[swtpm.git] / tests / _test_tpm2_save_load_encrypted_state

#!/bin/bash

# For the license, see the LICENSE file in the root directory.
#set -x

ROOT=${abs_top_builddir:-$(pwd)/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}

VTPM_NAME="${VTPM_NAME:-vtpm-test-tpm2-save-load-encrypted-state}"
SWTPM_DEV_NAME="/dev/${VTPM_NAME}"
export TPM_PATH="$(mktemp -d)" || exit 1
STATE_FILE=$TPM_PATH/tpm2-00.permall
VOLATILE_STATE_FILE=$TPM_PATH/tpm2-00.volatilestate
KEY=1234567890abcdef1234567890abcdef
MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate
MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent
SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse}
SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock
SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock

keyfile="$(mktemp)" || exit 1
logfile="$(mktemp)" || exit 1
echo "$KEY" > $keyfile

function cleanup()
{
	pid=${SWTPM_PID}
	if [ -n "$pid" ]; then
		kill_quiet -9 $pid
	fi
	rm -f $keyfile $logfile
	rm -rf $TPM_PATH
}

trap "cleanup" EXIT

[ "${SWTPM_INTERFACE}" == "cuse" ] && source ${TESTDIR}/test_cuse
source ${TESTDIR}/common

rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null

run_swtpm ${SWTPM_INTERFACE} \
	--key file=$keyfile,mode=aes-cbc,format=hex \
	--log file=$logfile \
	--tpm2

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Init the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM initialization failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

kill_quiet -0 ${SWTPM_PID} 2>/dev/null
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Startup the TPM (SU_CLEAR)
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x0c\x00\x00\x01\x44\x00\x00')
exp=' 80 01 00 00 00 0a 00 00 00 00'
if [ "$RES" != "$exp" ]; then
	echo "Error: Did not get expected result from TPM2_Startup(SU_Clear)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234
if [ $? -ne 0 ]; then
	echo "Error: Could not hash the data."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Read PCR 17
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
if [ "$RES" != "$exp" ]; then
	echo "Error: (1) Did not get expected result from TPM2_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} --save permanent $MY_PERMANENT_STATE_FILE
if [ $? -ne 0 ]; then
	echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
if [ ! -r $MY_PERMANENT_STATE_FILE ]; then
	echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
echo "Saved permanent state."

run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $MY_VOLATILE_STATE_FILE
if [ $? -ne 0 ]; then
	echo "Error: Could not write volatile state file $MY_PERMANENT_STATE_FILE."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
if [ ! -r $MY_VOLATILE_STATE_FILE ]; then
	echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
echo "Saved volatile state."

#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*

# we will use our own volatile state
rm -f $VOLATILE_STATE_FILE $STATE_FILE

# Stop the TPM; this will not shut it down
run_swtpm_ioctl ${SWTPM_INTERFACE} --stop

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error (2): ${SWTPM_INTERFACE} TPM is not running anymore."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# load state into the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} --load permanent $MY_PERMANENT_STATE_FILE
if [ $? -ne 0 ]; then
	echo "Could not load permanent state into vTPM"
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
echo "Loaded permanent state."

run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $MY_VOLATILE_STATE_FILE
if [ $? -ne 0 ]; then
	echo "Could not load volatile state into vTPM"
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
echo "Loaded volatile state."

#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*

# Init the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "TPM Init failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Volatile state must have been removed by TPM now
if [ -r $VOLATILE_STATE_FILE ]; then
	echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Read the PCR again ...
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
if [ "$RES" != "$exp" ]; then
	echo "Error: (2) Did not get expected result from TPM2_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

# Save the volatile state again
run_swtpm_ioctl ${SWTPM_INTERFACE} -v
if [ $? -ne 0 ]; then
	echo "Error: Could not have the ${SWTPM_INTERFACE} TPM write the volatile state to a file."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
if [ ! -r $VOLATILE_STATE_FILE ]; then
	echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Send a new TPM_Init
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM initialization failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Volatile state must have been removed by TPM now
if [ -r $VOLATILE_STATE_FILE ]; then
	echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Read the PCR again ...
RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
if [ "$RES" != "$exp" ]; then
	echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
	echo "expected: $exp"
	echo "received: $RES"
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

echo "Test 1: Ok"

# This time start we start the TPM with a wrong state encryption key
# (key used as password) and try to start it. It has to fail and
# the state must not have been modified.

