]; then
+    test_print_trc "$VM_TYPE VM test complete..."
+  elif [ "$SECONDS" -ge "$TIMEOUT" ] && [ "$GCOV" == "on" ]; then
+    pkill "${VM_TYPE}vm_$PORT"
+    die "TEST TIMEOUT!!!!!!!!!!!!"
+  elif [ "$GCOV" == "off" ] && [ "$EXEC_FLAG" -eq 1 ]; then
+    pkill "${VM_TYPE}vm_$PORT"
+    die "$VM_TYPE VM test seems fail at beginning, please check test log"
+  fi
 # guest_kernel_kernel function zero return value shows TDVM is still accessible handling
 # handling: no matter why it's still accessible, close it by guest_kernel_reboot function
 elif [ "$GCOV" == "off" ]; then
-	if ! guest_kernel_reboot; then
-		test_print_trc "$VM_TYPE VM is still up"
-		test_print_trc "time: $SECONDS"
-		test_print_trc "SSHPASS: $SSHPASS"
-		test_print_trc "PORT: $PORT"
-		test_print_trc "$VM_TYPE VM closed"
+  if ! guest_kernel_reboot; then
+    test_print_trc "$VM_TYPE VM is still up"
+    test_print_trc "time: $SECONDS"
+    test_print_trc "SSHPASS: $SSHPASS"
+    test_print_trc "PORT: $PORT"
+    test_print_trc "$VM_TYPE VM closed"
     # must die here since TDVM should be closed and not accessible if test complete all correctly
     # else it's due to test die before reaching final close point td_test_close function
-		die "$VM_TYPE VM test fail, please check test log"
-	fi
+    die "$VM_TYPE VM test fail, please check test log"
+  fi
 else # [ $GCOV == "on" ] || [ guest_kernel_check return 0 ]
   test_print_trc "${VM_TYPE}vm_$PORT keep alive for gcov data collection"
   test_print_trc "'ssh -p $PORT root@localhost' with PASSWORD '$SSHPASS' to login and get data"
@@ -320,5 +323,6 @@ else # [ $GCOV == "on" ]
   else
     test_print_err "$VM_TYPE VM test fail, please check test log"
     test_print_trc "Please shutdown $VM_TYPE VM after gcov collect or debug completed"
+    die "$VM_TYPE VM test fail, please check test log"
   fi
 fi

guest-test/qemu.config.json

@@ -1,49 +1,49 @@
 {
-    "common": {
-        "kernel_img": "/boot/vmlinuz-xxx-yyy",
-        "initrd_img": "/boot/initramfs-xxx-yyy",
-        "bios_img": "/path/to/EDKII/OVMF.fd or other virtual BIOS",
-        "qemu_img": "/path/to/qemu-kvm with proper capabilty of VM test",
-        "guest_img": "/path/to/prepared/guest_os_image, in qcow2 or raw image format",
-        "guest_img_format": "raw",
-        "boot_pattern": "*Kernel*on*x86_64*",
-        "guest_root_passwd": "123456",
-        "vm_type": "tdx",
-        "pmu": "off",
-        "cpus": "4",
-        "sockets": "1",
-        "mem": "16",
-        "cmdline": "accept_memory=lazy",
-        "debug": "on"
-    },
+  "common": {
+    "kernel_img": "/boot/vmlinuz-xxx-yyy",
+    "initrd_img": "/boot/initramfs-xxx-yyy",
+    "bios_img": "/path/to/EDKII/OVMF.fd or other virtual BIOS",
+    "qemu_img": "/path/to/qemu-kvm with proper capabilty of VM test",
+    "guest_img": "/path/to/prepared/guest_os_image, in qcow2 or raw image format",
+    "guest_img_format": "raw",
+    "boot_pattern": "*Kernel*on*an*x86_64*",
+    "guest_root_passwd": "123456",
+    "vm_type": "tdx",
+    "pmu": "off",
+    "cpus": "4",
+    "sockets": "1",
+    "mem": "16",
+    "cmdline": "accept_memory=lazy",
+    "debug": "on"
+  },
 
