]> git.proxmox.com Git - swtpm.git/blob - tests/test_ctrlchannel
projects / swtpm.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Pass file ownership using uid and gid
[swtpm.git] / tests / test_ctrlchannel
1 #!/usr/bin/env bash
2
3 # For the license, see the LICENSE file in the root directory.
4
5 ROOT=${abs_top_builddir:-$(dirname "$0")/..}
6 TESTDIR=${abs_top_testdir:-$(dirname "$0")}
7
8 TPMDIR=`mktemp -d`
9 SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
10 PID_FILE=$TPMDIR/swtpm.pid
11 LOG_FILE=$TPMDIR/swtpm.log
12 CMD_PATH=$TPMDIR/cmd
13 RESP_PATH=$TPMDIR/resp
14
15 source ${TESTDIR}/test_common
16
17 trap "cleanup" SIGTERM EXIT
18
19 function cleanup()
20 {
21 rm -rf $TPMDIR
22 if [ -n "$PID" ]; then
23 kill_quiet -SIGTERM $PID 2>/dev/null
24 fi
25 }
26
27 SWTPM_INTERFACE=socket+unix
28 SWTPM_SERVER_PORT=65430
29 SWTPM_SERVER_NAME=localhost
30 source ${TESTDIR}/common
31
32 # Test 1: test the control channel on the socket tpm
33
34 # OS X would not allow nobody to access the $TPMDIR easily; skip it
35 if [ $(id -u) -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
36 FOWNER=",uid=nobody,gid=$(id -Gn nobody | cut -d" " -f1)"
37 FILEOWNER="$(id -u nobody) $(id -G nobody | cut -d" " -f1)"
38 fi
39
40 if [[ "$(uname -s)" =~ CYGWIN_NT- ]]; then
41 FILEMODE=661
42 else
43 FILEMODE=621
44 fi
45
46 case "$(uname -s)" in
47 FreeBSD)
48 kldload pty
49 ;;
50 esac
51
52 # use a pseudo terminal
53 if [ -c /dev/ptmx ]; then
54 exec 100<>/dev/ptmx
55 elif [ -c /dev/ptm ]; then
56 exec 100<>/dev/ptm
57 else
58 echo "Could not find chardev for opening file descriptor."
59 exit 1
60 fi
61 $SWTPM_EXE socket \
62 --fd 100 \
63 --tpmstate dir=$TPMDIR \
64 --pid file=$PID_FILE \
65 --ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH,mode=${FILEMODE}${FOWNER} \
66 --log file=$LOG_FILE,level=20 &
67
68 exec 100>&-
69
70 if wait_for_file $PID_FILE 3; then
71 echo "Error: Socket TPM did not write pidfile."
72 exit 1
73 fi
74
75 PID="$(cat $PID_FILE)"
76
77 # Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
78 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
79 if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
80 exp=" 00 00 00 00 00 00 7f ff"
81 else
82 exp=" 00 00 00 00 00 00 6f ff"
83 fi
84 if [ "$res" != "$exp" ]; then
85 echo "Error: Unexpected response from CMD_GET_CAPABILITY:"
86 echo " actual : $res"
87 echo " expected: $exp"
88 exit 1
89 fi
90
91 filemode=$(get_filemode $SWTPM_CTRL_UNIX_PATH)
92 if [ "$filemode" != "$FILEMODE" ]; then
93 echo "Filemode bits are wrong"
94 echo "Expected: $FILEMODE"
95 echo "Actual : $filemode"
96 exit 1
97 fi
98
99 fileowner=$(get_fileowner $SWTPM_CTRL_UNIX_PATH)
100 if [ -n "$FILEOWNER" ] && [ "$fileowner" != "$FILEOWNER" ]; then
101 echo "File ownership is wrong"
102 echo "Expected: $FILEOWNER"
103 echo "Actual : $fileowner"
104 exit 1
105 fi
106
107 # Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
108 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
109 exp=" 00 00 00 00"
110 if [ "$res" != "$exp" ]; then
111 echo "Error: Unexpected response from CMD_INIT:"
112 echo " actual : $res"
113 echo " expected: $exp"
114 exit 1
115 fi
116
117 # Send unknown command to the TPM
118 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
119 exp=" 00 00 00 0a"
120 if [ "$res" != "$exp" ]; then
121 echo "Error: Unexpected response from sending unsupported command:"
122 echo " actual : $res"
123 echo " expected: $exp"
124 exit 1
125 fi
126
127 # Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
128 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
129 exp=" 00 00 00 00"
130 if [ "$res" != "$exp" ]; then
131 echo "Error: Unexpected response from CMD_STORE_VOLATILE:"
132 echo " actual : $res"
133 echo " expected: $exp"
134 exit 1
135 fi
136
137 if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
