[swtpm.git] / tests / _test_tpm2_save_load_encrypted_state

#!/bin/bash

# For the license, see the LICENSE file in the root directory.
#set -x

ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

VTPM_NAME="${VTPM_NAME:-vtpm-test-tpm2-save-load-encrypted-state}"
SWTPM_DEV_NAME="/dev/${VTPM_NAME}"
export TPM_PATH=$(mktemp -d)
STATE_FILE=$TPM_PATH/tpm2-00.permall
VOLATILE_STATE_FILE=$TPM_PATH/tpm2-00.volatilestate
KEY=1234567890abcdef1234567890abcdef
MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate
MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent
SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse}
SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock
SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock

keyfile=$(mktemp)
logfile=$(mktemp)
echo "$KEY" > $keyfile

function cleanup()
{
	pid=${SWTPM_PID}
	if [ -n "$pid" ]; then
		kill_quiet -9 $pid
	fi
	rm -f $keyfile $logfile
	rm -rf $TPM_PATH
}

trap "cleanup" EXIT

[ "${SWTPM_INTERFACE}" == "cuse" ] && source ${TESTDIR}/test_cuse
source ${TESTDIR}/common

rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null

run_swtpm ${SWTPM_INTERFACE} \
	--key file=$keyfile,mode=aes-cbc,format=hex \
	--log file=$logfile \
	--tpm2

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Init the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM initialization failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

kill_quiet -0 ${SWTPM_PID} 2>/dev/null
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Startup the TPM (SU_CLEAR)
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x0c\x00\x00\x01\x44\x00\x00')
exp=' 80 01 00 00 00 0a 00 00 00 00'
if [ "$RES" != "$exp" ]; then
	echo "Error: Did not get expected result from TPM2_Startup(SU_Clear)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234
if [ $? -ne 0 ]; then
	echo "Error: Could not hash the data."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Read PCR 17
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM2_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} --save permanent $MY_PERMANENT_STATE_FILE
if [ $? -ne 0 ]; then
	echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
if [ ! -r $MY_PERMANENT_STATE_FILE ]; then
	echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
echo "Saved permanent state."

run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $MY_VOLATILE_STATE_FILE
if [ $? -ne 0 ]; then
	echo "Error: Could not write volatile state file $MY_PERMANENT_STATE_FILE."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
if [ ! -r $MY_VOLATILE_STATE_FILE ]; then
	echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
echo "Saved volatile state."

#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*

# we will use our own volatile state
rm -f $VOLATILE_STATE_FILE $STATE_FILE

# Stop the TPM; this will not shut it down
exec 100>&-
run_swtpm_ioctl ${SWTPM_INTERFACE} --stop

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error (2): ${SWTPM_INTERFACE} TPM is not running anymore."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# load state into the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} --load permanent $MY_PERMANENT_STATE_FILE
if [ $? -ne 0 ]; then
	echo "Could not load permanent state into vTPM"
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
echo "Loaded permanent state."

run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $MY_VOLATILE_STATE_FILE
if [ $? -ne 0 ]; then
	echo "Could not load volatile state into vTPM"
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
echo "Loaded volatile state."

#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*

# Init the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "TPM Init failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Volatile state must have been removed by TPM now
if [ -r $VOLATILE_STATE_FILE ]; then
	echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Read the PCR again ...
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
if [ "$RES" != "$exp" ]; then
	echo "Error: (2) Did not get expected result from TPM2_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Save the volatile state again
run_swtpm_ioctl ${SWTPM_INTERFACE} -v
if [ $? -ne 0 ]; then
	echo "Error: Could not have the ${SWTPM_INTERFACE} TPM write the volatile state to a file."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
if [ ! -r $VOLATILE_STATE_FILE ]; then
	echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Send a new TPM_Init
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM initialization failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Volatile state must have been removed by TPM now
if [ -r $VOLATILE_STATE_FILE ]; then
	echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Read the PCR again ...
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
if [ "$RES" != "$exp" ]; then
	echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

echo "Test 1: Ok"

# This time start we start the TPM with a wrong state encryption key
# (key used as password) and try to start it. It has to fail and
# the state must not have been modified.

