]> git.proxmox.com Git - swtpm.git/blame - tests/test_ctrlchannel
projects / swtpm.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
packaging: track dbgsym package for swtpm-libs and swtpm-tools
[swtpm.git] / tests / test_ctrlchannel
CommitLineData
8f0f381f 1#!/usr/bin/env bash
6852f6c8
SB		 2
3# For the license, see the LICENSE file in the root directory.
4
31a595ae
TL		 5if [ -e /run/lock/sbuild ]; then
6 echo "building in sbuild, avoid potential (unshare) problematic test"
7 exit 77
8fi
9
313cf75c
SB		 10ROOT=${abs_top_builddir:-$(dirname "$0")/..}
11TESTDIR=${abs_top_testdir:-$(dirname "$0")}
12
cce7503c 13TPMDIR="$(mktemp -d)" || exit 1
a19a8683
SB		 14SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
15PID_FILE=$TPMDIR/swtpm.pid
16LOG_FILE=$TPMDIR/swtpm.log
6852f6c8
SB		 17CMD_PATH=$TPMDIR/cmd
18RESP_PATH=$TPMDIR/resp
19
313cf75c 20source ${TESTDIR}/test_common
70f3e248 21
6852f6c8
SB		 22trap "cleanup" SIGTERM EXIT
23
24function cleanup()
25{
26 rm -rf $TPMDIR
27 if [ -n "$PID" ]; then
47c7ea77 28 kill_quiet -SIGTERM $PID 2>/dev/null
6852f6c8
SB		 29 fi
30}
31
a19a8683
SB		 32SWTPM_INTERFACE=socket+unix
33SWTPM_SERVER_PORT=65430
34SWTPM_SERVER_NAME=localhost
313cf75c 35source ${TESTDIR}/common
f1adde9f 36skip_test_no_tpm12 "${SWTPM_EXE}"
96066070 37
1eef338e 38# Test 1: test the control channel on the socket tpm
6852f6c8 39
bb0aa2ad
SB		 40# OS X would not allow nobody to access the $TPMDIR easily; skip it
41if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
bb0aa2ad 42 FILEOWNER="$(id -u nobody) $(id -G nobody | cut -d" " -f1)"
8d70fd4a
SB		 43 RUNAS="--runas nobody"
44 chown nobody $TPMDIR
45 if [ $? -ne 0 ]; then
46 echo "Error: Could not change ownership of $TPMDIR"
47 exit 1
48 fi
bb0aa2ad
SB		 49fi
50
f487473c
SB		 51if [[ "$(uname -s)" =~ CYGWIN_NT- ]]; then
52 FILEMODE=661
53else
54 FILEMODE=621
55fi
56
acdf48b0
SB		 57case "$(uname -s)" in
58FreeBSD)
59 kldload pty
60 ;;
61esac
62
6852f6c8 63# use a pseudo terminal
76545232
SB		 64if [ -c /dev/ptmx ]; then
65 exec 100<>/dev/ptmx
66elif [ -c /dev/ptm ]; then
67 exec 100<>/dev/ptm
68else
69 echo "Could not find chardev for opening file descriptor."
70 exit 1
71fi
19a8cdd6
SB		 72
73case $(uname -s) in
129c6b5b 74Linux|CYGWIN_NT-|Darwin)
19a8cdd6
SB		 75 PIDPARAM="fd=101"
76 exec 101<>$PID_FILE
77 ;;
78*)
79 PIDPARAM="file=$PID_FILE"
80 ;;
81esac
82
1eef338e 83$SWTPM_EXE socket \
89d85f9a
SB		 84 --fd 100 \
85 --tpmstate dir=$TPMDIR \
19a8cdd6 86 --pid $PIDPARAM \
bb0aa2ad 87 --ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH,mode=${FILEMODE}${FOWNER} \
8d70fd4a 88 --log file=$LOG_FILE,level=20 \
930c7ba1 89 $RUNAS \
743b4d1b
SB		 90 --daemon \
91 ${SWTPM_TEST_SECCOMP_OPT}
a19a8683 92exec 100>&-
19a8cdd6 93exec 101>&-
a19a8683 94
743b4d1b
SB		 95
96if [ ! -f $PID_FILE ]; then
1eef338e 97 echo "Error: Socket TPM did not write pidfile."