138 echo "Error: Socket TPM: Did not write volatile state file"
139 exit 1
140 fi
141
142 # Send stop command to the TPM: CMD_STOP = 00 00 00 0e
143 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
144 exp=" 00 00 00 00"
145 if [ "$res" != "$exp" ]; then
146 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
147 echo " actual : $res"
148 echo " expected: $exp"
149 exit 1
150 fi
151
152 # Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
153 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
154 exp=" 00 00 00 00 00 00 00 00"
155 if [ "$res" != "$exp" ]; then
156 echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
157 echo " actual : $res"
158 echo " expected: $exp"
159 exit 1
160 fi
161
162 # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
163 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
164 exp=" 00 00 00 00"
165 if [ "$res" != "$exp" ]; then
166 echo "Error: Unexpected response from CMD_SHUTDOWN:"
167 echo " actual : $res"
168 echo " expected: $exp"
169 exit 1
170 fi
171
172 if wait_file_gone $PID_FILE 2; then
173 echo "Error: TPM should have removed PID file by now."
174 exit 1
175 fi
176
177 if wait_process_gone ${PID} 4; then
178 echo "Error: TPM should not be running anymore."
179 exit 1
180 fi
181
182 check_logfile_patterns_level_20 $LOG_FILE
183 rm -f $LOG_FILE
184
185 echo "OK"
186
187 # Test 2: test the control channel on the socket tpm
188
189 # There are a few more tests here that require sending commands to the TPM
190
191 # use a pseudo terminal
192 run_swtpm ${SWTPM_INTERFACE} \
193 --tpmstate dir=$TPMDIR \
194 --pid file=$PID_FILE \
195 --log file=$LOG_FILE
196
197 if wait_for_file ${PID_FILE} 4; then
198 echo "Error: Socket TPM did not write pidfile."
199 cat $LOG_FILE
200 exit 1
201 fi
202
203 PID="$(cat $PID_FILE)"
204
205 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
206
207 # Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
208 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
209 if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
210 exp=" 00 00 00 00 00 00 7f ff"
211 else
212 exp=" 00 00 00 00 00 00 6f ff"
213 fi
214 if [ "$res" != "$exp" ]; then
215 echo "Error: Socket TPM: Unexpected response from CMD_GET_CAPABILITY:"
216 echo " actual : $res"
217 echo " expected: $exp"
218 exit 1
219 fi
220
221 # Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
222 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
223 exp=" 00 00 00 00"
224 if [ "$res" != "$exp" ]; then
225 echo "Error: Socket TPM: Unexpected response from CMD_INIT:"
226 echo " actual : $res"
227 echo " expected: $exp"
228 exit 1
229 fi
230
231 # Send unknown command to the TPM
232 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
233 exp=" 00 00 00 0a"
234 if [ "$res" != "$exp" ]; then
235 echo "Error: Socket TPM: Unexpected response from sending unsupported command:"
236 echo " actual : $res"
237 echo " expected: $exp"
238 exit 1
239 fi
240
241 # Startup the TPM
242 res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')"
243 exp=' 00 c4 00 00 00 0a 00 00 00 00'
244 if [ "$res" != "$exp" ]; then
245 echo "Error: Did not get expected result from TPM_Startup(ST_Clear)"
246 echo "expected: $exp"
247 echo "received: $res"
248 exit 1
249 fi
250
251 # Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
252 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
253 exp=" 00 00 00 00"
254 if [ "$res" != "$exp" ]; then
255 echo "Error: Socket TPM: Unexpected response from CMD_STORE_VOLATILE:"
256 echo " actual : $res"
257 echo " expected: $exp"
258 exit 1
259 fi
260
261 if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
262 echo "Error: Socket TPM: Did not write volatile state file"
263 exit 1
264 fi
265
266 # 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
267 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
268 exp=" 00 00 00 00 00 00 00 00"
