From 0e470718901e6fd47788682468637e0b96ed8f21 Mon Sep 17 00:00:00 2001 From: Wei Liu Date: Sun, 21 Jan 2024 07:46:04 -0500 Subject: [PATCH] Test: Add more negative test cases in CI Signed-off-by: Wei Liu --- sh_script/build_final.sh | 16 +++++ sh_script/test/integration_test.py | 82 ++++++++++++++++++++++- src/policy/test/policy.md | 6 +- src/policy/test/policy_007.json | 102 +++++++++++++++++++++++++++++ src/policy/test/policy_008.json | 102 +++++++++++++++++++++++++++++ src/policy/test/policy_009.json | 102 +++++++++++++++++++++++++++++ src/policy/test/policy_010.json | 102 +++++++++++++++++++++++++++++ 7 files changed, 510 insertions(+), 2 deletions(-) create mode 100644 src/policy/test/policy_007.json create mode 100644 src/policy/test/policy_008.json create mode 100644 src/policy/test/policy_009.json create mode 100644 src/policy/test/policy_010.json diff --git a/sh_script/build_final.sh b/sh_script/build_final.sh index 6a8a4a1c..c5ebc84c 100644 --- a/sh_script/build_final.sh +++ b/sh_script/build_final.sh @@ -197,6 +197,22 @@ function final_test_migtd() { enroll "migtd_src_sb14.bin" "policy_006.json" "migtd_src_014.bin" enroll "migtd_dst_sb14.bin" "policy_006.json" "migtd_dst_014.bin" + echo "-- Build final binary for test case 015 of migration TD" + # Test operation "array-equal", sgxtcbcomponents is no equal with reference + enroll "migtd_sb1.bin" "policy_007.json" "migtd_015.bin" + + echo "-- Build final binary for test case 016 of migration TD" + # Test operation "array-greater-or-equal", sgxtcbcomponents is smaller than reference + enroll "migtd_sb1.bin" "policy_008.json" "migtd_016.bin" + + echo "-- Build final binary for test case 017 of migration TD" + # Test polciy content is not correct, "fmspcx" shall be "fmspc" + enroll "migtd_sb1.bin" "policy_009.json" "migtd_017.bin" + + echo "-- Build final binary for test case 018 of migration TD" + # Test polciy file does not contain actual platforms' fmspc + enroll "migtd_sb1.bin" "policy_010.json" "migtd_018.bin" + cleanup build_migtd build_tdshim diff --git a/sh_script/test/integration_test.py b/sh_script/test/integration_test.py index fd7ae124..7165df8a 100644 --- a/sh_script/test/integration_test.py +++ b/sh_script/test/integration_test.py @@ -298,6 +298,86 @@ def test_negative_014(device_type): ctx.terminate_all_tds() ctx.terminate_socat() + +""" +Migration Policy Check: +Test operation "array-equal", sgxtcbcomponents is no equal with reference +""" +def test_negative_015(device_type): + migtd_src = "../../Bin/migtd_015.bin" + migtd_dst = "../../Bin/migtd_015.bin" + + with migtd_context() as ctx: + ctx.start_mig_td(bios_img=migtd_src, type="src", device=device_type) + ctx.start_mig_td(bios_img=migtd_dst, type="dst", device=device_type) + ctx.start_user_td(type="src") + ctx.start_user_td(type="dst") + ctx.connect() + ctx.pre_migration() + ctx.check_migration_result(negative=True) + + ctx.terminate_all_tds() + ctx.terminate_socat() + +""" +Migration Policy Check: +Test operation "array-greater-or-equal", sgxtcbcomponents is smaller than reference +""" +def test_negative_016(device_type): + migtd_src = "../../Bin/migtd_016.bin" + migtd_dst = "../../Bin/migtd_016.bin" + + with migtd_context() as ctx: + ctx.start_mig_td(bios_img=migtd_src, type="src", device=device_type) + ctx.start_mig_td(bios_img=migtd_dst, type="dst", device=device_type) + ctx.start_user_td(type="src") + ctx.start_user_td(type="dst") + ctx.connect() + ctx.pre_migration() + ctx.check_migration_result(negative=True) + + ctx.terminate_all_tds() + ctx.terminate_socat() + +""" +Migration Policy Check: +# Test polciy content is not correct, "fmspcx" shall be "fmspc" +""" +def test_negative_017(device_type): + migtd_src = "../../Bin/migtd_017.bin" + migtd_dst = "../../Bin/migtd_017.bin" + + with migtd_context() as ctx: + ctx.start_mig_td(bios_img=migtd_src, type="src", device=device_type) + ctx.start_mig_td(bios_img=migtd_dst, type="dst", device=device_type) + ctx.start_user_td(type="src") + ctx.start_user_td(type="dst") + ctx.connect() + ctx.pre_migration() + ctx.check_migration_result(negative=True) + + ctx.terminate_all_tds() + ctx.terminate_socat() + +""" +Migration Policy Check: +# Test polciy file does not contain actual platforms' fmspc +""" +def test_negative_018(device_type): + migtd_src = "../../Bin/migtd_018.bin" + migtd_dst = "../../Bin/migtd_018.bin" + + with