]>
Commit | Line | Data |
---|---|---|
8f0f381f | 1 | #!/usr/bin/env bash |
6852f6c8 SB |
2 | |
3 | # For the license, see the LICENSE file in the root directory. | |
4 | ||
313cf75c SB |
5 | ROOT=${abs_top_builddir:-$(dirname "$0")/..} |
6 | TESTDIR=${abs_top_testdir:-$(dirname "$0")} | |
7 | ||
6852f6c8 | 8 | TPMDIR=`mktemp -d` |
a19a8683 SB |
9 | SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock |
10 | PID_FILE=$TPMDIR/swtpm.pid | |
11 | LOG_FILE=$TPMDIR/swtpm.log | |
6852f6c8 SB |
12 | CMD_PATH=$TPMDIR/cmd |
13 | RESP_PATH=$TPMDIR/resp | |
14 | ||
313cf75c | 15 | source ${TESTDIR}/test_common |
70f3e248 | 16 | |
6852f6c8 SB |
17 | trap "cleanup" SIGTERM EXIT |
18 | ||
19 | function cleanup() | |
20 | { | |
21 | rm -rf $TPMDIR | |
22 | if [ -n "$PID" ]; then | |
47c7ea77 | 23 | kill_quiet -SIGTERM $PID 2>/dev/null |
6852f6c8 SB |
24 | fi |
25 | } | |
26 | ||
a19a8683 SB |
27 | SWTPM_INTERFACE=socket+unix |
28 | SWTPM_SERVER_PORT=65430 | |
29 | SWTPM_SERVER_NAME=localhost | |
313cf75c | 30 | source ${TESTDIR}/common |
f1adde9f | 31 | skip_test_no_tpm12 "${SWTPM_EXE}" |
96066070 | 32 | |
1eef338e | 33 | # Test 1: test the control channel on the socket tpm |
6852f6c8 | 34 | |
bb0aa2ad SB |
35 | # OS X would not allow nobody to access the $TPMDIR easily; skip it |
36 | if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then | |
37 | FOWNER=",uid=nobody,gid=$(id -Gn nobody | cut -d" " -f1)" | |
38 | FILEOWNER="$(id -u nobody) $(id -G nobody | cut -d" " -f1)" | |
8d70fd4a SB |
39 | RUNAS="--runas nobody" |
40 | chown nobody $TPMDIR | |
41 | if [ $? -ne 0 ]; then | |
42 | echo "Error: Could not change ownership of $TPMDIR" | |
43 | exit 1 | |
44 | fi | |
bb0aa2ad SB |
45 | fi |
46 | ||
f487473c SB |
47 | if [[ "$(uname -s)" =~ CYGWIN_NT- ]]; then |
48 | FILEMODE=661 | |
49 | else | |
50 | FILEMODE=621 | |
51 | fi | |
52 | ||
acdf48b0 SB |
53 | case "$(uname -s)" in |
54 | FreeBSD) | |
55 | kldload pty | |
56 | ;; | |
57 | esac | |
58 | ||
6852f6c8 | 59 | # use a pseudo terminal |
76545232 SB |
60 | if [ -c /dev/ptmx ]; then |
61 | exec 100<>/dev/ptmx | |
62 | elif [ -c /dev/ptm ]; then | |
63 | exec 100<>/dev/ptm | |
64 | else | |
65 | echo "Could not find chardev for opening file descriptor." | |
66 | exit 1 | |
67 | fi | |
19a8cdd6 SB |
68 | |
69 | case $(uname -s) in | |
129c6b5b | 70 | Linux|CYGWIN_NT-|Darwin) |
19a8cdd6 SB |
71 | PIDPARAM="fd=101" |
72 | exec 101<>$PID_FILE | |
73 | ;; | |
74 | *) | |
75 | PIDPARAM="file=$PID_FILE" | |
76 | ;; | |
77 | esac | |
78 | ||
1eef338e | 79 | $SWTPM_EXE socket \ |
89d85f9a SB |
80 | --fd 100 \ |
81 | --tpmstate dir=$TPMDIR \ | |
19a8cdd6 | 82 | --pid $PIDPARAM \ |
bb0aa2ad | 83 | --ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH,mode=${FILEMODE}${FOWNER} \ |
8d70fd4a | 84 | --log file=$LOG_FILE,level=20 \ |
930c7ba1 | 85 | $RUNAS \ |
743b4d1b SB |
86 | --daemon \ |
87 | ${SWTPM_TEST_SECCOMP_OPT} | |
a19a8683 | 88 | exec 100>&- |
19a8cdd6 | 89 | exec 101>&- |
a19a8683 | 90 | |
743b4d1b SB |
91 | |
92 | if [ ! -f $PID_FILE ]; then | |
1eef338e | 93 | echo "Error: Socket TPM did not write pidfile." |
6852f6c8 SB |
94 | exit 1 |
95 | fi | |
96 | ||
743b4d1b | 97 | PID=$(cat "$PID_FILE") |
6852f6c8 | 98 | |
