[swtpm.git] / tests / _test_migration_key

#!/bin/bash

# For the license, see the LICENSE file in the root directory.
# set -x

ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

VTPM_NAME="${VTPM_NAME:-vtpm-test-migration-key}"
SWTPM_DEV_NAME="/dev/${VTPM_NAME}"
MIGRATION_PASSWORD="migration"
VOLATILESTATE=${TESTDIR}/data/migkey1/volatilestate.bin

tpmstatedir="$(mktemp -d)"
if [ -z "$tpmstatedir" ]; then
	echo "Could not create temporary directory."
	exit 1
fi

migpwdfile="$(mktemp)"
if [ -z "$migpwdfile" ]; then
	echo "Could not create temporary file."
	exit 1
fi
echo -n "$MIGRATION_PASSWORD" > $migpwdfile

volatilestatefile="$(mktemp)"
if [ -z "$volatilestatefile" ]; then
	echo "Could not create temporary file."
	exit 1
fi

SWTPM_CMD_UNIX_PATH=${tpmstatedir}/unix-cmd.sock
SWTPM_CTRL_UNIX_PATH=${tpmstatedir}/unix-ctrl.sock
SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse}

function cleanup()
{
	pid=${SWTPM_PID}
	if [ -n "$pid" ]; then
		kill_quiet -9 $pid
	fi
	rm -rf $migpwdfile $volatilestatefile $tpmstatedir
}

trap "cleanup" EXIT

[ "${SWTPM_INTERFACE}" == cuse ] && source ${TESTDIR}/test_cuse
source ${TESTDIR}/common

# make a backup of the volatile state
export TPM_PATH=$tpmstatedir
cp ${TESTDIR}/data/tpmstate1/* $TPM_PATH

run_swtpm ${SWTPM_INTERFACE} \
	--migration-key pwdfile=$migpwdfile,remove=false,kdf=sha512

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	exit 1
fi

# Init the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed."
	exit 1
fi

kill_quiet -0 ${SWTPM_PID} 2>/dev/null
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
	exit 1
fi

# Read PCR 10
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Assert physical presence
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20')
exp=' 00 c4 00 00 00 0a 00 00 00 00'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Create a big NVRAM Area with 4000 bytes (0xfa0)
tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01'
tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01'
tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f'
tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
tmp+='\x00\x00\x00\x00\x00'
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} $tmp)
exp=' 00 c4 00 00 00 0a 00 00 00 00'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Save the volatile state into a file
run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $volatilestatefile
if [ $? -ne 0 ]; then
	echo "Error: Could not save the volatile state to ${volatilestatefile}."
	exit 1
fi
if [ ! -r $volatilestatefile ]; then
	echo "Error: Volatile state file $volatilestatefile does not exist."
	exit 1
fi

#ls -l $volatilestatefile
size=$(get_filesize $volatilestatefile)
expsize=1324
if [ $size -ne $expsize ]; then
	echo "Error: Unexpected size of volatile state file."
	echo "       Expected file with size of $expsize, found $size bytes."
	exit 1
fi

tmp=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -g | cut -d":" -f2)
if [ $? -ne 0 ]; then
	echo "Error: Could not get the configration flags of the ${SWTPM_INTERFACE} TPM."
	exit 1
fi

if [ "$tmp" != " 0x2" ]; then
	echo "Error: Unexpected configuration flags: $tmp; expected 0x2."
	exit 1
fi

# Shut the TPM down
exec 100>&-
run_swtpm_ioctl ${SWTPM_INTERFACE} -s

echo "Test 1: Ok"

# Start the vTPM again and load the encrypted volatile state into it
run_swtpm ${SWTPM_INTERFACE} \
	--migration-key pwdfile=$migpwdfile,remove=false,kdf=sha512

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	exit 1
fi

# Do NOT init the TPM now; first load volatile state

# load the encrypted volatile state into it
run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile
if [ $? -ne 0 ]; then
	echo "Error: Could not load encrypted volatile state into TPM."
	exit 1
fi

