]>
Commit | Line | Data |
---|---|---|
8f0f381f | 1 | #!/usr/bin/env bash |
6852f6c8 SB |
2 | |
3 | # For the license, see the LICENSE file in the root directory. | |
4 | ||
31a595ae TL |
5 | if [ -e /run/lock/sbuild ]; then |
6 | echo "building in sbuild, avoid potential (unshare) problematic test" | |
7 | exit 77 | |
8 | fi | |
9 | ||
313cf75c SB |
10 | ROOT=${abs_top_builddir:-$(dirname "$0")/..} |
11 | TESTDIR=${abs_top_testdir:-$(dirname "$0")} | |
12 | ||
cce7503c | 13 | TPMDIR="$(mktemp -d)" || exit 1 |
a19a8683 SB |
14 | SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock |
15 | PID_FILE=$TPMDIR/swtpm.pid | |
16 | LOG_FILE=$TPMDIR/swtpm.log | |
6852f6c8 SB |
17 | CMD_PATH=$TPMDIR/cmd |
18 | RESP_PATH=$TPMDIR/resp | |
19 | ||
313cf75c | 20 | source ${TESTDIR}/test_common |
70f3e248 | 21 | |
6852f6c8 SB |
22 | trap "cleanup" SIGTERM EXIT |
23 | ||
24 | function cleanup() | |
25 | { | |
26 | rm -rf $TPMDIR | |
27 | if [ -n "$PID" ]; then | |
47c7ea77 | 28 | kill_quiet -SIGTERM $PID 2>/dev/null |
6852f6c8 SB |
29 | fi |
30 | } | |
31 | ||
a19a8683 SB |
32 | SWTPM_INTERFACE=socket+unix |
33 | SWTPM_SERVER_PORT=65430 | |
34 | SWTPM_SERVER_NAME=localhost | |
313cf75c | 35 | source ${TESTDIR}/common |
f1adde9f | 36 | skip_test_no_tpm12 "${SWTPM_EXE}" |
96066070 | 37 | |
1eef338e | 38 | # Test 1: test the control channel on the socket tpm |
6852f6c8 | 39 | |
bb0aa2ad SB |
40 | # OS X would not allow nobody to access the $TPMDIR easily; skip it |
41 | if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then | |
bb0aa2ad | 42 | FILEOWNER="$(id -u nobody) $(id -G nobody | cut -d" " -f1)" |
8d70fd4a SB |
43 | RUNAS="--runas nobody" |
44 | chown nobody $TPMDIR | |
45 | if [ $? -ne 0 ]; then | |
46 | echo "Error: Could not change ownership of $TPMDIR" | |
47 | exit 1 | |
48 | fi | |
bb0aa2ad SB |
49 | fi |
50 | ||
f487473c SB |
51 | if [[ "$(uname -s)" =~ CYGWIN_NT- ]]; then |
52 | FILEMODE=661 | |
53 | else | |
54 | FILEMODE=621 | |
55 | fi | |
56 | ||
acdf48b0 SB |
57 | case "$(uname -s)" in |
58 | FreeBSD) | |
59 | kldload pty | |
60 | ;; | |
61 | esac | |
62 | ||
6852f6c8 | 63 | # use a pseudo terminal |
76545232 SB |
64 | if [ -c /dev/ptmx ]; then |
65 | exec 100<>/dev/ptmx | |
66 | elif [ -c /dev/ptm ]; then | |
67 | exec 100<>/dev/ptm | |
68 | else | |
69 | echo "Could not find chardev for opening file descriptor." | |
70 | exit 1 | |
71 | fi | |
19a8cdd6 SB |
72 | |
73 | case $(uname -s) in | |
129c6b5b | 74 | Linux|CYGWIN_NT-|Darwin) |
19a8cdd6 SB |
75 | PIDPARAM="fd=101" |
76 | exec 101<>$PID_FILE | |
77 | ;; | |
78 | *) | |
79 | PIDPARAM="file=$PID_FILE" | |
80 | ;; | |
81 | esac | |
82 | ||
1eef338e | 83 | $SWTPM_EXE socket \ |
89d85f9a SB |
84 | --fd 100 \ |
85 | --tpmstate dir=$TPMDIR \ | |
19a8cdd6 | 86 | --pid $PIDPARAM \ |
bb0aa2ad | 87 | --ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH,mode=${FILEMODE}${FOWNER} \ |
8d70fd4a | 88 | --log file=$LOG_FILE,level=20 \ |
930c7ba1 | 89 | $RUNAS \ |
743b4d1b SB |
90 | --daemon \ |
91 | ${SWTPM_TEST_SECCOMP_OPT} | |
a19a8683 | 92 | exec 100>&- |
19a8cdd6 | 93 | exec 101>&- |
a19a8683 | 94 | |
743b4d1b SB |
95 | |
96 | if [ ! -f $PID_FILE ]; then | |
