Skip to content

clear the sensitive key data after using #83

clear the sensitive key data after using

clear the sensitive key data after using #83

Workflow file for this run

name: vTPM Integration Test on TDX server
on:
push:
paths-ignore:
- "**.md"
pull_request:
paths-ignore:
- "**.md"
env:
AS: nasm
RUST_TOOLCHAIN: nightly-2023-08-28
TOOLCHAIN_PROFILE: minimal
jobs:
integration:
name: Run vTPM Integration Test with congfig-A TDVF
runs-on: [self-hosted, vtpm]
steps:
- name: Checkout sources - vTpm
uses: actions/checkout@v3
- name: Initialize and update submodules
run: git submodule update --init --recursive
- name: Checkout sources - TDVF
run: |
rm -rf ../vtpm-tdvf
git clone --recursive --single-branch -b TDVF https://github.com/tianocore/edk2-staging ../vtpm-tdvf
- name: Build vTPM td
run: |
rm -rf ../run-vtpm-td
mkdir ../run-vtpm-td
git submodule update --init --recursive
bash sh_script/pre-build.sh
bash sh_script/build.sh
cp target/x86_64-unknown-none/release/vtpmtd.bin ../run-vtpm-td
- name: Build config-A TDVF
run: |
pushd ../vtpm-tdvf
make -C BaseTools
source edksetup.sh
rm -rf ../run-user-td
mkdir ../run-user-td
build -p OvmfPkg/OvmfPkgX64.dsc -t GCC5 -a X64 -D TPM2_ENABLE=TRUE -D VTPM_ENABLE=TRUE -b RELEASE
cp Build/OvmfX64/RELEASE_GCC5/FV/OVMF.fd ../run-user-td/
popd
- name: Run test - Config A
run: |
pushd sh_script
python -m pytest -k "config_A"
popd
- name: Build Config-B TDVF without secure boot
run: |
pushd ../vtpm-tdvf
make -C BaseTools
source edksetup.sh
rm -rf ../run-user-td
mkdir ../run-user-td
build -p OvmfPkg/IntelTdx/IntelTdxX64.dsc -t GCC5 -a X64 -b RELEASE
cp Build/IntelTdx/RELEASE_GCC5/FV/OVMF.fd ../run-user-td/
popd
- name: Run test - Config B + no secure boot
run: |
pushd sh_script
python -m pytest -k "config_B_no_sb"
popd
- name: Build Config-B TDVF with secure boot
run: |
pushd ../vtpm-tdvf
make -C BaseTools
source edksetup.sh
rm -rf ../run-user-td
mkdir ../run-user-td
build -p OvmfPkg/IntelTdx/IntelTdxX64.dsc -D SECURE_BOOT_ENABLE=TRUE -t GCC5 -a X64 -b RELEASE
cp Build/IntelTdx/RELEASE_GCC5/FV/OVMF.fd ../run-user-td/
popd
- name: Enroll OVMF.fd
run: |
SECURE_BOOT="/home/env/secure_boot"
GUID=`cat ${SECURE_BOOT}/myGUID.txt`
python sh_script/secure_boot/secure_boot.py -fd ../run-user-td/OVMF.fd -pk ${GUID} ${SECURE_BOOT}/PK.cer -kek ${GUID} ${SECURE_BOOT}/KEK.cer -db ${GUID} ${SECURE_BOOT}/DB.cer
python sh_script/secure_boot/var_enroll.py --fd ../run-user-td/OVMF.sb.fd -op add -n FB_NO_REBOOT -g 605dab50-e046-4300-abb6-3dd810dd8b23 -a 0x7 -d sh_script/secure_boot/FB_NO_REBOOT.bin -o ../run-user-td/OVMF.fd
- name: Run test - Config B + secure boot
run: |
pushd sh_script
python -m pytest -k "config_B_sb"
popd