# Now init the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed."
	exit 1
fi

# Read PCR 10
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Shut the TPM down
exec 100>&-
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	exit 1
fi

echo "Test 2: Ok"


# Start the vTPM again and load the encrypted volatile state into it
# This time we make this fail since we don't provide the migration key
run_swtpm ${SWTPM_INTERFACE}

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	exit 1
fi

# Do NOT init the TPM now; first load volatile state

# load the encrypted volatile state into it
# This will not work; the TPM writes the data into the volatile state file
# and validates it
ERR=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile 2>&1)
if [ $? -eq 0 ]; then
	echo "Error: Could load encrypted volatile state into TPM."
	exit 1
fi
exp="TPM result from PTM_SET_STATEBLOB: 0xd"
if [ "$ERR" != "$exp" ]; then
	echo "Error: Unexpected error message"
	echo "Received: $ERR"
	echo "Expected: $exp"
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	exit 1
fi

echo "Test 3: Ok"

# In this test we now feed it an encrypted volatile state

# Start the vTPM again and load the encrypted volatile state into it
run_swtpm ${SWTPM_INTERFACE} \
	--migration-key pwdfile=$migpwdfile,remove=true,kdf=sha512

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	exit 1
fi

# load the encrypted volatile state into it
run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $VOLATILESTATE
if [ $? -ne 0 ]; then
	echo "Error: Could not load encrypted volatile state into TPM."
	exit 1
fi

# Now init the TPM; this must work
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM."
	exit 1
fi

# Read PCR 10
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Shut the TPM down
exec 100>&-
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	exit 1
fi