# volatile state file does not exist
sha1_volatile=$(get_sha1_file "${VOLATILE_STATE_FILE}")
sha1_permanent=$(get_sha1_file "${STATE_FILE}")
echo "sha1(volatile) : $sha1_volatile"
echo "sha1(permanent): $sha1_permanent"

run_swtpm ${SWTPM_INTERFACE} \
	--key pwdfile=$keyfile \
	--log file=$logfile \
	--tpm2

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Init the TPM
ERR="$(run_swtpm_ioctl ${SWTPM_INTERFACE} -i 2>&1)"
if [ $? -eq 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM initialization should have failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi
exp="TPM result from PTM_INIT: 0x101"
if [ "$ERR" != "$exp" ]; then
	echo "Error: Unexpected error message"
	echo "Received: $ERR"
	echo "Expected: $exp"
	exit 1
fi

kill_quiet -0 ${SWTPM_PID} 2>/dev/null
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after failed INIT."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if [ "${sha1_volatile}" != "$(get_sha1_file "${VOLATILE_STATE_FILE}")" ]; then
	echo "Error: Volatile state file was modified during failed init."
	exit 1
fi

if [ "${sha1_permanent}" != "$(get_sha1_file "${STATE_FILE}")" ]; then
	echo "Error: Permanent state file was modified during failed init."
	exit 1
fi

run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# shut it down

echo "Test 2: Ok"

# This time start we start the TPM with a wrong state encryption key
# (key used as password) and try to start it. It has to fail and
# the state must not have been modified.

# volatile state file does not exist
sha1_volatile=$(get_sha1_file "${VOLATILE_STATE_FILE}")
sha1_permanent=$(get_sha1_file "${STATE_FILE}")
echo "sha1(volatile) : $sha1_volatile"
echo "sha1(permanent): $sha1_permanent"

# we need a 256bit key
echo "${KEY}${KEY}" > $keyfile

run_swtpm ${SWTPM_INTERFACE} \
	--key pwdfile=$keyfile,mode=aes-256-cbc \
	--log file=$logfile \
	--tpm2

display_processes_by_name "$SWTPM"

kill_quiet -0 ${SWTPM_PID}
if [ $? -ne 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

# Init the TPM
run_swtpm_ioctl ${SWTPM_INTERFACE} -i
if [ $? -eq 0 ]; then
	echo "Error: ${SWTPM_INTERFACE} TPM initialization should have failed."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if ! wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after failed INIT."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if [ "${sha1_volatile}" != "$(get_sha1_file "${VOLATILE_STATE_FILE}")" ]; then
	echo "Error: Volatile state file was modified during failed init."
	exit 1
fi

if [ "${sha1_permanent}" != "$(get_sha1_file "${STATE_FILE}")" ]; then
	echo "Error: Permanent state file was modified during failed init."
	exit 1
fi

echo "Test 3: Ok"