# volatile state file does not exist
sha1_volatile=$(get_sha1_file "${VOLATILE_STATE_FILE}")
sha1_permanent=$(get_sha1_file "${STATE_FILE}")
echo "sha1(volatile) : $sha1_volatile"
echo "sha1(permanent): $sha1_permanent"

run_swtpm ${SWTPM_INTERFACE} \
	--key pwdfile=$keyfile \
	--log file=$logfile \
	--tpm2

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Init the TPM
ERR="$(run_swtpm_ioctl ${SWTPM_INTERFACE} -i 2>&1)"
if [ $? -eq 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM initialization should have failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
exp="TPM result from PTM_INIT: 0x101"
if [ "$ERR" != "$exp" ]; then
	echo "Error: Unexpected error message"
	echo "Received: $ERR"
	echo "Expected: $exp"
	exit 1
fi

kill_quiet -0 ${SWTPM_PID} 2>/dev/null
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after failed INIT."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if [ "${sha1_volatile}" != "$(get_sha1_file "${VOLATILE_STATE_FILE}")" ]; then
	echo "Error: Volatile state file was modified during failed init."
	exit 1
fi

if [ "${sha1_permanent}" != "$(get_sha1_file "${STATE_FILE}")" ]; then
	echo "Error: Permanent state file was modified during failed init."
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# shut it down

echo "Test 2: Ok"

# This time start we start the TPM with a wrong state encryption key
# (key used as password) and try to start it. It has to fail and
# the state must not have been modified.

# volatile state file does not exist
sha1_volatile=$(get_sha1_file "${VOLATILE_STATE_FILE}")
sha1_permanent=$(get_sha1_file "${STATE_FILE}")
echo "sha1(volatile) : $sha1_volatile"
echo "sha1(permanent): $sha1_permanent"

# we need a 256bit key
echo "${KEY}${KEY}" > $keyfile

run_swtpm ${SWTPM_INTERFACE} \
	--key pwdfile=$keyfile,mode=aes-256-cbc \
	--log file=$logfile \
	--tpm2

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Init the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -eq 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM initialization should have failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if ! wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after failed INIT."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if [ "${sha1_volatile}" != "$(get_sha1_file "${VOLATILE_STATE_FILE}")" ]; then
	echo "Error: Volatile state file was modified during failed init."
	exit 1
fi

if [ "${sha1_permanent}" != "$(get_sha1_file "${STATE_FILE}")" ]; then
	echo "Error: Permanent state file was modified during failed init."
	exit 1
fi

echo "Test 3: Ok"

# Final shut down
exec 100>&-
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if [ ! -e $STATE_FILE ]; then
	echo "Error: TPM state file $STATE_FILE does not exist."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

echo "OK"