1eef338e | 97 | echo "Error: Socket TPM did not write pidfile." |
6852f6c8 SB |
98 | exit 1 |
99 | fi | |
100 | ||
743b4d1b | 101 | PID=$(cat "$PID_FILE") |
6852f6c8 | 102 | |
6852f6c8 | 103 | # Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01 |
a19a8683 | 104 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')" |
9e786a3a | 105 | if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then |
6fbb219d | 106 | exp=" 00 00 00 00 00 01 7f ff" |
1d92a4df | 107 | else |
6fbb219d | 108 | exp=" 00 00 00 00 00 01 6f ff" |
1d92a4df | 109 | fi |
6852f6c8 SB |
110 | if [ "$res" != "$exp" ]; then |
111 | echo "Error: Unexpected response from CMD_GET_CAPABILITY:" | |
112 | echo " actual : $res" | |
113 | echo " expected: $exp" | |
114 | exit 1 | |
115 | fi | |
116 | ||
f487473c SB |
117 | filemode=$(get_filemode $SWTPM_CTRL_UNIX_PATH) |
118 | if [ "$filemode" != "$FILEMODE" ]; then | |
119 | echo "Filemode bits are wrong" | |
120 | echo "Expected: $FILEMODE" | |
121 | echo "Actual : $filemode" | |
122 | exit 1 | |
123 | fi | |
124 | ||
bb0aa2ad SB |
125 | fileowner=$(get_fileowner $SWTPM_CTRL_UNIX_PATH) |
126 | if [ -n "$FILEOWNER" ] && [ "$fileowner" != "$FILEOWNER" ]; then | |
127 | echo "File ownership is wrong" | |
128 | echo "Expected: $FILEOWNER" | |
129 | echo "Actual : $fileowner" | |
130 | exit 1 | |
131 | fi | |
132 | ||
804e7472 | 133 | # Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags |
a19a8683 | 134 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')" |
804e7472 SB |
135 | exp=" 00 00 00 00" |
136 | if [ "$res" != "$exp" ]; then | |
137 | echo "Error: Unexpected response from CMD_INIT:" | |
138 | echo " actual : $res" | |
139 | echo " expected: $exp" | |
140 | exit 1 | |
141 | fi | |
142 | ||
143 | # Send unknown command to the TPM | |
a19a8683 | 144 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')" |
804e7472 SB |
145 | exp=" 00 00 00 0a" |
146 | if [ "$res" != "$exp" ]; then | |
147 | echo "Error: Unexpected response from sending unsupported command:" | |
148 | echo " actual : $res" | |
149 | echo " expected: $exp" | |
150 | exit 1 | |
151 | fi | |
152 | ||
03e00991 | 153 | # Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a |
a19a8683 | 154 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')" |
03e00991 SB |
155 | exp=" 00 00 00 00" |
156 | if [ "$res" != "$exp" ]; then | |
157 | echo "Error: Unexpected response from CMD_STORE_VOLATILE:" | |
158 | echo " actual : $res" | |
159 | echo " expected: $exp" | |
160 | exit 1 | |
161 | fi | |
162 | ||
163 | if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then | |
164 | echo "Error: Socket TPM: Did not write volatile state file" | |
165 | exit 1 | |
166 | fi | |
167 | ||
8f387d55 | 168 | # Send stop command to the TPM: CMD_STOP = 00 00 00 0e |
a19a8683 | 169 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')" |
f56a0cd2 SB |
170 | exp=" 00 00 00 00" |
171 | if [ "$res" != "$exp" ]; then | |
172 | echo "Error: Socket TPM: Unexpected response from CMD_STOP:" | |
173 | echo " actual : $res" | |
174 | echo " expected: $exp" | |
175 | exit 1 | |
176 | fi | |
177 | ||
8f387d55 | 178 | # Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f |
