tests/_test_tpm2_save_load_state

   1 #!/bin/bash
   2
   3 # For the license, see the LICENSE file in the root directory.
   4 #set -x
   5
   6 ROOT=${abs_top_builddir:-$(pwd)/..}
   7 TESTDIR=${abs_top_testdir:-$(dirname "$0")}
   8
   9 VTPM_NAME="${VTPM_NAME:-vtpm-tpm2-test-save-load-state}"
  10 SWTPM_DEV_NAME="/dev/${VTPM_NAME}"
  11 export TPM_PATH=$(mktemp -d)
  12 STATE_FILE=$TPM_PATH/tpm2-00.permall
  13 VOLATILE_STATE_FILE=$TPM_PATH/tpm2-00.volatilestate
  14 MY_VOLATILE_STATE_FILE=$TPM_PATH/my.volatilestate
  15 MY_PERMANENT_STATE_FILE=$TPM_PATH/my.permanent
  16 SWTPM_INTERFACE=${SWTPM_INTERFACE:-cuse}
  17 SWTPM_CMD_UNIX_PATH=${TPM_PATH}/unix-cmd.sock
  18 SWTPM_CTRL_UNIX_PATH=${TPM_PATH}/unix-ctrl.sock
  19
  20 logfile=$(mktemp)
  21
  22 function cleanup()
  23 {
  24         pid=${SWTPM_PID}
  25         if [ -n "$pid" ]; then
  26                 kill_quiet -9 $pid
  27         fi
  28         rm -f $logfile
  29         rm -rf $TPM_PATH
  30 }
  31
  32 trap "cleanup" EXIT
  33
  34 [ "${SWTPM_INTERFACE}" == "cuse" ] && source ${TESTDIR}/test_cuse
  35 source ${TESTDIR}/common
  36
  37 rm -f $STATE_FILE $VOLATILE_STATE_FILE 2>/dev/null
  38
  39 run_swtpm ${SWTPM_INTERFACE} \
  40         --log file=$logfile,level=20 \
  41         --tpm2
  42
  43 ps aux | grep $SWTPM | grep -v grep
  44
  45 kill_quiet -0 ${SWTPM_PID}
  46 if [ $? -ne 0 ]; then
  47         echo "Error: ${SWTPM_INTERFACE} TPM did not start."
  48         echo "TPM Logfile:"
  49         cat $logfile
  50         exit 1
  51 fi
  52
  53 # Init the TPM
  54 run_swtpm_ioctl ${SWTPM_INTERFACE} -i
  55 if [ $? -ne 0 ]; then
  56         echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM."
  57         echo "TPM Logfile:"
  58         cat $logfile
  59         exit 1
  60 fi
  61
  62 kill_quiet -0 ${SWTPM_PID} 2>/dev/null
  63 if [ $? -ne 0 ]; then
  64         echo "Error: ${SWTPM_INTERFACE} TPM not running anymore after INIT."
  65         echo "TPM Logfile:"
  66         cat $logfile
  67         exit 1
  68 fi
  69
  70 # Startup the TPM
  71 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
  72 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x0c\x00\x00\x01\x44\x00\x00')
  73 exp=' 80 01 00 00 00 0a 00 00 00 00'
  74 if [ "$RES" != "$exp" ]; then
  75         echo "Error: Did not get expected result from TPM2_Startup(ST_Clear)"
  76         echo "expected: $exp"
  77         echo "received: $RES"
  78         exit 1
  79 fi
  80
  81 run_swtpm_ioctl ${SWTPM_INTERFACE} -h 1234
  82 if [ $? -ne 0 ]; then
  83         echo "Error: Hash command did not work."
  84         echo "TPM Logfile:"
  85         cat $logfile
  86         exit 1
  87 fi
  88
  89 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
  90 # Read PCR 17
  91 #                                                  length         CC            count       hashalg         sz
  92 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
  93 exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
  94 if [ "$RES" != "$exp" ]; then
  95         echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
  96         echo "expected: $exp"
  97         echo "received: $RES"
  98         exit 1
  99 fi
 100
 101 run_swtpm_ioctl ${SWTPM_INTERFACE} --save permanent $MY_PERMANENT_STATE_FILE
 102 if [ $? -ne 0 ]; then
 103         echo "Error: Could not write permanent state file $MY_PERMANENT_STATE_FILE."
 104         echo "TPM Logfile:"
 105         cat $logfile
 106         exit 1
 107 fi
 108 if [ ! -r $MY_PERMANENT_STATE_FILE ]; then
 109         echo "Error: Permanent state file $MY_PERMANENT_STATE_FILE does not exist."
 110         echo "TPM Logfile:"
 111         cat $logfile
 112         exit 1
 113 fi
 114 echo "Saved permanent state."
 115
 116 run_swtpm_ioctl ${SWTPM_INTERFACE} --save volatile $MY_VOLATILE_STATE_FILE
 117 if [ $? -ne 0 ]; then
 118         echo "Error: Could not write volatile state file $MY_VOLATILE_STATE_FILE."
 119         echo "TPM Logfile:"
 120         cat $logfile
 121         exit 1
 122 fi
 123 if [ ! -r $MY_VOLATILE_STATE_FILE ]; then
 124         echo "Error: Volatile state file $MY_VOLATILE_STATE_FILE does not exist."
 125         echo "TPM Logfile:"
 126         cat $logfile
 127         exit 1
 128 fi
 129 echo "Saved volatile state."