6852f6c8 | 99 | # Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01 |
a19a8683 | 100 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')" |
9e786a3a | 101 | if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then |
2b8a668d | 102 | exp=" 00 00 00 00 00 00 7f ff" |
1d92a4df | 103 | else |
2b8a668d | 104 | exp=" 00 00 00 00 00 00 6f ff" |
1d92a4df | 105 | fi |
6852f6c8 SB |
106 | if [ "$res" != "$exp" ]; then |
107 | echo "Error: Unexpected response from CMD_GET_CAPABILITY:" | |
108 | echo " actual : $res" | |
109 | echo " expected: $exp" | |
110 | exit 1 | |
111 | fi | |
112 | ||
f487473c SB |
113 | filemode=$(get_filemode $SWTPM_CTRL_UNIX_PATH) |
114 | if [ "$filemode" != "$FILEMODE" ]; then | |
115 | echo "Filemode bits are wrong" | |
116 | echo "Expected: $FILEMODE" | |
117 | echo "Actual : $filemode" | |
118 | exit 1 | |
119 | fi | |
120 | ||
bb0aa2ad SB |
121 | fileowner=$(get_fileowner $SWTPM_CTRL_UNIX_PATH) |
122 | if [ -n "$FILEOWNER" ] && [ "$fileowner" != "$FILEOWNER" ]; then | |
123 | echo "File ownership is wrong" | |
124 | echo "Expected: $FILEOWNER" | |
125 | echo "Actual : $fileowner" | |
126 | exit 1 | |
127 | fi | |
128 | ||
804e7472 | 129 | # Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags |
a19a8683 | 130 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')" |
804e7472 SB |
131 | exp=" 00 00 00 00" |
132 | if [ "$res" != "$exp" ]; then | |
133 | echo "Error: Unexpected response from CMD_INIT:" | |
134 | echo " actual : $res" | |
135 | echo " expected: $exp" | |
136 | exit 1 | |
137 | fi | |
138 | ||
139 | # Send unknown command to the TPM | |
a19a8683 | 140 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')" |
804e7472 SB |
141 | exp=" 00 00 00 0a" |
142 | if [ "$res" != "$exp" ]; then | |
143 | echo "Error: Unexpected response from sending unsupported command:" | |
144 | echo " actual : $res" | |
145 | echo " expected: $exp" | |
146 | exit 1 | |
147 | fi | |
148 | ||
03e00991 | 149 | # Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a |
a19a8683 | 150 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')" |
03e00991 SB |
151 | exp=" 00 00 00 00" |
152 | if [ "$res" != "$exp" ]; then | |
153 | echo "Error: Unexpected response from CMD_STORE_VOLATILE:" | |
154 | echo " actual : $res" | |
155 | echo " expected: $exp" | |
156 | exit 1 | |
157 | fi | |
158 | ||
159 | if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then | |
160 | echo "Error: Socket TPM: Did not write volatile state file" | |
161 | exit 1 | |
162 | fi | |
163 | ||
8f387d55 | 164 | # Send stop command to the TPM: CMD_STOP = 00 00 00 0e |
a19a8683 | 165 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')" |
f56a0cd2 SB |
166 | exp=" 00 00 00 00" |
167 | if [ "$res" != "$exp" ]; then | |
168 | echo "Error: Socket TPM: Unexpected response from CMD_STOP:" | |
169 | echo " actual : $res" | |
170 | echo " expected: $exp" | |
171 | exit 1 | |
172 | fi | |
173 | ||
8f387d55 | 174 | # Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f |
a19a8683 | 175 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')" |
f56a0cd2 SB |
176 | exp=" 00 00 00 00 00 00 00 00" |
177 | if [ "$res" != "$exp" ]; then | |
178 | echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:" | |
179 | echo " actual : $res" | |
180 | echo " expected: $exp" | |
181 | exit 1 | |
182 | fi | |
183 | ||
8d70fd4a SB |
184 | # To enable coverage of the above running as non-root we change the .gcda |
185 | # files' ownership with this small hack | |
186 | if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then | |
187 | find $ROOT -name *.gcda -exec chown nobody {} \; | |
188 | fi | |
189 | ||
804e7472 | 190 | # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03 |
a19a8683 | 191 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')" |
804e7472 SB |
192 | exp=" 00 00 00 00" |
193 | if [ "$res" != "$exp" ]; then | |
194 | echo "Error: Unexpected response from CMD_SHUTDOWN:" | |
195 | echo " actual : $res" | |
196 | echo " expected: $exp" | |
197 | exit 1 | |
198 | fi | |
199 | ||
ead37845 SB |
200 | if wait_file_gone $PID_FILE 2; then |
201 | echo "Error: TPM should have removed PID file by now." | |
804e7472 SB |
202 | exit 1 |
203 | fi | |
204 | ||
45d2d092 | 205 | if wait_process_gone ${PID} 4; then |
ead37845 | 206 | echo "Error: TPM should not be running anymore." |
804e7472 SB |
207 | exit 1 |
208 | fi | |
209 | ||
89d85f9a SB |
210 | check_logfile_patterns_level_20 $LOG_FILE |
211 | rm -f $LOG_FILE | |
212 | ||
6852f6c8 SB |
213 | echo "OK" |
214 | ||
9ddc6998 SB |
215 | # Test 2: test the control channel on the socket tpm |
216 | ||
f56a0cd2 SB |
217 | # There are a few more tests here that require sending commands to the TPM |
218 | ||
9ddc6998 | 219 | # use a pseudo terminal |
a19a8683 | 220 | run_swtpm ${SWTPM_INTERFACE} \ |
89d85f9a SB |
221 | --tpmstate dir=$TPMDIR \ |
222 | --pid file=$PID_FILE \ | |
8d70fd4a | 223 | --log file=$LOG_FILE \ |
695274e0 | 224 | --flags startup-clear \ |
8d70fd4a | 225 | $RUNAS |
01ad1d03 | 226 | PID=$SWTPM_PID |
9ddc6998 | 227 | |
90ae0c27 | 228 | if wait_for_file ${PID_FILE} 4; then |
9ddc6998 | 229 | echo "Error: Socket TPM did not write pidfile." |
a19a8683 | 230 | cat $LOG_FILE |
9ddc6998 SB |
231 | exit 1 |
232 | fi | |
233 | ||
01ad1d03 | 234 | validate_pidfile $PID $PID_FILE |
9ddc6998 | 235 | |
a19a8683 | 236 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 |
9ddc6998 SB |
237 | |
238 | # Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01 | |
a19a8683 | 239 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')" |
9e786a3a | 240 | if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then |
2b8a668d | 241 | exp=" 00 00 00 00 00 00 7f ff" |
1d92a4df | 242 | else |
2b8a668d | 243 | exp=" 00 00 00 00 00 00 6f ff" |
1d92a4df | 244 | fi |
9ddc6998 SB |
245 | if [ "$res" != "$exp" ]; then |
246 | echo "Error: Socket TPM: Unexpected response from CMD_GET_CAPABILITY:" | |
247 | echo " actual : $res" | |
248 | echo " expected: $exp" | |
249 | exit 1 | |
250 | fi | |
251 | ||
9ddc6998 | 252 | # Send unknown command to the TPM |
a19a8683 | 253 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')" |
9ddc6998 SB |
254 | exp=" 00 00 00 0a" |
255 | if [ "$res" != "$exp" ]; then | |
256 | echo "Error: Socket TPM: Unexpected response from sending unsupported command:" | |
257 | echo " actual : $res" | |
258 | echo " expected: $exp" | |
259 | exit 1 | |
260 | fi | |
261 | ||
695274e0 | 262 | # Startup the TPM; we use --flags startup-clear, so expect this to fail with error 0x26 (INVALID POST INIT) |
