Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip tests that call setGCEAKTemplate #402

Merged
merged 1 commit into from
Dec 27, 2023
Merged

Skip tests that call setGCEAKTemplate #402

merged 1 commit into from
Dec 27, 2023

Conversation

alexmwu
Copy link
Contributor

@alexmwu alexmwu commented Dec 20, 2023

This resulted in failing tests on real GCE VMs that already have the AK template. A real testcase is a better suited for integration tests instead of unit tests anyway.

Tested manually on GCE VM:

Failure:

sudo /var/lib/google/cmd_nocgo.test -tpm-path /dev/tpmrm0
Error: failed to collect attestation report : provided nonce must not be empty
...
Error: verifying attestation: failed to verify quote: quote extraData [18 52] did not match expected extraData [67 33]
--- FAIL: TestVerifyWithGCEAK (0.01s)
    --- FAIL: TestVerifyWithGCEAK/gceAK:RSA (0.00s)
        attest_test.go:65: NVDefineSpace failed: error code 0x4c : NV Index or persistent object already defined
    --- FAIL: TestVerifyWithGCEAK/gceAK:ECC (0.00s)
        attest_test.go:65: NVDefineSpace failed: error code 0x4c : NV Index or persistent object already defined
Error: failed to open tdx device: could not open Intel TDX guest device at "/dev/tdx_guest": no such file or directory
Error: failed to open sev-snp device: could not open AMD SEV guest device at /dev/sev-guest (see https://github.com/google/go-sev-guest/blob/main/INSTALL.md): no such file or directory
FAIL

Passed:

sudo /var/lib/google/cmd_fix.test -tpm-path /dev/tpmrm0
Error: failed to collect attestation report : provided nonce must not be empty
Error: invalid argument "12345" for "--nonce" flag: encoding/hex: odd length hex string
Error: fail to unmarshal attestation report: proto: (line 2:1): unknown field: X
Error: fail to unmarshal attestation report: proto: cannot parse invalid wire-format data
Error: format should be either binarypb or textproto
Error: format should be either binarypb or textproto
Error: format should be either binarypb or textproto
Error: format should be either binarypb or textproto
Error: failed to open tdx device: could not open Intel TDX guest device at "/dev/tdx_guest": no such file or directory
Error: failed to open sev-snp device: could not open AMD SEV guest device at /dev/sev-guest (see https://github.com/google/go-sev-guest/blob/main/INSTALL.md): no such file or directory
Error: unsealing data: session 1, error code 0x1d : a policy check failed
Error: unsealing data: failed to certify PCRs: PCR 23 mismatch: expected 12a0883f16abf44dcc4cac1dec108eb99c652fed124c6989eddc811fe8effb64, got ff16f4da375b3138821644093863ead8b357020880335256855afce000eed831
Error: unsealing data: failed to certify PCRs: PCR 23 mismatch: expected ff16f4da375b3138821644093863ead8b357020880335256855afce000eed831, got ed0a8c8c1d22f773942429a11196ff45571ea7a6f51e7909bbc56e89e4457c10
Error: verifying attestation: failed to verify quote: quote extraData [18 52] did not match expected extraData [67 33]
Error: failed to open tdx device: could not open Intel TDX guest device at "/dev/tdx_guest": no such file or directory
Error: failed to open sev-snp device: could not open AMD SEV guest device at /dev/sev-guest (see https://github.com/google/go-sev-guest/blob/main/INSTALL.md): no such file or directory
PASS

@alexmwu
Skip tests that call setGCEAKTemplate
5c2e392 
This resulted in failing tests on real GCE VMs that already have the AK
template. A real testcase is a better suited for integration tests instead
of unit tests anyway.
@jkl73
Copy link
Contributor

jkl73 commented Dec 21, 2023

saw this in the failed cloudbuild test

[   97.291198] cloud-init[593]: Failed to start container-runner.service: Unit container-runner.service is mask

Seems like the latest cos image may have some changes to prevent the unit from running.

@jkl73

This comment was marked as duplicate.

