From c2a9c2799e0efaf04ca813dc160333363ac156a5 Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Tue, 8 May 2018 16:24:28 -0700 Subject: Adding support for containerized tss and abrmd Adding a dockerfile to build a container that has tss, abrmd and tpm2-tools installed on it. Issue-ID: AAF-275 Change-Id: I8bda86d36290785950cf3c23d6527e1245652f42 Signed-off-by: Kiran Kamineni --- bin/README.md | 27 ++++++++++++++++++++++++ bin/entrypoint.sh | 11 ++++++++++ bin/tpmdockerfile | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 100 insertions(+) create mode 100644 bin/README.md create mode 100755 bin/entrypoint.sh create mode 100644 bin/tpmdockerfile diff --git a/bin/README.md b/bin/README.md new file mode 100644 index 0000000..c4c54ca --- /dev/null +++ b/bin/README.md @@ -0,0 +1,27 @@ +### Building Docker Images + +``` +$ docker build -t -f tpmdockerfile . +``` + +### Running ABRMD Container + +``` +$ docker run -d --privileged -v /tmp/run/dbus:/var/run/dbus --name +``` + +### Running Tools Container +This command will drop you into the tools container with everything setup appropriately: +``` +# Runs without any privileges. +# Requires that the dbus be mounted from the same host folder +# This is to enable communication between the tools and ABRMD +$ docker run -v /tmp/run/dbus:/var/run/dbus --name -it --entrypoint /bin/bash +``` + +##### Sanity Check +Run the following command in the tools container to see if everything is setup correctly: + +``` +tpm2_listpcrs +``` diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh new file mode 100755 index 0000000..b13c681 --- /dev/null +++ b/bin/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +# Start DBUS +mkdir -p /var/run/dbus +stdbuf -oL -eL dbus-daemon --system --nofork 2>&1 1> /var/log/dbus-daemon.log & + +# Start Resource Manager +hostip=$(ip route show | awk '/default/ {print $3}') +echo "Connecting to $hostip\n" +tpm2-abrmd -a $hostip -t socket \ No newline at end of file diff --git a/bin/tpmdockerfile b/bin/tpmdockerfile new file mode 100644 index 0000000..d1c9480 --- /dev/null +++ b/bin/tpmdockerfile @@ -0,0 +1,62 @@ +FROM ubuntu:xenial + +RUN apt-get -y update && \ + apt-get -y install \ + autoconf \ + autoconf-archive \ + libglib2.0-dev \ + libdbus-1-dev \ + automake \ + libtool \ + autotools-dev \ + libcppunit-dev \ + p11-kit \ + libcurl4-gnutls-dev \ + libcmocka0 \ + libcmocka-dev \ + build-essential \ + git \ + pkg-config \ + gcc \ + g++ \ + m4 \ + wget \ + liburiparser-dev \ + libssl-dev \ + pandoc + +RUN apt-get -y install libgcrypt20-dev + +RUN git clone https://github.com/tpm2-software/tpm2-tss.git +RUN git clone https://github.com/tpm2-software/tpm2-abrmd.git +RUN git clone https://github.com/tpm2-software/tpm2-tools.git + +RUN cd tpm2-tss && \ + git checkout 1.2.0 && \ + ./bootstrap && \ + ./configure && \ + make && \ + make install + +RUN cd tpm2-abrmd && \ + git checkout 1.1.1 && \ + useradd --system --user-group tss && \ + ./bootstrap && \ + ./configure --with-dbuspolicydir=/etc/dbus-1/system.d \ + --with-udevrulesdir=/etc/udev/rules.d/ \ + --with-systemdsystemunitdir=/lib/systemd/system && \ + make && \ + make install + +RUN cd tpm2-tools && \ + git checkout 2.1.0 && \ + ./bootstrap && \ + ./configure --with-tcti-tabrmd=yes && \ + make && \ + make install + +RUN echo "/usr/local/lib" > /etc/ld.so.conf.d/tpm2.conf && \ + ldconfig + +ADD entrypoint.sh /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file -- cgit 1.2.3-korg