]>
Commit | Line | Data |
---|---|---|
01aa2ed3 SB |
1 | #!/bin/bash |
2 | ||
3 | # For the license, see the LICENSE file in the root directory. | |
4 | # set -x | |
5 | ||
313cf75c SB |
6 | ROOT=${abs_top_builddir:-$(pwd)/..} |
7 | TESTDIR=${abs_top_testdir:-$(dirname "$0")} | |
8 | ||
01aa2ed3 SB |
9 | VTPM_NAME="${VTPM_NAME:-vtpm-test-migration-key}" |
10 | SWTPM_DEV_NAME="/dev/${VTPM_NAME}" | |
11 | MIGRATION_PASSWORD="migration" | |
313cf75c | 12 | VOLATILESTATE=${TESTDIR}/data/migkey1/volatilestate.bin |
01aa2ed3 SB |
13 | |
14 | tpmstatedir=$(mktemp -d) | |
15 | if [ -z "$tpmstatedir" ]; then | |
16 | echo "Could not create temporary directory." | |
17 | exit 1 | |
18 | fi | |
19 | ||
20 | migpwdfile=$(mktemp) | |
21 | if [ -z "$migpwdfile" ]; then | |
22 | echo "Could not create temporary file." | |
23 | exit 1 | |
24 | fi | |
25 | echo -n "$MIGRATION_PASSWORD" > $migpwdfile | |
26 | ||
27 | volatilestatefile=$(mktemp) | |
28 | if [ -z "$volatilestatefile" ]; then | |
29 | echo "Could not create temporary file." | |
30 | exit 1 | |
31 | fi | |
32 | ||
33 | SWTPM_CMD_UNIX_PATH=${tpmstatedir}/unix-cmd.sock | |
34 | SWTPM_CTRL_UNIX_PATH=${tpmstatedir}/unix-ctrl.sock | |
35 | SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse} | |
36 | ||
37 | function cleanup() | |
38 | { | |
39 | pid=${SWTPM_PID} | |
40 | if [ -n "$pid" ]; then | |
47c7ea77 | 41 | kill_quiet -9 $pid |
01aa2ed3 SB |
42 | fi |
43 | rm -rf $migpwdfile $volatilestatefile $tpmstatedir | |
44 | } | |
45 | ||
46 | trap "cleanup" EXIT | |
47 | ||
313cf75c SB |
48 | [ "${SWTPM_INTERFACE}" == cuse ] && source ${TESTDIR}/test_cuse |
49 | source ${TESTDIR}/common | |
01aa2ed3 SB |
50 | |
51 | # make a backup of the volatile state | |
52 | export TPM_PATH=$tpmstatedir | |
313cf75c | 53 | cp ${TESTDIR}/data/tpmstate1/* $TPM_PATH |
01aa2ed3 | 54 | |
a39f098f SB |
55 | run_swtpm ${SWTPM_INTERFACE} \ |
56 | --migration-key pwdfile=$migpwdfile,remove=false,kdf=sha512 | |
01aa2ed3 | 57 | |
100317d5 | 58 | display_processes_by_name "$SWTPM" |
01aa2ed3 | 59 | |
47c7ea77 | 60 | kill_quiet -0 ${SWTPM_PID} |
01aa2ed3 SB |
61 | if [ $? -ne 0 ]; then |
62 | echo "Error: ${SWTPM_INTERFACE} TPM did not start." | |
63 | exit 1 | |
64 | fi | |
65 | ||
66 | # Init the TPM | |
67 | run_swtpm_ioctl ${SWTPM_INTERFACE} -i | |
68 | if [ $? -ne 0 ]; then | |
69 | echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed." | |
70 | exit 1 | |
71 | fi | |
72 | ||
47c7ea77 | 73 | kill_quiet -0 ${SWTPM_PID} 2>/dev/null |
01aa2ed3 SB |
74 | if [ $? -ne 0 ]; then |
75 | echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT." | |
76 | exit 1 | |
77 | fi | |
78 | ||
79 | # Read PCR 10 | |
80 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 | |
81 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') | |
82 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' | |
83 | if [ "$RES" != "$exp" ]; then | |
84 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" | |
85 | echo "expected: $exp" | |
86 | echo "received: $RES" | |
87 | exit 1 | |
88 | fi | |
89 | ||
90 | # Assert physical presence | |
91 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 | |
92 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20') | |
93 | exp=' 00 c4 00 00 00 0a 00 00 00 00' | |
94 | if [ "$RES" != "$exp" ]; then | |
95 | echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)" | |
96 | echo "expected: $exp" | |
97 | echo "received: $RES" | |
98 | exit 1 | |
99 | fi | |
100 | ||
101 | # Create a big NVRAM Area with 4000 bytes (0xfa0) | |
