metropolis: use swtpm from monorepo Change-Id: I6da94c7eaa31930d120955a17661152fc284f4a0 Reviewed-on: https://review.monogon.dev/c/monogon/+/3130 Reviewed-by: Lorenz Brun <lorenz@monogon.tech> Tested-by: Jenkins CI

commit: b07c57a3d0d7bc3d63e86e0b50c2ed4f5c6e5af6 [log] [tgz]
author: Serge Bazanski <serge@monogon.tech> Tue Jun 04 14:33:27 2024 +0000
committer: Serge Bazanski <serge@monogon.tech> Tue Jun 11 17:01:21 2024 +0000
tree: a189e5d724ab5f83cc0e6d237b8cb4bc1fcf1be2
parent: 551a8199dab7faaa0bfb2c082c7f55a0940df247 [diff] [blame]
diff --git a/metropolis/test/launch/cluster/cluster.go b/metropolis/test/launch/cluster/cluster.go
index e7a49a2..4c678a1 100644
--- a/metropolis/test/launch/cluster/cluster.go
+++ b/metropolis/test/launch/cluster/cluster.go

@@ -326,10 +326,18 @@
 	}
 
 	// Start TPM emulator as a subprocess
+	swtpm, err := runfiles.Rlocation("swtpm/swtpm")
+	if err != nil {
+		return fmt.Errorf("could not find swtpm: %w", err)
+	}
+
 	tpmCtx, tpmCancel := context.WithCancel(options.Runtime.ctxT)
 
 	tpmd := filepath.Join(r.ld, "tpm")
-	tpmEmuCmd := exec.CommandContext(tpmCtx, "swtpm", "socket", "--tpm2", "--tpmstate", "dir="+tpmd, "--ctrl", "type=unixio,path="+tpmSocketPath)
+	tpmEmuCmd := exec.CommandContext(tpmCtx, swtpm, "socket", "--tpm2", "--tpmstate", "dir="+tpmd, "--ctrl", "type=unixio,path="+tpmSocketPath)
+	// Silence warnings from unsafe libtpms build (uses non-constant-time
+	// cryptographic operations).
+	tpmEmuCmd.Env = append(tpmEmuCmd.Env, "MONOGON_LIBTPMS_ACKNOWLEDGE_UNSAFE=yes")
 	tpmEmuCmd.Stderr = os.Stderr
 	tpmEmuCmd.Stdout = os.Stdout
commit	b07c57a3d0d7bc3d63e86e0b50c2ed4f5c6e5af6	[log] [tgz]
author	Serge Bazanski <serge@monogon.tech>	Tue Jun 04 14:33:27 2024 +0000
committer	Serge Bazanski <serge@monogon.tech>	Tue Jun 11 17:01:21 2024 +0000
tree	a189e5d724ab5f83cc0e6d237b8cb4bc1fcf1be2
parent	551a8199dab7faaa0bfb2c082c7f55a0940df247 [diff] [blame]