6852f6c8
SB		 98 exit 1
99fi
100
743b4d1b 101PID=$(cat "$PID_FILE")
6852f6c8 102
6852f6c8 103# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
a19a8683 104res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
9e786a3a 105if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
6fbb219d 106 exp=" 00 00 00 00 00 01 7f ff"
1d92a4df 107else
6fbb219d 108 exp=" 00 00 00 00 00 01 6f ff"
1d92a4df 109fi
6852f6c8
SB		 110if [ "$res" != "$exp" ]; then
111 echo "Error: Unexpected response from CMD_GET_CAPABILITY:"
112 echo " actual : $res"
113 echo " expected: $exp"
114 exit 1
115fi
116
f487473c
SB		 117filemode=$(get_filemode $SWTPM_CTRL_UNIX_PATH)
118if [ "$filemode" != "$FILEMODE" ]; then
119 echo "Filemode bits are wrong"
120 echo "Expected: $FILEMODE"
121 echo "Actual : $filemode"
122 exit 1
123fi
124
bb0aa2ad
SB		 125fileowner=$(get_fileowner $SWTPM_CTRL_UNIX_PATH)
126if [ -n "$FILEOWNER" ] && [ "$fileowner" != "$FILEOWNER" ]; then
127 echo "File ownership is wrong"
128 echo "Expected: $FILEOWNER"
129 echo "Actual : $fileowner"
130 exit 1
131fi
132
804e7472 133# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
a19a8683 134res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
804e7472
SB		 135exp=" 00 00 00 00"
136if [ "$res" != "$exp" ]; then
137 echo "Error: Unexpected response from CMD_INIT:"
138 echo " actual : $res"
139 echo " expected: $exp"
140 exit 1
141fi
142
143# Send unknown command to the TPM
a19a8683 144res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
804e7472
SB		 145exp=" 00 00 00 0a"
146if [ "$res" != "$exp" ]; then
147 echo "Error: Unexpected response from sending unsupported command:"
148 echo " actual : $res"
149 echo " expected: $exp"
150 exit 1
151fi
152
03e00991 153# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
a19a8683 154res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
03e00991
SB		 155exp=" 00 00 00 00"
156if [ "$res" != "$exp" ]; then
157 echo "Error: Unexpected response from CMD_STORE_VOLATILE:"
158 echo " actual : $res"
159 echo " expected: $exp"
160 exit 1
161fi
162
163if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
164 echo "Error: Socket TPM: Did not write volatile state file"
165 exit 1
166fi
167
8f387d55 168# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
a19a8683 169res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
f56a0cd2
SB		 170exp=" 00 00 00 00"
171if [ "$res" != "$exp" ]; then
172 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
173 echo " actual : $res"
174 echo " expected: $exp"
175 exit 1
176fi
177
8f387d55 178# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
a19a8683 179res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
f56a0cd2
SB		 180exp=" 00 00 00 00 00 00 00 00"
181if [ "$res" != "$exp" ]; then
182 echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
183 echo " actual : $res"
184 echo " expected: $exp"
185 exit 1
186fi
187
8d70fd4a
SB		 188# To enable coverage of the above running as non-root we change the .gcda
189# files' ownership with this small hack
190if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
191 find $ROOT -name *.gcda -exec chown nobody {} \;
192fi
193
804e7472 194# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
a19a8683 195res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
804e7472
SB		 196exp=" 00 00 00 00"
197if [ "$res" != "$exp" ]; then
198 echo "Error: Unexpected response from CMD_SHUTDOWN:"
199 echo " actual : $res"
200 echo " expected: $exp"
201 exit 1
202fi
203
ead37845
SB		 204if wait_file_gone $PID_FILE 2; then
205 echo "Error: TPM should have removed PID file by now."
804e7472
SB		 206 exit 1
207fi
208
45d2d092 209if wait_process_gone ${PID} 4; then
ead37845 210 echo "Error: TPM should not be running anymore."
