Documentation ¶
Overview ¶
Package test provides helper methods for testing. It should never be included in non-test libraries/binaries.
Index ¶
- Variables
- func CreateTpm2EventLog(gceConfidentialTechnologyEnum byte) []byte
- func GetSimulatorWithLog(tb testing.TB, eventLog []byte) io.ReadWriteCloser
- func GetTPM(tb testing.TB) io.ReadWriteCloser
- func LoadRandomExternalKey(tb testing.TB, rw io.ReadWriter) tpmutil.Handle
- func SkipForRealTPM(tb testing.TB)
- func SkipOnUnsupportedAlg(t testing.TB, rw io.ReadWriter, alg tpm2.Algorithm)
Constants ¶
This section is empty.
Variables ¶
var ( //go:embed eventlogs/arch-linux-workstation.bin ArchLinuxWorkstationEventLog []byte //go:embed eventlogs/debian-10.bin Debian10EventLog []byte //go:embed eventlogs/glinux-alex.bin GlinuxAlexEventLog []byte //go:embed eventlogs/rhel8-uefi.bin Rhel8EventLog []byte //go:embed eventlogs/ubuntu-1804-amd-sev.bin Ubuntu1804AmdSevEventLog []byte //go:embed eventlogs/ubuntu-2104-no-dbx.bin Ubuntu2104NoDbxEventLog []byte //go:embed eventlogs/ubuntu-2104-no-secure-boot.bin Ubuntu2104NoSecureBootEventLog []byte //go:embed eventlogs/cos-85-amd-sev.bin Cos85AmdSevEventLog []byte //go:embed eventlogs/cos-93-amd-sev.bin Cos93AmdSevEventLog []byte //go:embed eventlogs/cos-101-amd-sev.bin Cos101AmdSevEventLog []byte )
Raw binary TCG Event Logs
var ( Cos85AmdSevCmdline = "" /* 785-byte string literal not displayed */ Cos93AmdSevCmdline = "" /* 791-byte string literal not displayed */ Cos101AmdSevCmdline = "" /* 711-byte string literal not displayed */ )
Kernel command lines from event logs.
var ( //go:embed attestations/gce-cos-85-no-nonce.pb COS85NoNonce []byte //go:embed attestations/gce-cos-85-nonce9009.pb COS85Nonce9009 []byte )
Attestation .pb files.
var ( //go:embed certificates/pca_tpm_ecc_enc_cert.pem GCEEncryptECCCertPCA []byte //go:embed certificates/pca_tpm_ecc_sign_cert.pem GCESignECCCertPCA []byte //go:embed certificates/pca_tpm_rsa_enc_cert.pem GCEEncryptRSACertPCA []byte //go:embed certificates/pca_tpm_rsa_sign_cert.pem GCESignRSACertPCA []byte //go:embed certificates/uca_tpm_ecc_enc_cert.pem GCEEncryptECCCertUCA []byte //go:embed certificates/uca_tpm_ecc_sign_cert.pem GCESignECCCertUCA []byte //go:embed certificates/uca_tpm_rsa_enc_cert.pem GCEEncryptRSACertUCA []byte //go:embed certificates/uca_tpm_rsa_sign_cert.pem GCESignRSACertUCA []byte )
EK and AK Certificates.
var ( DebugPCR = 16 ApplicationPCR = 23 )
PCR registers that are OK to use in tests (can be reset without reboot)
var GCECertPEMs = [][]byte{ GCEEncryptECCCertPCA, GCESignECCCertPCA, GCEEncryptRSACertPCA, GCESignRSACertPCA, GCEEncryptECCCertUCA, GCESignECCCertUCA, GCEEncryptRSACertUCA, GCESignRSACertUCA, }
GCECertPEMs provides a variety of GCE test certificates, including AK/EK, RSA/ECC, and PCA/UCA.
var ( //go:embed tdx_test_files/tdxReportData.bin TdxReportData []byte // Use as tdx nonce )
TDX test files
Functions ¶
func CreateTpm2EventLog ¶ added in v0.4.3
CreateTpm2EventLog generates a sample event log that is based on gceConfidentialTechnology
func GetSimulatorWithLog ¶ added in v0.3.2
func GetSimulatorWithLog(tb testing.TB, eventLog []byte) io.ReadWriteCloser
GetSimulatorWithLog returns a simulated TPM with PCRs that match the events of the passed in eventlog. This allows for testing attestation flows.
func GetTPM ¶
func GetTPM(tb testing.TB) io.ReadWriteCloser
GetTPM is a cross-platform testing helper function that retrives the appropriate TPM device from the flags passed into "go test".
If using a test TPM, this will also retrieve a test eventlog. In this case, GetTPM extends the test event log's events into the test TPM.
func LoadRandomExternalKey ¶
LoadRandomExternalKey loads a randomly generated external key into the TPM simulator and returns its' handle. If any errors occur, calls Fatal() on the passed testing.TB.
func SkipForRealTPM ¶ added in v0.3.10
SkipForRealTPM causes a test or benchmark to be skipped if we are not using a test TPM. This lets us avoid clobbering important PCRs on a real machine.
func SkipOnUnsupportedAlg ¶
SkipOnUnsupportedAlg skips the test if the algorithm is not found in the TPM capability.
Types ¶
This section is empty.