action #105738: [sle][security][sle15sp4][manual]Add the keylime package (attestation) - openQA Tests - openSUSE Project Management Tool

Actions

Copy link

action #105738

closed

[sle][security][sle15sp4][manual]Add the keylime package (attestation)

Added by rfan1 about 2 years ago. Updated about 2 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

rfan1

Category:

New test

Target version:

Start date:

2022-01-30

Due date:

% Done:

100%

Estimated time:

30.00 h

Difficulty:

Description

Description¶

Jira ID
https://jira.suse.com/browse/SLE-18265

Test case¶

https://bugzilla.suse.com/tr_show_case.cgi?case_id=1769823

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by szarate about 2 years ago

Category set to New test

Actions

Copy link

Updated by rfan1 about 2 years ago

Status changed from New to In Progress
% Done changed from 0 to 10

https://bugzilla.suse.com/show_bug.cgi?id=1195605

Actions

Copy link

Updated by rfan1 about 2 years ago

Status changed from In Progress to Resolved
% Done changed from 10 to 100
Estimated time changed from 20.00 h to 30.00 h

The bug is fixed, and all manual tests passed.

/susetest:/var/lib/keylime/tpm_cert_store # systemctl status keylime_verifier.service
● keylime_verifier.service
     Loaded: loaded (/usr/lib/systemd/system/keylime_verifier.service; disabled; vendor preset: disabled)
     Active: active (running) since Tue 2022-02-15 08:02:38 EST; 36s ago
   Main PID: 13792 (keylime_verifie)
      Tasks: 5
     CGroup: /system.slice/keylime_verifier.service
             ├─13792 /usr/bin/python3 /usr/bin/keylime_verifier
             ├─13797 /usr/bin/python3 /usr/bin/keylime_verifier
             └─13798 /usr/bin/python3 /usr/bin/keylime_verifierFeb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.488 - alembic.env - INFO - Migrating database cloud_verifier
Feb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.489 - alembic.runtime.migration - INFO - Context impl SQLiteImpl.
Feb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.490 - alembic.runtime.migration - INFO - Will assume non-transactional DDL.
Feb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.506 - keylime.cloudverifier - INFO - Starting Cloud Verifier (tornado) on port 8881, use <Ctrl-C> to stop
Feb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.507 - keylime.cloudverifier - INFO - Current API version 2.0
Feb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.507 - keylime.cloudverifier - INFO - Supported older API versions: 1.0
Feb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.508 - keylime.cloudverifier - INFO - Setting up TLS...
Feb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.508 - keylime.cloudverifier - INFO - Existing CA certificate found in /var/lib/keylime/cv_ca, not generating a new one
Feb 15 08:02:39 susetest keylime_verifier[13792]: 2022-02-15 08:02:39.510 - tornado.general - INFO - Starting 1 processes
Feb 15 08:02:39 susetest keylime_verifier[13797]: 2022-02-15 08:02:39.515 - keylime.cloudverifier - INFO - Starting service for revocation notifications on port 8992
susetest:/var/lib/keylime/tpm_cert_store # systemctl status keylime_registrar.service
● keylime_registrar.service - The Keylime registrar service
     Loaded: loaded (/usr/lib/systemd/system/keylime_registrar.service; disabled; vendor preset: disabled)
     Active: active (running) since Tue 2022-02-15 08:02:47 EST; 34s ago
   Main PID: 13803 (keylime_registr)
      Tasks: 3
     CGroup: /system.slice/keylime_registrar.service
             └─13803 /usr/bin/python3 /usr/bin/keylime_registrarFeb 15 08:02:47 susetest keylime_registrar[13803]: 2022-02-15 08:02:47.882 - keylime.registrar - INFO - Loaded 1 public keys from database
Feb 15 08:02:47 susetest keylime_registrar[13803]: 2022-02-15 08:02:47.885 - keylime.registrar - INFO - Setting up TLS...
Feb 15 08:02:47 susetest keylime_registrar[13803]: 2022-02-15 08:02:47.887 - keylime.registrar - INFO - Starting Cloud Registrar Server on ports 8890 and 8891 (TLS) use <Ctrl-C> to stop
Feb 15 08:02:47 susetest keylime_registrar[13803]: 2022-02-15 08:02:47.888 - keylime.registrar - INFO - Current API version 2.0
Feb 15 08:02:47 susetest keylime_registrar[13803]: 2022-02-15 08:02:47.888 - keylime.registrar - INFO - Supported older API versions: 1.0
Feb 15 08:02:59 susetest keylime_registrar[13803]: 2022-02-15 08:02:59.717 - keylime.tpm - INFO - TPM2-TOOLS Version: 5.2
Feb 15 08:02:59 susetest keylime_registrar[13803]: 2022-02-15 08:02:59.752 - keylime.tpm - INFO - Encrypting AIK for UUID susetest
Feb 15 08:02:59 susetest keylime_registrar[13803]: 2022-02-15 08:02:59.762 - keylime.registrar - INFO - Overwriting previous registration for this UUID.
Feb 15 08:03:00 susetest keylime_registrar[13803]: 2022-02-15 08:03:00.073 - keylime.registrar - INFO - POST returning key blob for agent_id: susetest
Feb 15 08:03:00 susetest keylime_registrar[13803]: 2022-02-15 08:03:00.527 - keylime.registrar - INFO - PUT activated: susetest
susetest:/var/lib/keylime/tpm_cert_store # systemctl status keylime_agent.service
● keylime_agent.service - The Keylime compute agent
     Loaded: loaded (/usr/lib/systemd/system/keylime_agent.service; disabled; vendor preset: disabled)
     Active: active (running) since Tue 2022-02-15 08:02:57 EST; 31s ago
   Main PID: 13811 (keylime_agent)
      Tasks: 5
     CGroup: /system.slice/keylime_agent.service
             ├─13811 /usr/bin/python3 /usr/bin/keylime_agent
             └─13842 /usr/bin/python3 /usr/bin/keylime_agentFeb 15 08:02:58 susetest keylime_agent[13811]: 2022-02-15 08:02:58.515 - keylime.tpm - INFO - Taking ownership with config provided TPM owner password
Feb 15 08:02:58 susetest keylime_agent[13811]: 2022-02-15 08:02:58.767 - keylime.tpm - INFO - TPM Owner password confirmed: keylime
Feb 15 08:02:58 susetest keylime_agent[13811]: 2022-02-15 08:02:58.768 - keylime.tpm - INFO - Flushing old ek handle: 0x81000001
Feb 15 08:02:59 susetest keylime_agent[13811]: 2022-02-15 08:02:59.179 - keylime.tpm - INFO - Flushing old ak handle: /var/lib/keylime/secure/tmpgkizon0q
Feb 15 08:02:59 susetest keylime_agent[13811]: 2022-02-15 08:02:59.446 - keylime.cloudagent - INFO - Agent UUID: susetest
Feb 15 08:03:00 susetest keylime_agent[13811]: 2022-02-15 08:03:00.075 - keylime.registrar_client - INFO - Agent registration requested for susetest
Feb 15 08:03:00 susetest keylime_agent[13811]: 2022-02-15 08:03:00.388 - keylime.tpm - INFO - AIK activated.
Feb 15 08:03:00 susetest keylime_agent[13811]: 2022-02-15 08:03:00.528 - keylime.registrar_client - INFO - Registration activated for agent susetest.
Feb 15 08:03:00 susetest keylime_agent[13811]: 2022-02-15 08:03:00.531 - keylime.cloudagent - INFO - Starting Cloud Agent on 127.0.0.1:9002 with API version 2.0. Use <Ctrl-C> to stop
Feb 15 08:03:00 susetest keylime_agent[13842]: 2022-02-15 08:03:00.536 - keylime.revocation_notifier - INFO - Waiting for revocation messages on 0mq 127.0.0.1:8992

