automated: linux: Add AWS IoT use case to el2go test
This patch adds support for testing AWS IoT integration for EL2GO
service with FoundriesFactory. More detailed instructions are available
from the el2go.yaml
Signed-off-by: Milosz Wasilewski <milosz.wasilewski@foundries.io>
diff --git a/automated/linux/el2go/el2go.sh b/automated/linux/el2go/el2go.sh
index 0a74cb0..4d54891 100755
--- a/automated/linux/el2go/el2go.sh
+++ b/automated/linux/el2go/el2go.sh
@@ -11,12 +11,16 @@
PTOOL="pkcs11-tool --module /usr/lib/libckteec.so.0.1.0"
SO_PIN=12345678
PIN=87654321
-#SE05X_SLOT_LABEL=aktualizr
+AKLITE_TOKEN_LABEL=aktualizr
+AKLITE_CERT_LABEL=SE_83000043
SE05X_TEST_LABEL=test_label
+RESET_SE05X=True
+AWS_ENDPOINT=""
+AWS_CONTAINER=""
usage() {
echo "\
- Usage: $0 [-p <pkcs11-tool>] [-s <true|false>]
+ Usage: $0 [-p <pkcs11-tool>] [-s <true|false>] [-r <true|false>] [-e <AWS endpoint>] [-c <AWS container>]
-p <pkcs11-tool>
pkcs11-tool with all the options required. Default is:
@@ -26,6 +30,13 @@
This checks whether auto-registration script
can deal with alread initialized pkcs11.
Default: false
+ -r <true|false>
+ Reset SE050 element to factory settings
+ Default: true
+ -e <AWS IoT Endpoint URL>
+ -c <AWS test container>
+ Container connects to the endpoint to create
+ AWS IoT Thing
"
}
@@ -43,10 +54,13 @@
}
-while getopts "p:s:h" opts; do
+while getopts "p:s:r:e:c:h" opts; do
case "$opts" in
p) PTOOL="${OPTARG}";;
s) SLOT_INIT="${OPTARG}";;
+ r) RESET_SE05X="${OPTARG}";;
+ e) AWS_ENDPOINT="${OPTARG}";;
+ c) AWS_CONTAINER="${OPTARG}";;
h|*) usage ; exit 1 ;;
esac
done
@@ -82,7 +96,7 @@
# check if the device was registered
echo "Check if the device is properly registered"
-systemctl status --no-pager lmp-el2go-auto-register
+systemctl status --no-pager --full lmp-el2go-auto-register
# should be 0 - exit without error
EXEC_STATUS=$(systemd_variable_value ExecMainStatus lmp-el2go-auto-register)
if [ "${EXEC_STATUS}" = 0 ]; then
@@ -98,18 +112,36 @@
report_fail lmp-el2go-auto-register-running
fi
-journalctl --no-pager -u lmp-el2go-auto-register | grep "Getting Certificate"
-check_return "el2go-get-certificate"
-journalctl --no-pager -u lmp-el2go-auto-register | grep "Retrieved Certificate"
+journalctl --no-pager -u lmp-el2go-auto-register
+
+. /etc/os-release
+$PTOOL --pin "${PIN}" --token-label "${AKLITE_TOKEN_LABEL}" --read-object --label "${AKLITE_CERT_LABEL}" --type cert --output-file cert.der
+# LMP_FACTORY is set in /etc/os-release
+openssl x509 -in cert.der -issuer -noout | grep "${LMP_FACTORY}"
check_return "el2go-retrieve-certificate"
+if [ -s /var/sota/sota.toml ]; then
+ report_pass "sota_toml_created"
+else
+ report_fail "sota_toml_created"
+fi
journalctl --no-pager -u lmp-el2go-auto-register | grep "Deactivated successfully"
check_return "lmp-el2go-service-deactivate"
systemctl is-active aktualizr-lite
check_return "el2go-aklite-running"
+# test AWS
+# This only works if AWS IoT JIT is configured properly
+if [ -n "${AWS_ENDPOINT}" ] && [ -n "${AWS_CONTAINER}" ]; then
+ docker run -it -e AWS_ENDPOINT="${AWS_ENDPOINT}" --device=/dev/tee0:/dev/tee0 "${AWS_CONTAINER}"
+ check_return "el2go-aws-iot"
+else
+ report_skip "el2go-aws-iot"
+fi
+
# cleanup
-echo "Cleanup SE050"
-# reset se050
-ssscli connect se05x t1oi2c none
-ssscli se05x reset
-ssscli disconnect
+if [ "${RESET_SE05X}" = "True" ] || [ "${RESET_SE05X}" = "true" ]; then
+ echo "Cleanup SE050"
+ # stop aklite to prevent TA panic
+ systemctl stop aktualizr-lite
+ fio-se05x-cli --factory-reset --se050
+fi
diff --git a/automated/linux/el2go/el2go.yaml b/automated/linux/el2go/el2go.yaml
index e3d48c5..d1a4efd 100644
--- a/automated/linux/el2go/el2go.yaml
+++ b/automated/linux/el2go/el2go.yaml
@@ -6,7 +6,19 @@
FoundriesFactory. If the device is successfully
registered, the test passes. Running the test requires
FoundriesFactory with EL2GO integration and a device
- with SE050 secure element."
+ with SE050 secure element.
+
+ Optionally AWS IoT integration can be tested by setting
+ AWS_ENDPOINT and AWS_CONTAINER variables. It is recommended
+ to use Foundries.io awsiot-optee container with corresponding
+ LmP release. The container sources can be found on github:
+ https://github.com/foundriesio/containers/tree/master/awsiot-optee
+
+ AWS_ENDPOINT is the URL returned by:
+ aws iot describe-endpoint --endpoint-type iot:Data-ATS --query 'endpointAddress' --output text
+
+ It is recommented to reset SE050 secure element after the test.
+ This is done by setting RESET_SE05X to True."
maintainer:
- milosz.wasilewski@foundries.io
os:
@@ -18,11 +30,14 @@
- imx6ull
params:
- PTOOL: "pkcs11-tool --module /usr/lib/libckteec.so.0.1"
+ PTOOL: "pkcs11-tool --module /usr/lib/libckteec.so.0.1.0"
SLOT_INIT: "False"
+ RESET_SE05X: "True"
+ AWS_ENDPOINT: ""
+ AWS_CONTAINER: ""
run:
steps:
- cd ./automated/linux/el2go/
- - ./el2go.sh -s "${SLOT_INIT}" -p "${PTOOL}"
+ - ./el2go.sh -s "${SLOT_INIT}" -p "${PTOOL}" -r "${RESET_SE05X}" -e "${AWS_ENDPOINT}" -c "${AWS_CONTAINER}"
- ../../utils/send-to-lava.sh ./output/result.txt