Sign in to view
1 similar comment
@jkl73
Copy link
Contributor

jkl73 commented Dec 26, 2023

/gcbrun

@jkl73 jkl73 merged commit 9d2b3df into google:main Dec 27, 2023
10 of 11 checks passed
@alexmwu alexmwu deleted the fixCmdTest branch December 28, 2023 00:23
alexmwu added a commit to alexmwu/go-tpm-tools that referenced this pull request Feb 22, 2024
@alexmwu
Release v0.4.3
a4942dc 
New Features:
[launcher] Add TEE server IPC implementation google#367
[launcher] Enable memory monitoring in CS google#391
Use TDX quote provider to attest and verify google#405
Integrate nonce verification as part of the TDX quote validation procedure. google#395
Add RISC V support google#407
[launcher] Use resizable integrity-fs with in-memory tags google#412

Bug Fixes:
[launcher] Fix launcher exit code google#384
[launcher] Handle exit code checking during deferral evaluation google#392
[cmd] Skip tests that call setGCEAKTemplate google#402
[launcher] Fix teeserver context reset issue & add container signature cache google#397
Set all unused parameters as _ to fix CI lint failure google#411
[launcher] Make customtoken test sleep to mitigate clock skew google#413

Other Changes:
Add eventlog parse logics for memory monitoring google#404
[launcher]: Add memory monitor measurement logics google#408
Update go-tdx-guest version to v0.3.1 google#414

New Contributors:
@KeithMoyer in google#392
@vbalain in google#405
@aimixsaka in google#407
@alexmwu alexmwu mentioned this pull request Feb 22, 2024
Merged
alexmwu added a commit that referenced this pull request Feb 22, 2024
@alexmwu
Release v0.4.3 (#416)
acbae2f 
New Features:
[launcher] Add TEE server IPC implementation #367
[launcher] Enable memory monitoring in CS #391
Use TDX quote provider to attest and verify #405
Integrate nonce verification as part of the TDX quote validation procedure. #395
Add RISC V support #407
[launcher] Use resizable integrity-fs with in-memory tags #412

Bug Fixes:
[launcher] Fix launcher exit code #384
[launcher] Handle exit code checking during deferral evaluation #392
[cmd] Skip tests that call setGCEAKTemplate #402
[launcher] Fix teeserver context reset issue & add container signature cache #397
Set all unused parameters as _ to fix CI lint failure #411
[launcher] Make customtoken test sleep to mitigate clock skew #413

Other Changes:
Add eventlog parse logics for memory monitoring #404
[launcher]: Add memory monitor measurement logics #408
Update go-tdx-guest version to v0.3.1 #414

New Contributors:
@KeithMoyer in #392
@vbalain in #405
@aimixsaka in #407
alexmwu added a commit to alexmwu/go-tpm-tools that referenced this pull request Mar 29, 2024
@alexmwu
Release v0.4.3
f4ddf5c 
New Features:
[launcher] Add TEE server IPC implementation google#367
[launcher] Enable memory monitoring in CS google#391
Use TDX quote provider to attest and verify google#405
Integrate nonce verification as part of the TDX quote validation procedure. google#395
Add RISC V support google#407
[launcher] Use resizable integrity-fs with in-memory tags google#412

Bug Fixes:
[launcher] Fix launcher exit code google#384
[launcher] Handle exit code checking during deferral evaluation google#392
[cmd] Skip tests that call setGCEAKTemplate google#402
[launcher] Fix teeserver context reset issue & add container signature cache google#397
Set all unused parameters as _ to fix CI lint failure google#411
[launcher] Make customtoken test sleep to mitigate clock skew google#413

Other Changes:
Add eventlog parse logics for memory monitoring google#404
[launcher]: Add memory monitor measurement logics google#408
Update go-tdx-guest version to v0.3.1 google#414

New Contributors:
@KeithMoyer in google#392
@vbalain in google#405
@aimixsaka in google#407
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkl73 jkl73 jkl73 approved these changes

Assignees

@jkl73 jkl73

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alexmwu @jkl73