exit 0
Commit	Line	Data
75d33931 SB	1	#!/bin/bash
	2
	3	# For the license, see the LICENSE file in the root directory.
	4	#set -x
	5
313cf75c SB	6	ROOT=${abs_top_builddir:-$(pwd)/..}
	7	TESTDIR=${abs_top_testdir:-$(dirname "$0")}
	8
75d33931 SB	9	VTPM_NAME="${VTPM_NAME:-vtpm-test-tpm2-save-load-encrypted-state}"
	10	SWTPM_DEV_NAME="/dev/${VTPM_NAME}"
	11	export TPM_PATH=$(mktemp -d)
	12	STATE_FILE=$TPM_PATH/tpm2-00.permall
	13	VOLATILE_STATE_FILE=$TPM_PATH/tpm2-00.volatilestate
	14	KEY=1234567890abcdef1234567890abcdef
	15	MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate
	16	MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent
	17	SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse}
	18	SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock
	19	SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock
	20
	21	keyfile=$(mktemp)
	22	logfile=$(mktemp)
	23	echo "$KEY" > $keyfile
	24
	25	function cleanup()
	26	{
	27	pid=${SWTPM_PID}
	28	if [ -n "$pid" ]; then
47c7ea77	29	kill_quiet -9 $pid
75d33931 SB	30	fi
	31	rm -f $keyfile $logfile
	32	rm -rf $TPM_PATH
	33	}
	34
	35	trap "cleanup" EXIT
	36
313cf75c SB	37	[ "${SWTPM_INTERFACE}" == "cuse" ] && source ${TESTDIR}/test_cuse
313cf75c SB	38	source ${TESTDIR}/common
75d33931 SB	39
	40	rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null
	41
	42	run_swtpm ${SWTPM_INTERFACE} \
	43	--key file=$keyfile,mode=aes-cbc,format=hex \
	44	--log file=$logfile \
	45	--tpm2
	46
100317d5	47	display_processes_by_name "$SWTPM"
75d33931	48
47c7ea77	49	kill_quiet -0 ${SWTPM_PID}
75d33931 SB	50	if [ $? -ne 0 ]; then
	51	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	52	echo "TPM Logfile:"
	53	cat $logfile
	54	exit 1
	55	fi
	56
	57	# Init the TPM
	58	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	59	if [ $? -ne 0 ]; then
	60	echo "Error: ${SWTPM_INTERFACE} TPM initialization failed."
	61	echo "TPM Logfile:"
	62	cat $logfile
	63	exit 1
	64	fi
	65
47c7ea77	66	kill_quiet -0 ${SWTPM_PID} 2>/dev/null
75d33931 SB	67	if [ $? -ne 0 ]; then
	68	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
	69	echo "TPM Logfile:"
	70	cat $logfile
	71	exit 1
	72	fi
	73
	74	# Startup the TPM (SU_CLEAR)
	75	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	76	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x0c\x00\x00\x01\x44\x00\x00')
	77	exp=' 80 01 00 00 00 0a 00 00 00 00'
	78	if [ "$RES" != "$exp" ]; then
	79	echo "Error: Did not get expected result from TPM2_Startup(SU_Clear)"
	80	echo "expected: $exp"
	81	echo "received: $RES"
	82	exit 1
	83	fi
	84
	85	run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234
	86	if [ $? -ne 0 ]; then
	87	echo "Error: Could not hash the data."
	88	echo "TPM Logfile:"
	89	cat $logfile
	90	exit 1
	91	fi
	92
	93	# Read PCR 17
	94	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	95	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
497febc2	96	exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
75d33931 SB	97	if [ "$RES" != "$exp" ]; then
	98	echo "Error: (1) Did not get expected result from TPM2_PCRRead(17)"
	99	echo "expected: $exp"
	100	echo "received: $RES"
	101	exit 1
	102	fi
	103
	104	run_swtpm_ioctl ${SWTPM_INTERFACE} --save permanent $MY_PERMANENT_STATE_FILE
	105	if [ $? -ne 0 ]; then
	106	echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE."
	107	echo "TPM Logfile:"
	108	cat $logfile
	109	exit 1
	110	fi
	111	if [ ! -r $MY_PERMANENT_STATE_FILE ]; then
	112	echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist."
	113	echo "TPM Logfile:"
	114	cat $logfile
	115	exit 1
	116	fi
	117	echo "Saved permanent state."
	118
	119	run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $MY_VOLATILE_STATE_FILE
	120	if [ $? -ne 0 ]; then
	121	echo "Error: Could not write volatile state file $MY_PERMANENT_STATE_FILE."
	122	echo "TPM Logfile:"
	123	cat $logfile
	124	exit 1
	125	fi
	126	if [ ! -r $MY_VOLATILE_STATE_FILE ]; then
	127	echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist."
	128	echo "TPM Logfile:"
	129	cat $logfile
	130	exit 1
	131	fi
	132	echo "Saved volatile state."
	133
f759520c SB	134	#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
f759520c SB	135	#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*
75d33931 SB	136
	137	# we will use our own volatile state
