kola/tests: Add new cl.tpm.eventlog test for the TPM Event log

This will only work from GRUB 2.12 onwards, so restrict to 4082+. I initially wanted to add this check to the existing tpmTest function, but that wouldn't allow me to restrict the version. Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
flatcar · Sep 13, 2024 · 8bbe79a · 8bbe79a
1 parent 7a4dc8b
commit 8bbe79a
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/kola/tests/misc/tpm.go b/kola/tests/misc/tpm.go
@@ -302,6 +302,18 @@ func init() {
 		Distros:     []string{"cl"},
 		MinVersion:  semver.Version{Major: 3913, Minor: 0, Patch: 1},
 	})
+
+	runEventLog := func(c cluster.TestCluster) {
+		eventLogTest(c)
+	}
+	register.Register(&register.Test{
+		Run:         runEventLog,
+		ClusterSize: 0,
+		Platforms:   []string{"qemu"},
+		Name:        "cl.tpm.eventlog",
+		Distros:     []string{"cl"},
+		MinVersion:  semver.Version{Major: 4082, Minor: 0, Patch: 0},
+	})
 }
 
 func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string, variant string) {
@@ -336,6 +348,7 @@ func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string,
 
 	checkIfMountpointIsEncrypted(c, m, mountpoint)
 
+
 	// Make sure the change is reboot-safe. This is especially important for the case of an encrypted root disk because the
 	// initramfs decryption is not tested on the first boot, in which the initramfs starts with no encrypted disks and Ignition
 	// only sets up the encryption while in initramfs.
@@ -359,3 +372,25 @@ func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string,
 		checkIfMountpointIsEncrypted(c, m, "/")
 	}
 }
+
+func eventLogTest(c cluster.TestCluster) {
+	options := platform.MachineOptions{ EnableTPM: true }
+	var m platform.Machine
+	var err error
+	switch pc := c.Cluster.(type) {
+	// These cases have to be separated because otherwise the golang compiler doesn't type-check
+	// the case bodies using the proper subtype of `pc`.
+	case *qemu.Cluster:
+		m, err = pc.NewMachineWithOptions(nil, options)
+	case *unprivqemu.Cluster:
+		m, err = pc.NewMachineWithOptions(nil, options)
+	default:
+		c.Fatal("unknown cluster type")
+	}
+	if err != nil {
+		c.Fatal(err)
+	}
+
+	// Verify that the TPM event log is working.
+	_ = c.MustSSH(m, "sudo tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements")
+}