804e7472
SB		 211 exit 1
212fi
213
89d85f9a
SB		 214check_logfile_patterns_level_20 $LOG_FILE
215rm -f $LOG_FILE
216
6852f6c8
SB		 217echo "OK"
218
9ddc6998
SB		 219# Test 2: test the control channel on the socket tpm
220
f56a0cd2
SB		 221# There are a few more tests here that require sending commands to the TPM
222
9ddc6998 223# use a pseudo terminal
a19a8683 224run_swtpm ${SWTPM_INTERFACE} \
89d85f9a
SB		 225 --tpmstate dir=$TPMDIR \
226 --pid file=$PID_FILE \
8d70fd4a 227 --log file=$LOG_FILE \
695274e0 228 --flags startup-clear \
8d70fd4a 229 $RUNAS
01ad1d03 230PID=$SWTPM_PID
9ddc6998 231
90ae0c27 232if wait_for_file ${PID_FILE} 4; then
9ddc6998 233 echo "Error: Socket TPM did not write pidfile."
a19a8683 234 cat $LOG_FILE
9ddc6998
SB		 235 exit 1
236fi
237
01ad1d03 238validate_pidfile $PID $PID_FILE
9ddc6998 239
9ddc6998 240# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
a19a8683 241res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
9e786a3a 242if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
6fbb219d 243 exp=" 00 00 00 00 00 01 7f ff"
1d92a4df 244else
6fbb219d 245 exp=" 00 00 00 00 00 01 6f ff"
1d92a4df 246fi
9ddc6998
SB		 247if [ "$res" != "$exp" ]; then
248 echo "Error: Socket TPM: Unexpected response from CMD_GET_CAPABILITY:"
249 echo " actual : $res"
250 echo " expected: $exp"
251 exit 1
252fi
253
9ddc6998 254# Send unknown command to the TPM
a19a8683 255res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
9ddc6998
SB		 256exp=" 00 00 00 0a"
257if [ "$res" != "$exp" ]; then
258 echo "Error: Socket TPM: Unexpected response from sending unsupported command:"
259 echo " actual : $res"
260 echo " expected: $exp"
261 exit 1
262fi
263
695274e0 264# Startup the TPM; we use --flags startup-clear, so expect this to fail with error 0x26 (INVALID POST INIT)
a19a8683 265res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')"
695274e0 266exp=' 00 c4 00 00 00 0a 00 00 00 26'
a19a8683 267if [ "$res" != "$exp" ]; then
f56a0cd2
SB		 268 echo "Error: Did not get expected result from TPM_Startup(ST_Clear)"
269 echo "expected: $exp"
a19a8683 270 echo "received: $res"
f56a0cd2
SB		 271 exit 1
272fi
273
03e00991 274# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
a19a8683 275res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
03e00991
SB		 276exp=" 00 00 00 00"
277if [ "$res" != "$exp" ]; then
278 echo "Error: Socket TPM: Unexpected response from CMD_STORE_VOLATILE:"
279 echo " actual : $res"
280 echo " expected: $exp"
281 exit 1
282fi
283
284if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
285 echo "Error: Socket TPM: Did not write volatile state file"
286 exit 1
287fi
288
f56a0cd2 289# 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
a19a8683 290res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
f56a0cd2
SB		 291exp=" 00 00 00 00 00 00 00 00"
292if [ "$res" != "$exp" ]; then
293 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
294 echo " actual : $res"
295 echo " expected: $exp"
296 exit 1
297fi
298
299# 2. Send command to start HASH : CMD_HASH_START = 00 00 00 06
a19a8683 300res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x06')"
f56a0cd2
SB		 301exp=" 00 00 00 00"
302if [ "$res" != "$exp" ]; then
303 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_START command:"
304 echo " actual : $res"
305 echo " expected: $exp"
306 exit 1
307fi
308
03e00991
SB		 309# 2.1. Send command to hash data : CMD_HASH_DATA = 00 00 00 07 uint32(length) data
310# We send 0x100 null bytes
311echo -en '\x00\x00\x00\x07\x00\x00\x20\x00' > $CMD_PATH
312dd if=/dev/zero count=$((0x2000)) bs=1 >> $CMD_PATH 2>/dev/null
a19a8683 313socat -x -t10 FILE:$CMD_PATH,rdonly UNIX-CONNECT:$SWTPM_CTRL_UNIX_PATH 2>&1 | \
03e00991
SB		 314 sed -n '/^ /p' | \
315 tail -n1 > $RESP_PATH
316res="$(cat $RESP_PATH)"
317exp=" 00 00 00 00"
318if [ "$res" != "$exp" ]; then
319 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_DATA command:"
320 echo " actual : $res"
321 echo " expected: $exp"
