-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor GetEventLog #129
Comments
Discussed offline with Alex, for command tests we should probably switch to doing something like: // in cmd/open.go
var openTPM func() (io.ReadWriteCloser, error) = openImpl
// in cmd/seal.go
tpm, err := openTPM()
// in cmd/seal_test.go
func TestSealPlain(t *testing.T) {
// Before:
// rwc := test.GetTPM(t)
// defer client.CheckedClose(t, rwc)
// ExternalTPM = rwc
// After:
openTPM = func() { test.GetTPM(t) }
...
} and just not have |
We should also make the GetEventLog interface definition private |
Short-Term: interface TPM {
io.ReadWriteCloser
EventLog() ([]byte, error)
} And Then package client
import (
"io"
"github.com/google/go-tpm/tpm2"
)
func GetEventLog(rw io.ReadWriter) ([]byte, error) {
if tpm, ok := rw.(tpm2.TPM); ok {
return tpm.EventLog()
}
// Fallback only used on Linux
return getRealEventLog()
} |
The problem with this is our cmd tests need a reference to the same TPM instance as the cmd execution context run in that test. See https://github.com/google/go-tpm-tools/blob/master/cmd/seal_test.go#L94-L97 as an example. That test uses the output of I can't think of a way around this without having a global variable like |
Currently, we have a confusing interface for GetEventLog. In order to take advantage of this model, we need to wrap the
EventLog
method in a new structure whenever we pass the simulator as an embedded field to a test. See #128, specificallyignoreClose
andignoreCloseWithEventLogGetter
as an example. We do this because the event log and the TPM are closely tied in a simulated environment; the TPM's PCRs need to reflect the event log events to pass our tests.To prevent this, we should figure out how best to
Here are a few options to consider:
test.GetTPMAndEventLog
replacetest.GetTPM
. This can return someTPMAndEventLog
structure that tests can optionally take one or both of. We then need to revisitclient.Attest
and probably introduce an eventLog []byte parameter again that calls GetEventLog when nil./sys/kernel/security/tpm0/binary_bios_measurements
) and Windows (https://docs.microsoft.com/en-us/windows/win32/api/tbs/nf-tbs-tbsi_get_tcg_log). So, we should do it for them.TPMContext
). It could look something liketype TPMContext interface { io.ReadWriterCloser EventLog() []byte
Thoughts?
The text was updated successfully, but these errors were encountered: