3 # For the license, see the LICENSE file in the root directory.
6 ROOT
=${abs_top_builddir:-$(pwd)/..}
7 TESTDIR
=${abs_top_testdir:-$(dirname "$0")}
9 VTPM_NAME
="${VTPM_NAME:-vtpm-test-migration-key}"
10 SWTPM_DEV_NAME
="/dev/${VTPM_NAME}"
11 MIGRATION_PASSWORD
="migration"
12 VOLATILESTATE
=${TESTDIR}/data
/migkey
1/volatilestate.bin
14 tpmstatedir
="$(mktemp -d)"
15 if [ -z "$tpmstatedir" ]; then
16 echo "Could not create temporary directory."
20 migpwdfile
="$(mktemp)"
21 if [ -z "$migpwdfile" ]; then
22 echo "Could not create temporary file."
25 echo -n "$MIGRATION_PASSWORD" > $migpwdfile
27 volatilestatefile
="$(mktemp)"
28 if [ -z "$volatilestatefile" ]; then
29 echo "Could not create temporary file."
33 SWTPM_CMD_UNIX_PATH
=${tpmstatedir}/unix-cmd.sock
34 SWTPM_CTRL_UNIX_PATH
=${tpmstatedir}/unix-ctrl.sock
35 SWTPM_INTERFACE
=${SWTPM_INTERFACE:-cuse}
40 if [ -n "$pid" ]; then
43 rm -rf $migpwdfile $volatilestatefile $tpmstatedir
48 [ "${SWTPM_INTERFACE}" == cuse
] && source ${TESTDIR}/test_cuse
49 source ${TESTDIR}/common
51 # make a backup of the volatile state
52 export TPM_PATH
=$tpmstatedir
53 cp ${TESTDIR}/data
/tpmstate
1/* $TPM_PATH
55 run_swtpm
${SWTPM_INTERFACE} \
56 --migration-key pwdfile
=$migpwdfile,remove
=false
,kdf
=sha512
58 display_processes_by_name
"$SWTPM"
60 kill_quiet
-0 ${SWTPM_PID}
62 echo "Error: ${SWTPM_INTERFACE} TPM did not start."
67 run_swtpm_ioctl
${SWTPM_INTERFACE} -i
69 echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed."
73 kill_quiet
-0 ${SWTPM_PID} 2>/dev
/null
75 echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
80 RES
=$
(swtpm_cmd_tx
${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
81 exp
=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
82 if [ "$RES" != "$exp" ]; then
83 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
89 # Assert physical presence
90 RES
=$
(swtpm_cmd_tx
${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20')
91 exp
=' 00 c4 00 00 00 0a 00 00 00 00'
92 if [ "$RES" != "$exp" ]; then
93 echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)"
99 # Create a big NVRAM Area with 4000 bytes (0xfa0)
100 tmp
='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01'
101 tmp
+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
102 tmp
+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01'
103 tmp
+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
104 tmp
+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f'
105 tmp
+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
106 tmp
+='\x00\x00\x00\x00\x00'
107 RES
=$
(swtpm_cmd_tx
${SWTPM_INTERFACE} $tmp)
108 exp
=' 00 c4 00 00 00 0a 00 00 00 00'
109 if [ "$RES" != "$exp" ]; then
110 echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()"
111 echo "expected: $exp"
112 echo "received: $RES"
116 # Save the volatile state into a file
117 run_swtpm_ioctl
${SWTPM_INTERFACE} --save volatile
$volatilestatefile
118 if [ $?
-ne 0 ]; then
119 echo "Error: Could not save the volatile state to ${volatilestatefile}."
122 if [ ! -r $volatilestatefile ]; then
123 echo "Error: Volatile state file $volatilestatefile does not exist."
127 #ls -l $volatilestatefile
128 size
=$
(get_filesize
$volatilestatefile)
130 if [ $size -ne $expsize ]; then
131 echo "Error: Unexpected size of volatile state file."
132 echo " Expected file with size of $expsize, found $size bytes."
136 tmp
=$
(run_swtpm_ioctl
${SWTPM_INTERFACE} -g | cut
-d":" -f2)
137 if [ $?
-ne 0 ]; then
138 echo "Error: Could not get the configration flags of the ${SWTPM_INTERFACE} TPM."
142 if [ "$tmp" != " 0x2" ]; then
143 echo "Error: Unexpected configuration flags: $tmp; expected 0x2."
149 run_swtpm_ioctl
${SWTPM_INTERFACE} -s
153 # Start the vTPM again and load the encrypted volatile state into it
154 run_swtpm
${SWTPM_INTERFACE} \
155 --migration-key pwdfile
=$migpwdfile,remove
=false
,kdf
=sha512
157 display_processes_by_name
"$SWTPM"
159 kill_quiet
-0 ${SWTPM_PID}
160 if [ $?
-ne 0 ]; then
161 echo "Error: ${SWTPM_INTERFACE} TPM did not start."
165 # Do NOT init the TPM now; first load volatile state
167 # load the encrypted volatile state into it
168 run_swtpm_ioctl
${SWTPM_INTERFACE} --load volatile
$volatilestatefile
169 if [ $?
-ne 0 ]; then
170 echo "Error: Could not load encrypted volatile state into TPM."
175 run_swtpm_ioctl
${SWTPM_INTERFACE} -i
176 if [ $?
-ne 0 ]; then
177 echo "Error: Initializing the ${SWTPM_INTERFACE} TPM failed."
182 RES
=$
(swtpm_cmd_tx
${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
183 exp
=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
184 if [ "$RES" != "$exp" ]; then
185 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
186 echo "expected: $exp"
187 echo "received: $RES"
193 run_swtpm_ioctl
${SWTPM_INTERFACE} -s
194 if [ $?
-ne 0 ]; then
195 echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
202 # Start the vTPM again and load the encrypted volatile state into it
203 # This time we make this fail since we don't provide the migration key
204 run_swtpm
${SWTPM_INTERFACE}
206 display_processes_by_name
"$SWTPM"
208 kill_quiet
-0 ${SWTPM_PID}
209 if [ $?
-ne 0 ]; then
210 echo "Error: ${SWTPM_INTERFACE} TPM did not start."
214 # Do NOT init the TPM now; first load volatile state
216 # load the encrypted volatile state into it
217 # This will not work; the TPM writes the data into the volatile state file
219 ERR
=$
(run_swtpm_ioctl
${SWTPM_INTERFACE} --load volatile
$volatilestatefile 2>&1)
220 if [ $?
-eq 0 ]; then
221 echo "Error: Could load encrypted volatile state into TPM."
224 exp
="TPM result from PTM_SET_STATEBLOB: 0xd"
225 if [ "$ERR" != "$exp" ]; then
226 echo "Error: Unexpected error message"
227 echo "Received: $ERR"
228 echo "Expected: $exp"
232 run_swtpm_ioctl
${SWTPM_INTERFACE} -s
233 if [ $?
-ne 0 ]; then
234 echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
240 # In this test we now feed it an encrypted volatile state
242 # Start the vTPM again and load the encrypted volatile state into it
243 run_swtpm
${SWTPM_INTERFACE} \
244 --migration-key pwdfile
=$migpwdfile,remove
=true
,kdf
=sha512
246 display_processes_by_name
"$SWTPM"
248 kill_quiet
-0 ${SWTPM_PID}
249 if [ $?
-ne 0 ]; then
250 echo "Error: ${SWTPM_INTERFACE} TPM did not start."
254 # load the encrypted volatile state into it
255 run_swtpm_ioctl
${SWTPM_INTERFACE} --load volatile
$VOLATILESTATE
256 if [ $?
-ne 0 ]; then
257 echo "Error: Could not load encrypted volatile state into TPM."
261 # Now init the TPM; this must work
262 run_swtpm_ioctl
${SWTPM_INTERFACE} -i
263 if [ $?
-ne 0 ]; then
264 echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM."
269 RES
=$
(swtpm_cmd_tx
${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')
270 exp
=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
271 if [ "$RES" != "$exp" ]; then
272 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
273 echo "expected: $exp"
274 echo "received: $RES"
280 run_swtpm_ioctl
${SWTPM_INTERFACE} -s
281 if [ $?
-ne 0 ]; then
282 echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."