commit 2b6dc312656035aedade6f368af1994bdb8b6021
author Serge Bazanski <serge@monogon.tech> Tue Jun 04 17:44:55 2024 +0200
committer Serge Bazanski <serge@monogon.tech> Tue Jun 11 17:01:21 2024 +0000
tree 488e63bfdf22b6b389e160a01d4f731c3956e2f3
parent 8111b901b88c8ef9ca5e113584c928de4bfdd24d

metropolis/test: create swtpm TPMs at runtime instead of compile time

The generated TPM data is random (it contains generated cryptographic
keys) so we really shouldn't be building it with Bazel.

Instead, let's create it at runtime for e2e tests, and also actually
generate separate TPM data per node with a common issuer for all.

Moving the logic out of //metropolis/node also feels deserved, as this
is all squarely in test territory.

Change-Id: I257ee54c88ede685ba3faf573282b0f9228b10e8
Reviewed-on: https://review.monogon.dev/c/monogon/+/3132
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

metropolis/test/launch/cluster/BUILD.bazel

diff --git a/metropolis/test/launch/cluster/BUILD.bazel b/metropolis/test/launch/cluster/BUILD.bazel
index 89f7a7a..efa04cb 100644
--- a/metropolis/test/launch/cluster/BUILD.bazel
+++ b/metropolis/test/launch/cluster/BUILD.bazel
@@ -7,15 +7,19 @@
         "insecure_key.go",
         "metroctl.go",
         "prefixed_stdio.go",
+        "swtpm.go",
     ],
     data = [
         "//metropolis/node:image",
-        "//metropolis/node:swtpm_data",
         "//metropolis/test/ktest:linux-testing",
         "//metropolis/test/nanoswitch:initramfs",
+        "//metropolis/test/swtpm/certtool",
+        "//metropolis/test/swtpm/swtpm_cert",
         "//third_party/edk2:firmware",
         "@com_github_bonzini_qboot//:qboot-bin",
         "@swtpm",
+        "@swtpm//:swtpm_localca",
+        "@swtpm//:swtpm_setup",
     ],
     importpath = "source.monogon.dev/metropolis/test/launch/cluster",
     visibility = ["//visibility:public"],