-    "vm": {
-        "cfg_1": "-accel kvm -no-reboot -nographic -vga none -device virtio-net-pci,netdev=mynet0,mac=DE:AD:BE:EF:AB:CD,romfile= ",
-        "cfg_2": "-chardev stdio,id=mux,mux=on,signal=off -device virtio-serial,romfile= -device virtconsole,chardev=mux ",
-        "cfg_3": "-serial chardev:mux -monitor chardev:mux -monitor pty -no-hpet -nodefaults ",
-        "cfg_var_1": "-name process=$VM_TYPEVM_$PORT,debug-threads=on ",
-        "cfg_var_2": "-cpu host,host-phys-bits,pmu=$PMU ",
-        "cfg_var_3": "-smp cpus=$VCPU,sockets=$SOCKETS ",
-        "cfg_var_4": "-m $MEMG ",
-        "cfg_var_5": "-kernel $KERNEL_IMG ",
-        "cfg_var_6": "-initrd $INITRD_IMG",
-        "cfg_var_7": "-netdev user,id=mynet0,hostfwd=tcp::$PORT-:22 ",
-        "cfg_var_8": "-drive file=$GUEST_IMG,if=virtio,format=$IMG_FORMAT ",
-        "cfg_var_9": "-append \"root=/dev/vda3 ro console=hvc0 earlyprintk=ttyS0 ignore_loglevel debug earlyprintk l1tf=off initcall_debug log_buf_len=200M nokaslr tsc=reliable efi=debug mce=off efi=debug $CMDLINE\" ",
-        "cfg_var_10": "-bios $BIOS_IMG "
-    },
+  "vm": {
+    "cfg_1": "-accel kvm -no-reboot -nographic -vga none -device virtio-net-pci,netdev=mynet0,mac=DE:AD:BE:EF:AB:CD,romfile= ",
+    "cfg_2": "-chardev stdio,id=mux,mux=on,signal=off -device virtio-serial,romfile= -device virtconsole,chardev=mux ",
+    "cfg_3": "-serial chardev:mux -monitor chardev:mux -monitor pty -no-hpet -nodefaults ",
+    "cfg_var_1": "-name process=$VM_TYPEVM_$PORT,debug-threads=on ",
+    "cfg_var_2": "-cpu host,host-phys-bits,pmu=$PMU ",
+    "cfg_var_3": "-smp cpus=$VCPU,sockets=$SOCKETS ",
+    "cfg_var_4": "-m $MEMG ",
+    "cfg_var_5": "-kernel $KERNEL_IMG ",
+    "cfg_var_6": "-initrd $INITRD_IMG",
+    "cfg_var_7": "-netdev user,id=mynet0,hostfwd=tcp::$PORT-:22 ",
+    "cfg_var_8": "-drive file=$GUEST_IMG,if=virtio,format=$IMG_FORMAT ",
+    "cfg_var_9": "-append \"root=/dev/vda3 ro console=hvc0 earlyprintk=ttyS0 ignore_loglevel debug earlyprintk l1tf=off initcall_debug log_buf_len=200M nokaslr tsc=reliable efi=debug mce=off efi=debug $CMDLINE\" ",
+    "cfg_var_10": "-bios $BIOS_IMG "
+  },
 
-    "tdx": {
-        "cfg_1": "-machine q35,kernel_irqchip=split,confidential-guest-support=tdx,memory-backend=ram1 ",
-        "cfg_var_1": "-object tdx-guest,id=tdx,debug=$DEBUG,sept-ve-disable=on,quote-generation-service=vsock:2:4050 ",
-        "cfg_var_2": "-object memory-backend-memfd-private,id=ram1,size=$MEMG "
-    },
+  "tdx": {
+    "cfg_1": "-machine q35,kernel_irqchip=split,confidential-guest-support=tdx,memory-backend=ram1 ",
+    "cfg_var_1": "-object tdx-guest,id=tdx,debug=$DEBUG,sept-ve-disable=on,quote-generation-service=vsock:2:4050 ",
+    "cfg_var_2": "-object memory-backend-memfd-private,id=ram1,size=$MEMG "
+  },
 
-    "tdxio": {
-        "cfg_1": "-object iommufd,id=iommufd0 ",
-        "cfg_2": "-device vfio-pci,host=tee_bdf1,id=hostdev2,addr=0x3,x-secure-mode=on ",
-        "cfg_3": "-device vfio-pci,host=tee_bdf2,id=hostdev3,addr=0x4,x-secure-mode=on ",
-        "cfg_4": "-device vfio-pci,host=tee_bdf3,id=hostdev4,addr=0x5,x-secure-mode=on ",
-        "cfg_5": "-device vfio-pci,host=tee_bdf4,id=hostdev5,addr=0x6,x-secure-mode=on "
-    }
+  "tdxio": {
+    "cfg_1": "-object iommufd,id=iommufd0 ",
+    "cfg_2": "-device vfio-pci,host=tee_bdf1,id=hostdev2,addr=0x3,x-secure-mode=on ",
+    "cfg_3": "-device vfio-pci,host=tee_bdf2,id=hostdev3,addr=0x4,x-secure-mode=on ",
+    "cfg_4": "-device vfio-pci,host=tee_bdf3,id=hostdev4,addr=0x5,x-secure-mode=on ",
+    "cfg_5": "-device vfio-pci,host=tee_bdf4,id=hostdev5,addr=0x6,x-secure-mode=on "
+  }
 }