a19a8683 | 179 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')" |
f56a0cd2 SB |
180 | exp=" 00 00 00 00 00 00 00 00" |
181 | if [ "$res" != "$exp" ]; then | |
182 | echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:" | |
183 | echo " actual : $res" | |
184 | echo " expected: $exp" | |
185 | exit 1 | |
186 | fi | |
187 | ||
8d70fd4a SB |
188 | # To enable coverage of the above running as non-root we change the .gcda |
189 | # files' ownership with this small hack | |
190 | if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then | |
191 | find $ROOT -name *.gcda -exec chown nobody {} \; | |
192 | fi | |
193 | ||
804e7472 | 194 | # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03 |
a19a8683 | 195 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')" |
804e7472 SB |
196 | exp=" 00 00 00 00" |
197 | if [ "$res" != "$exp" ]; then | |
198 | echo "Error: Unexpected response from CMD_SHUTDOWN:" | |
199 | echo " actual : $res" | |
200 | echo " expected: $exp" | |
201 | exit 1 | |
202 | fi | |
203 | ||
ead37845 SB |
204 | if wait_file_gone $PID_FILE 2; then |
205 | echo "Error: TPM should have removed PID file by now." | |
804e7472 SB |
206 | exit 1 |
207 | fi | |
208 | ||
45d2d092 | 209 | if wait_process_gone ${PID} 4; then |
ead37845 | 210 | echo "Error: TPM should not be running anymore." |
804e7472 SB |
211 | exit 1 |
212 | fi | |
213 | ||
89d85f9a SB |
214 | check_logfile_patterns_level_20 $LOG_FILE |
215 | rm -f $LOG_FILE | |
216 | ||
6852f6c8 SB |
217 | echo "OK" |
218 | ||
9ddc6998 SB |
219 | # Test 2: test the control channel on the socket tpm |
220 | ||
f56a0cd2 SB |
221 | # There are a few more tests here that require sending commands to the TPM |
222 | ||
9ddc6998 | 223 | # use a pseudo terminal |
a19a8683 | 224 | run_swtpm ${SWTPM_INTERFACE} \ |
89d85f9a SB |
225 | --tpmstate dir=$TPMDIR \ |
226 | --pid file=$PID_FILE \ | |
8d70fd4a | 227 | --log file=$LOG_FILE \ |
695274e0 | 228 | --flags startup-clear \ |
8d70fd4a | 229 | $RUNAS |
01ad1d03 | 230 | PID=$SWTPM_PID |
9ddc6998 | 231 | |
90ae0c27 | 232 | if wait_for_file ${PID_FILE} 4; then |
9ddc6998 | 233 | echo "Error: Socket TPM did not write pidfile." |
a19a8683 | 234 | cat $LOG_FILE |
9ddc6998 SB |
235 | exit 1 |
236 | fi | |
237 | ||
01ad1d03 | 238 | validate_pidfile $PID $PID_FILE |
9ddc6998 | 239 | |
9ddc6998 | 240 | # Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01 |
a19a8683 | 241 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')" |
9e786a3a | 242 | if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then |
6fbb219d | 243 | exp=" 00 00 00 00 00 01 7f ff" |
1d92a4df | 244 | else |
6fbb219d | 245 | exp=" 00 00 00 00 00 01 6f ff" |
1d92a4df | 246 | fi |
9ddc6998 SB |
247 | if [ "$res" != "$exp" ]; then |
248 | echo "Error: Socket TPM: Unexpected response from CMD_GET_CAPABILITY:" | |
249 | echo " actual : $res" | |
250 | echo " expected: $exp" | |
251 | exit 1 | |
252 | fi | |
253 | ||
9ddc6998 | 254 | # Send unknown command to the TPM |
a19a8683 | 255 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')" |
9ddc6998 SB |
256 | exp=" 00 00 00 0a" |
257 | if [ "$res" != "$exp" ]; then | |
258 | echo "Error: Socket TPM: Unexpected response from sending unsupported command:" | |
