diff options
author | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-05-08 16:24:28 -0700 |
---|---|---|
committer | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-05-15 16:20:45 -0700 |
commit | c2a9c2799e0efaf04ca813dc160333363ac156a5 (patch) | |
tree | 8add9412f6f5ce684a79511bdde1a2dcfc159328 | |
parent | 7793a619f0fe6a879221e675249cccc632216a11 (diff) |
Adding support for containerized tss and abrmd
Adding a dockerfile to build a container that has
tss, abrmd and tpm2-tools installed on it.
Issue-ID: AAF-275
Change-Id: I8bda86d36290785950cf3c23d6527e1245652f42
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
-rw-r--r-- | bin/README.md | 27 | ||||
-rwxr-xr-x | bin/entrypoint.sh | 11 | ||||
-rw-r--r-- | bin/tpmdockerfile | 62 |
3 files changed, 100 insertions, 0 deletions
diff --git a/bin/README.md b/bin/README.md new file mode 100644 index 0000000..c4c54ca --- /dev/null +++ b/bin/README.md @@ -0,0 +1,27 @@ +### Building Docker Images + +``` +$ docker build -t <image name> -f tpmdockerfile . +``` + +### Running ABRMD Container + +``` +$ docker run -d --privileged -v /tmp/run/dbus:/var/run/dbus --name <container name> <image name> +``` + +### Running Tools Container +This command will drop you into the tools container with everything setup appropriately: +``` +# Runs without any privileges. +# Requires that the dbus be mounted from the same host folder +# This is to enable communication between the tools and ABRMD +$ docker run -v /tmp/run/dbus:/var/run/dbus --name <container name> -it --entrypoint /bin/bash <image name> +``` + +##### Sanity Check +Run the following command in the tools container to see if everything is setup correctly: + +``` +tpm2_listpcrs +``` diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh new file mode 100755 index 0000000..b13c681 --- /dev/null +++ b/bin/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +# Start DBUS +mkdir -p /var/run/dbus +stdbuf -oL -eL dbus-daemon --system --nofork 2>&1 1> /var/log/dbus-daemon.log & + +# Start Resource Manager +hostip=$(ip route show | awk '/default/ {print $3}') +echo "Connecting to $hostip\n" +tpm2-abrmd -a $hostip -t socket
\ No newline at end of file diff --git a/bin/tpmdockerfile b/bin/tpmdockerfile new file mode 100644 index 0000000..d1c9480 --- /dev/null +++ b/bin/tpmdockerfile @@ -0,0 +1,62 @@ +FROM ubuntu:xenial + +RUN apt-get -y update && \ + apt-get -y install \ + autoconf \ + autoconf-archive \ + libglib2.0-dev \ + libdbus-1-dev \ + automake \ + libtool \ + autotools-dev \ + libcppunit-dev \ + p11-kit \ + libcurl4-gnutls-dev \ + libcmocka0 \ + libcmocka-dev \ + build-essential \ + git \ + pkg-config \ + gcc \ + g++ \ + m4 \ + wget \ + liburiparser-dev \ + libssl-dev \ + pandoc + +RUN apt-get -y install libgcrypt20-dev + +RUN git clone https://github.com/tpm2-software/tpm2-tss.git +RUN git clone https://github.com/tpm2-software/tpm2-abrmd.git +RUN git clone https://github.com/tpm2-software/tpm2-tools.git + +RUN cd tpm2-tss && \ + git checkout 1.2.0 && \ + ./bootstrap && \ + ./configure && \ + make && \ + make install + +RUN cd tpm2-abrmd && \ + git checkout 1.1.1 && \ + useradd --system --user-group tss && \ + ./bootstrap && \ + ./configure --with-dbuspolicydir=/etc/dbus-1/system.d \ + --with-udevrulesdir=/etc/udev/rules.d/ \ + --with-systemdsystemunitdir=/lib/systemd/system && \ + make && \ + make install + +RUN cd tpm2-tools && \ + git checkout 2.1.0 && \ + ./bootstrap && \ + ./configure --with-tcti-tabrmd=yes && \ + make && \ + make install + +RUN echo "/usr/local/lib" > /etc/ld.so.conf.d/tpm2.conf && \ + ldconfig + +ADD entrypoint.sh /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file |