Project

General

Profile

Actions

action #115919

open

[security] test fails in tpm2_measured_boot

Added by punkioudi over 1 year ago. Updated 12 days ago.

Status:
Blocked
Priority:
Low
Assignee:
-
Category:
Bugs in existing tests
Target version:
-
Start date:
2022-08-29
Due date:
% Done:

50%

Estimated time:
8.00 h
Difficulty:
Tags:

Description

ls: cannot access '/sys/kernel/security/tpm0/binary_bios_measurements': No such file or directory
It fails only in aarch64 and passes fine in x86_64, so either it is a product bug, either the path has changed for aarch64? (which doesn't make much sense :P )

Acceptance Criteria

  1. Identify if it is a product bug
  2. If it is a bug, open a bugzilla ticket under SUSE Linux Enterprise Server 15 SP5
  3. If it is a test issue, adjust the test accordingly and run Verification runs.

Observation

openQA test in scenario sle-15-SP5-Online-aarch64-security_tpm2_swtpm@aarch64 fails in
tpm2_measured_boot

Test suite description

The base test suite is used for job templates defined in YAML documents. It has no settings of its own.

Reproducible

Fails since (at least) Build 15.2 (current job)

Expected result

Last good: (unknown) (or more recent)

Further details

Always latest result in this scenario: latest


Related issues 5 (2 open3 closed)

Has duplicate openQA Tests - action #123682: [security] aarch64 Failed to connect to '/tmp/mytpm12/swtpm-sock': Connection refusedRejected

Actions
Has duplicate openQA Tests - action #124011: [security] test fails in tpm2_measured_bootRejected2023-02-07

Actions
Has duplicate openQA Tests - action #134402: [security] [aarch64] [15sp6] test fails in tpm2_measured_bootClosed2023-08-18

Actions
Blocked by openQA Infrastructure - action #114523: Deal with QEMU and OVMF default resolution being 1280x800, affecting (at least) qxl, but on aarch64 size:MWorkable2022-06-03

Actions
Blocked by openQA Tests - action #116812: [qe-core] Leap 15.5 uefi console switch fail size:MBlockedokurz2022-09-19

Actions
Actions #1

Updated by pstivanin over 1 year ago

  • Status changed from New to In Progress
  • Assignee set to pstivanin
Actions #2

Updated by pstivanin over 1 year ago

It fails also on 15-SP3 and 15-SP4 for aarch64. Looking into it.

Actions #3

Updated by pstivanin over 1 year ago

That's weird. I've downloaded the qcow2 (https://openqa.suse.de/tests/9411670#settings) and booted it using the aarch64 emulator. I then went through the setup phase (https://openqa.suse.de/tests/9411670/modules/tpm2_env_setup/steps/1/src) and the test phase (https://openqa.suse.de/tests/9411671/modules/tpm2_measured_boot/steps/1/src), and I'm getting a diff in the latter.
When executing ls /sys/kernel/security/tpm0/binary_bios_measurements, on openqa we get:

ls: cannot access '/sys/kernel/security/tpm0/binary_bios_measurements': No such file or directory

while locally I get:

/sys/kernel/security/tpm0/binary_bios_measurements

Actions #4

Updated by pstivanin over 1 year ago

There are no packages diff between the old green 151.1 (https://openqa.suse.de/tests/8752505#step/tpm2_env_setup/30) and the new red (https://openqa.suse.de/tests/9412083#step/tpm2_env_setup/3) tests.

Actions #5

Updated by pstivanin over 1 year ago

I've used the developer mode to look around the vm, and I couldn't see any notable difference compared to my local setup. E.g., /proc/cmdline and /proc/cpuinfo were identical.

One diff I see compared to my local emulated vm is from dmesg. On the openqa vm I see:

tpm tpm0: A TPM error (256) occurred attempting the self test

Actions #6

Updated by pstivanin over 1 year ago

I've created a vm in the arm4 hypervisor, imported the qcow2 from the test and executed it.

# ls /sys/kernel/security/tpm0/
binary_bios_measurements

Everything is OK and works as supposed. I'm now thinking that there is some kind of misconfiguration in openqa somewhere.

Actions #7

Updated by pstivanin over 1 year ago

The measurement file is not created because in openqa the selftest fails.

[   17.094738] tpm tpm0: A TPM error (256) occurred attempting the self test
[   17.100985] tpm tpm0: starting up the TPM manually

This is not happening anywhere else, just in openqa. Wonder why...

Actions #8

Updated by pstivanin over 1 year ago

Test is working fine on both Leap-aarch64 (https://openqa.opensuse.org/tests/2585650) and TW-aarch64 (https://openqa.opensuse.org/tests/2567304) ...