a19a8683 | 263 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')" |
695274e0 | 264 | exp=' 00 c4 00 00 00 0a 00 00 00 26' |
a19a8683 | 265 | if [ "$res" != "$exp" ]; then |
f56a0cd2 SB |
266 | echo "Error: Did not get expected result from TPM_Startup(ST_Clear)" |
267 | echo "expected: $exp" | |
a19a8683 | 268 | echo "received: $res" |
f56a0cd2 SB |
269 | exit 1 |
270 | fi | |
271 | ||
03e00991 | 272 | # Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a |
a19a8683 | 273 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')" |
03e00991 SB |
274 | exp=" 00 00 00 00" |
275 | if [ "$res" != "$exp" ]; then | |
276 | echo "Error: Socket TPM: Unexpected response from CMD_STORE_VOLATILE:" | |
277 | echo " actual : $res" | |
278 | echo " expected: $exp" | |
279 | exit 1 | |
280 | fi | |
281 | ||
282 | if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then | |
283 | echo "Error: Socket TPM: Did not write volatile state file" | |
284 | exit 1 | |
285 | fi | |
286 | ||
f56a0cd2 | 287 | # 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04 |
a19a8683 | 288 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')" |
f56a0cd2 SB |
289 | exp=" 00 00 00 00 00 00 00 00" |
290 | if [ "$res" != "$exp" ]; then | |
291 | echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:" | |
292 | echo " actual : $res" | |
293 | echo " expected: $exp" | |
294 | exit 1 | |
295 | fi | |
296 | ||
297 | # 2. Send command to start HASH : CMD_HASH_START = 00 00 00 06 | |
a19a8683 | 298 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x06')" |
f56a0cd2 SB |
299 | exp=" 00 00 00 00" |
300 | if [ "$res" != "$exp" ]; then | |
301 | echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_START command:" | |
302 | echo " actual : $res" | |
303 | echo " expected: $exp" | |
304 | exit 1 | |
305 | fi | |
306 | ||
03e00991 SB |
307 | # 2.1. Send command to hash data : CMD_HASH_DATA = 00 00 00 07 uint32(length) data |
308 | # We send 0x100 null bytes | |
309 | echo -en '\x00\x00\x00\x07\x00\x00\x20\x00' > $CMD_PATH | |
310 | dd if=/dev/zero count=$((0x2000)) bs=1 >> $CMD_PATH 2>/dev/null | |
a19a8683 | 311 | socat -x -t10 FILE:$CMD_PATH,rdonly UNIX-CONNECT:$SWTPM_CTRL_UNIX_PATH 2>&1 | \ |
03e00991 SB |
312 | sed -n '/^ /p' | \ |
313 | tail -n1 > $RESP_PATH | |
314 | res="$(cat $RESP_PATH)" | |
315 | exp=" 00 00 00 00" | |
316 | if [ "$res" != "$exp" ]; then | |
317 | echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_DATA command:" | |
318 | echo " actual : $res" | |
319 | echo " expected: $exp" | |
320 | exit 1 | |
321 | fi | |
322 | ||
f56a0cd2 | 323 | # 3. Send command to end HASH : CMD_HASH_END = 00 00 00 08 |
a19a8683 | 324 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x08')" |
f56a0cd2 SB |
325 | exp=" 00 00 00 00" |
326 | if [ "$res" != "$exp" ]; then | |
327 | echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_END command:" | |
328 | echo " actual : $res" | |
329 | echo " expected: $exp" | |
330 | exit 1 | |
331 | fi | |
332 | ||
333 | # 4. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04 | |
a19a8683 | 334 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')" |
f56a0cd2 SB |
335 | exp=" 00 00 00 00 01 00 00 00" |