	138	rm -f $VOLATILE_STATE_FILE $STATE_FILE
	139
	140	# Stop the TPM; this will not shut it down
	141	exec 100>&-
	142	run_swtpm_ioctl ${SWTPM_INTERFACE} --stop
	143
47c7ea77	144	kill_quiet -0 ${SWTPM_PID}
75d33931 SB	145	if [ $? -ne 0 ]; then
	146	echo "Error (2): ${SWTPM_INTERFACE} TPM is not running anymore."
	147	echo "TPM Logfile:"
	148	cat $logfile
	149	exit 1
	150	fi
	151
	152	# load state into the TPM
	153	run_swtpm_ioctl ${SWTPM_INTERFACE} --load permanent $MY_PERMANENT_STATE_FILE
	154	if [ $? -ne 0 ]; then
	155	echo "Could not load permanent state into vTPM"
	156	echo "TPM Logfile:"
	157	cat $logfile
	158	exit 1
	159	fi
	160	echo "Loaded permanent state."
	161
	162	run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $MY_VOLATILE_STATE_FILE
	163	if [ $? -ne 0 ]; then
	164	echo "Could not load volatile state into vTPM"
	165	echo "TPM Logfile:"
	166	cat $logfile
	167	exit 1
	168	fi
	169	echo "Loaded volatile state."
	170
	171	#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
	172	#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*
	173
	174	# Init the TPM
	175	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	176	if [ $? -ne 0 ]; then
	177	echo "TPM Init failed."
	178	echo "TPM Logfile:"
	179	cat $logfile
	180	exit 1
	181	fi
	182
	183	# Volatile state must have been removed by TPM now
	184	if [ -r $VOLATILE_STATE_FILE ]; then
	185	echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
	186	echo "TPM Logfile:"
	187	cat $logfile
	188	exit 1
	189	fi
	190
	191	# Read the PCR again ...
	192	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	193	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
497febc2	194	exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
75d33931 SB	195	if [ "$RES" != "$exp" ]; then
	196	echo "Error: (2) Did not get expected result from TPM2_PCRRead(17)"
	197	echo "expected: $exp"
	198	echo "received: $RES"
	199	exit 1
	200	fi
	201
	202	# Save the volatile state again
	203	run_swtpm_ioctl ${SWTPM_INTERFACE} -v
	204	if [ $? -ne 0 ]; then
	205	echo "Error: Could not have the ${SWTPM_INTERFACE} TPM write the volatile state to a file."
	206	echo "TPM Logfile:"
	207	cat $logfile
	208	exit 1
	209	fi
	210	if [ ! -r $VOLATILE_STATE_FILE ]; then
	211	echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist."
	212	echo "TPM Logfile:"
	213	cat $logfile
	214	exit 1
	215	fi
	216
	217	# Send a new TPM_Init
	218	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	219	if [ $? -ne 0 ]; then
	220	echo "Error: ${SWTPM_INTERFACE} TPM initialization failed."
	221	echo "TPM Logfile:"
	222	cat $logfile
	223	exit 1
	224	fi
	225
	226	# Volatile state must have been removed by TPM now
	227	if [ -r $VOLATILE_STATE_FILE ]; then
	228	echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
	229	echo "TPM Logfile:"
	230	cat $logfile
	231	exit 1
	232	fi
	233
	234	# Read the PCR again ...
	235	swtpm_open_cmddev ${SWTPM_INTERFACE} 100
	236	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
497febc2	237	exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
75d33931 SB	238	if [ "$RES" != "$exp" ]; then
	239	echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
	240	echo "expected: $exp"
	241	echo "received: $RES"
	242	exit 1
	243	fi
	244
	245	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	246	if [ $? -ne 0 ]; then
	247	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	248	echo "TPM Logfile:"
	249	cat $logfile
	250	exit 1
	251	fi
75d33931	252
45d2d092	253	if wait_process_gone ${SWTPM_PID} 4; then
75d33931 SB	254	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	255	echo "TPM Logfile:"
	256	cat $logfile
	257	exit 1
	258	fi
	259
	260	echo "Test 1: Ok"
	261
	262	# This time start we start the TPM with a wrong state encryption key
	263	# (key used as password) and try to start it. It has to fail and
	264	# the state must not have been modified.
	265
	266	# volatile state file does not exist
	267	sha1_volatile=$(get_sha1_file "${VOLATILE_STATE_FILE}")
	268	sha1_permanent=$(get_sha1_file "${STATE_FILE}")
f759520c SB	269	echo "sha1(volatile) : $sha1_volatile"
f759520c SB	270	echo "sha1(permanent): $sha1_permanent"
75d33931 SB	271
	272	run_swtpm ${SWTPM_INTERFACE} \
	273	--key pwdfile=$keyfile \
	274	--log file=$logfile \
	275	--tpm2
	276