259 | echo " actual : $res" | |
260 | echo " expected: $exp" | |
261 | exit 1 | |
262 | fi | |
263 | ||
695274e0 | 264 | # Startup the TPM; we use --flags startup-clear, so expect this to fail with error 0x26 (INVALID POST INIT) |
a19a8683 | 265 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')" |
695274e0 | 266 | exp=' 00 c4 00 00 00 0a 00 00 00 26' |
a19a8683 | 267 | if [ "$res" != "$exp" ]; then |
f56a0cd2 SB |
268 | echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" |
269 | echo "expected: $exp" | |
a19a8683 | 270 | echo "received: $res" |
f56a0cd2 SB |
271 | exit 1 |
272 | fi | |
273 | ||
03e00991 | 274 | # Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a |
a19a8683 | 275 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')" |
03e00991 SB |
276 | exp=" 00 00 00 00" |
277 | if [ "$res" != "$exp" ]; then | |
278 | echo "Error: Socket TPM: Unexpected response from CMD_STORE_VOLATILE:" | |
279 | echo " actual : $res" | |
280 | echo " expected: $exp" | |
281 | exit 1 | |
282 | fi | |
283 | ||
284 | if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then | |
285 | echo "Error: Socket TPM: Did not write volatile state file" | |
286 | exit 1 | |
287 | fi | |
288 | ||
f56a0cd2 | 289 | # 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04 |
a19a8683 | 290 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')" |
f56a0cd2 SB |
291 | exp=" 00 00 00 00 00 00 00 00" |
292 | if [ "$res" != "$exp" ]; then | |
293 | echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:" | |
294 | echo " actual : $res" | |
295 | echo " expected: $exp" | |
296 | exit 1 | |
297 | fi | |
298 | ||
299 | # 2. Send command to start HASH : CMD_HASH_START = 00 00 00 06 | |
a19a8683 | 300 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x06')" |
f56a0cd2 SB |
301 | exp=" 00 00 00 00" |
302 | if [ "$res" != "$exp" ]; then | |
303 | echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_START command:" | |
304 | echo " actual : $res" | |
305 | echo " expected: $exp" | |
306 | exit 1 | |
307 | fi | |
308 | ||
03e00991 SB |
309 | # 2.1. Send command to hash data : CMD_HASH_DATA = 00 00 00 07 uint32(length) data |
310 | # We send 0x100 null bytes | |
311 | echo -en '\x00\x00\x00\x07\x00\x00\x20\x00' > $CMD_PATH | |
312 | dd if=/dev/zero count=$((0x2000)) bs=1 >> $CMD_PATH 2>/dev/null | |
a19a8683 | 313 | socat -x -t10 FILE:$CMD_PATH,rdonly UNIX-CONNECT:$SWTPM_CTRL_UNIX_PATH 2>&1 | \ |
03e00991 SB |
314 | sed -n '/^ /p' | \ |
315 | tail -n1 > $RESP_PATH | |
316 | res="$(cat $RESP_PATH)" | |
317 | exp=" 00 00 00 00" | |
318 | if [ "$res" != "$exp" ]; then | |
319 | echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_DATA command:" | |
320 | echo " actual : $res" | |
321 | echo " expected: $exp" | |
322 | exit 1 | |
323 | fi | |
324 | ||
f56a0cd2 | 325 | # 3. Send command to end HASH : CMD_HASH_END = 00 00 00 08 |
a19a8683 | 326 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x08')" |
f56a0cd2 SB |
327 | exp=" 00 00 00 00" |
328 | if [ "$res" != "$exp" ]; then | |
329 | echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_END command:" | |
330 | echo " actual : $res" | |
