Merge pull request #235 from canonical/pek1286_memory_confidentiality…

…_tests Adding memory confidentiality tests
canonical · Oct 2, 2024 · b807745 · b807745
2 parents 9851592 + 7bd74ac
commit b807745
Show file tree

Hide file tree

Showing 2 changed files with 93 additions and 0 deletions.
diff --git a/tests/checkbox/checkbox-provider-tdx/units/tests/jobs.pxu b/tests/checkbox/checkbox-provider-tdx/units/tests/jobs.pxu
@@ -226,3 +226,15 @@ requires:
 command:
   export LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH
   setup-env-and-run test_vsock_vm.py
+
+id: tdx-guest/td-memory
+category_id: tdx-guest
+flags: simple
+_summary: Test TD memory confidentiality
+depends:
+after:
+requires:
+  executable.name == 'qemu-system-x86_64'
+command:
+  export LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH
+  setup-env-and-run test_guest_memory.py
diff --git a/tests/tests/test_guest_memory.py b/tests/tests/test_guest_memory.py
@@ -0,0 +1,81 @@
+#!/usr/bin/env python3
+#
+# Copyright 2024 Canonical Ltd.
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 3, as published
+# by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranties of MERCHANTABILITY,
+# SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+import time
+import json
+import subprocess
+
+import Qemu
+from common import *
+
+MEMORY_FILE='memory.bin'
+CHECK_EXEC='export INCLEAR=6150079244'
+
+def check_for_string(filename, needle):
+    cs = subprocess.run(['sudo', 'grep', needle, filename], capture_output=True)
+    return cs.returncode
+
+def remove_file(filename):
+    cs = subprocess.run(['sudo', 'rm', '-f', filename], capture_output=True)
+    return cs.returncode
+
+def test_guest_memory_confidentiality_no_tdx(qm):
+    """
+    Test guest memory confidentiality without TDX
+    """
+    with Qemu.QemuMachine(memory='1G', machine=Qemu.QemuEfiMachine.OVMF_Q35) as qm:
+        qm.run()
+
+        qmon = Qemu.QemuMonitor(qm)
+        qmon.wait_for_state('running')
+
+        qssh = Qemu.QemuSSH(qm)
+
+        qssh.check_exec(CHECK_EXEC)
+
+        qmon.send_command('dump-guest-memory %s' % (MEMORY_FILE))
+
+        rc = check_for_string(MEMORY_FILE, CHECK_EXEC)
+        assert rc == 0, 'Failed finding %s in %s' % (CHECK_EXEC, MEMORY_FILE)
+
+        remove_file(MEMORY_FILE)
+
+        qm.stop()
+
+def test_guest_memory_confidentiality_tdx(qm):
+    """
+    Test guest memory confidentiality with TDX
+    """
+    with Qemu.QemuMachine(memory='1G') as qm:
+        qm.run()
+
+        qmon = Qemu.QemuMonitor(qm)
+        qmon.wait_for_state('running')
+
+        qssh = Qemu.QemuSSH(qm)
+
+        qssh.check_exec(CHECK_EXEC)
+
+        qmon.send_command('dump-guest-memory %s' % (MEMORY_FILE))
+
+        rc = check_for_string(MEMORY_FILE, CHECK_EXEC)
+        assert rc == 1, 'Failed by finding %s in %s' % (CHECK_EXEC, MEMORY_FILE)
+
+        remove_file(MEMORY_FILE)
+
+        qm.stop()