336 | if [ "$res" != "$exp" ]; then | |
337 | echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:" | |
338 | echo " actual : $res" | |
339 | echo " expected: $exp" | |
340 | exit 1 | |
341 | fi | |
342 | ||
343 | # 5. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03 | |
a19a8683 | 344 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0b\x03')" |
3488d25f SB |
345 | exp=" 00 00 00 00" |
346 | if [ "$res" != "$exp" ]; then | |
347 | echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:" | |
348 | echo " actual : $res" | |
349 | echo " expected: $exp" | |
350 | exit 1 | |
351 | fi | |
f56a0cd2 SB |
352 | |
353 | # 6. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04 | |
a19a8683 | 354 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')" |
3488d25f SB |
355 | exp=" 00 00 00 00 00 00 00 00" |
356 | if [ "$res" != "$exp" ]; then | |
357 | echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:" | |
358 | echo " actual : $res" | |
359 | echo " expected: $exp" | |
360 | exit 1 | |
361 | fi | |
f56a0cd2 SB |
362 | |
363 | # Read PCR 17 | |
a19a8683 SB |
364 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 |
365 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')" | |
03e00991 | 366 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff' |
a19a8683 | 367 | if [ "$res" != "$exp" ]; then |
f56a0cd2 SB |
368 | echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" |
369 | echo "expected: $exp" | |
a19a8683 | 370 | echo "received: $res" |
f56a0cd2 SB |
371 | exit 1 |
372 | fi | |
373 | ||
aeee2dc8 | 374 | # Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c |
a19a8683 SB |
375 | # cmd | flags | type | offset | |
376 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')" | |
8f387d55 | 377 | # result | flags | totlength | length | |
27bf9db6 | 378 | exp=" 00 00 00 00 00 00 00 00 00 00 04 e5 00 00 04 e5" |
8f387d55 | 379 | if [ "${res:0:48}" != "$exp" ]; then |
aeee2dc8 | 380 | echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:" |
8f387d55 SB |
381 | echo " actual : $res" |
382 | echo " expected: $exp" | |
383 | exit 1 | |
384 | fi | |
f56a0cd2 | 385 | |
8f387d55 | 386 | # Send stop command to the TPM: CMD_STOP = 00 00 00 0e |
a19a8683 | 387 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')" |
f56a0cd2 SB |
388 | exp=" 00 00 00 00" |
389 | if [ "$res" != "$exp" ]; then | |
390 | echo "Error: Socket TPM: Unexpected response from CMD_STOP:" | |
391 | echo " actual : $res" | |
392 | echo " expected: $exp" | |
393 | exit 1 | |
394 | fi | |
395 | ||
396 | # Read PCR 17 -- should fail now | |
a19a8683 SB |
397 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 |
398 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')" | |
f56a0cd2 | 399 | exp=' 00 c4 00 00 00 0a 00 00 00 09' |
a19a8683 | 400 | if [ "$res" != "$exp" ]; then |
f56a0cd2 SB |
401 | echo "Error: (1) Did not get expected result from TPM_PCRRead(17)" |
402 | echo "expected: $exp" | |
a19a8683 | 403 | echo "received: $res" |
f56a0cd2 SB |
404 | exit 1 |
405 | fi | |
406 | ||
8f387d55 | 407 | # Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f |
a19a8683 | 408 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')" |
f56a0cd2 SB |
409 | exp=" 00 00 00 00 00 00 00 00" |