331 | echo " expected: $exp" | |
332 | exit 1 | |
333 | fi | |
334 | ||
335 | # 4. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04 | |
a19a8683 | 336 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')" |
f56a0cd2 SB |
337 | exp=" 00 00 00 00 01 00 00 00" |
338 | if [ "$res" != "$exp" ]; then | |
339 | echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:" | |
340 | echo " actual : $res" | |
341 | echo " expected: $exp" | |
342 | exit 1 | |
343 | fi | |
344 | ||
345 | # 5. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03 | |
a19a8683 | 346 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0b\x03')" |
3488d25f SB |
347 | exp=" 00 00 00 00" |
348 | if [ "$res" != "$exp" ]; then | |
349 | echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:" | |
350 | echo " actual : $res" | |
351 | echo " expected: $exp" | |
352 | exit 1 | |
353 | fi | |
f56a0cd2 SB |
354 | |
355 | # 6. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04 | |
a19a8683 | 356 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')" |
3488d25f SB |
357 | exp=" 00 00 00 00 00 00 00 00" |
358 | if [ "$res" != "$exp" ]; then | |
359 | echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:" | |
360 | echo " actual : $res" | |
361 | echo " expected: $exp" | |
362 | exit 1 | |
363 | fi | |
f56a0cd2 SB |
364 | |
365 | # Read PCR 17 | |
a19a8683 | 366 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')" |
03e00991 | 367 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff' |
a19a8683 | 368 | if [ "$res" != "$exp" ]; then |
f56a0cd2 SB |
369 | echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" |
370 | echo "expected: $exp" | |
a19a8683 | 371 | echo "received: $res" |
f56a0cd2 SB |
372 | exit 1 |
373 | fi | |
374 | ||
aeee2dc8 | 375 | # Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c |
a19a8683 SB |
376 | # cmd | flags | type | offset | |
377 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')" | |
8f387d55 | 378 | # result | flags | totlength | length | |
27bf9db6 | 379 | exp=" 00 00 00 00 00 00 00 00 00 00 04 e5 00 00 04 e5" |
8f387d55 | 380 | if [ "${res:0:48}" != "$exp" ]; then |
aeee2dc8 | 381 | echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:" |
8f387d55 SB |
382 | echo " actual : $res" |
383 | echo " expected: $exp" | |
384 | exit 1 | |
385 | fi | |
f56a0cd2 | 386 | |
8f387d55 | 387 | # Send stop command to the TPM: CMD_STOP = 00 00 00 0e |
a19a8683 | 388 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')" |
f56a0cd2 SB |
389 | exp=" 00 00 00 00" |
390 | if [ "$res" != "$exp" ]; then | |
391 | echo "Error: Socket TPM: Unexpected response from CMD_STOP:" | |
392 | echo " actual : $res" | |
393 | echo " expected: $exp" | |
394 | exit 1 | |
395 | fi | |
396 | ||
397 | # Read PCR 17 -- should fail now | |
a19a8683 | 398 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')" |
f56a0cd2 | 399 | exp=' 00 c4 00 00 00 0a 00 00 00 09' |
a19a8683 | 400 | if [ "$res" != "$exp" ]; then |
f56a0cd2 SB |
401 | echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" |
402 | echo "expected: $exp" | |
a19a8683 | 403 | echo "received: $res" |
f56a0cd2 SB |
404 | exit 1 |
405 | fi | |
406 | ||
