#!/usr/bin/env bats
# vim:set ft=sh:

load ../helpers/common

@test "tpm2 hook adds required binaries" {
    local buildroot
    buildroot="$(mktemp -d)"
    
    run_mkinitcpio_test "$buildroot" -H tpm2
    
    [ -f "$buildroot/usr/bin/systemd-measure" ]
    [ -f "$buildroot/usr/bin/systemd-cryptenroll" ]
    [ -f "$buildroot/usr/bin/tpm2_createprimary" ]
    [ -f "$buildroot/usr/bin/tpm2_pcrread" ]
}

@test "tpm2 signature generation works" {
    local buildroot privkey pubkey
    buildroot="$(mktemp -d)"
    privkey="$(mktemp)"
    pubkey="$(mktemp)"
    
    # Generate test keys
    openssl genpkey -algorithm RSA -out "$privkey"
    openssl rsa -in "$privkey" -pubout -out "$pubkey"
    
    TPM2_PRIVKEY="$privkey" TPM2_PUBKEY="$pubkey" TPM2_PCRS="0,2,4,7" \
        run_mkinitcpio_test "$buildroot" -H tpm2
    
    [ -f "$buildroot/pcrsig.json" ]
    [ -f "$buildroot/pcrpkey" ]
}