322 exit 1
323fi
324
f56a0cd2 325# 3. Send command to end HASH : CMD_HASH_END = 00 00 00 08
a19a8683 326res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x08')"
f56a0cd2
SB		 327exp=" 00 00 00 00"
328if [ "$res" != "$exp" ]; then
329 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_END command:"
330 echo " actual : $res"
331 echo " expected: $exp"
332 exit 1
333fi
334
335# 4. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
a19a8683 336res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
f56a0cd2
SB		 337exp=" 00 00 00 00 01 00 00 00"
338if [ "$res" != "$exp" ]; then
339 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
340 echo " actual : $res"
341 echo " expected: $exp"
342 exit 1
343fi
344
345# 5. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03
a19a8683 346res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0b\x03')"
3488d25f
SB		 347exp=" 00 00 00 00"
348if [ "$res" != "$exp" ]; then
349 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
350 echo " actual : $res"
351 echo " expected: $exp"
352 exit 1
353fi
f56a0cd2
SB		 354
355# 6. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
a19a8683 356res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
3488d25f
SB		 357exp=" 00 00 00 00 00 00 00 00"
358if [ "$res" != "$exp" ]; then
359 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
360 echo " actual : $res"
361 echo " expected: $exp"
362 exit 1
363fi
f56a0cd2
SB		 364
365# Read PCR 17
a19a8683 366res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
03e00991 367exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff'
a19a8683 368if [ "$res" != "$exp" ]; then
f56a0cd2
SB		 369 echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
370 echo "expected: $exp"
a19a8683 371 echo "received: $res"
f56a0cd2
SB		 372 exit 1
373fi
374
aeee2dc8 375# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
a19a8683
SB		 376# cmd | flags | type | offset |
377res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
8f387d55 378# result | flags | totlength | length |
27bf9db6 379exp=" 00 00 00 00 00 00 00 00 00 00 04 e5 00 00 04 e5"
8f387d55 380if [ "${res:0:48}" != "$exp" ]; then
aeee2dc8 381 echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
8f387d55
SB		 382 echo " actual : $res"
383 echo " expected: $exp"
384 exit 1
385fi
f56a0cd2 386
8f387d55 387# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
a19a8683 388res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
f56a0cd2
SB		 389exp=" 00 00 00 00"
390if [ "$res" != "$exp" ]; then
391 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
392 echo " actual : $res"
393 echo " expected: $exp"
394 exit 1
395fi
396
397# Read PCR 17 -- should fail now
a19a8683 398res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
f56a0cd2 399exp=' 00 c4 00 00 00 0a 00 00 00 09'
a19a8683 400if [ "$res" != "$exp" ]; then
f56a0cd2
SB		 401 echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
402 echo "expected: $exp"
a19a8683 403 echo "received: $res"
f56a0cd2
SB		 404 exit 1
405fi
406
8f387d55 407# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
a19a8683 408res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
f56a0cd2
SB		 409exp=" 00 00 00 00 00 00 00 00"
410if [ "$res" != "$exp" ]; then
411 echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
412 echo " actual : $res"
413 echo " expected: $exp"
414 exit 1
415fi
416
6a2dd35b 417# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
a19a8683 418res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
6a2dd35b
SB		 419exp=" 00 00 00 00"
420if [ "$res" != "$exp" ]; then
421 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
422 echo " actual : $res"
423 echo " expected: $exp"
424 exit 1
425fi
426
ead37845
SB		 427if wait_file_gone $PID_FILE 2; then
428 echo "Error: TPM should have removed PID file by now."
6a2dd35b
SB		 429 exit 1
430fi
431
45d2d092 432if wait_process_gone ${PID} 4; then
ead37845 433 echo "Error: Socket TPM should not be running anymore."
