tests/_test_save_load_state

   1 #!/bin/bash
   2
   3 # For the license, see the LICENSE file in the root directory.
   4 #set -x
   5
   6 ROOT=${abs_top_builddir:-$(pwd)/..}
   7 TESTDIR=${abs_top_testdir:-$(dirname "$0")}
   8
   9 VTPM_NAME="${VTPM_NAME:-vtpm-test-save-load-state}"
  10 SWTPM_DEV_NAME="/dev/${VTPM_NAME}"
  11 export TPM_PATH="$(mktemp -d)" || exit 1
  12 STATE_FILE=$TPM_PATH/tpm-00.permall
  13 VOLATILE_STATE_FILE=$TPM_PATH/tpm-00.volatilestate
  14 MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate
  15 MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent
  16 MY_SAVESTATE_STATE_FILE=$TPM_PATH/my.savestate
  17 SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock
  18 SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock
  19 SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse}
  20 LINEAR_STATE_FILE=$TPM_PATH/linear-state
  21 BACKEND_PARAM=""
  22
  23 if [ ${SWTPM_TEST_LINEAR_FILE:-0} -ne 0 ]; then
  24         BACKEND_PARAM="--tpmstate backend-uri=file://$LINEAR_STATE_FILE"
  25 fi
  26
  27 logfile="$(mktemp)" || exit 1
  28
  29 function cleanup()
  30 {
  31         pid=${SWTPM_PID}
  32         if [ -n "$pid" ]; then
  33                 kill_quiet -9 $pid
  34         fi
  35         rm -f $logfile
  36         rm -rf $TPM_PATH
  37 }
  38
  39 trap "cleanup" EXIT
  40
  41 [ "${SWTPM_INTERFACE}" == cuse ] && source ${TESTDIR}/test_cuse
  42 source ${TESTDIR}/common
  43
  44 rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null
  45
  46 run_swtpm ${SWTPM_INTERFACE} \
  47         ${BACKEND_PARAM} \
  48         --log file=$logfile
  49
  50 display_processes_by_name "$SWTPM"
  51
  52 kill_quiet -0 ${SWTPM_PID}
  53 if [ $? -ne 0 ]; then
  54         echo "Error: ${SWTPM_INTERFACE} TPM did not start."
  55         echo "TPM Logfile:"
  56         cat $logfile
  57         exit 1
  58 fi
  59
  60 # Init the TPM
  61 run_swtpm_ioctl ${SWTPM_INTERFACE} -i
  62 if [ $? -ne 0 ]; then
  63         echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM."
  64         echo "TPM Logfile:"
  65         cat $logfile
  66         exit 1
  67 fi
  68
  69 kill_quiet -0 ${SWTPM_PID} 2>/dev/null
  70 if [ $? -ne 0 ]; then
  71         echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
  72         echo "TPM Logfile:"
  73         cat $logfile
  74         exit 1
  75 fi
  76
  77 # Startup the TPM
  78 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')
  79 exp=' 00 c4 00 00 00 0a 00 00 00 00'
  80 if [ "$RES" != "$exp" ]; then
  81         echo "Error: Did not get expected result from TPM_Startup(ST_Clear)"
  82         echo "expected: $exp"
  83         echo "received: $RES"
  84         exit 1
  85 fi
  86
  87 run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234
  88 if [ $? -ne 0 ]; then
  89         echo "Error: Hash command did not work."