8f387d55 | 407 | # Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f |
a19a8683 | 408 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')" |
f56a0cd2 SB |
409 | exp=" 00 00 00 00 00 00 00 00" |
410 | if [ "$res" != "$exp" ]; then | |
411 | echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:" | |
412 | echo " actual : $res" | |
413 | echo " expected: $exp" | |
414 | exit 1 | |
415 | fi | |
416 | ||
6a2dd35b | 417 | # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03 |
a19a8683 | 418 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')" |
6a2dd35b SB |
419 | exp=" 00 00 00 00" |
420 | if [ "$res" != "$exp" ]; then | |
421 | echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:" | |
422 | echo " actual : $res" | |
423 | echo " expected: $exp" | |
424 | exit 1 | |
425 | fi | |
426 | ||
ead37845 SB |
427 | if wait_file_gone $PID_FILE 2; then |
428 | echo "Error: TPM should have removed PID file by now." | |
6a2dd35b SB |
429 | exit 1 |
430 | fi | |
431 | ||
45d2d092 | 432 | if wait_process_gone ${PID} 4; then |
ead37845 | 433 | echo "Error: Socket TPM should not be running anymore." |
6a2dd35b SB |
434 | exit 1 |
435 | fi | |
436 | ||
89d85f9a SB |
437 | # Expecting to see an error message for the unknown command |
438 | check_logfile_patterns_level_1 $LOG_FILE 1 | |
439 | rm -f $LOG_FILE | |
440 | ||
6a2dd35b SB |
441 | echo "OK" |
442 | ||
6a2dd35b SB |
443 | # Test 3: test the control channel on the socket tpm: resume encrypted state |
444 | ||
445 | # copy all the state files | |
313cf75c | 446 | cp ${TESTDIR}/data/tpmstate2/* ${TPMDIR} |
6a2dd35b | 447 | |
a19a8683 | 448 | run_swtpm ${SWTPM_INTERFACE} \ |
6a2dd35b SB |
449 | --tpmstate dir=$TPMDIR \ |
450 | --pid file=$PID_FILE \ | |
a39f098f | 451 | --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \ |
63ab6c3c | 452 | --log file=$LOG_FILE,level=20 \ |
a19a8683 | 453 | --flags not-need-init |
01ad1d03 | 454 | PID=$SWTPM_PID |
6a2dd35b | 455 | |
70f3e248 | 456 | if wait_for_file $PID_FILE 3; then |
6a2dd35b SB |
457 | echo "Error: Socket TPM did not write pidfile." |
458 | exit 1 | |
459 | fi | |
460 | ||
01ad1d03 | 461 | validate_pidfile $PID $PID_FILE |
6a2dd35b | 462 | |
6a2dd35b | 463 | # Read PCR 10 |
a19a8683 | 464 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')" |
6a2dd35b | 465 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' |
a19a8683 | 466 | if [ "$res" != "$exp" ]; then |
6a2dd35b SB |
467 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" |
468 | echo "expected: $exp" | |
a19a8683 | 469 | echo "received: $res" |
6a2dd35b SB |
470 | exit 1 |
471 | fi | |
472 | ||
aeee2dc8 | 473 | # Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c |
a19a8683 SB |
474 | # cmd | flags | type | offset | |
475 | vstate="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')" | |
6a2dd35b | 476 | # result | flags | totlength | length | |
638bd3ba | 477 | exp=" 00 00 00 00 00 00 00 02 00 00 05 22 00 00 05 22" |
6a2dd35b | 478 | if [ "${vstate:0:48}" != "$exp" ]; then |
aeee2dc8 | 479 | echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:" |
6a2dd35b SB |
480 | echo " actual : ${vstate:0:48}" |
481 | echo " expected: $exp" | |
482 | exit 1 | |
483 | fi | |