6a2dd35b
SB		 434 exit 1
435fi
436
89d85f9a
SB		 437# Expecting to see an error message for the unknown command
438check_logfile_patterns_level_1 $LOG_FILE 1
439rm -f $LOG_FILE
440
6a2dd35b
SB		 441echo "OK"
442
6a2dd35b
SB		 443# Test 3: test the control channel on the socket tpm: resume encrypted state
444
445# copy all the state files
313cf75c 446cp ${TESTDIR}/data/tpmstate2/* ${TPMDIR}
6a2dd35b 447
a19a8683 448run_swtpm ${SWTPM_INTERFACE} \
6a2dd35b
SB		 449 --tpmstate dir=$TPMDIR \
450 --pid file=$PID_FILE \
a39f098f 451 --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
63ab6c3c 452 --log file=$LOG_FILE,level=20 \
a19a8683 453 --flags not-need-init
01ad1d03 454PID=$SWTPM_PID
6a2dd35b 455
70f3e248 456if wait_for_file $PID_FILE 3; then
6a2dd35b
SB		 457 echo "Error: Socket TPM did not write pidfile."
458 exit 1
459fi
460
01ad1d03 461validate_pidfile $PID $PID_FILE
6a2dd35b 462
6a2dd35b 463# Read PCR 10
a19a8683 464res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
6a2dd35b 465exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
a19a8683 466if [ "$res" != "$exp" ]; then
6a2dd35b
SB		 467 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
468 echo "expected: $exp"
a19a8683 469 echo "received: $res"
6a2dd35b
SB		 470 exit 1
471fi
472
aeee2dc8 473# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
a19a8683
SB		 474# cmd | flags | type | offset |
475vstate="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
6a2dd35b 476# result | flags | totlength | length |
638bd3ba 477exp=" 00 00 00 00 00 00 00 02 00 00 05 22 00 00 05 22"
6a2dd35b 478if [ "${vstate:0:48}" != "$exp" ]; then
aeee2dc8 479 echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
6a2dd35b
SB		 480 echo " actual : ${vstate:0:48}"
481 echo " expected: $exp"
482 exit 1
483fi
484
485# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
a19a8683 486res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
6a2dd35b
SB		 487exp=" 00 00 00 00"
488if [ "$res" != "$exp" ]; then
489 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
490 echo " actual : $res"
491 echo " expected: $exp"
492 exit 1
493fi
494
ead37845
SB		 495if wait_file_gone $PID_FILE 2; then
496 echo "Error: TPM should have removed PID file by now."
6a2dd35b
SB		 497 exit 1
498fi
499
45d2d092 500if wait_process_gone ${PID} 4; then
ead37845 501 echo "Error: Socket TPM should not be running anymore."
6a2dd35b
SB		 502 exit 1
503fi
504
89d85f9a
SB		 505check_logfile_patterns_level_20 $LOG_FILE
506rm -f $LOG_FILE
507
508echo "OK"
6a2dd35b
SB		 509
510# remove volatile state
511rm -f $TPMDIR/*.volatilestate
512
a19a8683 513run_swtpm ${SWTPM_INTERFACE} \
6a2dd35b
SB		 514 --tpmstate dir=$TPMDIR \
515 --pid file=$PID_FILE \
a39f098f 516 --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
63ab6c3c 517 --log file=$LOG_FILE \
a19a8683 518 --flags not-need-init
01ad1d03 519PID=$SWTPM_PID
6a2dd35b 520
70f3e248 521if wait_for_file $PID_FILE 3; then
6a2dd35b
SB		 522 echo "Error: Socket TPM did not write pidfile."