susetest:/var/lib/keylime/tpm_cert_store # cat /etc/keylime.conf |grep 127.0.0.1
# receive_revocation_ip = 127.0.0.1
receive_revocation_ip = 127.0.0.1
# cloudagent_ip = 127.0.0.1
cloudagent_ip = 127.0.0.1
agent_contact_ip = 127.0.0.1
registrar_ip = 127.0.0.1
# cloudverifier_ip = 127.0.0.1
registrar_ip = 127.0.0.1
# revocation_notifier_ip = 127.0.0.1
cloudverifier_ip = 127.0.0.1
registrar_ip = 127.0.0.1
# registrar_ip = 127.0.0.1
provider_registrar_ip = 127.0.0.1
cfssl_ip = 127.0.0.1
webapp_ip = 127.0.0.1

Actions

Copy link

Updated by rfan1 about 2 years ago

Copied to action #106870: [sle][security][sle15sp4][automationi]Add the keylime package (attestation) added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

QA » openQA Project » openQA Tests

Tags

Custom queries

action #105738

[sle][security][sle15sp4][manual]Add the keylime package (attestation)

Description¶

Test case¶

Updated by szarate about 2 years ago

Updated by rfan1 about 2 years ago

Updated by rfan1 about 2 years ago

Updated by rfan1 about 2 years ago