migtd_context() as ctx: + ctx.start_mig_td(bios_img=migtd_src, type="src", device=device_type) + ctx.start_mig_td(bios_img=migtd_dst, type="dst", device=device_type) + ctx.start_user_td(type="src") + ctx.start_user_td(type="dst") + ctx.connect() + ctx.pre_migration() + ctx.check_migration_result(negative=True) + + ctx.terminate_all_tds() + ctx.terminate_socat() """ Test TD payload: @@ -306,7 +386,7 @@ def test_negative_014(device_type): - Quote Sevice Query - Quote Attestation """ -def test_function_015(device_type): +def test_function_000(device_type): test_bin = "../../Bin/final-test.bin" with migtd_context() as ctx: diff --git a/src/policy/test/policy.md b/src/policy/test/policy.md index 3502effc..6284753b 100644 --- a/src/policy/test/policy.md +++ b/src/policy/test/policy.md @@ -8,4 +8,8 @@ | [policy_003.json](./policy_003.json) | Test "Digest.MigTdPolicy" with different policy files | | [policy_004.json](./policy_004.json) | Test secure boot, check svn whether in 13... | | [policy_005.json](./policy_005.json) | Invalid json | -| [policy_006.json](./policy_006.json) | Test operator 'greater or equal' with Digest.MigTdCoreSvn | \ No newline at end of file +| [policy_006.json](./policy_006.json) | Test operator 'greater or equal' with Digest.MigTdCoreSvn | +| [policy_007.json](./policy_007.json) | Test operator 'array-equal' with sgxtcbcomponents, not equal | +| [policy_008.json](./policy_008.json) | Test operator 'array-greater-or-equal' with sgxtcbcomponents, smaller than refernce | +| [policy_009.json](./policy_009.json) | Invalid section name "fmspcx", correct name is "fmspc" | +| [policy_010.json](./policy_010.json) | Actual "fmspc" is no in policy fmspc list | \ No newline at end of file diff --git a/src/policy/test/policy_007.json b/src/policy/test/policy_007.json new file mode 100644 index 00000000..a360a4b7 --- /dev/null +++ b/src/policy/test/policy_007.json @@ -0,0 +1,102 @@ +{ + "id": "1CECB0F4-6411-492D-8834-F097F960DE07", + "policy": [ + { + "fmspc": "30806F000000", + "Platform": { + "TcbInfo": { + "sgxtcbcomponents": { + "operation": "array-equal", + "reference": [0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + }, + "pcesvn": { + "operation": "equal", + "reference": 11 + }, + "tdxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] + } + } + } + }, + { + "QE": { + "QeIdentity": { + "MISCSELECT": { + "operation": "equal", + "reference": "00000000" + } + } + } + }, + { + "TDXModule": { + "TDXModule_Identity": { + "TDXModuleMajorVersion": { + "operation": "equal", + "reference": 1 + }, + "TDXModuleSVN": { + "operation": "equal", + "reference": 0 + }, + "MRSIGNERSEAM": { + "operation": "equal", + "reference": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + "ATTRIBUTES": { + "operation": "equal", + "reference": "0000000000000000" + } + } + } + }, + { + "MigTD": { + "TDINFO": { + "ATTRIBUTES": { + "operation": "equal", + "reference": "self" + }, + "XFAM": { + "operation": "equal", + "reference": "self" + }, + "MRTD": { + "operation": "equal", + "reference": "self" + }, + "MRCONFIGID": { + "operation": "equal", + "reference": "self" + }, + "MROWNER": { + "operation": "equal", + "reference": "self" + }, + "MROWNERCONFIG": { + "operation": "equal", + "reference": "self" + }, + "RTMR0": { + "operation": "equal", + "reference": "self" + }, + "RTMR1": { + "operation": "equal", + "reference": "self" + }, + "RTMR2": { + "operation": "equal", + "reference": "self" + }, + "RTMR3": { + "operation": "equal", + "reference": "self" + } + } + } + } + ] +} diff --git a/src/policy/test/policy_008.json b/src/policy/test/policy_008.json new file mode 100644 index 00000000..f4fb79b6 --- /dev/null +++ b/src/policy/test/policy_008.json @@ -0,0 +1,102 @@ +{ + "id": "1CECB0F4-6411-492D-8834-F097F960DE07", + "policy": [ + { + "fmspc": "30806F000000", + "Platform": { + "TcbInfo": { + "sgxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0] + }, + "pcesvn": { + "operation": "equal", + "reference": 11 + }, + "tdxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] + } + } + } + }, + { + "QE": { + "QeIdentity": { + "MISCSELECT": { + "operation": "equal", + "reference": "00000000" + } + } + } + }, + { + "TDXModule": { + "TDXModule_Identity": { + "TDXModuleMajorVersion": { + "operation": "equal", + "reference": 1 + }, + "TDXModuleSVN": { + "operation": "equal", + "reference": 0 + }, + "MRSIGNERSEAM": { + "operation": "equal", + "reference": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + "ATTRIBUTES": { + "operation": "equal", + "reference": "0000000000000000" + } + } + } + }, + { + "MigTD": { + "TDINFO": { + "ATTRIBUTES": { + "operation": "equal", + "reference": "self" + }, + "XFAM": { + "operation": "equal", + "reference": "self" + }, + "MRTD": { + "operation": "equal", + "reference": "self" + }, + "MRCONFIGID": { + "operation": "equal", + "reference": "self" + }, + "MROWNER": { + "operation": "equal", + "reference": "self" + }, + "MROWNERCONFIG": { + "operation": "equal", + "reference": "self" + }, + "RTMR0": { + "operation": "equal", + "reference": "self" + }, + "RTMR1": { + "operation": "equal", + "reference": "self" + }, + "RTMR2": { + "operation": "equal", + "reference": "self" + }, + "RTMR3": { + "operation": "equal", + "reference": "self" + } + } + } + } + ] +} diff --git a/src/policy/test/policy_009.json b/src/policy/test/policy_009.json new file mode 100644 index 00000000..d67321b9 --- /dev/null +++ b/src/policy/test/policy_009.json @@ -0,0 +1,102 @@ +{ + "id": "1CECB0F4-6411-492D-8834-F097F960DE07", + "policy": [ + { + "fmspcx": "30806F000000", + "Platform": { + "TcbInfo": { + "sgxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + }, + "pcesvn": { + "operation": "equal", + "reference": 11 + }, + "tdxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] + } + } + } + }, + { + "QE": { + "QeIdentity": { + "MISCSELECT": { + "operation": "equal", + "reference": "00000000" + } + } + } + }, + { + "TDXModule": { + "TDXModule_Identity": { + "TDXModuleMajorVersion": { + "operation": "equal", + "reference": 1 + }, + "TDXModuleSVN": { + "operation": "equal", + "reference": 0 + }, + "MRSIGNERSEAM": { + "operation": "equal", + "reference": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + "ATTRIBUTES": { + "operation": "equal", + "reference": "0000000000000000" + } + } + } + }, + { + "MigTD": { + "TDINFO": { + "ATTRIBUTES": { + "operation": "equal", + "reference": "self" + }, + "XFAM": { + "operation": "equal", + "reference": "self" + }, + "MRTD": { + "operation": "equal", + "reference": "self" + }, + "MRCONFIGID": { + "operation": "equal", + "reference": "self" + }, + "MROWNER": { + "operation": "equal", + "reference": "self" + }, + "MROWNERCONFIG": { + "operation": "equal", + "reference": "self" + }, + "RTMR0": { + "operation": "equal", + "reference": "self" + }, + "RTMR1": { + "operation": "equal", + "reference": "self" + }, + "RTMR2": { + "operation": "equal", + "reference": "self" + }, + "RTMR3": { + "operation": "equal", + "reference": "self" + } + } + } + } + ] +} diff --git a/src/policy/test/policy_010.json b/src/policy/test/policy_010.json new file mode 100644 index 00000000..d718cb0d --- /dev/null +++ b/src/policy/test/policy_010.json @@ -0,0 +1,102 @@ +{ + "id": "1CECB0F4-6411-492D-8834-F097F960DE07", + "policy": [ + { + "fmspc": "30806F000001", + "Platform": { + "TcbInfo": { + "sgxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + }, + "pcesvn": { + "operation": "equal", + "reference": 11 + }, + "tdxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0] + } + } + } + }, + { + "QE": { + "QeIdentity": { + "MISCSELECT": { + "operation": "equal", + "reference": "00000000" + } + } + } + }, + { + "TDXModule": { + "TDXModule_Identity": { + "TDXModuleMajorVersion": { + "operation": "equal", + "reference": 1 + }, + "TDXModuleSVN": { + "operation": "equal", + "reference": 0 + }, + "MRSIGNERSEAM": { + "operation": "equal", + "reference": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + "ATTRIBUTES": { + "operation": "equal", + "reference": "0000000000000000" + } + } + } + }, + { + "MigTD": { + "TDINFO": { + "ATTRIBUTES": { + "operation": "equal", + "reference": "self" + }, + "XFAM": { + "operation": "equal", + "reference": "self" + }, + "MRTD": { + "operation": "equal", + "reference": "self" + }, + "MRCONFIGID": { + "operation": "equal", + "reference": "self" + }, + "MROWNER": { + "operation": "equal", + "reference": "self" + }, + "MROWNERCONFIG": { + "operation": "equal", + "reference": "self" + }, + "RTMR0": { + "operation": "equal", + "reference": "self" + }, + "RTMR1": { + "operation": "equal", + "reference": "self" + }, + "RTMR2": { + "operation": "equal", + "reference": "self" + }, + "RTMR3": { + "operation": "equal", + "reference": "self" + } + } + } + } + ] +}