  90         echo "TPM Logfile:"
  91         cat $logfile
  92         exit 1
  93 fi
  94
  95 # Read PCR 17
  96 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')
  97 exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5'
  98 if [ "$RES" != "$exp" ]; then
  99         echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
 100         echo "expected: $exp"
 101         echo "received: $RES"
 102         exit 1
 103 fi
 104
 105 # Assert physical presence
 106 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x40\x00\x00\x0A\x00\x20')
 107 exp=' 00 c4 00 00 00 0a 00 00 00 00'
 108 if [ "$RES" != "$exp" ]; then
 109         echo "Error: (1) Did not get expected result from TSC_PhysicalPresence(ENABLE)"
 110         echo "expected: $exp"
 111         echo "received: $RES"
 112         exit 1
 113 fi
 114
 115 # Create a big NVRAM Area with 4000 bytes (0xfa0)
 116 tmp='\x00\xC1\x00\x00\x00\x65\x00\x00\x00\xcc\x00\x18\x00\x00\x00\x01'
 117 tmp+='\x00\x03\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
 118 tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01'
 119 tmp+='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
 120 tmp+='\x00\x00\x00\x00\x00\x17\x00\x01\x00\x01\x00\x00\x00\x00\x00\x0f'
 121 tmp+='\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
 122 tmp+='\x00\x00\x00\x00\x00'
 123 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} $tmp)
 124 exp=' 00 c4 00 00 00 0a 00 00 00 00'
 125 if [ "$RES" != "$exp" ]; then
 126         echo "Error: (1) Did not get expected result from TPM_NVDefineSpace()"
 127         echo "expected: $exp"
 128         echo "received: $RES"
 129         exit 1
 130 fi
 131
 132 # Send SaveState command
 133 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0a\x00\x00\x00\x98')
 134 exp=' 00 c4 00 00 00 0a 00 00 00 00'
 135 if [ "$RES" != "$exp" ]; then
 136         echo "Error: (1) Did not get expected result from TPM_SaveState()"
 137         echo "expected: $exp"
 138         echo "received: $RES"
 139         exit 1
 140 fi
 141
 142 run_swtpm_ioctl ${SWTPM_INTERFACE} --save permanent $MY_PERMANENT_STATE_FILE
 143 if [ $? -ne 0 ]; then
 144         echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE."
 145         echo "TPM Logfile:"
 146         cat $logfile
 147         exit 1
 148 fi
 149 if [ ! -r $MY_PERMANENT_STATE_FILE ]; then
 150         echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist."
 151         echo "TPM Logfile:"
 152         cat $logfile
 153         exit 1
 154 fi
 155 echo "Saved permanent state."
 156
 157 run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $MY_VOLATILE_STATE_FILE
 158 if [ $? -ne 0 ]; then
 159         echo "Error: Could not write volatile state file $MY_VOLATILE_STATE_FILE."
 160         echo "TPM Logfile:"
 161         cat $logfile
 162         exit 1
 163 fi
 164 if [ ! -r $MY_VOLATILE_STATE_FILE ]; then
 165         echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist."
 166         echo "TPM Logfile:"
 167         cat $logfile
 168         exit 1
 169 fi
 170 echo "Saved volatile state."
 171
 172 run_swtpm_ioctl ${SWTPM_INTERFACE} --save savestate $MY_SAVESTATE_STATE_FILE
 173 if [ $? -ne 0 ]; then
 174         echo "Error: Could not write savestate state file $MY_SAVESTATE_STATE_FILE."
 175         echo "TPM Logfile:"
 176         cat $logfile
 177         exit 1
 178 fi
 179 if [ ! -r $MY_SAVESTATE_STATE_FILE ]; then
 180         echo "Error: Savestate state file $MY_SAVESTATE_STATE_FILE does not exist."
 181         echo "TPM Logfile:"
 182         cat $logfile
 183         exit 1
 184 fi
 185 echo "Saved savestate state."
 186
 187 #ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
 188 #sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*
 189
 190 # we will use our own volatile state
 191 rm -f $VOLATILE_STATE_FILE $STATE_FILE
 192
 193 # Stop the TPM; this will not shut it down
 194 exec 100>&-
 195 run_swtpm_ioctl ${SWTPM_INTERFACE} --stop
 196 if [ $? -ne 0 ]; then
 197         echo "Error: Could not stop the ${SWTPM_INTERFACE} TPM."
 198         echo "TPM Logfile:"
 199         cat $logfile
 200         exit 1
 201 fi
 202
 203 kill_quiet -0 ${SWTPM_PID}
 204 if [ $? -ne 0 ]; then
 205         echo "Error (2): ${SWTPM_INTERFACE} TPM is not running anymore."
 206         echo "TPM Logfile:"
 207         cat $logfile
 208         exit 1
 209 fi
 210
 211 # load state into the TPM
 212 run_swtpm_ioctl ${SWTPM_INTERFACE} --load permanent $MY_PERMANENT_STATE_FILE
 213 if [ $? -ne 0 ]; then
 214         echo "Could not load permanent state into vTPM"
 215         echo "TPM Logfile:"
 216         cat $logfile
 217         exit 1
 218 fi
 219 echo "Loaded permanent state."
