fedora-41: Cherry pick fixes for IDevID/IAK test

Library/test-helpers/lib.sh

@@ -2382,7 +2382,7 @@ limeconRunAgent() {
         PUBLISH_PORTS="-P"
     fi
 
-    local EXTRA_ARGS="--privileged $ADD_PORT $ADD_REV_PORT $PUBLISH_PORTS --volume=/sys/kernel/security/:/sys/kernel/security/:ro --volume=$TESTDIR:$TESTDIR -e RUST_LOG=keylime_agent=trace -e TCTI=device:/dev/tpmrm${limeTPMDevNo}"
+    local EXTRA_ARGS="--privileged $ADD_PORT $ADD_REV_PORT $PUBLISH_PORTS --volume=/sys/kernel/security/:/sys/kernel/security/:ro --volume=$TESTDIR:$TESTDIR -e RUST_LOG=keylime_agent=trace,keylime=trace -e TCTI=device:/dev/tpmrm${limeTPMDevNo}"
 
     if [ -n "$CONFDIR" ]; then
         EXTRA_ARGS="--volume=${CONFDIR}:/etc/keylime/:z $EXTRA_ARGS"

functional/iak-idevid-register-with-certificates/main.fmf

@@ -11,9 +11,10 @@ framework: beakerlib
 require:
   - yum
   - tpm2-tools 
-  - xxd
+  - /usr/bin/xxd
 recommend:
   - keylime
+  - tpm2-openssl
 duration: 5m
 enabled: true
 adjust:

functional/iak-idevid-register-with-certificates/test.sh

@@ -28,21 +28,28 @@ rlJournalStart
             rlRun "limeWaitForTPMEmulator"
             rlRun "limeCondStartAbrmd"
         fi
+        # start verifier so it generates TLS certs for the registrar
+        if [ ! -d /var/lib/keylime/cv_ca ]; then
+            rlRun "limeStartVerifier"
+            rlRun "limeWaitForVerifier"
+            rlRun "limeStopVerifier"
+        fi
     rlPhaseEnd
 
-    rlPhaseStartSetup "Install tpm2-openssl to generate csrs with TPM keys"
-        rlRun "dnf -y install autoconf automake libtool m4 autoconf-archive openssl-devel tpm2-tss-devel"
-        rlRun "wget -c ${TPM2_OPENSSL} -q -O - | tar -xz"
-        rlRun "cd tpm2-openssl-1.2.0"
-        rlRun "./configure"
-        rlRun "make"
-        rlRun "make install"
-        #rlRun "make check"
-        rlRun "cd .."
-    rlPhaseEnd
+    if ! rpm -q tpm2-openssl; then
+        rlPhaseStartSetup "Build and install tpm2-openssl to generate csrs with TPM keys"
+            rlRun "dnf -y install autoconf automake libtool m4 autoconf-archive openssl-devel tpm2-tss-devel"
+            rlRun "wget -c ${TPM2_OPENSSL} -q -O - | tar -xz"
+            rlRun "cd tpm2-openssl-1.2.0"
+            rlRun "./configure"
+            rlRun "make"
+            rlRun "make install"
+            #rlRun "make check"
+            rlRun "cd .."
+        rlPhaseEnd
+    fi
 
     rlPhaseStartSetup "Create CA"
-
         rlRun "mkdir -p ca/intermediate && cp ${TESTDIR}/root.cnf ca/ && cp ${TESTDIR}/intermediate.cnf ca/intermediate/"
         # Update config files with correct path
         rlRun "sed -i \"/dir               = ca/c dir = ${TMPDIR}/ca\" ca/root.cnf"
@@ -130,11 +137,12 @@ rlJournalStart
 
     rlPhaseStartTest "Successful registration - IDevID and IAK certs verified, and IAK verifies AK"
         # Add CA to store
+        rlRun "mkdir -p $TPM_CERTS"
         rlRun "cp ./ca/certs/klca-chain.cert.pem $TPM_CERTS/"
         rlRun "limeStartAgent"
         # Agent can now register with IDevID and IAK getting verified
         rlRun "limeWaitForAgentRegistration ${AGENT_ID}"
-        rlAssertGrep "IDevID created" "$(limeAgentLogfile)"
+        rlAssertGrep "(IDevID created|Recreating IDevID)" "$(limeAgentLogfile)" -E
         rlAssertGrep "AK certified with IAK" "$(limeAgentLogfile)"
         # Check the registrar used the IDevID and IAK code block
         rlAssertGrep "INFO - IDevID and IAK received" "$(limeRegistrarLogfile)"

regression/CVE-2023-3674/test.sh

@@ -79,7 +79,7 @@ rlJournalStart
         rlRun "cat malformed_quote > $ATTESTATION_FILE"
         rlRun -s "keylime_attest" 1
         rlAssertGrep "ERROR - Error verifying quote" "$rlRun_LOG"
-        rlAssertGrep "raise InvalidSignature" "$rlRun_LOG"
+        rlAssertGrep "(raise InvalidSignature|cryptography.exceptions.InvalidSignature)" "$rlRun_LOG" -E
         rlAssertGrep "The following agents failed attestation" "$rlRun_LOG"
     rlPhaseEnd
 

setup/install_rust_keylime_from_copr/test.sh

@@ -32,7 +32,7 @@ _EOF'
         rlRun "mkdir -p /etc/keylime/agent.conf.d"
         rlRun "cat > /etc/systemd/system/keylime_agent.service.d/20-rust_log_trace.conf <<_EOF
 [Service]
-Environment=\"RUST_LOG=keylime_agent=trace\"
+Environment=\"RUST_LOG=keylime_agent=trace,keylime=trace\"
 _EOF"
         # If the TPM_BINARY_MEASUREMENTS env var is set, set the binary
         # measurements location for the service

setup/install_upstream_rust_keylime/test.sh

@@ -71,7 +71,7 @@ _EOF'
         rlRun "mkdir -p /etc/systemd/system/keylime_agent.service.d"
         rlRun "cat > /etc/systemd/system/keylime_agent.service.d/20-rust_log_trace.conf <<_EOF
 [Service]
-Environment=\"RUST_LOG=keylime_agent=trace\"
+Environment=\"RUST_LOG=keylime_agent=trace,keylime=trace\"
 _EOF"
 
         # If the TPM_BINARY_MEASUREMENTS env var is set, set the binary