tpm-tests: add refrence to key creation source of truth

We create the keys in test script based on the tpmmgr code. Add a comment and reminder, in case something changed. Signed-off-by: Shahriyar Jalayeri <shahriyar@zededa.com>
lf-edge · Sep 13, 2024 · abbf712 · abbf712
1 parent ad620da
commit abbf712
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/pkg/pillar/cmd/tpmmgr/tpmmgr.go b/pkg/pillar/cmd/tpmmgr/tpmmgr.go
@@ -714,6 +714,9 @@ func writeDeviceCertToFile(certBytes, keyBytes []byte) error {
 	return os.WriteFile(types.DeviceCertName, certBytes, 0644)
 }
 
+// These keys template and hirarchy are used in the tests/tpm/prep-and-test.sh
+// to create same keys and run tpm required unit-tests, in a unlikely event of
+// changing these values dont forget to update the test script.
 func createOtherKeys(override bool) error {
 	if err := etpm.CreateKey(log, etpm.TpmDevicePath, etpm.TpmEKHdl, tpm2.HandleEndorsement, etpm.DefaultEkTemplate, override); err != nil {
 		return fmt.Errorf("error in creating Endorsement key: %w ", err)

diff --git a/tests/tpm/prep-and-test.sh b/tests/tpm/prep-and-test.sh
@@ -69,6 +69,8 @@ export TPM2TOOLS_TCTI="swtpm:host=localhost,port=$TPM_SRV_PORT"
 # start fresh
 tpm2 clear
 
+# The ek, srk and aik are created here based on what we do in createOtherKeys
+# in pkg/pillar/cmd/tpmmgr/tpmmgr.go.
 # create Endorsement Key
 tpm2 createek -c ek.ctx