523 exit 1
524fi
525
01ad1d03 526validate_pidfile $PID $PID_FILE
6a2dd35b 527
6a2dd35b 528# Read PCR 10 -- this should fail now
a19a8683 529res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
6a2dd35b 530exp=' 00 c4 00 00 00 0a 00 00 00 26'
a19a8683 531if [ "$res" != "$exp" ]; then
6a2dd35b
SB		 532 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
533 echo "expected: $exp"
a19a8683 534 echo "received: $res"
6a2dd35b
SB		 535 exit 1
536fi
537
6a2dd35b 538# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
a19a8683 539res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
6a2dd35b
SB		 540exp=" 00 00 00 00"
541if [ "$res" != "$exp" ]; then
542 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
543 echo " actual : $res"
544 echo " expected: $exp"
545 exit 1
546fi
547
548# Send the volatile state to the TPM (while it is stopped)
549# | cmd | flags | type |
6a2dd35b
SB		 550vstate=${vstate:48}
551size=$((${#vstate} / 3))
552size=$(printf "%08x" $size | sed 's/\([0-9a-f]\{2\}\)/\\x\1/g')
6a2dd35b 553vstate=$(echo "${vstate}" | sed 's/ /\\x/g')
a19a8683 554res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} "\x00\x00\x00\x0d\x00\x00\x00\x02\x00\x00\x00\x02${size}${vstate}")"
6a2dd35b
SB		 555exp=" 00 00 00 00"
556if [ "$res" != "$exp" ]; then
aeee2dc8 557 echo "Error: Socket TPM: Unexpected response from CMD_SET_STATEBLOB:"
6a2dd35b
SB		 558 echo " actual : $res"
559 echo " expected: $exp"
560 exit 1
561fi
562
563# Send init command to the TPM: CMD_INIT = 00 00 00 02
a19a8683 564res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
6a2dd35b
SB		 565exp=" 00 00 00 00"
566if [ "$res" != "$exp" ]; then
567 echo "Error: Socket TPM: Unexpected response from CMD_INIT:"
568 echo " actual : $res"
569 echo " expected: $exp"
570 exit 1
571fi
572
6a2dd35b 573# Read PCR 10 -- has to return same result as before
a19a8683 574res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
6a2dd35b 575exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
a19a8683 576if [ "$res" != "$exp" ]; then
6a2dd35b
SB		 577 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
578 echo "expected: $exp"
a19a8683 579 echo "received: $res"
6a2dd35b
SB		 580 exit 1
581fi
582
492a635e 583# Reset PCR 20 while in locality 0 -- should not work
a19a8683 584res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
492a635e 585exp=' 00 c4 00 00 00 0a 00 00 00 33'
a19a8683 586if [ "$res" != "$exp" ]; then
492a635e
SB		 587 echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result"
588 echo "expected: $exp"
a19a8683 589 echo "received: $res"
492a635e
SB		 590 exit 1
591fi
592
593# In locality 2 we can reset PCR 20
594# Set the localoty on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality>
a19a8683 595res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x05\x02')"
492a635e
SB		 596exp=" 00 00 00 00"
597if [ "$res" != "$exp" ]; then
598 echo "Error: Socket TPM: Unexpected response from CMD_SET_LOCALITY:"
599 echo " actual : $res"
600 echo " expected: $exp"
601 exit 1
602fi
603
604# Reset PCR 20 while in locality 2 -- has to work
a19a8683 605res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
492a635e 606exp=' 00 c4 00 00 00 0a 00 00 00 00'
a19a8683 607if [ "$res" != "$exp" ]; then
492a635e
SB		 608 echo "Error: Could not reset PCR 20 in locality 2"
609 echo "expected: $exp"
a19a8683 610 echo "received: $res"
492a635e
SB		 611 exit 1
612fi
613
9ddc6998 614# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
a19a8683 615res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
9ddc6998
SB		 616exp=" 00 00 00 00"
617if [ "$res" != "$exp" ]; then
618 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
619 echo " actual : $res"
620 echo " expected: $exp"
621 exit 1
622fi
623
ead37845
SB		 624if wait_file_gone $PID_FILE 2; then
625 echo "Error: TPM should have removed PID file by now."
9ddc6998
SB		 626 exit 1
627fi
628
45d2d092 629if wait_process_gone ${PID} 4; then
ead37845 630 echo "Error: Socket TPM should not be running anymore."
9ddc6998
SB		 631 exit 1
632fi
633
89d85f9a
SB		 634# (Currently) expecting to see nothing in the log file
635check_logfile_patterns_level_1 $LOG_FILE 0
636rm -f $LOG_FILE
637
9ddc6998
SB		 638echo "OK"
639
6852f6c8 640exit 0
Software TPM used for PVE's Virtual Machines