 220
 221 run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $MY_VOLATILE_STATE_FILE
 222 if [ $? -ne 0 ]; then
 223         echo "Could not load volatile state into vTPM"
 224         echo "TPM Logfile:"
 225         cat $logfile
 226         exit 1
 227 fi
 228 echo "Loaded volatile state."
 229
 230 run_swtpm_ioctl ${SWTPM_INTERFACE} --load savestate $MY_SAVESTATE_STATE_FILE
 231 if [ $? -ne 0 ]; then
 232         echo "Could not load savestate state into vTPM"
 233         echo "TPM Logfile:"
 234         cat $logfile
 235         exit 1
 236 fi
 237 echo "Loaded savestate state."
 238
 239 #ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
 240 #sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*
 241
 242 # Init the TPM
 243 run_swtpm_ioctl ${SWTPM_INTERFACE} -i
 244 if [ $? -ne 0 ]; then
 245         echo "TPM Init failed."
 246         echo "TPM Logfile:"
 247         cat $logfile
 248         exit 1
 249 fi
 250
 251 # Volatile state must have been removed by TPM now
 252 if [ -r $VOLATILE_STATE_FILE ]; then
 253         echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
 254         echo "TPM Logfile:"
 255         cat $logfile
 256         exit 1
 257 fi
 258
 259 # Read the PCR again ...
 260 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')
 261 exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5'
 262 if [ "$RES" != "$exp" ]; then
 263         echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
 264         echo "expected: $exp"
 265         echo "received: $RES"
 266         exit 1
 267 fi
 268
 269 # Save the volatile state again
 270 run_swtpm_ioctl ${SWTPM_INTERFACE} -v
 271 if [ $? -ne 0 ]; then
 272         echo "Error: Could not have the ${SWTPM_INTERFACE} TPM store the volatile state to a file."
 273         echo "TPM Logfile:"
 274         cat $logfile
 275         exit 1
 276 fi
 277
 278 if [ ${SWTPM_TEST_LINEAR_FILE:-0} -eq 0 ] && [ ! -r $VOLATILE_STATE_FILE ]; then
 279         echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist."
 280         echo "TPM Logfile:"
 281         cat $logfile
 282         exit 1
 283 fi
 284
 285 # Send a new TPM_Init
 286 run_swtpm_ioctl ${SWTPM_INTERFACE} -i
 287 if [ $? -ne 0 ]; then
 288         echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM."
 289         echo "TPM Logfile:"
 290         cat $logfile
 291         exit 1
 292 fi
 293
 294 # Volatile state must have been removed by TPM now
 295 if [ -r $VOLATILE_STATE_FILE ]; then
 296         echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
 297         echo "TPM Logfile:"
 298         cat $logfile
 299         exit 1
 300 fi
 301
 302 # Read the PCR again ...
 303 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')
 304 exp=' 00 c4 00 00 00 1e 00 00 00 00 97 e9 76 e4 f2 2c d6 d2 4a fd 21 20 85 ad 7a 86 64 7f 2a e5'
 305 if [ "$RES" != "$exp" ]; then
 306         echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
 307         echo "expected: $exp"
 308         echo "received: $RES"
 309         exit 1
 310 fi
 311
 312 # Final shut down
 313 exec 100>&-
 314 run_swtpm_ioctl ${SWTPM_INTERFACE} -s
 315 if [ $? -ne 0 ]; then
 316         echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
 317         echo "TPM Logfile:"
 318         cat $logfile
 319         exit 1
 320 fi
 321
 322 if wait_process_gone ${SWTPM_PID} 4; then
 323         echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
 324         echo "TPM Logfile:"
 325         cat $logfile
 326         exit 1
 327 fi
 328
 329 if [ ${SWTPM_TEST_LINEAR_FILE:-0} -ne 0 ]; then
 330         if [ ! -e $LINEAR_STATE_FILE ]; then
 331                 echo "Error: TPM state file $LINEAR_STATE_FILE does not exist."
 332                 echo "TPM Logfile:"
 333                 cat $logfile
 334                 exit 1
 335         fi
 336 else
 337         if [ ! -e $STATE_FILE ]; then
 338                 echo "Error: TPM state file $STATE_FILE does not exist."
 339                 echo "TPM Logfile:"
 340                 cat $logfile
 341                 exit 1
 342         fi
 343 fi
 344
 345 echo "OK"
 346
 347 exit 0