make check -> some tests failed (v0.5.2)

[kreijack]

Describe the bug when I perform make check, some test failed

To Reproduce

$ git reset --hard v0.5.2
HEAD is now at e59c0c1 debian/rpm: Adjust changelog for 0.5.2 release
$ ./autogen.sh     
[....]
config.status: executing depfiles commands

with_gnutls     :   yes  (no = swtpm_cert will NOT be built)
with_selinux    :    no  (no = SELinux policy extensions will NOT be built)
with_cuse       :   yes  (no = no CUSE interface)
with_chardev    :   yes  (no = no chardev interface)
with_vtpm_proxy :   yes  (no = no vtpm proxy support; Linux only)
with_seccomp    :   yes  (no = no seccomp profile; Linux only)

Version to build  : 0.5.2
Crypto library    : openssl

CFLAGS=-g -O2  -Wreturn-type -Wsign-compare -Wswitch-enum -Wmissing-prototypes -Wall -Werror -Wformat -Wformat-security -I/usr/include/p11-kit-1 
HARDENING_CFLAGS=-fstack-protector-strong -Wstack-protector 
HARDENING_LDFLAGS= -Wl,-z,relro -Wl,-z,now
LDFLAGS= -ltpms 
LIBSECCOMP_LIBS=-lseccomp

TSS_USER=tss
TSS_GROUP=tss

$ make check
[...]
make[3]: Entering directory '/mnt/ssd-work/home/ghigo/virtual-machine/uefi-secure-boot/swtpm/tests'
SKIP: test_vtpm_proxy
SKIP: test_tpm2_vtpm_proxy
PASS: test_ctrlchannel2
PASS: test_ctrlchannel4
FAIL: test_tpm2_ctrlchannel2
PASS: test_commandline
PASS: test_ctrlchannel
PASS: test_ctrlchannel3
PASS: test_encrypted_state
PASS: test_getcap
PASS: test_hashing
PASS: test_hashing2
PASS: test_init
PASS: test_locality
PASS: test_migration_key
PASS: test_parameters
PASS: test_resume_volatile
PASS: test_save_load_encrypted_state
PASS: test_save_load_state
PASS: test_setbuffersize
PASS: test_volatilestate
PASS: test_swtpm_bios
PASS: test_tpm_probe
SKIP: test_tpm12
PASS: test_wrongorder
PASS: test_print_capabilities
PASS: test_tpm2_derived_keys
FAIL: test_tpm2_encrypted_state
PASS: test_tpm2_init
PASS: test_tpm2_getcap
PASS: test_tpm2_locality
PASS: test_tpm2_hashing
PASS: test_tpm2_hashing2
FAIL: test_tpm2_hashing3
PASS: test_tpm2_migration_key
PASS: test_tpm2_print_capabilities
PASS: test_tpm2_resume_volatile
FAIL: test_tpm2_savestate
FAIL: test_tpm2_save_load_encrypted_state
SKIP: test_tpm2_save_load_state_2
SKIP: test_tpm2_save_load_state_3
PASS: test_tpm2_save_load_state_da_timeout
PASS: test_tpm2_setbuffersize
FAIL: test_tpm2_volatilestate
PASS: test_tpm2_wrongorder
PASS: test_tpm2_probe
PASS: test_tpm2_swtpm_bios
SKIP: test_tpm2_ibmtss2
SKIP: test_samples_create_tpmca
PASS: test_swtpm_cert
PASS: test_swtpm_setup_create_cert
PASS: test_tpm2_parameters
PASS: test_tpm2_samples_swtpm_localca
PASS: test_tpm2_samples_swtpm_localca_pkcs11
PASS: test_tpm2_swtpm_cert
PASS: test_tpm2_swtpm_cert_ecc
PASS: test_tpm2_swtpm_setup_create_cert
============================================================================
Testsuite summary for swtpm 0.5.2
============================================================================
# TOTAL: 57
# PASS:  44
# SKIP:  7
# XFAIL: 0
# FAIL:  6
# XPASS: 0
# ERROR: 0
============================================================================
See tests/test-suite.log
============================================================================

Expected behavior make check ends with all tests passed

Desktop (please complete the following information):

• OS: debian sid
• Linux venice.bhome 5.10.11 #32 SMP Sat Jan 30 12:25:18 CET 2021 x86_64 GNU/Linux

Versions of relevant components

• swtpm: v0.5.2
• libtpms: 0.8.0~dev1-1.2+b
• openssl: 1.1.1i-3
• gnutls: 3.7.0-6

Additional context My goal is to use swtpm with qemu. However it seems to not work. Doing make check I discovered that some tests fail.

[kreijack]

I tried also an ubuntu package (swtpm_0.5.0-1_amd64.deb), and I found that the ubuntu binary still fails the test

$ SWTPM_EXE=/usr/bin/swtpm  ./test_tpm2_ctrlchannel2 
OK
Error: (1) Did not get expected result from TPM_PCRRead(17)
expected:  80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 e5 17 e3 9b 10 a3 5b 3b b7 29 95 79 4b c6 4a 07 f8 bc b0 bd e6 bb 31 ad 35 27 fb 6f 64 f8 4c b9
received:  80 01 00 00 00 3e 00 00 00 00 00 00 00 19 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 e5 17 e3 9b 10 a3 5b 3b b7 29 95 79 4b c6 4a 07 f8 bc b0 bd e6 bb 31 ad 35 27 fb 6f 64 f8 4c b9

$ /usr/bin/swtpm -v
TPM emulator version 0.5.0, Copyright (c) 2014 IBM Corp.
$ dpkg --list | egrep swtpm
ii  libtss2-tcti-swtpm0:amd64           3.0.3-2    amd64        TPM2 Software stack library - TSS and TCTI libraries
ii  swtpm                               0.5.0-1    amd64        Libtpms-based TPM emulator
ii  swtpm-libs:amd64                    0.5.0-1    amd64        Common libraries for TPM emulators

So I am thinking that it is a dependency problem... Do you have any suggestion ?

[stefanberger]

You need to update your libtpms installation to 0.7.4 or master.

[kreijack]

With the v0.7.4, everything goes well.

I have to point out that before (when the tests failed) I was using the standard debian package v0.8.0...

$ dpkg --list "libtpm*" Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============-=================-============-=============================> ii libtpms-dev 0.8.0~dev1-1.2+b1 amd64 libtpms header files and man > ii libtpms0:amd64 0.8.0~dev1-1.2+b1 amd64 TPM emulation library

I don't know if debian adds some patches on top of your "master" which prevents swtpm to work.

[stefanberger]

Debian took an older version of libtpms 0.8.0, which is still under development. That version was taken before I had to make a change that would alter the results the tests you ran got. So if you update to libtpms master or 0.7.4 or later you should be fine.

[stefanberger]

Is your issue resolved? If so, please close it.

[kreijack]

Yes I can confirm that updating libtpms to v0.7.5 solved my issue (all tests passed).

However I suggest to add a note about the minimum version library required.

Anyway this issue is solved.

[stefanberger]

There's at least a note in CHANGES for libtpms but an explicit note is missing for swtpm:

version 0.7.3
  - Fixed the set of PCRs belonging to the TCB group. This affects the
    pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
    (master, stable branches) for test cases to succeed there.