]>
Commit | Line | Data |
---|---|---|
01aa2ed3 SB |
1 | #!/bin/bash |
2 | ||
3 | # For the license, see the LICENSE file in the root directory. | |
4 | # set -x | |
5 | ||
313cf75c SB |
6 | ROOT=${abs_top_builddir:-$(pwd)/..} |
7 | TESTDIR=${abs_top_testdir:-$(dirname "$0")} | |
8 | ||
01aa2ed3 SB |
9 | VTPM_NAME="${VTPM_NAME:-vtpm-test-migration-key}" |
10 | SWTPM_DEV_NAME="/dev/${VTPM_NAME}" | |
11 | MIGRATION_PASSWORD="migration" | |
313cf75c | 12 | VOLATILESTATE=${TESTDIR}/data/migkey1/volatilestate.bin |
01aa2ed3 | 13 | |
cce7503c | 14 | tpmstatedir="$(mktemp -d)" |
01aa2ed3 SB |
15 | if [ -z "$tpmstatedir" ]; then |
16 | echo "Could not create temporary directory." | |
17 | exit 1 | |
18 | fi | |
19 | ||
cce7503c | 20 | migpwdfile="$(mktemp)" |
01aa2ed3 SB |
21 | if [ -z "$migpwdfile" ]; then |
22 | echo "Could not create temporary file." | |
23 | exit 1 | |
24 | fi | |
25 | echo -n "$MIGRATION_PASSWORD" > $migpwdfile | |
26 | ||
cce7503c | 27 | volatilestatefile="$(mktemp)" |
01aa2ed3 SB |
28 | if [ -z "$volatilestatefile" ]; then |
29 | echo "Could not create temporary file." | |
30 | exit 1 | |
31 | fi | |
32 | ||
33 | SWTPM_CMD_UNIX_PATH=${tpmstatedir}/unix-cmd.sock | |
34 | SWTPM_CTRL_UNIX_PATH=${tpmstatedir}/unix-ctrl.sock | |
35 | SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} | |
36 | ||
37 | function cleanup() | |
38 | { | |
39 | pid=${SWTPM_PID} | |
40 | if [ -n "$pid" ]; then | |
47c7ea77 | 41 | kill_quiet -9 $pid |
01aa2ed3 SB |
42 | fi |
43 | rm -rf $migpwdfile $volatilestatefile $tpmstatedir | |
44 | } | |
45 | ||
46 | trap "cleanup" EXIT | |
47 | ||
313cf75c SB |
48 | [ "${SWTPM_INTERFACE}" == cuse ] && source ${TESTDIR}/test_cuse |
49 | source ${TESTDIR}/common | |
01aa2ed3 SB |
50 | |
51 | # make a backup of the volatile state | |
52 | export TPM_PATH=$tpmstatedir | |
313cf75c | 53 | cp ${TESTDIR}/data/tpmstate1/* $TPM_PATH |
01aa2ed3 | 54 | |
a39f098f SB |
55 | run_swtpm ${SWTPM_INTERFACE} \ |
56 | --migration-key pwdfile=$migpwdfile,remove=false,kdf=sha512 | |
01aa2ed3 | 57 | |
100317d5 | 58 | display_processes_by_name "$SWTPM" |
01aa2ed3 | 59 | |
47c7ea77 | 60 | kill_quiet -0 ${SWTPM_PID} |
01aa2ed3 SB |
61 | if [ $? -ne 0 ]; then |
62 | echo "Error: ${SWTPM_INTERFACE} TPM did not start." | |
63 | exit 1 | |
64 | fi | |
65 | ||
66 | # Init the TPM | |
67 | run_swtpm_ioctl ${SWTPM_INTERFACE} -i | |
68 | if [ $? -ne 0 ]; then | |
69 | echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed." | |
70 | exit 1 | |
71 | fi | |
72 | ||
47c7ea77 | 73 | kill_quiet -0 ${SWTPM_PID} 2>/dev/null |
01aa2ed3 SB |
74 | if [ $? -ne 0 ]; then |
75 | echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." | |
76 | exit 1 | |
77 | fi | |
78 | ||
79 | # Read PCR 10 | |
01aa2ed3 SB |
80 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') |
81 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' | |
82 | if [ "$RES" != "$exp" ]; then | |
83 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" | |
84 | echo "expected: $exp" | |
85 | echo "received: $RES" | |
86 | exit 1 | |
87 | fi | |
88 | ||
89 | # Assert physical presence | |
01aa2ed3 SB |
90 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20') |
91 | exp=' 00 c4 00 00 00 0a 00 00 00 00' | |
92 | if [ "$RES" != "$exp" ]; then | |
93 | echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)" | |
94 | echo "expected: $exp" | |
95 | echo "received: $RES" | |
96 | exit 1 | |
97 | fi | |
98 | ||
99 | # Create a big NVRAM Area with 4000 bytes (0xfa0) | |
