From 75e97fb629e5e7eee5105fd229bf269cb2c2f667 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Wed, 10 Apr 2024 11:32:09 +0200 Subject: [PATCH 1/3] platform/local: Extract swtpm functionality So that it can be added to kola spawn more easily. Signed-off-by: Jeremi Piotrowski --- kola/tests/misc/tpm.go | 59 ++++++------------------------------------ platform/local/tpm.go | 55 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 51 deletions(-) create mode 100644 platform/local/tpm.go diff --git a/kola/tests/misc/tpm.go b/kola/tests/misc/tpm.go index c32b1c92b..ddf589916 100644 --- a/kola/tests/misc/tpm.go +++ b/kola/tests/misc/tpm.go @@ -1,21 +1,17 @@ package misc import ( - "fmt" "os" - "strings" "time" "github.com/coreos/go-semver/semver" - "github.com/coreos/pkg/capnslog" "github.com/flatcar/mantle/kola/cluster" "github.com/flatcar/mantle/kola/register" "github.com/flatcar/mantle/platform" "github.com/flatcar/mantle/platform/conf" + "github.com/flatcar/mantle/platform/local" "github.com/flatcar/mantle/platform/machine/qemu" "github.com/flatcar/mantle/platform/machine/unprivqemu" - "github.com/flatcar/mantle/system/exec" - "github.com/flatcar/mantle/util" ) const ( @@ -311,17 +307,21 @@ func init() { } func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string, variant string) { - swtpm, err := startSwtpm() + swtpmDir, err := os.MkdirTemp("", "swtpm-") + if err != nil { + c.Fatalf("mkdir: %v", err) + } + swtpm, err := local.NewSwtpm(swtpmDir) if err != nil { c.Fatalf("could not start software TPM emulation: %v", err) } - defer swtpm.stop() + defer swtpm.Stop() options := platform.MachineOptions{ AdditionalDisks: []platform.Disk{ {Size: "520M", DeviceOpts: []string{"serial=secondary"}}, }, - SoftwareTPMSocket: swtpm.socketPath, + SoftwareTPMSocket: swtpm.SocketPath(), } var m platform.Machine switch pc := c.Cluster.(type) { @@ -370,46 +370,3 @@ func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string, checkIfMountpointIsEncrypted(c, m, "/") } } - -type softwareTPM struct { - process *exec.ExecCmd - socketPath string - dir string -} - -func startSwtpm() (*softwareTPM, error) { - swtpm := &softwareTPM{} - - swtpmDir, err := os.MkdirTemp("", "swtpm-") - if err != nil { - return nil, err - } - swtpm.dir = swtpmDir - swtpm.socketPath = fmt.Sprintf("%v/swtpm-sock", swtpm.dir) - - swtpm.process = exec.Command("swtpm", "socket", "--tpmstate", fmt.Sprintf("dir=%v", swtpm.dir), "--ctrl", fmt.Sprintf("type=unixio,path=%v", swtpm.socketPath), "--tpm2") - out, err := swtpm.process.StdoutPipe() - if err != nil { - return nil, err - } - go util.LogFrom(capnslog.INFO, out) - - if err = swtpm.process.Start(); err != nil { - return nil, err - } - - plog.Debugf("swtpm PID: %v", swtpm.process.Pid()) - - return swtpm, nil -} - -func (swtpm *softwareTPM) stop() { - if err := swtpm.process.Kill(); err != nil { - plog.Errorf("Error killing swtpm: %v", err) - } - // To be double sure that we do not delete the wrong directory, check that "tpm" occurs in the directory path we delete. - if strings.Contains(swtpm.dir, "tpm") { - plog.Debugf("Delete swtpm temporary directory %v", swtpm.dir) - os.RemoveAll(swtpm.dir) - } -} diff --git a/platform/local/tpm.go b/platform/local/tpm.go new file mode 100644 index 000000000..ed1184a6c --- /dev/null +++ b/platform/local/tpm.go @@ -0,0 +1,55 @@ +package local + +import ( + "fmt" + "os" + "strings" + + "github.com/coreos/pkg/capnslog" + "github.com/flatcar/mantle/system/exec" + "github.com/flatcar/mantle/util" +) + +type SoftwareTPM struct { + process *exec.ExecCmd + socketPath string + dir string +} + +func NewSwtpm(dir string) (*SoftwareTPM, error) { + swtpm := &SoftwareTPM{} + + os.Mkdir(dir, 0700) + swtpm.dir = dir + swtpm.socketPath = fmt.Sprintf("%v/sock", swtpm.dir) + + swtpm.process = exec.Command("swtpm", "socket", "--tpmstate", fmt.Sprintf("dir=%v", swtpm.dir), "--ctrl", fmt.Sprintf("type=unixio,path=%v", swtpm.socketPath), "--tpm2") + out, err := swtpm.process.StderrPipe() + if err != nil { + return nil, err + } + go util.LogFrom(capnslog.INFO, out) + + if