484 | ||
485 | # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03 | |
a19a8683 | 486 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')" |
6a2dd35b SB |
487 | exp=" 00 00 00 00" |
488 | if [ "$res" != "$exp" ]; then | |
489 | echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:" | |
490 | echo " actual : $res" | |
491 | echo " expected: $exp" | |
492 | exit 1 | |
493 | fi | |
494 | ||
ead37845 SB |
495 | if wait_file_gone $PID_FILE 2; then |
496 | echo "Error: TPM should have removed PID file by now." | |
6a2dd35b SB |
497 | exit 1 |
498 | fi | |
499 | ||
45d2d092 | 500 | if wait_process_gone ${PID} 4; then |
ead37845 | 501 | echo "Error: Socket TPM should not be running anymore." |
6a2dd35b SB |
502 | exit 1 |
503 | fi | |
504 | ||
89d85f9a SB |
505 | check_logfile_patterns_level_20 $LOG_FILE |
506 | rm -f $LOG_FILE | |
507 | ||
508 | echo "OK" | |
6a2dd35b SB |
509 | |
510 | # remove volatile state | |
511 | rm -f $TPMDIR/*.volatilestate | |
512 | ||
a19a8683 | 513 | run_swtpm ${SWTPM_INTERFACE} \ |
6a2dd35b SB |
514 | --tpmstate dir=$TPMDIR \ |
515 | --pid file=$PID_FILE \ | |
a39f098f | 516 | --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \ |
63ab6c3c | 517 | --log file=$LOG_FILE \ |
a19a8683 | 518 | --flags not-need-init |
01ad1d03 | 519 | PID=$SWTPM_PID |
6a2dd35b | 520 | |
70f3e248 | 521 | if wait_for_file $PID_FILE 3; then |
6a2dd35b SB |
522 | echo "Error: Socket TPM did not write pidfile." |
523 | exit 1 | |
524 | fi | |
525 | ||
01ad1d03 | 526 | validate_pidfile $PID $PID_FILE |
6a2dd35b | 527 | |
6a2dd35b | 528 | # Read PCR 10 -- this should fail now |
a19a8683 | 529 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')" |
6a2dd35b | 530 | exp=' 00 c4 00 00 00 0a 00 00 00 26' |
a19a8683 | 531 | if [ "$res" != "$exp" ]; then |
6a2dd35b SB |
532 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" |
533 | echo "expected: $exp" | |
a19a8683 | 534 | echo "received: $res" |
6a2dd35b SB |
535 | exit 1 |
536 | fi | |
537 | ||
6a2dd35b | 538 | # Send stop command to the TPM: CMD_STOP = 00 00 00 0e |
a19a8683 | 539 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')" |
6a2dd35b SB |
540 | exp=" 00 00 00 00" |
541 | if [ "$res" != "$exp" ]; then | |
542 | echo "Error: Socket TPM: Unexpected response from CMD_STOP:" | |
543 | echo " actual : $res" | |
544 | echo " expected: $exp" | |
545 | exit 1 | |
546 | fi | |
547 | ||
548 | # Send the volatile state to the TPM (while it is stopped) | |
549 | # | cmd | flags | type | | |
6a2dd35b SB |
550 | vstate=${vstate:48} |
551 | size=$((${#vstate} / 3)) | |
552 | size=$(printf "%08x" $size | sed 's/\([0-9a-f]\{2\}\)/\\x\1/g') | |
6a2dd35b | 553 | vstate=$(echo "${vstate}" | sed 's/ /\\x/g') |
a19a8683 | 554 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} "\x00\x00\x00\x0d\x00\x00\x00\x02\x00\x00\x00\x02${size}${vstate}")" |
6a2dd35b SB |
555 | exp=" 00 00 00 00" |
556 | if [ "$res" != "$exp" ]; then | |
aeee2dc8 | 557 | echo "Error: Socket TPM: Unexpected response from CMD_SET_STATEBLOB:" |
6a2dd35b SB |
558 | echo " actual : $res" |
559 | echo " expected: $exp" | |
560 | exit 1 | |
561 | fi | |
562 | ||
563 | # Send init command to the TPM: CMD_INIT = 00 00 00 02 | |