# Final shut down
run_swtpm_ioctl ${SWTPM_INTERFACE} -s
if [ $? -ne 0 ]; then
	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if wait_process_gone ${SWTPM_PID} 4; then
	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

if [ ! -e $STATE_FILE ]; then
	echo "Error: TPM state file $STATE_FILE does not exist."
	echo "TPM Logfile:"
	cat $logfile
	exit 1
fi

echo "OK"

exit 0
Commit	Line	Data
75d33931 SB	1	#!/bin/bash
	2
	3	# For the license, see the LICENSE file in the root directory.
	4	#set -x
	5
313cf75c SB	6	ROOT=${abs_top_builddir:-$(pwd)/..}
	7	TESTDIR=${abs_top_testdir:-$(dirname "$0")}
	8
75d33931 SB	9	VTPM_NAME="${VTPM_NAME:-vtpm-test-tpm2-save-load-encrypted-state}"
75d33931 SB	10	SWTPM_DEV_NAME="/dev/${VTPM_NAME}"
cce7503c	11	export TPM_PATH="$(mktemp -d)" \|\| exit 1
75d33931 SB	12	STATE_FILE=$TPM_PATH/tpm2-00.permall
	13	VOLATILE_STATE_FILE=$TPM_PATH/tpm2-00.volatilestate
	14	KEY=1234567890abcdef1234567890abcdef
	15	MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate
	16	MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent
	17	SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse}
	18	SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock
	19	SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock
	20
cce7503c SB	21	keyfile="$(mktemp)" \|\| exit 1
cce7503c SB	22	logfile="$(mktemp)" \|\| exit 1
75d33931 SB	23	echo "$KEY" > $keyfile
	24
	25	function cleanup()
	26	{
	27	pid=${SWTPM_PID}
	28	if [ -n "$pid" ]; then
47c7ea77	29	kill_quiet -9 $pid
75d33931 SB	30	fi
	31	rm -f $keyfile $logfile
	32	rm -rf $TPM_PATH
	33	}
	34
	35	trap "cleanup" EXIT
	36
313cf75c SB	37	[ "${SWTPM_INTERFACE}" == "cuse" ] && source ${TESTDIR}/test_cuse
313cf75c SB	38	source ${TESTDIR}/common
75d33931 SB	39
	40	rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null
	41
	42	run_swtpm ${SWTPM_INTERFACE} \
	43	--key file=$keyfile,mode=aes-cbc,format=hex \
	44	--log file=$logfile \
	45	--tpm2
	46
100317d5	47	display_processes_by_name "$SWTPM"
75d33931	48
47c7ea77	49	kill_quiet -0 ${SWTPM_PID}
75d33931 SB	50	if [ $? -ne 0 ]; then
	51	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	52	echo "TPM Logfile:"
	53	cat $logfile
	54	exit 1
	55	fi
	56
	57	# Init the TPM
	58	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	59	if [ $? -ne 0 ]; then
	60	echo "Error: ${SWTPM_INTERFACE} TPM initialization failed."
	61	echo "TPM Logfile:"
	62	cat $logfile
	63	exit 1
	64	fi
	65
47c7ea77	66	kill_quiet -0 ${SWTPM_PID} 2>/dev/null
75d33931 SB	67	if [ $? -ne 0 ]; then
	68	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
	69	echo "TPM Logfile:"
	70	cat $logfile
	71	exit 1
	72	fi
	73
	74	# Startup the TPM (SU_CLEAR)
75d33931 SB	75	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x0c\x00\x00\x01\x44\x00\x00')
	76	exp=' 80 01 00 00 00 0a 00 00 00 00'
	77	if [ "$RES" != "$exp" ]; then
	78	echo "Error: Did not get expected result from TPM2_Startup(SU_Clear)"
	79	echo "expected: $exp"
	80	echo "received: $RES"
	81	exit 1
	82	fi
	83
	84	run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234
	85	if [ $? -ne 0 ]; then
	86	echo "Error: Could not hash the data."
	87	echo "TPM Logfile:"
	88	cat $logfile
	89	exit 1
	90	fi
	91
	92	# Read PCR 17
75d33931	93	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
