]> git.proxmox.com Git - swtpm.git/blame - tests/test_ctrlchannel
projects / swtpm.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
swtpm_localca: Replace '+' and ',' characters in VMId's
[swtpm.git] / tests / test_ctrlchannel
CommitLineData
8f0f381f 1#!/usr/bin/env bash
6852f6c8
SB		 2
3# For the license, see the LICENSE file in the root directory.
4
313cf75c
SB		 5ROOT=${abs_top_builddir:-$(dirname "$0")/..}
6TESTDIR=${abs_top_testdir:-$(dirname "$0")}
7
6852f6c8 8TPMDIR=`mktemp -d`
a19a8683
SB		 9SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
10PID_FILE=$TPMDIR/swtpm.pid
11LOG_FILE=$TPMDIR/swtpm.log
6852f6c8
SB		 12CMD_PATH=$TPMDIR/cmd
13RESP_PATH=$TPMDIR/resp
14
313cf75c 15source ${TESTDIR}/test_common
70f3e248 16
6852f6c8
SB		 17trap "cleanup" SIGTERM EXIT
18
19function cleanup()
20{
21 rm -rf $TPMDIR
22 if [ -n "$PID" ]; then
47c7ea77 23 kill_quiet -SIGTERM $PID 2>/dev/null
6852f6c8
SB		 24 fi
25}
26
a19a8683
SB		 27SWTPM_INTERFACE=socket+unix
28SWTPM_SERVER_PORT=65430
29SWTPM_SERVER_NAME=localhost
313cf75c 30source ${TESTDIR}/common
f1adde9f 31skip_test_no_tpm12 "${SWTPM_EXE}"
96066070 32
1eef338e 33# Test 1: test the control channel on the socket tpm
6852f6c8 34
bb0aa2ad
SB		 35# OS X would not allow nobody to access the $TPMDIR easily; skip it
36if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
37 FOWNER=",uid=nobody,gid=$(id -Gn nobody | cut -d" " -f1)"
38 FILEOWNER="$(id -u nobody) $(id -G nobody | cut -d" " -f1)"
8d70fd4a
SB		 39 RUNAS="--runas nobody"
40 chown nobody $TPMDIR
41 if [ $? -ne 0 ]; then
42 echo "Error: Could not change ownership of $TPMDIR"
43 exit 1
44 fi
bb0aa2ad
SB		 45fi
46
f487473c
SB		 47if [[ "$(uname -s)" =~ CYGWIN_NT- ]]; then
48 FILEMODE=661
49else
50 FILEMODE=621
51fi
52
acdf48b0
SB		 53case "$(uname -s)" in
54FreeBSD)
55 kldload pty
56 ;;
57esac
58
6852f6c8 59# use a pseudo terminal
76545232
SB		 60if [ -c /dev/ptmx ]; then
61 exec 100<>/dev/ptmx
62elif [ -c /dev/ptm ]; then
63 exec 100<>/dev/ptm
64else
65 echo "Could not find chardev for opening file descriptor."
66 exit 1
67fi
19a8cdd6
SB		 68
69case $(uname -s) in
129c6b5b 70Linux|CYGWIN_NT-|Darwin)
19a8cdd6
SB		 71 PIDPARAM="fd=101"
72 exec 101<>$PID_FILE
73 ;;
74*)
75 PIDPARAM="file=$PID_FILE"
76 ;;
77esac
78
1eef338e 79$SWTPM_EXE socket \
89d85f9a
SB		 80 --fd 100 \
81 --tpmstate dir=$TPMDIR \
19a8cdd6 82 --pid $PIDPARAM \
bb0aa2ad 83 --ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH,mode=${FILEMODE}${FOWNER} \
8d70fd4a 84 --log file=$LOG_FILE,level=20 \
930c7ba1 85 $RUNAS \
743b4d1b
SB		 86 --daemon \
87 ${SWTPM_TEST_SECCOMP_OPT}
a19a8683 88exec 100>&-
19a8cdd6 89exec 101>&-
a19a8683 90
743b4d1b
SB		 91
92if [ ! -f $PID_FILE ]; then
1eef338e 93 echo "Error: Socket TPM did not write pidfile."