102 | tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01' | |
103 | tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
104 | tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01' | |
105 | tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
106 | tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f' | |
107 | tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | |
108 | tmp+='\x00\x00\x00\x00\x00' | |
109 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 | |
110 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} $tmp) | |
111 | exp=' 00 c4 00 00 00 0a 00 00 00 00' | |
112 | if [ "$RES" != "$exp" ]; then | |
113 | echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()" | |
114 | echo "expected: $exp" | |
115 | echo "received: $RES" | |
116 | exit 1 | |
117 | fi | |
118 | ||
119 | # Save the volatile state into a file | |
120 | run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $volatilestatefile | |
121 | if [ $? -ne 0 ]; then | |
122 | echo "Error: Could not save the volatile state to ${volatilestatefile}." | |
123 | exit 1 | |
124 | fi | |
125 | if [ ! -r $volatilestatefile ]; then | |
126 | echo "Error: Volatile state file $volatilestatefile does not exist." | |
127 | exit 1 | |
128 | fi | |
129 | ||
130 | #ls -l $volatilestatefile | |
0f648eda | 131 | size=$(get_filesize $volatilestatefile) |
638bd3ba | 132 | expsize=1324 |
01aa2ed3 SB |
133 | if [ $size -ne $expsize ]; then |
134 | echo "Error: Unexpected size of volatile state file." | |
135 | echo " Expected file with size of $expsize, found $size bytes." | |
136 | exit 1 | |
137 | fi | |
138 | ||
01aa2ed3 SB |
139 | tmp=$(run_swtpm_ioctl ${SWTPM_INTERFACE} -g | cut -d":" -f2) |
140 | if [ $? -ne 0 ]; then | |
141 | echo "Error: Could not get the configration flags of the ${SWTPM_INTERFACE} TPM." | |
142 | exit 1 | |
143 | fi | |
144 | ||
145 | if [ "$tmp" != " 0x2" ]; then | |
146 | echo "Error: Unexpected configuration flags: $tmp; expected 0x2." | |
147 | exit 1 | |
148 | fi | |
149 | ||
150 | # Shut the TPM down | |
151 | exec 100>&- | |
152 | run_swtpm_ioctl ${SWTPM_INTERFACE} -s | |
153 | ||
154 | echo "Test 1: Ok" | |
155 | ||
156 | # Start the vTPM again and load the encrypted volatile state into it | |
a39f098f SB |
157 | run_swtpm ${SWTPM_INTERFACE} \ |
158 | --migration-key pwdfile=$migpwdfile,remove=false,kdf=sha512 | |
01aa2ed3 | 159 | |
100317d5 | 160 | display_processes_by_name "$SWTPM" |
01aa2ed3 | 161 | |
47c7ea77 | 162 | kill_quiet -0 ${SWTPM_PID} |
01aa2ed3 SB |
163 | if [ $? -ne 0 ]; then |
164 | echo "Error: ${SWTPM_INTERFACE} TPM did not start." | |
165 | exit 1 | |
166 | fi | |
167 | ||
168 | # Do NOT init the TPM now; first load volatile state | |
169 | ||
170 | # load the encrypted volatile state into it | |
171 | run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile | |
172 | if [ $? -ne 0 ]; then | |
173 | echo "Error: Could not load encrypted volatile state into TPM." | |
174 | exit 1 | |
175 | fi | |
176 | ||
177 | # Now init the TPM | |
178 | run_swtpm_ioctl ${SWTPM_INTERFACE} -i | |
179 | if [ $? -ne 0 ]; then | |
180 | echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed." | |
181 | exit 1 | |
182 | fi | |
183 | ||
184 | # Read PCR 10 | |
185 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 | |
186 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') | |
187 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' | |
188 | if [ "$RES" != "$exp" ]; then | |
189 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" | |
190 | echo "expected: $exp" | |
191 | echo "received: $RES" | |
192 | exit 1 | |