410 | if [ "$res" != "$exp" ]; then | |
411 | echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:" | |
412 | echo " actual : $res" | |
413 | echo " expected: $exp" | |
414 | exit 1 | |
415 | fi | |
416 | ||
6a2dd35b | 417 | # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03 |
a19a8683 | 418 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')" |
6a2dd35b SB |
419 | exp=" 00 00 00 00" |
420 | if [ "$res" != "$exp" ]; then | |
421 | echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:" | |
422 | echo " actual : $res" | |
423 | echo " expected: $exp" | |
424 | exit 1 | |
425 | fi | |
426 | ||
ead37845 SB |
427 | if wait_file_gone $PID_FILE 2; then |
428 | echo "Error: TPM should have removed PID file by now." | |
6a2dd35b SB |
429 | exit 1 |
430 | fi | |
431 | ||
45d2d092 | 432 | if wait_process_gone ${PID} 4; then |
ead37845 | 433 | echo "Error: Socket TPM should not be running anymore." |
6a2dd35b SB |
434 | exit 1 |
435 | fi | |
436 | ||
89d85f9a SB |
437 | # Expecting to see an error message for the unknown command |
438 | check_logfile_patterns_level_1 $LOG_FILE 1 | |
439 | rm -f $LOG_FILE | |
440 | ||
6a2dd35b SB |
441 | echo "OK" |
442 | ||
6a2dd35b SB |
443 | # Test 3: test the control channel on the socket tpm: resume encrypted state |
444 | ||
445 | # copy all the state files | |
313cf75c | 446 | cp ${TESTDIR}/data/tpmstate2/* ${TPMDIR} |
6a2dd35b | 447 | |
a19a8683 | 448 | run_swtpm ${SWTPM_INTERFACE} \ |
6a2dd35b SB |
449 | --tpmstate dir=$TPMDIR \ |
450 | --pid file=$PID_FILE \ | |
a39f098f | 451 | --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \ |
63ab6c3c | 452 | --log file=$LOG_FILE,level=20 \ |
a19a8683 | 453 | --flags not-need-init |
01ad1d03 | 454 | PID=$SWTPM_PID |
6a2dd35b | 455 | |
70f3e248 | 456 | if wait_for_file $PID_FILE 3; then |
6a2dd35b SB |
457 | echo "Error: Socket TPM did not write pidfile." |
458 | exit 1 | |
459 | fi | |
460 | ||
01ad1d03 | 461 | validate_pidfile $PID $PID_FILE |
6a2dd35b | 462 | |
6a2dd35b | 463 | # Read PCR 10 |
a19a8683 SB |
464 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 |
465 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')" | |
6a2dd35b | 466 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' |
a19a8683 | 467 | if [ "$res" != "$exp" ]; then |
6a2dd35b SB |
468 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" |
469 | echo "expected: $exp" | |
a19a8683 | 470 | echo "received: $res" |
6a2dd35b SB |
471 | exit 1 |
472 | fi | |
473 | ||
aeee2dc8 | 474 | # Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c |
a19a8683 SB |
475 | # cmd | flags | type | offset | |
476 | vstate="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')" | |
6a2dd35b | 477 | # result | flags | totlength | length | |
638bd3ba | 478 | exp=" 00 00 00 00 00 00 00 02 00 00 05 22 00 00 05 22" |
6a2dd35b | 479 | if [ "${vstate:0:48}" != "$exp" ]; then |
aeee2dc8 | 480 | echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:" |
6a2dd35b SB |
481 | echo " actual : ${vstate:0:48}" |
482 | echo " expected: $exp" | |
483 | exit 1 | |
484 | fi | |
485 | ||
486 | # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03 | |
a19a8683 | 487 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')" |
6a2dd35b SB |