echo "Test 4: Ok"
Commit	Line	Data
01aa2ed3 SB	1	#!/bin/bash
	2
	3	# For the license, see the LICENSE file in the root directory.
	4	# set -x
	5
313cf75c SB	6	ROOT=${abs_top_builddir:-$(pwd)/..}
	7	TESTDIR=${abs_top_testdir:-$(dirname "$0")}
	8
01aa2ed3 SB	9	VTPM_NAME="${VTPM_NAME:-vtpm-test-migration-key}"
	10	SWTPM_DEV_NAME="/dev/${VTPM_NAME}"
	11	MIGRATION_PASSWORD="migration"
313cf75c	12	VOLATILESTATE=${TESTDIR}/data/migkey1/volatilestate.bin
01aa2ed3	13
cce7503c	14	tpmstatedir="$(mktemp -d)"
01aa2ed3 SB	15	if [ -z "$tpmstatedir" ]; then
	16	echo "Could not create temporary directory."
	17	exit 1
	18	fi
	19
cce7503c	20	migpwdfile="$(mktemp)"
01aa2ed3 SB	21	if [ -z "$migpwdfile" ]; then
	22	echo "Could not create temporary file."
	23	exit 1
	24	fi
	25	echo -n "$MIGRATION_PASSWORD" > $migpwdfile
	26
cce7503c	27	volatilestatefile="$(mktemp)"
01aa2ed3 SB	28	if [ -z "$volatilestatefile" ]; then
	29	echo "Could not create temporary file."
	30	exit 1
	31	fi
	32
	33	SWTPM_CMD_UNIX_PATH=${tpmstatedir}/unix-cmd.sock
	34	SWTPM_CTRL_UNIX_PATH=${tpmstatedir}/unix-ctrl.sock
	35	SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse}
	36
	37	function cleanup()
	38	{
	39	pid=${SWTPM_PID}
	40	if [ -n "$pid" ]; then
47c7ea77	41	kill_quiet -9 $pid
01aa2ed3 SB	42	fi
	43	rm -rf $migpwdfile $volatilestatefile $tpmstatedir
	44	}
	45
	46	trap "cleanup" EXIT
	47
313cf75c SB	48	[ "${SWTPM_INTERFACE}" == cuse ] && source ${TESTDIR}/test_cuse
313cf75c SB	49	source ${TESTDIR}/common
01aa2ed3 SB	50
	51	# make a backup of the volatile state
	52	export TPM_PATH=$tpmstatedir
313cf75c	53	cp ${TESTDIR}/data/tpmstate1/* $TPM_PATH
01aa2ed3	54
a39f098f SB	55	run_swtpm ${SWTPM_INTERFACE} \
a39f098f SB	56	--migration-key pwdfile=$migpwdfile,remove=false,kdf=sha512
01aa2ed3	57
100317d5	58	display_processes_by_name "$SWTPM"
01aa2ed3	59
47c7ea77	60	kill_quiet -0 ${SWTPM_PID}
01aa2ed3 SB	61	if [ $? -ne 0 ]; then
	62	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	63	exit 1
	64	fi
	65
	66	# Init the TPM
	67	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	68	if [ $? -ne 0 ]; then
	69	echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed."
	70	exit 1
	71	fi
	72
47c7ea77	73	kill_quiet -0 ${SWTPM_PID} 2>/dev/null
01aa2ed3 SB	74	if [ $? -ne 0 ]; then
	75	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
	76	exit 1
	77	fi
	78
	79	# Read PCR 10
	80	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	81	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
	82	exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
	83	if [ "$RES" != "$exp" ]; then
	84	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	85	echo "expected: $exp"
	86	echo "received: $RES"
	87	exit 1
	88	fi
	89
	90	# Assert physical presence
	91	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	92	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20')
	93	exp=' 00 c4 00 00 00 0a 00 00 00 00'
	94	if [ "$RES" != "$exp" ]; then
	95	echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)"
	96	echo "expected: $exp"
	97	echo "received: $RES"
	98	exit 1
	99	fi
	100
	101	# Create a big NVRAM Area with 4000 bytes (0xfa0)
	102	tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01'
	103	tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
	104	tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01'
	105	tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
	106	tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f'
	107	tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
	108	tmp+='\x00\x00\x00\x00\x00'
	109	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	110	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} $tmp)
	111	exp=' 00 c4 00 00 00 0a 00 00 00 00'
	112	if [ "$RES" != "$exp" ]; then
	113	echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()"
	114	echo "expected: $exp"
	115	echo "received: $RES"
	116	exit 1
	117	fi
	118
	119	# Save the volatile state into a file
	120	run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $volatilestatefile
	121	if [ $? -ne 0 ]; then
	122	echo "Error: Could not save the volatile state to ${volatilestatefile}."
	123	exit 1
	124	fi
	125	if [ ! -r $volatilestatefile ]; then
	126	echo "Error: Volatile state file $volatilestatefile does not exist."
	127	exit 1
	128	fi
	129
	130	#ls -l $volatilestatefile
0f648eda	131	size=$(get_filesize $volatilestatefile)
638bd3ba	132	expsize=1324
01aa2ed3 SB	133	if [ $size -ne $expsize ]; then
	134	echo "Error: Unexpected size of volatile state file."
	135	echo " Expected file with size of $expsize, found $size bytes."
	136	exit 1
	137	fi
	138
01aa2ed3 SB	139	tmp=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -g \| cut -d":" -f2)
	140	if [ $? -ne 0 ]; then
	141	echo "Error: Could not get the configration flags of the ${SWTPM_INTERFACE} TPM."