100 | tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01' | |
101 | tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
102 | tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01' | |
103 | tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
104 | tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f' | |
105 | tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
106 | tmp+='\x00\x00\x00\x00\x00' | |
01aa2ed3 SB |
107 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} $tmp) |
108 | exp=' 00 c4 00 00 00 0a 00 00 00 00' | |
109 | if [ "$RES" != "$exp" ]; then | |
110 | echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()" | |
111 | echo "expected: $exp" | |
112 | echo "received: $RES" | |
113 | exit 1 | |
114 | fi | |
115 | ||
116 | # Save the volatile state into a file | |
117 | run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $volatilestatefile | |
118 | if [ $? -ne 0 ]; then | |
119 | echo "Error: Could not save the volatile state to ${volatilestatefile}." | |
120 | exit 1 | |
121 | fi | |
122 | if [ ! -r $volatilestatefile ]; then | |
123 | echo "Error: Volatile state file $volatilestatefile does not exist." | |
124 | exit 1 | |
125 | fi | |
126 | ||
127 | #ls -l $volatilestatefile | |
0f648eda | 128 | size=$(get_filesize $volatilestatefile) |
638bd3ba | 129 | expsize=1324 |
01aa2ed3 SB |
130 | if [ $size -ne $expsize ]; then |
131 | echo "Error: Unexpected size of volatile state file." | |
132 | echo " Expected file with size of $expsize, found $size bytes." | |
133 | exit 1 | |
134 | fi | |
135 | ||
01aa2ed3 SB |
136 | tmp=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -g | cut -d":" -f2) |
137 | if [ $? -ne 0 ]; then | |
138 | echo "Error: Could not get the configration flags of the ${SWTPM_INTERFACE} TPM." | |
139 | exit 1 | |
140 | fi | |
141 | ||
142 | if [ "$tmp" != " 0x2" ]; then | |
143 | echo "Error: Unexpected configuration flags: $tmp; expected 0x2." | |
144 | exit 1 | |
145 | fi | |
146 | ||
147 | # Shut the TPM down | |
148 | exec 100>&- | |
149 | run_swtpm_ioctl ${SWTPM_INTERFACE} -s | |
150 | ||
151 | echo "Test 1: Ok" | |
152 | ||
153 | # Start the vTPM again and load the encrypted volatile state into it | |
a39f098f SB |
154 | run_swtpm ${SWTPM_INTERFACE} \ |
155 | --migration-key pwdfile=$migpwdfile,remove=false,kdf=sha512 | |
01aa2ed3 | 156 | |
100317d5 | 157 | display_processes_by_name "$SWTPM" |
01aa2ed3 | 158 | |
47c7ea77 | 159 | kill_quiet -0 ${SWTPM_PID} |
01aa2ed3 SB |
160 | if [ $? -ne 0 ]; then |
161 | echo "Error: ${SWTPM_INTERFACE} TPM did not start." | |
162 | exit 1 | |
163 | fi | |
164 | ||
165 | # Do NOT init the TPM now; first load volatile state | |
166 | ||
167 | # load the encrypted volatile state into it | |
168 | run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile | |
169 | if [ $? -ne 0 ]; then | |
170 | echo "Error: Could not load encrypted volatile state into TPM." | |
171 | exit 1 | |
172 | fi | |
173 | ||
174 | # Now init the TPM | |
175 | run_swtpm_ioctl ${SWTPM_INTERFACE} -i | |
176 | if [ $? -ne 0 ]; then | |
177 | echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed." | |
178 | exit 1 | |
179 | fi | |
180 | ||
181 | # Read PCR 10 | |
01aa2ed3 SB |
182 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') |
183 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' | |
184 | if [ "$RES" != "$exp" ]; then | |
185 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" | |
186 | echo "expected: $exp" | |
187 | echo "received: $RES" | |
