@@ -13,6 +13,7 @@ SYNOPSIS
evmtest runtest <test name> [OPTIONS]
+evmtest runall <configuration pathname>
DESCRIPTION
-----------
@@ -34,7 +35,7 @@ OPTIONS
TEST NAMES
-----------
+---------
boot_aggregate - verify the IMA boot-aggregate
env_validate - verify kernel build
@@ -45,6 +46,34 @@ TEST NAMES
xattr_preserve - test metadata preservation on file move
+
+CONFIGURATION PATHNAME
+----------------------
+
+The configuration pathname should point to the runall configuration file.
+
+
+=== Configuration File
+
+The evmtest configuration file allows all tests to be run by executing a single
+command. The configuration file contains all the options that needed for
+various tests and allows tests to be run non-interactively, so they can be
+integrated in a larger testing suite.
+
+The `example.conf` file provides a skeleton configuration file, where the only
+variable that *must* be defined is `IMA_KEY`. Defaults are described below.
+
+* `IMA_KEY` - The private key for the certificate on the IMA Trusted Keyring
+
+* `KBUILD_DIR` - Should point to a kernel build tree. If not provided, the test
+will use `/lib/modules/$(uname -r)/build`.
+
+* `KERN_IMAGE` - Should point towards an unsigned kernel image. If not provided,
+the test will attempt to use the running kernel.
+
+* `VERBOSE` - If set to 1, will add -v to all tests run
+
+
Introduction
------------
@@ -16,6 +16,7 @@ source "$EVMDIR"/files/common.sh
usage (){
echo "Usage:"
echo " evmtest runtest <test name> [OPTIONS]"
+ echo " evmtest runall <configuration file>"
echo ""
echo "Options:"
echo " -h Displays this help message"
@@ -67,6 +68,57 @@ elif [ "$1" == "runtest" ]; then
runtest "$@"
exit $?
fi
+elif [ "$1" == "runall" ]; then
+ if [ -z "$2" ] || [ ! -e "$2" ]; then
+ echo "evmtest runall <config file>"
+ echo "[!] Please provide a config file"
+ exit 1
+ fi
+ source "$2" # Load in config
+ if [ "$VERBOSE" -eq 1 ]; then
+ V="-v"
+ fi
+
+ # Key is not optional
+ if [ -z "$IMA_KEY" ]; then
+ echo "[*] Please correct your config file"
+ exit 1
+ fi
+
+ EVMTEST_require_root
+ FAIL=0
+ echo "[*] Running tests..."
+ # 1
+ "$EVMDIR"/tests/env_validate.sh -r "$V"
+ FAIL=$((FAIL+$?))
+ # 2
+ if [ -z "$KERN_IMAGE" ]; then
+ "$EVMDIR"/tests/kexec_sig.sh -k "$IMA_KEY" "$V"
+ else
+ "$EVMDIR"/tests/kexec_sig.sh -k "$IMA_KEY" -i \
+ "$KERN_IMAGE" "$V"
+ fi
+ FAIL=$((FAIL+$?))
+ # 3
+ if [ -z "$KBUILD_DIR" ]; then
+ "$EVMDIR"/tests/kmod_sig.sh -k "$IMA_KEY" "$V"
+ else
+ "$EVMDIR"/tests/kmod_sig.sh -b "$KBUILD_DIR" \
+ -k "$IMA_KEY" "$V"
+ fi
+ FAIL=$((FAIL+$?))
+ # 4
+ "$EVMDIR"/tests/policy_sig.sh -k "$IMA_KEY" "$V"
+ FAIL=$((FAIL+$?))
+ # 5
+ "$EVMDIR"/tests/boot_aggregate.sh "$V"
+ FAIL=$((FAIL+$?))
+ # 6
+ "$EVMDIR"/tests/xattr_preserve.sh "$V"
+ FAIL=$((FAIL+$?))
+ echo "..."
+ echo "[*] TESTS PASSED: $((6-FAIL))"
+ echo "[*] TESTS FAILED: $FAIL"
else
usage
fi
new file mode 100644
@@ -0,0 +1,14 @@
+# This is an example config file
+# There are three variables that can be set when using evmtest runall
+
+#Set this to 1 for verbose output
+VERBOSE=0
+# Path to the private key for the IMA Trusted Keyring
+# This is required
+IMA_KEY=/path/to/your/ima_key
+
+# If this is not provided, tests will run but attempt to copy the running kernel
+KERN_IMAGE=/path/to/unsigned/kernel_image
+
+# If this is not defined, tests will try to find build tree
+KBUILD_DIR=/path/to/kernel/build/tree