6852f6c8
SB		 94 exit 1
95fi
96
743b4d1b 97PID=$(cat "$PID_FILE")
6852f6c8 98
6852f6c8 99# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
a19a8683 100res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
9e786a3a 101if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
2b8a668d 102 exp=" 00 00 00 00 00 00 7f ff"
1d92a4df 103else
2b8a668d 104 exp=" 00 00 00 00 00 00 6f ff"
1d92a4df 105fi
6852f6c8
SB		 106if [ "$res" != "$exp" ]; then
107 echo "Error: Unexpected response from CMD_GET_CAPABILITY:"
108 echo " actual : $res"
109 echo " expected: $exp"
110 exit 1
111fi
112
f487473c
SB		 113filemode=$(get_filemode $SWTPM_CTRL_UNIX_PATH)
114if [ "$filemode" != "$FILEMODE" ]; then
115 echo "Filemode bits are wrong"
116 echo "Expected: $FILEMODE"
117 echo "Actual : $filemode"
118 exit 1
119fi
120
bb0aa2ad
SB		 121fileowner=$(get_fileowner $SWTPM_CTRL_UNIX_PATH)
122if [ -n "$FILEOWNER" ] && [ "$fileowner" != "$FILEOWNER" ]; then
123 echo "File ownership is wrong"
124 echo "Expected: $FILEOWNER"
125 echo "Actual : $fileowner"
126 exit 1
127fi
128
804e7472 129# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
a19a8683 130res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
804e7472
SB		 131exp=" 00 00 00 00"
132if [ "$res" != "$exp" ]; then
133 echo "Error: Unexpected response from CMD_INIT:"
134 echo " actual : $res"
135 echo " expected: $exp"
136 exit 1
137fi
138
139# Send unknown command to the TPM
a19a8683 140res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
804e7472
SB		 141exp=" 00 00 00 0a"
142if [ "$res" != "$exp" ]; then
143 echo "Error: Unexpected response from sending unsupported command:"
144 echo " actual : $res"
145 echo " expected: $exp"
146 exit 1
147fi
148
03e00991 149# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
a19a8683 150res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
03e00991
SB		 151exp=" 00 00 00 00"
152if [ "$res" != "$exp" ]; then
153 echo "Error: Unexpected response from CMD_STORE_VOLATILE:"
154 echo " actual : $res"
155 echo " expected: $exp"
156 exit 1
157fi
158
159if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
160 echo "Error: Socket TPM: Did not write volatile state file"
161 exit 1
162fi
163
8f387d55 164# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
a19a8683 165res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
f56a0cd2
SB		 166exp=" 00 00 00 00"
167if [ "$res" != "$exp" ]; then
168 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
169 echo " actual : $res"
170 echo " expected: $exp"
171 exit 1
172fi
173
8f387d55 174# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
a19a8683 175res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
f56a0cd2
SB		 176exp=" 00 00 00 00 00 00 00 00"
177if [ "$res" != "$exp" ]; then
178 echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
179 echo " actual : $res"
180 echo " expected: $exp"
181 exit 1
182fi
183
8d70fd4a
SB		 184# To enable coverage of the above running as non-root we change the .gcda
185# files' ownership with this small hack
186if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
187 find $ROOT -name *.gcda -exec chown nobody {} \;
188fi
189
804e7472 190# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
a19a8683 191res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
804e7472
SB		 192exp=" 00 00 00 00"
193if [ "$res" != "$exp" ]; then
194 echo "Error: Unexpected response from CMD_SHUTDOWN:"
195 echo " actual : $res"
196 echo " expected: $exp"
197 exit 1
198fi
199
ead37845
SB		 200if wait_file_gone $PID_FILE 2; then
201 echo "Error: TPM should have removed PID file by now."
804e7472
SB		 202 exit 1
203fi
204
45d2d092 205if wait_process_gone ${PID} 4; then
ead37845 206 echo "Error: TPM should not be running anymore."