188 | exit 1 | |
189 | fi | |
190 | ||
191 | # Shut the TPM down | |
192 | exec 100>&- | |
193 | run_swtpm_ioctl ${SWTPM_INTERFACE} -s | |
194 | if [ $? -ne 0 ]; then | |
195 | echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." | |
196 | exit 1 | |
197 | fi | |
198 | ||
199 | echo "Test 2: Ok" | |
200 | ||
201 | ||
202 | # Start the vTPM again and load the encrypted volatile state into it | |
203 | # This time we make this fail since we don't provide the migration key | |
204 | run_swtpm ${SWTPM_INTERFACE} | |
205 | ||
100317d5 | 206 | display_processes_by_name "$SWTPM" |
01aa2ed3 | 207 | |
47c7ea77 | 208 | kill_quiet -0 ${SWTPM_PID} |
01aa2ed3 SB |
209 | if [ $? -ne 0 ]; then |
210 | echo "Error: ${SWTPM_INTERFACE} TPM did not start." | |
211 | exit 1 | |
212 | fi | |
213 | ||
214 | # Do NOT init the TPM now; first load volatile state | |
215 | ||
216 | # load the encrypted volatile state into it | |
a31a26ea SB |
217 | # This will not work; the TPM writes the data into the volatile state file |
218 | # and validates it | |
f759520c | 219 | ERR=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile 2>&1) |
a31a26ea SB |
220 | if [ $? -eq 0 ]; then |
221 | echo "Error: Could load encrypted volatile state into TPM." | |
01aa2ed3 SB |
222 | exit 1 |
223 | fi | |
f759520c SB |
224 | exp="TPM result from PTM_SET_STATEBLOB: 0xd" |
225 | if [ "$ERR" != "$exp" ]; then | |
226 | echo "Error: Unexpected error message" | |
227 | echo "Received: $ERR" | |
228 | echo "Expected: $exp" | |
229 | exit 1 | |
230 | fi | |
01aa2ed3 | 231 | |
01aa2ed3 SB |
232 | run_swtpm_ioctl ${SWTPM_INTERFACE} -s |
233 | if [ $? -ne 0 ]; then | |
234 | echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." | |
235 | exit 1 | |
236 | fi | |
237 | ||
238 | echo "Test 3: Ok" | |
239 | ||
240 | # In this test we now feed it an encrypted volatile state | |
241 | ||
242 | # Start the vTPM again and load the encrypted volatile state into it | |
a39f098f SB |
243 | run_swtpm ${SWTPM_INTERFACE} \ |
244 | --migration-key pwdfile=$migpwdfile,remove=true,kdf=sha512 | |
01aa2ed3 | 245 | |
100317d5 | 246 | display_processes_by_name "$SWTPM" |
01aa2ed3 | 247 | |
47c7ea77 | 248 | kill_quiet -0 ${SWTPM_PID} |
01aa2ed3 SB |
249 | if [ $? -ne 0 ]; then |
250 | echo "Error: ${SWTPM_INTERFACE} TPM did not start." | |
251 | exit 1 | |
252 | fi | |
253 | ||
254 | # load the encrypted volatile state into it | |
255 | run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $VOLATILESTATE | |
256 | if [ $? -ne 0 ]; then | |
257 | echo "Error: Could not load encrypted volatile state into TPM." | |
258 | exit 1 | |
259 | fi | |
260 | ||
261 | # Now init the TPM; this must work | |
262 | run_swtpm_ioctl ${SWTPM_INTERFACE} -i | |
263 | if [ $? -ne 0 ]; then | |
264 | echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." | |
265 | exit 1 | |
266 | fi | |
267 | ||
268 | # Read PCR 10 | |
01aa2ed3 SB |
269 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') |
270 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' | |
271 | if [ "$RES" != "$exp" ]; then | |
272 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" | |
273 | echo "expected: $exp" | |
274 | echo "received: $RES" | |
275 | exit 1 | |
276 | fi | |
277 | ||
278 | # Shut the TPM down | |
279 | exec 100>&- | |
280 | run_swtpm_ioctl ${SWTPM_INTERFACE} -s | |
281 | if [ $? -ne 0 ]; then | |
282 | echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." | |
283 | exit 1 | |
284 | fi | |
285 | ||
286 | echo "Test 4: Ok" |