488 | exp=" 00 00 00 00" |
489 | if [ "$res" != "$exp" ]; then | |
490 | echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:" | |
491 | echo " actual : $res" | |
492 | echo " expected: $exp" | |
493 | exit 1 | |
494 | fi | |
495 | ||
ead37845 SB |
496 | if wait_file_gone $PID_FILE 2; then |
497 | echo "Error: TPM should have removed PID file by now." | |
6a2dd35b SB |
498 | exit 1 |
499 | fi | |
500 | ||
45d2d092 | 501 | if wait_process_gone ${PID} 4; then |
ead37845 | 502 | echo "Error: Socket TPM should not be running anymore." |
6a2dd35b SB |
503 | exit 1 |
504 | fi | |
505 | ||
89d85f9a SB |
506 | check_logfile_patterns_level_20 $LOG_FILE |
507 | rm -f $LOG_FILE | |
508 | ||
509 | echo "OK" | |
6a2dd35b SB |
510 | |
511 | # remove volatile state | |
512 | rm -f $TPMDIR/*.volatilestate | |
513 | ||
a19a8683 | 514 | run_swtpm ${SWTPM_INTERFACE} \ |
6a2dd35b SB |
515 | --tpmstate dir=$TPMDIR \ |
516 | --pid file=$PID_FILE \ | |
a39f098f | 517 | --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \ |
63ab6c3c | 518 | --log file=$LOG_FILE \ |
a19a8683 | 519 | --flags not-need-init |
01ad1d03 | 520 | PID=$SWTPM_PID |
6a2dd35b | 521 | |
70f3e248 | 522 | if wait_for_file $PID_FILE 3; then |
6a2dd35b SB |
523 | echo "Error: Socket TPM did not write pidfile." |
524 | exit 1 | |
525 | fi | |
526 | ||
01ad1d03 | 527 | validate_pidfile $PID $PID_FILE |
6a2dd35b | 528 | |
6a2dd35b | 529 | # Read PCR 10 -- this should fail now |
a19a8683 SB |
530 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 |
531 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')" | |
6a2dd35b | 532 | exp=' 00 c4 00 00 00 0a 00 00 00 26' |
a19a8683 | 533 | if [ "$res" != "$exp" ]; then |
6a2dd35b SB |
534 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" |
535 | echo "expected: $exp" | |
a19a8683 | 536 | echo "received: $res" |
6a2dd35b SB |
537 | exit 1 |
538 | fi | |
539 | ||
6a2dd35b | 540 | # Send stop command to the TPM: CMD_STOP = 00 00 00 0e |
a19a8683 | 541 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')" |
6a2dd35b SB |
542 | exp=" 00 00 00 00" |
543 | if [ "$res" != "$exp" ]; then | |
544 | echo "Error: Socket TPM: Unexpected response from CMD_STOP:" | |
545 | echo " actual : $res" | |
546 | echo " expected: $exp" | |
547 | exit 1 | |
548 | fi | |
549 | ||
550 | # Send the volatile state to the TPM (while it is stopped) | |
551 | # | cmd | flags | type | | |
6a2dd35b SB |
552 | vstate=${vstate:48} |
553 | size=$((${#vstate} / 3)) | |
554 | size=$(printf "%08x" $size | sed 's/\([0-9a-f]\{2\}\)/\\x\1/g') | |
6a2dd35b | 555 | vstate=$(echo "${vstate}" | sed 's/ /\\x/g') |
a19a8683 | 556 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} "\x00\x00\x00\x0d\x00\x00\x00\x02\x00\x00\x00\x02${size}${vstate}")" |
6a2dd35b SB |
557 | exp=" 00 00 00 00" |
558 | if [ "$res" != "$exp" ]; then | |
aeee2dc8 | 559 | echo "Error: Socket TPM: Unexpected response from CMD_SET_STATEBLOB:" |
6a2dd35b SB |
560 | echo " actual : $res" |
561 | echo " expected: $exp" | |
562 | exit 1 | |
563 | fi | |
564 | ||
565 | # Send init command to the TPM: CMD_INIT = 00 00 00 02 | |
a19a8683 | 566 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')" |
6a2dd35b SB |
567 | exp=" 00 00 00 00" |
568 | if [ "$res" != "$exp" ]; then | |