804e7472
SB		 207 exit 1
208fi
209
89d85f9a
SB		 210check_logfile_patterns_level_20 $LOG_FILE
211rm -f $LOG_FILE
212
6852f6c8
SB		 213echo "OK"
214
9ddc6998
SB		 215# Test 2: test the control channel on the socket tpm
216
f56a0cd2
SB		 217# There are a few more tests here that require sending commands to the TPM
218
9ddc6998 219# use a pseudo terminal
a19a8683 220run_swtpm ${SWTPM_INTERFACE} \
89d85f9a
SB		 221 --tpmstate dir=$TPMDIR \
222 --pid file=$PID_FILE \
8d70fd4a 223 --log file=$LOG_FILE \
695274e0 224 --flags startup-clear \
8d70fd4a 225 $RUNAS
01ad1d03 226PID=$SWTPM_PID
9ddc6998 227
90ae0c27 228if wait_for_file ${PID_FILE} 4; then
9ddc6998 229 echo "Error: Socket TPM did not write pidfile."
a19a8683 230 cat $LOG_FILE
9ddc6998
SB		 231 exit 1
232fi
233
01ad1d03 234validate_pidfile $PID $PID_FILE
9ddc6998 235
a19a8683 236swtpm_open_cmddev ${SWTPM_INTERFACE} 100
9ddc6998
SB		 237
238# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
a19a8683 239res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
9e786a3a 240if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
2b8a668d 241 exp=" 00 00 00 00 00 00 7f ff"
1d92a4df 242else
2b8a668d 243 exp=" 00 00 00 00 00 00 6f ff"
1d92a4df 244fi
9ddc6998
SB		 245if [ "$res" != "$exp" ]; then
246 echo "Error: Socket TPM: Unexpected response from CMD_GET_CAPABILITY:"
247 echo " actual : $res"
248 echo " expected: $exp"
249 exit 1
250fi
251
9ddc6998 252# Send unknown command to the TPM
a19a8683 253res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
9ddc6998
SB		 254exp=" 00 00 00 0a"
255if [ "$res" != "$exp" ]; then
256 echo "Error: Socket TPM: Unexpected response from sending unsupported command:"
257 echo " actual : $res"
258 echo " expected: $exp"
259 exit 1
260fi
261
695274e0 262# Startup the TPM; we use --flags startup-clear, so expect this to fail with error 0x26 (INVALID POST INIT)
a19a8683 263res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')"
695274e0 264exp=' 00 c4 00 00 00 0a 00 00 00 26'
a19a8683 265if [ "$res" != "$exp" ]; then
f56a0cd2
SB		 266 echo "Error: Did not get expected result from TPM_Startup(ST_Clear)"
267 echo "expected: $exp"
a19a8683 268 echo "received: $res"
f56a0cd2
SB		 269 exit 1
270fi
271
03e00991 272# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
a19a8683 273res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
03e00991
SB		 274exp=" 00 00 00 00"
275if [ "$res" != "$exp" ]; then
276 echo "Error: Socket TPM: Unexpected response from CMD_STORE_VOLATILE:"
277 echo " actual : $res"
278 echo " expected: $exp"
279 exit 1
280fi
281
282if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
283 echo "Error: Socket TPM: Did not write volatile state file"
284 exit 1
285fi
286
f56a0cd2 287# 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
a19a8683 288res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
f56a0cd2
SB		 289exp=" 00 00 00 00 00 00 00 00"
290if [ "$res" != "$exp" ]; then
291 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
292 echo " actual : $res"
293 echo " expected: $exp"
294 exit 1
295fi
296
297# 2. Send command to start HASH : CMD_HASH_START = 00 00 00 06
a19a8683 298res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x06')"
f56a0cd2
SB		 299exp=" 00 00 00 00"
300if [ "$res" != "$exp" ]; then
301 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_START command:"
302 echo " actual : $res"
303 echo " expected: $exp"
304 exit 1
305fi
306
03e00991
SB		 307# 2.1. Send command to hash data : CMD_HASH_DATA = 00 00 00 07 uint32(length) data
308# We send 0x100 null bytes
309echo -en '\x00\x00\x00\x07\x00\x00\x20\x00' > $CMD_PATH
310dd if=/dev/zero count=$((0x2000)) bs=1 >> $CMD_PATH 2>/dev/null
a19a8683 311socat -x -t10 FILE:$CMD_PATH,rdonly UNIX-CONNECT:$SWTPM_CTRL_UNIX_PATH 2>&1 | \
03e00991
SB		 312 sed -n '/^ /p' | \
313 tail -n1 > $RESP_PATH
314res="$(cat $RESP_PATH)"
315exp=" 00 00 00 00"
316if [ "$res" != "$exp" ]; then
317 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_DATA command:"
318 echo " actual : $res"
319 echo " expected: $exp"
320 exit 1
321fi