	142	exit 1
	143	fi
	144
	145	if [ "$tmp" != " 0x2" ]; then
	146	echo "Error: Unexpected configuration flags: $tmp; expected 0x2."
	147	exit 1
	148	fi
	149
	150	# Shut the TPM down
	151	exec 100>&-
	152	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	153
	154	echo "Test 1: Ok"
	155
	156	# Start the vTPM again and load the encrypted volatile state into it
a39f098f SB	157	run_swtpm ${SWTPM_INTERFACE} \
a39f098f SB	158	--migration-key pwdfile=$migpwdfile,remove=false,kdf=sha512
01aa2ed3	159
100317d5	160	display_processes_by_name "$SWTPM"
01aa2ed3	161
47c7ea77	162	kill_quiet -0 ${SWTPM_PID}
01aa2ed3 SB	163	if [ $? -ne 0 ]; then
	164	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	165	exit 1
	166	fi
	167
	168	# Do NOT init the TPM now; first load volatile state
	169
	170	# load the encrypted volatile state into it
	171	run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile
	172	if [ $? -ne 0 ]; then
	173	echo "Error: Could not load encrypted volatile state into TPM."
	174	exit 1
	175	fi
	176
	177	# Now init the TPM
	178	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	179	if [ $? -ne 0 ]; then
	180	echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed."
	181	exit 1
	182	fi
	183
	184	# Read PCR 10
	185	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	186	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
	187	exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
	188	if [ "$RES" != "$exp" ]; then
	189	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	190	echo "expected: $exp"
	191	echo "received: $RES"
	192	exit 1
	193	fi
	194
	195	# Shut the TPM down
	196	exec 100>&-
	197	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	198	if [ $? -ne 0 ]; then
	199	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	200	exit 1
	201	fi
	202
	203	echo "Test 2: Ok"
	204
	205
	206	# Start the vTPM again and load the encrypted volatile state into it
	207	# This time we make this fail since we don't provide the migration key
	208	run_swtpm ${SWTPM_INTERFACE}
	209
100317d5	210	display_processes_by_name "$SWTPM"
01aa2ed3	211
47c7ea77	212	kill_quiet -0 ${SWTPM_PID}
01aa2ed3 SB	213	if [ $? -ne 0 ]; then
	214	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	215	exit 1
	216	fi
	217
	218	# Do NOT init the TPM now; first load volatile state
	219
	220	# load the encrypted volatile state into it
a31a26ea SB	221	# This will not work; the TPM writes the data into the volatile state file
a31a26ea SB	222	# and validates it
f759520c	223	ERR=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile 2>&1)
a31a26ea SB	224	if [ $? -eq 0 ]; then
a31a26ea SB	225	echo "Error: Could load encrypted volatile state into TPM."
01aa2ed3 SB	226	exit 1
01aa2ed3 SB	227	fi
f759520c SB	228	exp="TPM result from PTM_SET_STATEBLOB: 0xd"
	229	if [ "$ERR" != "$exp" ]; then
	230	echo "Error: Unexpected error message"
	231	echo "Received: $ERR"
	232	echo "Expected: $exp"
	233	exit 1
	234	fi
01aa2ed3	235
01aa2ed3 SB	236	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	237	if [ $? -ne 0 ]; then
	238	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	239	exit 1
	240	fi
	241
	242	echo "Test 3: Ok"
	243
	244	# In this test we now feed it an encrypted volatile state
	245
	246	# Start the vTPM again and load the encrypted volatile state into it
a39f098f SB	247	run_swtpm ${SWTPM_INTERFACE} \
a39f098f SB	248	--migration-key pwdfile=$migpwdfile,remove=true,kdf=sha512
01aa2ed3	249
100317d5	250	display_processes_by_name "$SWTPM"
01aa2ed3	251
47c7ea77	252	kill_quiet -0 ${SWTPM_PID}
01aa2ed3 SB	253	if [ $? -ne 0 ]; then
	254	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	255	exit 1
	256	fi
	257
	258	# load the encrypted volatile state into it
	259	run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $VOLATILESTATE
	260	if [ $? -ne 0 ]; then
	261	echo "Error: Could not load encrypted volatile state into TPM."
	262	exit 1
	263	fi
	264
	265	# Now init the TPM; this must work
	266	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	267	if [ $? -ne 0 ]; then
	268	echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM."
	269	exit 1
	270	fi
	271
	272	# Read PCR 10
	273	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	274	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
	275	exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
	276	if [ "$RES" != "$exp" ]; then
	277	echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
	278	echo "expected: $exp"
	279	echo "received: $RES"
	280	exit 1
	281	fi
	282
	283	# Shut the TPM down
	284	exec 100>&-
	285	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	286	if [ $? -ne 0 ]; then
	287	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	288	exit 1
	289	fi
	290
	291	echo "Test 4: Ok"