Backport: f/agent-registration-with-non-default-tpm-algorithms

[kkaarreell]

Summary by Sourcery

Backport functional tests for agent registration using custom TPM encryption and signing algorithms and align TPM emulator setup scripts with supported options

Enhancements:

• Remove --create-platform-cert flag from swtpm_setup invocations in emulator service configurations

Tests:

• Add functional test suite for agent registration with non-default TPM encryption and signing algorithms
• Add TPM support detection script to enumerate supported ECC curves and RSA key sizes for EK creation

[sourcery-ai]

Reviewer's Guide

This PR refines TPM emulator setup by removing unnecessary platform certificate creation flags and backports a comprehensive functional test suite to validate agent registration and TPM EK support when using non-default encryption and signing algorithms.

Sequence diagram for TPM algorithm support detection and agent registration

sequenceDiagram
    actor User
    participant "Test Script"
    participant "TPM Emulator"
    participant "TPM2 Tools"
    User->>"Test Script": Start test
    "Test Script"->>"TPM Emulator": Start emulator
    "Test Script"->>"TPM2 Tools": Query ECC curve support
    "TPM2 Tools"-->>"Test Script": Return ECC curves
    "Test Script"->>"TPM2 Tools": Query RSA key size support
    "TPM2 Tools"-->>"Test Script": Return RSA key sizes
    loop For each ECC curve
        "Test Script"->>"TPM2 Tools": Try EK creation with curve
        "TPM2 Tools"-->>"Test Script": Success/Failure
    end
    loop For each RSA key size
        "Test Script"->>"TPM2 Tools": Try EK creation with key size
        "TPM2 Tools"-->>"Test Script": Success/Failure
    end
    "Test Script"->>User: Log supported algorithms
    User->>"Test Script": Register agent with supported algorithm
    "Test Script"->>"TPM Emulator": Validate registration
    "Test Script"->>"TPM Emulator": Stop emulator
    "Test Script"->>User: Cleanup and finish

Loading

File-Level Changes

Change	Details	Files
Removed create-platform-cert from TPM emulator setup commands	Dropped --create-platform-cert flag from swtpm_setup invocation	setup/configure_swtpm_device/test.sh setup/configure_tpm_emulator/test.sh
Backported functional test suite for non-default TPM algorithm agent registration	Added test.sh to drive registration and conditional attestation with configurable TPM_ENCRYPTION_ALG and TPM_SIGNING_ALG Added tpm_support_detection.sh to probe and log supported ECC curves and RSA key sizes for EK creation Added main.fmf to define the test metadata and integrate the new tests	functional/agent-registration-with-non-default-tpm-algorithms/test.sh functional/agent-registration-with-non-default-tpm-algorithms/tpm_support_detection.sh functional/agent-registration-with-non-default-tpm-algorithms/main.fmf

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• main.fmf is empty—please add the necessary FMF metadata (including test parameters for TPM_ENCRYPTION_ALG and TPM_SIGNING_ALG) so the suite can be discovered and executed.
• Since the scripts require TPM_ENCRYPTION_ALG and TPM_SIGNING_ALG to be set externally, consider defining defaults or a parameter matrix in main.fmf to ensure CI jobs supply valid values.
• The emulator startup/teardown logic is duplicated across the new scripts—factor this into a shared helper function to simplify maintenance.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- main.fmf is empty—please add the necessary FMF metadata (including test parameters for TPM_ENCRYPTION_ALG and TPM_SIGNING_ALG) so the suite can be discovered and executed.
- Since the scripts require TPM_ENCRYPTION_ALG and TPM_SIGNING_ALG to be set externally, consider defining defaults or a parameter matrix in main.fmf to ensure CI jobs supply valid values.
- The emulator startup/teardown logic is duplicated across the new scripts—factor this into a shared helper function to simplify maintenance.

## Individual Comments

### Comment 1
<location> `functional/agent-registration-with-non-default-tpm-algorithms/tpm_support_detection.sh:76` </location>
<code_context>
+            rlRun "limeCondStopAbrmd"
+        fi
+        limeSubmitCommonLogs
+        rlRun "rm -r ${TmpDir}" 0 "Removing tmp directory"
+    rlPhaseEnd
+
</code_context>

<issue_to_address>
**nitpick (bug_risk):** Use double quotes around variable expansions to prevent word splitting and globbing.

Quoting "${TmpDir}" ensures the command works correctly even if the directory path includes spaces or special characters.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}