497febc2	94	exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
75d33931 SB	95	if [ "$RES" != "$exp" ]; then
	96	echo "Error: (1) Did not get expected result from TPM2_PCRRead(17)"
	97	echo "expected: $exp"
	98	echo "received: $RES"
	99	exit 1
	100	fi
	101
	102	run_swtpm_ioctl ${SWTPM_INTERFACE} --save permanent $MY_PERMANENT_STATE_FILE
	103	if [ $? -ne 0 ]; then
	104	echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE."
	105	echo "TPM Logfile:"
	106	cat $logfile
	107	exit 1
	108	fi
	109	if [ ! -r $MY_PERMANENT_STATE_FILE ]; then
	110	echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist."
	111	echo "TPM Logfile:"
	112	cat $logfile
	113	exit 1
	114	fi
	115	echo "Saved permanent state."
	116
	117	run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $MY_VOLATILE_STATE_FILE
	118	if [ $? -ne 0 ]; then
	119	echo "Error: Could not write volatile state file $MY_PERMANENT_STATE_FILE."
	120	echo "TPM Logfile:"
	121	cat $logfile
	122	exit 1
	123	fi
	124	if [ ! -r $MY_VOLATILE_STATE_FILE ]; then
	125	echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist."
	126	echo "TPM Logfile:"
	127	cat $logfile
	128	exit 1
	129	fi
	130	echo "Saved volatile state."
	131
f759520c SB	132	#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
f759520c SB	133	#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*
75d33931 SB	134
	135	# we will use our own volatile state
	136	rm -f $VOLATILE_STATE_FILE $STATE_FILE
	137
	138	# Stop the TPM; this will not shut it down
75d33931 SB	139	run_swtpm_ioctl ${SWTPM_INTERFACE} --stop
75d33931 SB	140
47c7ea77	141	kill_quiet -0 ${SWTPM_PID}
75d33931 SB	142	if [ $? -ne 0 ]; then
	143	echo "Error (2): ${SWTPM_INTERFACE} TPM is not running anymore."
	144	echo "TPM Logfile:"
	145	cat $logfile
	146	exit 1
	147	fi
	148
	149	# load state into the TPM
	150	run_swtpm_ioctl ${SWTPM_INTERFACE} --load permanent $MY_PERMANENT_STATE_FILE
	151	if [ $? -ne 0 ]; then
	152	echo "Could not load permanent state into vTPM"
	153	echo "TPM Logfile:"
	154	cat $logfile
	155	exit 1
	156	fi
	157	echo "Loaded permanent state."
	158
	159	run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $MY_VOLATILE_STATE_FILE
	160	if [ $? -ne 0 ]; then
	161	echo "Could not load volatile state into vTPM"
	162	echo "TPM Logfile:"
	163	cat $logfile
	164	exit 1
	165	fi
	166	echo "Loaded volatile state."
	167
	168	#ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
	169	#sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*
	170
	171	# Init the TPM
	172	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	173	if [ $? -ne 0 ]; then
	174	echo "TPM Init failed."
	175	echo "TPM Logfile:"
	176	cat $logfile
	177	exit 1
	178	fi
	179
	180	# Volatile state must have been removed by TPM now
	181	if [ -r $VOLATILE_STATE_FILE ]; then
	182	echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
	183	echo "TPM Logfile:"
	184	cat $logfile
	185	exit 1
	186	fi
	187
	188	# Read the PCR again ...
75d33931	189	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
497febc2	190	exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
75d33931 SB	191	if [ "$RES" != "$exp" ]; then
	192	echo "Error: (2) Did not get expected result from TPM2_PCRRead(17)"
	193	echo "expected: $exp"
	194	echo "received: $RES"
	195	exit 1
	196	fi
	197