err = swtpm.process.Start(); err != nil { + return nil, err + } + + plog.Debugf("swtpm PID: %v", swtpm.process.Pid()) + + return swtpm, nil +} + +func (swtpm *SoftwareTPM) Stop() { + if err := swtpm.process.Kill(); err != nil { + plog.Errorf("Error killing swtpm: %v", err) + } + // To be double sure that we do not delete the wrong directory, check that "tpm" occurs in the directory path we delete. + if strings.Contains(swtpm.dir, "tpm") { + plog.Debugf("Delete swtpm temporary directory %v", swtpm.dir) + os.RemoveAll(swtpm.dir) + } +} + +func (swtpm *SoftwareTPM) SocketPath() string { + return swtpm.socketPath +} From f3334a7ef21881297d9c7bb7724be6eb0ce8536a Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Wed, 10 Apr 2024 11:46:31 +0200 Subject: [PATCH 2/3] platform/qemu: Support creating a swtpm instance for a machine Move swtpm creation from the tpm test to the qemu implementation. This allows it to be reused for various test cases. Signed-off-by: Jeremi Piotrowski --- kola/tests/misc/tpm.go | 15 ++------------- platform/local/tpm.go | 8 ++------ platform/machine/qemu/cluster.go | 17 +++++++++++++++++ platform/machine/qemu/machine.go | 5 ++++- platform/qemu.go | 3 ++- 5 files changed, 27 insertions(+), 21 deletions(-) diff --git a/kola/tests/misc/tpm.go b/kola/tests/misc/tpm.go index ddf589916..d1e5a51c6 100644 --- a/kola/tests/misc/tpm.go +++ b/kola/tests/misc/tpm.go @@ -1,7 +1,6 @@ package misc import ( - "os" "time" "github.com/coreos/go-semver/semver" @@ -9,7 +8,6 @@ import ( "github.com/flatcar/mantle/kola/register" "github.com/flatcar/mantle/platform" "github.com/flatcar/mantle/platform/conf" - "github.com/flatcar/mantle/platform/local" "github.com/flatcar/mantle/platform/machine/qemu" "github.com/flatcar/mantle/platform/machine/unprivqemu" ) @@ -307,23 +305,14 @@ func init() { } func tpmTest(c cluster.TestCluster, userData *conf.UserData, mountpoint string, variant string) { - swtpmDir, err := os.MkdirTemp("", "swtpm-") - if err != nil { - c.Fatalf("mkdir: %v", err) - } - swtpm, err := local.NewSwtpm(swtpmDir) - if err != nil { - c.Fatalf("could not start software TPM emulation: %v", err) - } - defer swtpm.Stop() - options := platform.MachineOptions{ AdditionalDisks: []platform.Disk{ {Size: "520M", DeviceOpts: []string{"serial=secondary"}}, }, - SoftwareTPMSocket: swtpm.SocketPath(), + EnableTPM: true, } var m platform.Machine + var err error switch pc := c.Cluster.(type) { // These cases have to be separated because otherwise the golang compiler doesn't type-check // the case bodies using the proper subtype of `pc`. diff --git a/platform/local/tpm.go b/platform/local/tpm.go index ed1184a6c..c4187813b 100644 --- a/platform/local/tpm.go +++ b/platform/local/tpm.go @@ -3,7 +3,6 @@ package local import ( "fmt" "os" - "strings" "github.com/coreos/pkg/capnslog" "github.com/flatcar/mantle/system/exec" @@ -43,11 +42,8 @@ func (swtpm *SoftwareTPM) Stop() { if err := swtpm.process.Kill(); err != nil { plog.Errorf("Error killing swtpm: %v", err) } - // To be double sure that we do not delete the wrong directory, check that "tpm" occurs in the directory path we delete. - if strings.Contains(swtpm.dir, "tpm") { - plog.Debugf("Delete swtpm temporary directory %v", swtpm.dir) - os.RemoveAll(swtpm.dir) - } + plog.Debugf("Delete swtpm temporary directory %v", swtpm.dir) + os.RemoveAll(swtpm.dir) } func (swtpm *SoftwareTPM) SocketPath() string { diff --git a/platform/machine/qemu/cluster.go b/platform/machine/qemu/cluster.go index 853129b2b..53480a423 100644 --- a/platform/machine/qemu/cluster.go +++ b/platform/machine/qemu/cluster.go @@ -111,6 +111,20 @@ ExecStartPost=/usr/bin/ln -fs /run/metadata/flatcar /run/metadata/coreos consolePath: filepath.Join(dir, "console.txt"), } + var swtpm *local.SoftwareTPM + if options.EnableTPM { + swtpm, err = local.NewSwtpm(filepath.Join(dir, "tpm")) + if err != nil { + return nil, fmt.Errorf("starting swtpm: %v", err) + } + options.SoftwareTPMSocket = swtpm.SocketPath() + defer func() { + if swtpm != nil { + swtpm.Stop() + } + }() + } + qmCmd, extraFiles, err := platform.CreateQEMUCommand(qc.flight.opts.Board, qm.id, qc.flight.opts.BIOSImage, qm.consolePath, confPath, qc.flight.diskImagePath, conf.IsIgnition(), options) if err != nil { return nil, err @@ -150,6 +164,9 @@ ExecStartPost=/usr/bin/ln -fs /run/metadata/flatcar /run/metadata/coreos return nil, err } + // from this point on Destroy() is responsible for cleaning up swtpm + qm.swtpm, swtpm = swtpm, nil + plog.Debugf("qemu PID (manual cleanup needed if --remove=false): %v", qm.qemu.Pid()) if err := platform.StartMachine(qm, qm.journal); err != nil { diff --git a/platform/machine/qemu/machine.go b/platform/machine/qemu/machine.go index 50883f734..8b527e724 100644 --- a/platform/machine/qemu/machine.go +++ b/platform/machine/qemu/machine.go @@ -32,6 +32,7 @@ type machine struct { journal *platform.Journal consolePath string console string + swtpm *local.SoftwareTPM } func (m *machine) ID() string { @@ -70,7 +71,9 @@ func (m *machine) Destroy() { if err := m.qemu.Kill(); err != nil { plog.Errorf("Error killing instance %v: %v", m.ID(), err) } - + if m.swtpm != nil { + m.swtpm.Stop() + } m.journal.Destroy() if buf, err := ioutil.ReadFile(m.consolePath); err == nil { diff --git a/platform/qemu.go b/platform/qemu.go index 6414f9d16..ac6e1f301 100644 --- a/platform/qemu.go +++ b/platform/qemu.go @@ -36,6 +36,7 @@ import ( type MachineOptions struct { AdditionalDisks []Disk ExtraPrimaryDiskSize string + EnableTPM bool SoftwareTPMSocket string } @@ -348,7 +349,7 @@ func CreateQEMUCommand(board, uuid, biosImage, consolePath, confPath, diskImageP "-device", "virtio-rng-pci,rng=rng0", ) - if options.SoftwareTPMSocket != "" { + if options.EnableTPM { var tpm string switch board { case "amd64-usr": From 613b6e6888c53811737527929e1a2f097b520ea3 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Wed, 10 Apr 2024 11:51:30 +0200 Subject: [PATCH 3/3] kola/spawn: Support enabling swtpm Allow users to create a qemu VM with swtpm through kola spawn. CLI options are shared between `kola spawn` and `kola run` so add comments informing users that the option should not be used with `kola run`. Signed-off-by: Jeremi Piotrowski --- cmd/kola/options.go | 1 + platform/machine/qemu/cluster.go | 3 +++ platform/machine/qemu/flight.go | 2 ++ 3 files changed, 6 insertions(+) diff --git a/cmd/kola/options.go b/cmd/kola/options.go index c904e3a3a..b0ad3bd11 100644 --- a/cmd/kola/options.go +++ b/cmd/kola/options.go @@ -227,6 +227,7 @@ func init() { sv(&kola.QEMUOptions.BIOSImage, "qemu-bios", "", "BIOS to use for QEMU vm") bv(&kola.QEMUOptions.UseVanillaImage, "qemu-skip-mangle", false, "don't modify CL disk image to capture console log") sv(&kola.QEMUOptions.ExtraBaseDiskSize, "qemu-grow-base-disk-by", "", "grow base disk by the given size in bytes, following optional 1024-based suffixes are allowed: b (ignored), k, K, M, G, T") + bv(&kola.QEMUOptions.EnableTPM, "qemu-tpm", false, "enable TPM device in QEMU. Requires installing swtpm. Use only with 'kola spawn', test cases are responsible for creating a VM with TPM explicitly.") // BrightBox specific options sv(&kola.BrightboxOptions.ClientID, "brightbox-client-id", "", "Brightbox client ID") diff --git a/platform/machine/qemu/cluster.go b/platform/machine/qemu/cluster.go index 53480a423..3df499663 100644 --- a/platform/machine/qemu/cluster.go +++ b/platform/machine/qemu/cluster.go @@ -43,6 +43,9 @@ type Cluster struct { func (qc *Cluster) NewMachine(userdata *conf.UserData) (platform.Machine, error) { options := platform.MachineOptions{ ExtraPrimaryDiskSize: qc.flight.opts.ExtraBaseDiskSize, + // Use for 'kola spawn'; test cases should pass true through + // NewMachineWithOptions() + EnableTPM: qc.flight.opts.EnableTPM, } return qc.NewMachineWithOptions(userdata, options) } diff --git a/platform/machine/qemu/flight.go b/platform/machine/qemu/flight.go index 2716ed38a..5ec981a10 100644 --- a/platform/machine/qemu/flight.go +++ b/platform/machine/qemu/flight.go @@ -44,6 +44,8 @@ type Options struct { ExtraBaseDiskSize string + EnableTPM bool + *platform.Options }