322
f56a0cd2 323# 3. Send command to end HASH : CMD_HASH_END = 00 00 00 08
a19a8683 324res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x08')"
f56a0cd2
SB		 325exp=" 00 00 00 00"
326if [ "$res" != "$exp" ]; then
327 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_END command:"
328 echo " actual : $res"
329 echo " expected: $exp"
330 exit 1
331fi
332
333# 4. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
a19a8683 334res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
f56a0cd2
SB		 335exp=" 00 00 00 00 01 00 00 00"
336if [ "$res" != "$exp" ]; then
337 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
338 echo " actual : $res"
339 echo " expected: $exp"
340 exit 1
341fi
342
343# 5. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03
a19a8683 344res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0b\x03')"
3488d25f
SB		 345exp=" 00 00 00 00"
346if [ "$res" != "$exp" ]; then
347 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
348 echo " actual : $res"
349 echo " expected: $exp"
350 exit 1
351fi
f56a0cd2
SB		 352
353# 6. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
a19a8683 354res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
3488d25f
SB		 355exp=" 00 00 00 00 00 00 00 00"
356if [ "$res" != "$exp" ]; then
357 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
358 echo " actual : $res"
359 echo " expected: $exp"
360 exit 1
361fi
f56a0cd2
SB		 362
363# Read PCR 17
a19a8683
SB		 364swtpm_open_cmddev ${SWTPM_INTERFACE} 100
365res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
03e00991 366exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff'
a19a8683 367if [ "$res" != "$exp" ]; then
f56a0cd2
SB		 368 echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
369 echo "expected: $exp"
a19a8683 370 echo "received: $res"
f56a0cd2
SB		 371 exit 1
372fi
373
aeee2dc8 374# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
a19a8683
SB		 375# cmd | flags | type | offset |
376res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
8f387d55 377# result | flags | totlength | length |
27bf9db6 378exp=" 00 00 00 00 00 00 00 00 00 00 04 e5 00 00 04 e5"
8f387d55 379if [ "${res:0:48}" != "$exp" ]; then
aeee2dc8 380 echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
8f387d55
SB		 381 echo " actual : $res"
382 echo " expected: $exp"
383 exit 1
384fi
f56a0cd2 385
8f387d55 386# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
a19a8683 387res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
f56a0cd2
SB		 388exp=" 00 00 00 00"
389if [ "$res" != "$exp" ]; then
390 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
391 echo " actual : $res"
392 echo " expected: $exp"
393 exit 1
394fi
395
396# Read PCR 17 -- should fail now
a19a8683
SB		 397swtpm_open_cmddev ${SWTPM_INTERFACE} 100
398res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
f56a0cd2 399exp=' 00 c4 00 00 00 0a 00 00 00 09'
a19a8683 400if [ "$res" != "$exp" ]; then
f56a0cd2
SB		 401 echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
402 echo "expected: $exp"
a19a8683 403 echo "received: $res"
f56a0cd2
SB		 404 exit 1
405fi
406
8f387d55 407# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
a19a8683 408res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
f56a0cd2
SB		 409exp=" 00 00 00 00 00 00 00 00"
410if [ "$res" != "$exp" ]; then
411 echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
412 echo " actual : $res"
413 echo " expected: $exp"
414 exit 1
415fi
416
6a2dd35b 417# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
a19a8683 418res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
6a2dd35b
SB		 419exp=" 00 00 00 00"
420if [ "$res" != "$exp" ]; then
421 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
422 echo " actual : $res"
423 echo " expected: $exp"
424 exit 1
425fi
426
ead37845
SB		 427if wait_file_gone $PID_FILE 2; then
428 echo "Error: TPM should have removed PID file by now."
6a2dd35b
SB		 429 exit 1
430fi
431
45d2d092 432if wait_process_gone ${PID} 4; then
ead37845 433 echo "Error: Socket TPM should not be running anymore."