100317d5	277	display_processes_by_name "$SWTPM"
75d33931	278
47c7ea77	279	kill_quiet -0 ${SWTPM_PID}
75d33931 SB	280	if [ $? -ne 0 ]; then
	281	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	282	echo "TPM Logfile:"
	283	cat $logfile
	284	exit 1
	285	fi
	286
	287	# Init the TPM
f759520c	288	ERR="$(run_swtpm_ioctl ${SWTPM_INTERFACE} -i 2>&1)"
75d33931 SB	289	if [ $? -eq 0 ]; then
	290	echo "Error: ${SWTPM_INTERFACE} TPM initialization should have failed."
	291	echo "TPM Logfile:"
	292	cat $logfile
	293	exit 1
	294	fi
f759520c SB	295	exp="TPM result from PTM_INIT: 0x101"
	296	if [ "$ERR" != "$exp" ]; then
	297	echo "Error: Unexpected error message"
	298	echo "Received: $ERR"
	299	echo "Expected: $exp"
	300	exit 1
	301	fi
75d33931	302
47c7ea77	303	kill_quiet -0 ${SWTPM_PID} 2>/dev/null
75d33931 SB	304	if [ $? -ne 0 ]; then
	305	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after failed INIT."
	306	echo "TPM Logfile:"
	307	cat $logfile
	308	exit 1
	309	fi
	310
	311	if [ "${sha1_volatile}" != "$(get_sha1_file "${VOLATILE_STATE_FILE}")" ]; then
	312	echo "Error: Volatile state file was modified during failed init."
	313	exit 1
	314	fi
	315
	316	if [ "${sha1_permanent}" != "$(get_sha1_file "${STATE_FILE}")" ]; then
	317	echo "Error: Permanent state file was modified during failed init."
	318	exit 1
	319	fi
	320
71d9581a SB	321	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	322	if [ $? -ne 0 ]; then
	323	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	324	echo "TPM Logfile:"
	325	cat $logfile
	326	exit 1
	327	fi
	328
45d2d092	329	if wait_process_gone ${SWTPM_PID} 4; then
71d9581a SB	330	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	331	echo "TPM Logfile:"
	332	cat $logfile
	333	exit 1
	334	fi
	335
	336	# shut it down
	337
75d33931 SB	338	echo "Test 2: Ok"
75d33931 SB	339
71d9581a SB	340	# This time start we start the TPM with a wrong state encryption key
	341	# (key used as password) and try to start it. It has to fail and
	342	# the state must not have been modified.
	343
	344	# volatile state file does not exist
	345	sha1_volatile=$(get_sha1_file "${VOLATILE_STATE_FILE}")
	346	sha1_permanent=$(get_sha1_file "${STATE_FILE}")
f759520c SB	347	echo "sha1(volatile) : $sha1_volatile"
f759520c SB	348	echo "sha1(permanent): $sha1_permanent"
71d9581a SB	349
	350	# we need a 256bit key
	351	echo "${KEY}${KEY}" > $keyfile
	352
	353	run_swtpm ${SWTPM_INTERFACE} \
	354	--key pwdfile=$keyfile,mode=aes-256-cbc \
	355	--log file=$logfile \
	356	--tpm2
	357
100317d5	358	display_processes_by_name "$SWTPM"
71d9581a SB	359
	360	kill_quiet -0 ${SWTPM_PID}
	361	if [ $? -ne 0 ]; then
	362	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	363	echo "TPM Logfile:"
	364	cat $logfile
	365	exit 1
	366	fi
	367
	368	# Init the TPM
	369	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	370	if [ $? -eq 0 ]; then
	371	echo "Error: ${SWTPM_INTERFACE} TPM initialization should have failed."
	372	echo "TPM Logfile:"
	373	cat $logfile
	374	exit 1
	375	fi
	376
45d2d092	377	if ! wait_process_gone ${SWTPM_PID} 4; then
71d9581a SB	378	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after failed INIT."
	379	echo "TPM Logfile:"
	380	cat $logfile
	381	exit 1
	382	fi
	383
	384	if [ "${sha1_volatile}" != "$(get_sha1_file "${VOLATILE_STATE_FILE}")" ]; then
	385	echo "Error: Volatile state file was modified during failed init."
	386	exit 1
	387	fi
	388
	389	if [ "${sha1_permanent}" != "$(get_sha1_file "${STATE_FILE}")" ]; then
	390	echo "Error: Permanent state file was modified during failed init."
	391	exit 1
	392	fi
	393
	394	echo "Test 3: Ok"
	395
75d33931 SB	396	# Final shut down
	397	exec 100>&-
	398	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	399	if [ $? -ne 0 ]; then
	400	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	401	echo "TPM Logfile:"
	402	cat $logfile
	403	exit 1
	404	fi
75d33931	405
45d2d092	406	if wait_process_gone ${SWTPM_PID} 4; then
75d33931 SB	407	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	408	echo "TPM Logfile:"
	409	cat $logfile
	410	exit 1
	411	fi
	412
	413	if [ ! -e $STATE_FILE ]; then
	414	echo "Error: TPM state file $STATE_FILE does not exist."
	415	echo "TPM Logfile:"
	416	cat $logfile
	417	exit 1
	418	fi
	419
	420	echo "OK"
	421
	422	exit 0