	198	# Save the volatile state again
	199	run_swtpm_ioctl ${SWTPM_INTERFACE} -v
	200	if [ $? -ne 0 ]; then
	201	echo "Error: Could not have the ${SWTPM_INTERFACE} TPM write the volatile state to a file."
	202	echo "TPM Logfile:"
	203	cat $logfile
	204	exit 1
	205	fi
	206	if [ ! -r $VOLATILE_STATE_FILE ]; then
	207	echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist."
	208	echo "TPM Logfile:"
	209	cat $logfile
	210	exit 1
	211	fi
	212
	213	# Send a new TPM_Init
	214	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	215	if [ $? -ne 0 ]; then
	216	echo "Error: ${SWTPM_INTERFACE} TPM initialization failed."
	217	echo "TPM Logfile:"
	218	cat $logfile
	219	exit 1
	220	fi
	221
	222	# Volatile state must have been removed by TPM now
	223	if [ -r $VOLATILE_STATE_FILE ]; then
	224	echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
	225	echo "TPM Logfile:"
	226	cat $logfile
	227	exit 1
	228	fi
	229
	230	# Read the PCR again ...
75d33931	231	RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
497febc2	232	exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
75d33931 SB	233	if [ "$RES" != "$exp" ]; then
	234	echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
	235	echo "expected: $exp"
	236	echo "received: $RES"
	237	exit 1
	238	fi
	239
	240	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	241	if [ $? -ne 0 ]; then
	242	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	243	echo "TPM Logfile:"
	244	cat $logfile
	245	exit 1
	246	fi
75d33931	247
45d2d092	248	if wait_process_gone ${SWTPM_PID} 4; then
75d33931 SB	249	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	250	echo "TPM Logfile:"
	251	cat $logfile
	252	exit 1
	253	fi
	254
	255	echo "Test 1: Ok"
	256
	257	# This time start we start the TPM with a wrong state encryption key
	258	# (key used as password) and try to start it. It has to fail and
	259	# the state must not have been modified.
	260
	261	# volatile state file does not exist
	262	sha1_volatile=$(get_sha1_file "${VOLATILE_STATE_FILE}")
	263	sha1_permanent=$(get_sha1_file "${STATE_FILE}")
f759520c SB	264	echo "sha1(volatile) : $sha1_volatile"
f759520c SB	265	echo "sha1(permanent): $sha1_permanent"
75d33931 SB	266
	267	run_swtpm ${SWTPM_INTERFACE} \
	268	--key pwdfile=$keyfile \
	269	--log file=$logfile \
	270	--tpm2
	271
100317d5	272	display_processes_by_name "$SWTPM"
75d33931	273
47c7ea77	274	kill_quiet -0 ${SWTPM_PID}
75d33931 SB	275	if [ $? -ne 0 ]; then
	276	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	277	echo "TPM Logfile:"
	278	cat $logfile
	279	exit 1
	280	fi
	281
	282	# Init the TPM
f759520c	283	ERR="$(run_swtpm_ioctl ${SWTPM_INTERFACE} -i 2>&1)"
75d33931 SB	284	if [ $? -eq 0 ]; then
	285	echo "Error: ${SWTPM_INTERFACE} TPM initialization should have failed."
	286	echo "TPM Logfile:"
	287	cat $logfile
	288	exit 1
	289	fi
f759520c SB	290	exp="TPM result from PTM_INIT: 0x101"
	291	if [ "$ERR" != "$exp" ]; then
	292	echo "Error: Unexpected error message"
	293	echo "Received: $ERR"
	294	echo "Expected: $exp"
	295	exit 1
	296	fi
75d33931	297
47c7ea77	298	kill_quiet -0 ${SWTPM_PID} 2>/dev/null
75d33931 SB	299	if [ $? -ne 0 ]; then
	300	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after failed INIT."
	301	echo "TPM Logfile:"
	302	cat $logfile
	303	exit 1