6a2dd35b
SB		 434 exit 1
435fi
436
89d85f9a
SB		 437# Expecting to see an error message for the unknown command
438check_logfile_patterns_level_1 $LOG_FILE 1
439rm -f $LOG_FILE
440
6a2dd35b
SB		 441echo "OK"
442
6a2dd35b
SB		 443# Test 3: test the control channel on the socket tpm: resume encrypted state
444
445# copy all the state files
313cf75c 446cp ${TESTDIR}/data/tpmstate2/* ${TPMDIR}
6a2dd35b 447
a19a8683 448run_swtpm ${SWTPM_INTERFACE} \
6a2dd35b
SB		 449 --tpmstate dir=$TPMDIR \
450 --pid file=$PID_FILE \
a39f098f 451 --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
63ab6c3c 452 --log file=$LOG_FILE,level=20 \
a19a8683 453 --flags not-need-init
01ad1d03 454PID=$SWTPM_PID
6a2dd35b 455
70f3e248 456if wait_for_file $PID_FILE 3; then
6a2dd35b
SB		 457 echo "Error: Socket TPM did not write pidfile."
458 exit 1
459fi
460
01ad1d03 461validate_pidfile $PID $PID_FILE
6a2dd35b 462
6a2dd35b 463# Read PCR 10
a19a8683
SB		 464swtpm_open_cmddev ${SWTPM_INTERFACE} 100
465res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
6a2dd35b 466exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
a19a8683 467if [ "$res" != "$exp" ]; then
6a2dd35b
SB		 468 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
469 echo "expected: $exp"
a19a8683 470 echo "received: $res"
6a2dd35b
SB		 471 exit 1
472fi
473
aeee2dc8 474# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
a19a8683
SB		 475# cmd | flags | type | offset |
476vstate="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
6a2dd35b 477# result | flags | totlength | length |
638bd3ba 478exp=" 00 00 00 00 00 00 00 02 00 00 05 22 00 00 05 22"
6a2dd35b 479if [ "${vstate:0:48}" != "$exp" ]; then
aeee2dc8 480 echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
6a2dd35b
SB		 481 echo " actual : ${vstate:0:48}"
482 echo " expected: $exp"
483 exit 1
484fi
485
486# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
a19a8683 487res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
6a2dd35b
SB		 488exp=" 00 00 00 00"
489if [ "$res" != "$exp" ]; then
490 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
491 echo " actual : $res"
492 echo " expected: $exp"
493 exit 1
494fi
495
ead37845
SB		 496if wait_file_gone $PID_FILE 2; then
497 echo "Error: TPM should have removed PID file by now."
6a2dd35b
SB		 498 exit 1
499fi
500
45d2d092 501if wait_process_gone ${PID} 4; then
ead37845 502 echo "Error: Socket TPM should not be running anymore."
6a2dd35b
SB		 503 exit 1
504fi
505
89d85f9a
SB		 506check_logfile_patterns_level_20 $LOG_FILE
507rm -f $LOG_FILE
508
509echo "OK"
6a2dd35b
SB		 510
511# remove volatile state
512rm -f $TPMDIR/*.volatilestate
513
a19a8683 514run_swtpm ${SWTPM_INTERFACE} \
6a2dd35b
SB		 515 --tpmstate dir=$TPMDIR \
516 --pid file=$PID_FILE \
a39f098f 517 --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
63ab6c3c 518 --log file=$LOG_FILE \
a19a8683 519 --flags not-need-init
01ad1d03 520PID=$SWTPM_PID
6a2dd35b 521
70f3e248 522if wait_for_file $PID_FILE 3; then
6a2dd35b
SB		 523 echo "Error: Socket TPM did not write pidfile."
