add test to check quote generation via vsock (#253)

this test will contribute to verify the issue #252 additionnal changes: - enable the function enable_quote_socket to enable_qgs_addr to better match what it does, add an argument to allow the customization of the QGS address
canonical · Oct 24, 2024 · 387764a · 387764a
1 parent dbc3208
commit 387764a
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 9 deletions.
diff --git a/tests/lib/Qemu.py b/tests/lib/Qemu.py
@@ -169,15 +169,21 @@ class QemuMachineType:
     }
     def __init__(self, machine = QemuEfiMachine.OVMF_Q35_TDX):
         self.machine = machine
-        self.quote_sock = False
-    def enable_quote_socket(self):
-        self.quote_sock = True
+        self.qgs_addr = None
+    def enable_qgs_addr(self, addr : dict = {'type': 'vsock', 'cid':'2','port':'4050'}):
+        """
+        Enable the QGS (Quote Generation Service) address
+        The address is a dictionary that corresponds to the object
+        (https://qemu-project.gitlab.io/qemu/interop/qemu-qmp-ref.html#qapidoc-77)
+        By default, the address is a vsock address with cid=2 (host cid) and port=4050
+        """
+        self.qgs_addr = addr
     def args(self):
         qemu_args = self.Qemu_Machine_Params[self.machine]
         if self.machine == QemuEfiMachine.OVMF_Q35_TDX:
             tdx_object = {'qom-type':'tdx-guest', 'id':'tdx'}
-            if self.quote_sock:
-                tdx_object.update({'quote-generation-socket':{'type': 'vsock', 'cid':'2','port':'4050'}})
+            if self.qgs_addr:
+                tdx_object.update({'quote-generation-socket': self.qgs_addr})
             qemu_args = ['-object', str(tdx_object)] + qemu_args
         return qemu_args
 

diff --git a/tests/tests/test_guest_ita.py b/tests/tests/test_guest_ita.py
@@ -55,7 +55,7 @@ def run_trust_authority():
     quote_str = ""
     with Qemu.QemuMachine() as qm:
         machine = qm.qcmd.plugins['machine']
-        machine.enable_quote_socket()
+        machine.enable_qgs_addr()
 
         qm.run()
 

diff --git a/tests/tests/test_guest_tdxattest.py b/tests/tests/test_guest_tdxattest.py
@@ -37,7 +37,7 @@ def test_guest_tdxattest_tsm():
     """
     with Qemu.QemuMachine() as qm:
         machine = qm.qcmd.plugins['machine']
-        machine.enable_quote_socket()
+        machine.enable_qgs_addr()
 
         qm.run()
         ssh = Qemu.QemuSSH(qm)
@@ -80,6 +80,29 @@ def test_guest_tdxattest_vsock():
 
         assert 'Successfully get the TD Quote' in stdout.read().decode()
 
+def test_guest_tdxattest_vsock_wrong_qgs_addr(qm):
+    """
+    Success even when QGS address is not properly configured
+    Test setup:
+    - the qgs addr is not properly configured by using CID=3 instead of 2
+      (the configfs tsm method should fail however)
+    - vsock is enabled for the guest
+    Expected behavior:
+    The quote generation request should succeed because
+    vsock is enabled and tdxattest should fallback to use vsock
+    """
+    qm.qcmd.add_vsock(10)
+
+    machine = qm.qcmd.plugins['machine']
+    machine.enable_qgs_addr(addr = {'type': 'vsock', 'cid':'3','port':'4050'})
+
+    qm.run()
+    ssh = Qemu.QemuSSH(qm)
+
+    stdout, _ = ssh.check_exec('/usr/share/doc/libtdx-attest-dev/examples/test_tdx_attest')
+
+    assert 'Successfully get the TD Quote' in stdout.read().decode()
+
 def test_guest_tdxattest_vsock_failure():
     """
     TDX attest library
@@ -111,6 +134,26 @@ def test_guest_tdxattest_failure():
 
         assert (ret != 0) and ('Failed to get the quote' in stderr.read().decode())
 
+def test_guest_tdxattest_failure_1(qm):
+    """
+    Failure when vsock disabled and QGS addr is not properly configured
+    Test setup:
+    - the qgs addr is not properly configured by using CID=3 instead of 2
+      (the configfs tsm method should fail however)
+    - vsock is not enabled for the guest
+    Expected behavior:
+    The quote generation request should fail
+    """
+    machine = qm.qcmd.plugins['machine']
+    machine.enable_qgs_addr(addr = {'type': 'vsock', 'cid':'3','port':'4050'})
+
+    qm.run()
+    ssh = Qemu.QemuSSH(qm)
+
+    ret, stdout, stderr = ssh.exec_command('/usr/share/doc/libtdx-attest-dev/examples/test_tdx_attest')
+
+    assert (ret != 0) and ('Failed to get the quote' in stderr.read().decode())
+
 def disable_tsm(ssh):
     """
     Disable the configfs tsm

diff --git a/tests/tests/test_quote_configfs_tsm.py b/tests/tests/test_quote_configfs_tsm.py
@@ -42,7 +42,7 @@ def test_qgs_socket(qm):
     Test QGS socket (No Intel Case ID)
     """
     machine = qm.qcmd.plugins['machine']
-    machine.enable_quote_socket()
+    machine.enable_qgs_addr()
 
     qm.run()
 

diff --git a/tests/tests/test_stress_quote.py b/tests/tests/test_stress_quote.py
@@ -24,7 +24,7 @@ def test_stress_tdxattest_tsm():
     """
     with Qemu.QemuMachine() as qm:
         machine = qm.qcmd.plugins['machine']
-        machine.enable_quote_socket()
+        machine.enable_qgs_addr()
 
         qm.run()
         ssh = Qemu.QemuSSH(qm)