summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-05-08 16:24:28 -0700
committerKiran Kamineni <kiran.k.kamineni@intel.com>2018-05-15 16:20:45 -0700
commitc2a9c2799e0efaf04ca813dc160333363ac156a5 (patch)
tree8add9412f6f5ce684a79511bdde1a2dcfc159328
parent7793a619f0fe6a879221e675249cccc632216a11 (diff)
Adding support for containerized tss and abrmd
Adding a dockerfile to build a container that has tss, abrmd and tpm2-tools installed on it. Issue-ID: AAF-275 Change-Id: I8bda86d36290785950cf3c23d6527e1245652f42 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
-rw-r--r--bin/README.md27
-rwxr-xr-xbin/entrypoint.sh11
-rw-r--r--bin/tpmdockerfile62
3 files changed, 100 insertions, 0 deletions
diff --git a/bin/README.md b/bin/README.md
new file mode 100644
index 0000000..c4c54ca
--- /dev/null
+++ b/bin/README.md
@@ -0,0 +1,27 @@
+### Building Docker Images
+
+```
+$ docker build -t <image name> -f tpmdockerfile .
+```
+
+### Running ABRMD Container
+
+```
+$ docker run -d --privileged -v /tmp/run/dbus:/var/run/dbus --name <container name> <image name>
+```
+
+### Running Tools Container
+This command will drop you into the tools container with everything setup appropriately:
+```
+# Runs without any privileges.
+# Requires that the dbus be mounted from the same host folder
+# This is to enable communication between the tools and ABRMD
+$ docker run -v /tmp/run/dbus:/var/run/dbus --name <container name> -it --entrypoint /bin/bash <image name>
+```
+
+##### Sanity Check
+Run the following command in the tools container to see if everything is setup correctly:
+
+```
+tpm2_listpcrs
+```
diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh
new file mode 100755
index 0000000..b13c681
--- /dev/null
+++ b/bin/entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -e
+
+# Start DBUS
+mkdir -p /var/run/dbus
+stdbuf -oL -eL dbus-daemon --system --nofork 2>&1 1> /var/log/dbus-daemon.log &
+
+# Start Resource Manager
+hostip=$(ip route show | awk '/default/ {print $3}')
+echo "Connecting to $hostip\n"
+tpm2-abrmd -a $hostip -t socket \ No newline at end of file
diff --git a/bin/tpmdockerfile b/bin/tpmdockerfile
new file mode 100644
index 0000000..d1c9480
--- /dev/null
+++ b/bin/tpmdockerfile
@@ -0,0 +1,62 @@
+FROM ubuntu:xenial
+
+RUN apt-get -y update && \
+ apt-get -y install \
+ autoconf \
+ autoconf-archive \
+ libglib2.0-dev \
+ libdbus-1-dev \
+ automake \
+ libtool \
+ autotools-dev \
+ libcppunit-dev \
+ p11-kit \
+ libcurl4-gnutls-dev \
+ libcmocka0 \
+ libcmocka-dev \
+ build-essential \
+ git \
+ pkg-config \
+ gcc \
+ g++ \
+ m4 \
+ wget \
+ liburiparser-dev \
+ libssl-dev \
+ pandoc
+
+RUN apt-get -y install libgcrypt20-dev
+
+RUN git clone https://github.com/tpm2-software/tpm2-tss.git
+RUN git clone https://github.com/tpm2-software/tpm2-abrmd.git
+RUN git clone https://github.com/tpm2-software/tpm2-tools.git
+
+RUN cd tpm2-tss && \
+ git checkout 1.2.0 && \
+ ./bootstrap && \
+ ./configure && \
+ make && \
+ make install
+
+RUN cd tpm2-abrmd && \
+ git checkout 1.1.1 && \
+ useradd --system --user-group tss && \
+ ./bootstrap && \
+ ./configure --with-dbuspolicydir=/etc/dbus-1/system.d \
+ --with-udevrulesdir=/etc/udev/rules.d/ \
+ --with-systemdsystemunitdir=/lib/systemd/system && \
+ make && \
+ make install
+
+RUN cd tpm2-tools && \
+ git checkout 2.1.0 && \
+ ./bootstrap && \
+ ./configure --with-tcti-tabrmd=yes && \
+ make && \
+ make install
+
+RUN echo "/usr/local/lib" > /etc/ld.so.conf.d/tpm2.conf && \
+ ldconfig
+
+ADD entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file