193 | fi | |
194 | ||
195 | # Shut the TPM down | |
196 | exec 100>&- | |
197 | run_swtpm_ioctl ${SWTPM_INTERFACE} -s | |
198 | if [ $? -ne 0 ]; then | |
199 | echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." | |
200 | exit 1 | |
201 | fi | |
202 | ||
203 | echo "Test 2: Ok" | |
204 | ||
205 | ||
206 | # Start the vTPM again and load the encrypted volatile state into it | |
207 | # This time we make this fail since we don't provide the migration key | |
208 | run_swtpm ${SWTPM_INTERFACE} | |
209 | ||
100317d5 | 210 | display_processes_by_name "$SWTPM" |
01aa2ed3 | 211 | |
47c7ea77 | 212 | kill_quiet -0 ${SWTPM_PID} |
01aa2ed3 SB |
213 | if [ $? -ne 0 ]; then |
214 | echo "Error: ${SWTPM_INTERFACE} TPM did not start." | |
215 | exit 1 | |
216 | fi | |
217 | ||
218 | # Do NOT init the TPM now; first load volatile state | |
219 | ||
220 | # load the encrypted volatile state into it | |
a31a26ea SB |
221 | # This will not work; the TPM writes the data into the volatile state file |
222 | # and validates it | |
f759520c | 223 | ERR=$(run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $volatilestatefile 2>&1) |
a31a26ea SB |
224 | if [ $? -eq 0 ]; then |
225 | echo "Error: Could load encrypted volatile state into TPM." | |
01aa2ed3 SB |
226 | exit 1 |
227 | fi | |
f759520c SB |
228 | exp="TPM result from PTM_SET_STATEBLOB: 0xd" |
229 | if [ "$ERR" != "$exp" ]; then | |
230 | echo "Error: Unexpected error message" | |
231 | echo "Received: $ERR" | |
232 | echo "Expected: $exp" | |
233 | exit 1 | |
234 | fi | |
01aa2ed3 | 235 | |
01aa2ed3 SB |
236 | run_swtpm_ioctl ${SWTPM_INTERFACE} -s |
237 | if [ $? -ne 0 ]; then | |
238 | echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." | |
239 | exit 1 | |
240 | fi | |
241 | ||
242 | echo "Test 3: Ok" | |
243 | ||
244 | # In this test we now feed it an encrypted volatile state | |
245 | ||
246 | # Start the vTPM again and load the encrypted volatile state into it | |
a39f098f SB |
247 | run_swtpm ${SWTPM_INTERFACE} \ |
248 | --migration-key pwdfile=$migpwdfile,remove=true,kdf=sha512 | |
01aa2ed3 | 249 | |
100317d5 | 250 | display_processes_by_name "$SWTPM" |
01aa2ed3 | 251 | |
47c7ea77 | 252 | kill_quiet -0 ${SWTPM_PID} |
01aa2ed3 SB |
253 | if [ $? -ne 0 ]; then |
254 | echo "Error: ${SWTPM_INTERFACE} TPM did not start." | |
255 | exit 1 | |
256 | fi | |
257 | ||
258 | # load the encrypted volatile state into it | |
259 | run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $VOLATILESTATE | |
260 | if [ $? -ne 0 ]; then | |
261 | echo "Error: Could not load encrypted volatile state into TPM." | |
262 | exit 1 | |
263 | fi | |
264 | ||
265 | # Now init the TPM; this must work | |
266 | run_swtpm_ioctl ${SWTPM_INTERFACE} -i | |
267 | if [ $? -ne 0 ]; then | |
268 | echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM." | |
269 | exit 1 | |
270 | fi | |
271 | ||
272 | # Read PCR 10 | |
273 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 | |
274 | RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a') | |
275 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' | |
276 | if [ "$RES" != "$exp" ]; then | |
277 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" | |
278 | echo "expected: $exp" | |
279 | echo "received: $RES" | |
280 | exit 1 | |
281 | fi | |
282 | ||
283 | # Shut the TPM down | |
284 | exec 100>&- | |
285 | run_swtpm_ioctl ${SWTPM_INTERFACE} -s | |
286 | if [ $? -ne 0 ]; then | |
287 | echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM." | |
288 | exit 1 | |
289 | fi | |
290 | ||
291 | echo "Test 4: Ok" |