a19a8683 | 564 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')" |
6a2dd35b SB |
565 | exp=" 00 00 00 00" |
566 | if [ "$res" != "$exp" ]; then | |
567 | echo "Error: Socket TPM: Unexpected response from CMD_INIT:" | |
568 | echo " actual : $res" | |
569 | echo " expected: $exp" | |
570 | exit 1 | |
571 | fi | |
572 | ||
6a2dd35b | 573 | # Read PCR 10 -- has to return same result as before |
a19a8683 | 574 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')" |
6a2dd35b | 575 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' |
a19a8683 | 576 | if [ "$res" != "$exp" ]; then |
6a2dd35b SB |
577 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" |
578 | echo "expected: $exp" | |
a19a8683 | 579 | echo "received: $res" |
6a2dd35b SB |
580 | exit 1 |
581 | fi | |
582 | ||
492a635e | 583 | # Reset PCR 20 while in locality 0 -- should not work |
a19a8683 | 584 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')" |
492a635e | 585 | exp=' 00 c4 00 00 00 0a 00 00 00 33' |
a19a8683 | 586 | if [ "$res" != "$exp" ]; then |
492a635e SB |
587 | echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result" |
588 | echo "expected: $exp" | |
a19a8683 | 589 | echo "received: $res" |
492a635e SB |
590 | exit 1 |
591 | fi | |
592 | ||
593 | # In locality 2 we can reset PCR 20 | |
594 | # Set the localoty on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality> | |
a19a8683 | 595 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x05\x02')" |
492a635e SB |
596 | exp=" 00 00 00 00" |
597 | if [ "$res" != "$exp" ]; then | |
598 | echo "Error: Socket TPM: Unexpected response from CMD_SET_LOCALITY:" | |
599 | echo " actual : $res" | |
600 | echo " expected: $exp" | |
601 | exit 1 | |
602 | fi | |
603 | ||
604 | # Reset PCR 20 while in locality 2 -- has to work | |
a19a8683 | 605 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')" |
492a635e | 606 | exp=' 00 c4 00 00 00 0a 00 00 00 00' |
a19a8683 | 607 | if [ "$res" != "$exp" ]; then |
492a635e SB |
608 | echo "Error: Could not reset PCR 20 in locality 2" |
609 | echo "expected: $exp" | |
a19a8683 | 610 | echo "received: $res" |
492a635e SB |
611 | exit 1 |
612 | fi | |
613 | ||
9ddc6998 | 614 | # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03 |
a19a8683 | 615 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')" |
9ddc6998 SB |
616 | exp=" 00 00 00 00" |
617 | if [ "$res" != "$exp" ]; then | |
618 | echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:" | |
619 | echo " actual : $res" | |
620 | echo " expected: $exp" | |
621 | exit 1 | |
622 | fi | |
623 | ||
ead37845 SB |
624 | if wait_file_gone $PID_FILE 2; then |
625 | echo "Error: TPM should have removed PID file by now." | |
9ddc6998 SB |
626 | exit 1 |
627 | fi | |
628 | ||
45d2d092 | 629 | if wait_process_gone ${PID} 4; then |
ead37845 | 630 | echo "Error: Socket TPM should not be running anymore." |
9ddc6998 SB |
631 | exit 1 |
632 | fi | |
633 | ||
89d85f9a SB |
634 | # (Currently) expecting to see nothing in the log file |
635 | check_logfile_patterns_level_1 $LOG_FILE 0 | |
636 | rm -f $LOG_FILE | |
637 | ||
9ddc6998 SB |
638 | echo "OK" |
639 | ||
6852f6c8 | 640 | exit 0 |