diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..cdfba49 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,38 @@ +dist: bionic +language: C +addons: + apt: + packages: + - libkeyutils-dev + - libattr1-dev + - attr + - openssl + - libssl-dev + - asciidoc + - xsltproc + - docbook-xsl + - docbook-xml +matrix: + include: + - env: TSS=ibmtss + - env: TSS=tpm2-tss +install: + - if [ "${TSS}" = "tpm2-tss" ]; then + sudo apt-get install lcov pandoc autoconf-archive liburiparser-dev; + sudo apt-get install libdbus-1-dev libglib2.0-dev dbus-x11 libgcrypt-dev; + sudo apt-get install libssl-dev doxygen libjson-c-dev; + sudo apt-get install libini-config-dev libltdl-dev; + sudo apt-get install uuid-dev libcurl4-openssl-dev; + ./tests/install-tpm2-tss.sh; + fi + - ./tests/install-swtpm.sh + - ./tests/install-tss.sh + +script: + - export LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib; + - export PATH=$PATH:/usr/local/bin; + - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check; + + - tail -3 tests/ima_hash.log; + - tail -3 tests/sign_verify.log; + - tail -20 tests/boot_aggregate.log; diff --git a/README b/README index b37325f..321045d 100644 --- a/README +++ b/README @@ -28,6 +28,7 @@ COMMANDS import [--rsa] pubkey keyring sign [-r] [--imahash | --imasig ] [--portable] [--key key] [--pass password] file verify file + ima_boot_aggregate [--pcrs hash-algorithm,file] [TPM 1.2 BIOS event log] ima_sign [--sigfile] [--key key] [--pass password] file ima_verify file ima_hash file diff --git a/src/evmctl.c b/src/evmctl.c index 7ad1150..de7299d 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -2485,7 +2485,7 @@ struct command cmds[] = { {"ima_setxattr", cmd_setxattr_ima, 0, "[--sigfile file]", "Set IMA signature from sigfile\n"}, {"ima_hash", cmd_hash_ima, 0, "file", "Make file content hash.\n"}, {"ima_measurement", cmd_ima_measurement, 0, "[--ignore-violations] [--verify-sig [--key key1, key2, ...]] [--pcrs [hash-algorithm,]file [--pcrs hash-algorithm,file] ...] file", "Verify measurement list (experimental).\n"}, - {"ima_boot_aggregate", cmd_ima_bootaggr, 0, "[file]", "Calculate per TPM bank boot_aggregate digests\n"}, + {"ima_boot_aggregate", cmd_ima_bootaggr, 0, "[--pcrs hash-algorithm,file] [TPM 1.2 BIOS event log]", "Calculate per TPM bank boot_aggregate digests\n"}, {"ima_fix", cmd_ima_fix, 0, "[-t fdsxm] path", "Recursively fix IMA/EVM xattrs in fix mode.\n"}, {"ima_clear", cmd_ima_clear, 0, "[-t fdsxm] path", "Recursively remove IMA/EVM xattrs.\n"}, {"sign_hash", cmd_sign_hash, 0, "[--key key] [--pass [password]", "Sign hashes from shaXsum output.\n"}, diff --git a/tests/install-swtpm.sh b/tests/install-swtpm.sh new file mode 100755 index 0000000..071e9c9 --- /dev/null +++ b/tests/install-swtpm.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -ex +wget https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm1332.tar.gz/download +mkdir ibmtpm1332 +cd ibmtpm1332 +tar -xvzf ../download +cd src +make -j$(nproc) +sudo cp tpm_server /usr/local/bin/ +cd ../.. diff --git a/tests/install-tpm2-tss.sh b/tests/install-tpm2-tss.sh new file mode 100755 index 0000000..7a71b57 --- /dev/null +++ b/tests/install-tpm2-tss.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +git clone https://github.com/tpm2-software/tpm2-tss.git +cd tpm2-tss +./bootstrap +./configure +make -j$(nproc) +sudo make install +sudo ldconfig +cd .. +rm -rf tpm2-tss + +git clone https://github.com/tpm2-software/tpm2-tools.git +cd tpm2-tools +./bootstrap && ./configure --prefix=/usr +make -j$(nproc) +sudo make install +cd .. +rm -rf tpm2-tools diff --git a/tests/install-tss.sh b/tests/install-tss.sh new file mode 100755 index 0000000..c9c179e --- /dev/null +++ b/tests/install-tss.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +set -ex +git clone https://git.code.sf.net/p/ibmtpm20tss/tss +cd tss +autoreconf -i && ./configure --disable-tpm-1.2 --disable-hwtpm && make -j$(nproc) && sudo make install +cd .. +rm -rf tss