	304	fi
	305
	306	if [ "${sha1_volatile}" != "$(get_sha1_file "${VOLATILE_STATE_FILE}")" ]; then
	307	echo "Error: Volatile state file was modified during failed init."
	308	exit 1
	309	fi
	310
	311	if [ "${sha1_permanent}" != "$(get_sha1_file "${STATE_FILE}")" ]; then
	312	echo "Error: Permanent state file was modified during failed init."
	313	exit 1
	314	fi
	315
71d9581a SB	316	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	317	if [ $? -ne 0 ]; then
	318	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	319	echo "TPM Logfile:"
	320	cat $logfile
	321	exit 1
	322	fi
	323
45d2d092	324	if wait_process_gone ${SWTPM_PID} 4; then
71d9581a SB	325	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	326	echo "TPM Logfile:"
	327	cat $logfile
	328	exit 1
	329	fi
	330
	331	# shut it down
	332
75d33931 SB	333	echo "Test 2: Ok"
75d33931 SB	334
71d9581a SB	335	# This time start we start the TPM with a wrong state encryption key
	336	# (key used as password) and try to start it. It has to fail and
	337	# the state must not have been modified.
	338
	339	# volatile state file does not exist
	340	sha1_volatile=$(get_sha1_file "${VOLATILE_STATE_FILE}")
	341	sha1_permanent=$(get_sha1_file "${STATE_FILE}")
f759520c SB	342	echo "sha1(volatile) : $sha1_volatile"
f759520c SB	343	echo "sha1(permanent): $sha1_permanent"
71d9581a SB	344
	345	# we need a 256bit key
	346	echo "${KEY}${KEY}" > $keyfile
	347
	348	run_swtpm ${SWTPM_INTERFACE} \
	349	--key pwdfile=$keyfile,mode=aes-256-cbc \
	350	--log file=$logfile \
	351	--tpm2
	352
100317d5	353	display_processes_by_name "$SWTPM"
71d9581a SB	354
	355	kill_quiet -0 ${SWTPM_PID}
	356	if [ $? -ne 0 ]; then
	357	echo "Error: ${SWTPM_INTERFACE} TPM did not start."
	358	echo "TPM Logfile:"
	359	cat $logfile
	360	exit 1
	361	fi
	362
	363	# Init the TPM
	364	run_swtpm_ioctl ${SWTPM_INTERFACE} -i
	365	if [ $? -eq 0 ]; then
	366	echo "Error: ${SWTPM_INTERFACE} TPM initialization should have failed."
	367	echo "TPM Logfile:"
	368	cat $logfile
	369	exit 1
	370	fi
	371
45d2d092	372	if ! wait_process_gone ${SWTPM_PID} 4; then
71d9581a SB	373	echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after failed INIT."
	374	echo "TPM Logfile:"
	375	cat $logfile
	376	exit 1
	377	fi
	378
	379	if [ "${sha1_volatile}" != "$(get_sha1_file "${VOLATILE_STATE_FILE}")" ]; then
	380	echo "Error: Volatile state file was modified during failed init."
	381	exit 1
	382	fi
	383
	384	if [ "${sha1_permanent}" != "$(get_sha1_file "${STATE_FILE}")" ]; then
	385	echo "Error: Permanent state file was modified during failed init."
	386	exit 1
	387	fi
	388
	389	echo "Test 3: Ok"
	390
75d33931	391	# Final shut down
75d33931 SB	392	run_swtpm_ioctl ${SWTPM_INTERFACE} -s
	393	if [ $? -ne 0 ]; then
	394	echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
	395	echo "TPM Logfile:"
	396	cat $logfile
	397	exit 1
	398	fi
75d33931	399
45d2d092	400	if wait_process_gone ${SWTPM_PID} 4; then
75d33931 SB	401	echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
	402	echo "TPM Logfile:"
	403	cat $logfile
	404	exit 1
	405	fi
	406
	407	if [ ! -e $STATE_FILE ]; then
	408	echo "Error: TPM state file $STATE_FILE does not exist."
	409	echo "TPM Logfile:"
	410	cat $logfile
	411	exit 1
	412	fi
	413
	414	echo "OK"
	415
	416	exit 0