524 exit 1
525fi
526
01ad1d03 527validate_pidfile $PID $PID_FILE
6a2dd35b 528
6a2dd35b 529# Read PCR 10 -- this should fail now
a19a8683
SB		 530swtpm_open_cmddev ${SWTPM_INTERFACE} 100
531res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
6a2dd35b 532exp=' 00 c4 00 00 00 0a 00 00 00 26'
a19a8683 533if [ "$res" != "$exp" ]; then
6a2dd35b
SB		 534 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
535 echo "expected: $exp"
a19a8683 536 echo "received: $res"
6a2dd35b
SB		 537 exit 1
538fi
539
6a2dd35b 540# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
a19a8683 541res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
6a2dd35b
SB		 542exp=" 00 00 00 00"
543if [ "$res" != "$exp" ]; then
544 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
545 echo " actual : $res"
546 echo " expected: $exp"
547 exit 1
548fi
549
550# Send the volatile state to the TPM (while it is stopped)
551# | cmd | flags | type |
6a2dd35b
SB		 552vstate=${vstate:48}
553size=$((${#vstate} / 3))
554size=$(printf "%08x" $size | sed 's/\([0-9a-f]\{2\}\)/\\x\1/g')
6a2dd35b 555vstate=$(echo "${vstate}" | sed 's/ /\\x/g')
a19a8683 556res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} "\x00\x00\x00\x0d\x00\x00\x00\x02\x00\x00\x00\x02${size}${vstate}")"
6a2dd35b
SB		 557exp=" 00 00 00 00"
558if [ "$res" != "$exp" ]; then
aeee2dc8 559 echo "Error: Socket TPM: Unexpected response from CMD_SET_STATEBLOB:"
6a2dd35b
SB		 560 echo " actual : $res"
561 echo " expected: $exp"
562 exit 1
563fi
564
565# Send init command to the TPM: CMD_INIT = 00 00 00 02
a19a8683 566res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
6a2dd35b
SB		 567exp=" 00 00 00 00"
568if [ "$res" != "$exp" ]; then
569 echo "Error: Socket TPM: Unexpected response from CMD_INIT:"
570 echo " actual : $res"
571 echo " expected: $exp"
572 exit 1
573fi
574
6a2dd35b 575# Read PCR 10 -- has to return same result as before
a19a8683
SB		 576swtpm_open_cmddev ${SWTPM_INTERFACE} 100
577res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
6a2dd35b 578exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
a19a8683 579if [ "$res" != "$exp" ]; then
6a2dd35b
SB		 580 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
581 echo "expected: $exp"
a19a8683 582 echo "received: $res"
6a2dd35b
SB		 583 exit 1
584fi
585
492a635e 586# Reset PCR 20 while in locality 0 -- should not work
a19a8683
SB		 587swtpm_open_cmddev ${SWTPM_INTERFACE} 100
588res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
492a635e 589exp=' 00 c4 00 00 00 0a 00 00 00 33'
a19a8683 590if [ "$res" != "$exp" ]; then
492a635e
SB		 591 echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result"
592 echo "expected: $exp"
a19a8683 593 echo "received: $res"
492a635e
SB		 594 exit 1
595fi
596
597# In locality 2 we can reset PCR 20
598# Set the localoty on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality>
a19a8683 599res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x05\x02')"
492a635e
SB		 600exp=" 00 00 00 00"
601if [ "$res" != "$exp" ]; then
602 echo "Error: Socket TPM: Unexpected response from CMD_SET_LOCALITY:"
603 echo " actual : $res"
604 echo " expected: $exp"
605 exit 1
606fi
607
608# Reset PCR 20 while in locality 2 -- has to work
a19a8683
SB		 609swtpm_open_cmddev ${SWTPM_INTERFACE} 100
610res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
492a635e 611exp=' 00 c4 00 00 00 0a 00 00 00 00'
a19a8683 612if [ "$res" != "$exp" ]; then
492a635e
SB		 613 echo "Error: Could not reset PCR 20 in locality 2"
614 echo "expected: $exp"
a19a8683 615 echo "received: $res"
492a635e
SB		 616 exit 1
617fi
618
9ddc6998 619# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
a19a8683 620res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
9ddc6998
SB		 621exp=" 00 00 00 00"
622if [ "$res" != "$exp" ]; then
623 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
624 echo " actual : $res"
625 echo " expected: $exp"
626 exit 1
627fi
628
ead37845
SB		 629if wait_file_gone $PID_FILE 2; then
630 echo "Error: TPM should have removed PID file by now."
9ddc6998
SB		 631 exit 1
632fi
633
45d2d092 634if wait_process_gone ${PID} 4; then
ead37845 635 echo "Error: Socket TPM should not be running anymore."
9ddc6998
SB		 636 exit 1
637fi
638
89d85f9a
SB		 639# (Currently) expecting to see nothing in the log file
640check_logfile_patterns_level_1 $LOG_FILE 0
641rm -f $LOG_FILE
642
9ddc6998
SB		 643echo "OK"
644
6852f6c8 645exit 0
Software TPM used for PVE's Virtual Machines