Actions #9

Updated by pstivanin over 1 year ago

These are the packages diff between 151.1 and today:

today:
openssl3/libopenssl3/libopenssl-3-devel -> 3.0.1-150400.4.7.1
libpcre16/libpcrecpp0/libpcreposix0/pcre-devel -> 0-8.45-150000.20.13.1
glibc-devel-2.31-150300.37.1
libmount-devel/libblkid-devel -> 2.37.2-150400.8.3.1
libcurl-devel -> 7.79.1-150400.5.6.1
zlib-devel -> 1.2.11-150000.3.33.1


151.1:
openssl3/libopenssl3/libopenssl-3-devel -> 3.0.1-150400.2.4
libpcre16/libpcrecpp0/libpcreposix0/pcre-devel -> 0-8.45-20.10.1
glibc-devel -> 2.31-150300.20.7
libmount-devel/libblkid-devel -> 2.37.2-150400.6.26
libcurl-devel -> 7.79.1-150400.3.1
zlib-devel -> 1.2.11-150000.3.30.1
Actions #10

Updated by pstivanin over 1 year ago

It's not a regression, because Build15.2 is using the same packages as Leap, and on Leap the test is green.
The jobgroups are the same, the code is the same.

Actions #11

Updated by pstivanin over 1 year ago

So I was to get the installed packages on both osd-arm3 and o3-aarch64, and they have the same exact packages installed. Same package and build version.

Actions #12

Updated by pstivanin over 1 year ago

found the culprit thanks to Fabian!

qemu-uefi-aarch64 differs on OSD and O3:

  • o3: 202008-150300.10.15.1
  • osd: 202008-10.8.1

That's because someone locked those packages:

# salt 'openqaworker-arm-3.suse.de' cmd.run 'zypper ll'
openqaworker-arm-3.suse.de:

    # | Name              | Type    | Repository | Comment
    --+-------------------+---------+------------+--------
    1 | qemu-ovmf-x86_64  | package | (any)      | 
    2 | qemu-uefi-aarch64 | package | (any)      |
Actions #14

Updated by pstivanin over 1 year ago

  • Status changed from In Progress to Blocked
  • % Done changed from 0 to 50

Blocked until the locks can be removed and the packages can be updated.

Actions #16

Updated by pstivanin over 1 year ago

Ticket still blocked due to the above issue(s).

Actions #19

Updated by tjyrinki_suse about 1 year ago

  • Has duplicate action #123682: [security] aarch64 Failed to connect to '/tmp/mytpm12/swtpm-sock': Connection refused added
Actions #20

Updated by tjyrinki_suse about 1 year ago

  • Has duplicate action #124011: [security] test fails in tpm2_measured_boot added
Actions #21

Updated by pstivanin about 1 year ago

  • Assignee deleted (pstivanin)
Actions #22

Updated by pstivanin about 1 year ago

  • Assignee set to pstivanin
Actions #23

Updated by tjyrinki_suse 11 months ago

  • Status changed from Blocked to Workable

That bug is now claimed to be verified fix. However, the test still fails as before.

Actions #24

Updated by pstivanin 11 months ago

  • Status changed from Workable to In Progress
Actions #25

Updated by pstivanin 11 months ago

Test is failing because there are still some locks (https://progress.opensuse.org/issues/111992#note-68) :

pstivanin@openqa:~> sudo salt 'openqaworker-arm-3.suse.de' cmd.run 'zypper ll'
openqaworker-arm-3.suse.de:

    # | Name              | Type    | Repository | Comment
    --+-------------------+---------+------------+-----------
    1 | qemu-ovmf-x86_64  | package | (any)      | poo#116812
    2 | qemu-uefi-aarch64 | package | (any)      |
Actions #26

Updated by pstivanin 11 months ago

  • Status changed from In Progress to Blocked
Actions #28

Updated by tjyrinki_suse 11 months ago

  • Blocked by action #114523: Deal with QEMU and OVMF default resolution being 1280x800, affecting (at least) qxl, but on aarch64 size:M added
Actions #29

Updated by tjyrinki_suse 11 months ago

  • Blocked by action #116812: [qe-core] Leap 15.5 uefi console switch fail size:M added
Actions #30

Updated by pstivanin 7 months ago

  • Has duplicate action #134402: [security] [aarch64] [15sp6] test fails in tpm2_measured_boot added
Actions #31

Updated by pstivanin 6 months ago

  • Priority changed from Normal to Low
Actions #32

Updated by pstivanin 5 months ago

  • Assignee deleted (pstivanin)

unassigning myself until the blocking issues are fixed

Actions #33

Updated by tjyrinki_suse 12 days ago

  • Estimated time set to 8.00 h
Actions

Also available in: Atom PDF