 130
 131 #ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
 132 #sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*
 133
 134 # we will use our own volatile state
 135 rm -f $VOLATILE_STATE_FILE $STATE_FILE
 136
 137 # Stop the TPM; this will not shut it down
 138 exec 100>&-
 139 run_swtpm_ioctl ${SWTPM_INTERFACE} --stop
 140 if [ $? -ne 0 ]; then
 141         echo "Error: Could not stop the ${SWTPM_INTERFACE} TPM."
 142         echo "TPM Logfile:"
 143         cat $logfile
 144         exit 1
 145 fi
 146
 147 kill_quiet -0 ${SWTPM_PID}
 148 if [ $? -ne 0 ]; then
 149         echo "Error (2): ${SWTPM_INTERFACE} TPM is not running anymore."
 150         echo "TPM Logfile:"
 151         cat $logfile
 152         exit 1
 153 fi
 154
 155 # load state into the TPM
 156 run_swtpm_ioctl ${SWTPM_INTERFACE} --load permanent $MY_PERMANENT_STATE_FILE
 157 if [ $? -ne 0 ]; then
 158         echo "Could not load permanent state into vTPM"
 159         echo "TPM Logfile:"
 160         cat $logfile
 161         exit 1
 162 fi
 163 echo "Loaded permanent state."
 164
 165 run_swtpm_ioctl ${SWTPM_INTERFACE} --load volatile $MY_VOLATILE_STATE_FILE
 166 if [ $? -ne 0 ]; then
 167         echo "Could not load volatile state into vTPM"
 168         echo "TPM Logfile:"
 169         cat $logfile
 170         exit 1
 171 fi
 172 echo "Loaded volatile state."
 173
 174 #ls -l $(dirname $MY_VOLATILE_STATE_FILE)/*
 175 #sha1sum $(dirname $MY_VOLATILE_STATE_FILE)/*
 176
 177 # Init the TPM
 178 run_swtpm_ioctl ${SWTPM_INTERFACE} -i
 179 if [ $? -ne 0 ]; then
 180         echo "TPM Init failed."
 181         echo "TPM Logfile:"
 182         cat $logfile
 183         exit 1
 184 fi
 185
 186 # Volatile state must have been removed by TPM now
 187 if [ -r $VOLATILE_STATE_FILE ]; then
 188         echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
 189         echo "TPM Logfile:"
 190         cat $logfile
 191         exit 1
 192 fi
 193
 194 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
 195 # Read the PCR again ...
 196 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
 197 exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
 198 if [ "$RES" != "$exp" ]; then
 199         echo "Error: (2) Did not get expected result from TPM_PCRRead(17)"
 200         echo "expected: $exp"
 201         echo "received: $RES"
 202         exit 1
 203 fi
 204
 205 # Save the volatile state again
 206 run_swtpm_ioctl ${SWTPM_INTERFACE} -v
 207 if [ $? -ne 0 ]; then
 208         echo "Error: Could not have the ${SWTPM_INTERFACE} TPM store the volatile state to a file."
 209         echo "TPM Logfile:"
 210         cat $logfile
 211         exit 1
 212 fi
 213
 214 if [ ! -r $VOLATILE_STATE_FILE ]; then
 215         echo "Error: Volatile state file $VOLATILE_STATE_FILE does not exist."
 216         echo "TPM Logfile:"
 217         cat $logfile
 218         exit 1
 219 fi
 220
 221 # Send a new TPM_Init
 222 run_swtpm_ioctl ${SWTPM_INTERFACE} -i
 223 if [ $? -ne 0 ]; then
 224         echo "Error: Could not initialize the ${SWTPM_INTERFACE} TPM."
 225         echo "TPM Logfile:"
 226         cat $logfile
 227         exit 1
 228 fi
 229
 230 # Volatile state must have been removed by TPM now
 231 if [ -r $VOLATILE_STATE_FILE ]; then
 232         echo "Error: Volatile state file $VOLATILE_STATE_FILE still exists."
 233         echo "TPM Logfile:"
 234         cat $logfile
 235         exit 1
 236 fi
 237
 238 # Read the PCR again ...
 239 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
 240 RES=$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x80\x01\x00\x00\x00\x14\x00\x00\x01\x7e\x00\x00\x00\x01\x00\x0b\x03\x00\x00\x02')
 241 exp=' 80 01 00 00 00 3e 00 00 00 00 00 00 00 18 00 00 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 fc a5 d6 49 bf b0 c9 22 fd 33 0f 79 b2 00 43 28 9d af d6 0d 01 a4 c4 37 3c f2 8a db 56 c9 b4 54'
 242 if [ "$RES" != "$exp" ]; then
 243         echo "Error: (3) Did not get expected result from TPM_PCRRead(17)"
 244         echo "expected: $exp"
 245         echo "received: $RES"
 246         exit 1
 247 fi
 248
 249 # Final shut down
 250 exec 100>&-
 251 run_swtpm_ioctl ${SWTPM_INTERFACE} -s
 252 if [ $? -ne 0 ]; then
 253         echo "Error: Could not shut down the ${SWTPM_INTERFACE} TPM."
 254         echo "TPM Logfile:"
 255         cat $logfile
 256         exit 1
 257 fi
 258
 259 sleep 0.5
 260
 261 kill_quiet -0 ${SWTPM_PID} 2>/dev/null
 262 if [ $? -eq 0 ]; then
 263         echo "Error: ${SWTPM_INTERFACE} TPM should not be running anymore."
 264         echo "TPM Logfile:"
 265         cat $logfile
 266         exit 1
 267 fi
 268
 269 if [ ! -e $STATE_FILE ]; then
 270         echo "Error: TPM state file $STATE_FILE does not exist."
 271         echo "TPM Logfile:"
 272         cat $logfile
 273         exit 1
 274 fi
 275
 276 cat $logfile
 277 echo "OK"
 278
 279 exit 0