569 | echo "Error: Socket TPM: Unexpected response from CMD_INIT:" | |
570 | echo " actual : $res" | |
571 | echo " expected: $exp" | |
572 | exit 1 | |
573 | fi | |
574 | ||
6a2dd35b | 575 | # Read PCR 10 -- has to return same result as before |
a19a8683 SB |
576 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 |
577 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')" | |
6a2dd35b | 578 | exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5' |
a19a8683 | 579 | if [ "$res" != "$exp" ]; then |
6a2dd35b SB |
580 | echo "Error: (1) Did not get expected result from TPM_PCRRead(10)" |
581 | echo "expected: $exp" | |
a19a8683 | 582 | echo "received: $res" |
6a2dd35b SB |
583 | exit 1 |
584 | fi | |
585 | ||
492a635e | 586 | # Reset PCR 20 while in locality 0 -- should not work |
a19a8683 SB |
587 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 |
588 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')" | |
492a635e | 589 | exp=' 00 c4 00 00 00 0a 00 00 00 33' |
a19a8683 | 590 | if [ "$res" != "$exp" ]; then |
492a635e SB |
591 | echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result" |
592 | echo "expected: $exp" | |
a19a8683 | 593 | echo "received: $res" |
492a635e SB |
594 | exit 1 |
595 | fi | |
596 | ||
597 | # In locality 2 we can reset PCR 20 | |
598 | # Set the localoty on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality> | |
a19a8683 | 599 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x05\x02')" |
492a635e SB |
600 | exp=" 00 00 00 00" |
601 | if [ "$res" != "$exp" ]; then | |
602 | echo "Error: Socket TPM: Unexpected response from CMD_SET_LOCALITY:" | |
603 | echo " actual : $res" | |
604 | echo " expected: $exp" | |
605 | exit 1 | |
606 | fi | |
607 | ||
608 | # Reset PCR 20 while in locality 2 -- has to work | |
a19a8683 SB |
609 | swtpm_open_cmddev ${SWTPM_INTERFACE} 100 |
610 | res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')" | |
492a635e | 611 | exp=' 00 c4 00 00 00 0a 00 00 00 00' |
a19a8683 | 612 | if [ "$res" != "$exp" ]; then |
492a635e SB |
613 | echo "Error: Could not reset PCR 20 in locality 2" |
614 | echo "expected: $exp" | |
a19a8683 | 615 | echo "received: $res" |
492a635e SB |
616 | exit 1 |
617 | fi | |
618 | ||
9ddc6998 | 619 | # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03 |
a19a8683 | 620 | res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')" |
9ddc6998 SB |
621 | exp=" 00 00 00 00" |
622 | if [ "$res" != "$exp" ]; then | |
623 | echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:" | |
624 | echo " actual : $res" | |
625 | echo " expected: $exp" | |
626 | exit 1 | |
627 | fi | |
628 | ||
ead37845 SB |
629 | if wait_file_gone $PID_FILE 2; then |
630 | echo "Error: TPM should have removed PID file by now." | |
9ddc6998 SB |
631 | exit 1 |
632 | fi | |
633 | ||
45d2d092 | 634 | if wait_process_gone ${PID} 4; then |
ead37845 | 635 | echo "Error: Socket TPM should not be running anymore." |
9ddc6998 SB |
636 | exit 1 |
637 | fi | |
638 | ||
89d85f9a SB |
639 | # (Currently) expecting to see nothing in the log file |
640 | check_logfile_patterns_level_1 $LOG_FILE 0 | |
641 | rm -f $LOG_FILE | |
642 | ||
9ddc6998 SB |
643 | echo "OK" |
644 | ||
6852f6c8 | 645 | exit 0 |