269 if [ "$res" != "$exp" ]; then
270 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
271 echo " actual : $res"
272 echo " expected: $exp"
273 exit 1
274 fi
275
276 # 2. Send command to start HASH : CMD_HASH_START = 00 00 00 06
277 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x06')"
278 exp=" 00 00 00 00"
279 if [ "$res" != "$exp" ]; then
280 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_START command:"
281 echo " actual : $res"
282 echo " expected: $exp"
283 exit 1
284 fi
285
286 # 2.1. Send command to hash data : CMD_HASH_DATA = 00 00 00 07 uint32(length) data
287 # We send 0x100 null bytes
288 echo -en '\x00\x00\x00\x07\x00\x00\x20\x00' > $CMD_PATH
289 dd if=/dev/zero count=$((0x2000)) bs=1 >> $CMD_PATH 2>/dev/null
290 socat -x -t10 FILE:$CMD_PATH,rdonly UNIX-CONNECT:$SWTPM_CTRL_UNIX_PATH 2>&1 | \
291 sed -n '/^ /p' | \
292 tail -n1 > $RESP_PATH
293 res="$(cat $RESP_PATH)"
294 exp=" 00 00 00 00"
295 if [ "$res" != "$exp" ]; then
296 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_DATA command:"
297 echo " actual : $res"
298 echo " expected: $exp"
299 exit 1
300 fi
301
302 # 3. Send command to end HASH : CMD_HASH_END = 00 00 00 08
303 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x08')"
304 exp=" 00 00 00 00"
305 if [ "$res" != "$exp" ]; then
306 echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_END command:"
307 echo " actual : $res"
308 echo " expected: $exp"
309 exit 1
310 fi
311
312 # 4. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
313 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
314 exp=" 00 00 00 00 01 00 00 00"
315 if [ "$res" != "$exp" ]; then
316 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
317 echo " actual : $res"
318 echo " expected: $exp"
319 exit 1
320 fi
321
322 # 5. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03
323 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0b\x03')"
324 exp=" 00 00 00 00"
325 if [ "$res" != "$exp" ]; then
326 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
327 echo " actual : $res"
328 echo " expected: $exp"
329 exit 1
330 fi
331
332 # 6. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
333 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
334 exp=" 00 00 00 00 00 00 00 00"
335 if [ "$res" != "$exp" ]; then
336 echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
337 echo " actual : $res"
338 echo " expected: $exp"
339 exit 1
340 fi
341
342 # Read PCR 17
343 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
344 res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
345 exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff'
346 if [ "$res" != "$exp" ]; then
347 echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
348 echo "expected: $exp"
349 echo "received: $res"
350 exit 1
351 fi
352
353 # Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
354 # cmd | flags | type | offset |
355 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
356 # result | flags | totlength | length |
357 exp=" 00 00 00 00 00 00 00 00 00 00 04 e5 00 00 04 e5"
358 if [ "${res:0:48}" != "$exp" ]; then
359 echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
360 echo " actual : $res"
361 echo " expected: $exp"
362 exit 1
363 fi
364
365 # Send stop command to the TPM: CMD_STOP = 00 00 00 0e
366 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
367 exp=" 00 00 00 00"
368 if [ "$res" != "$exp" ]; then
369 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
370 echo " actual : $res"
371 echo " expected: $exp"
372 exit 1
373 fi
374
375 # Read PCR 17 -- should fail now
376 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
377 res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
378 exp=' 00 c4 00 00 00 0a 00 00 00 09'
379 if [ "$res" != "$exp" ]; then
380 echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
381 echo "expected: $exp"
382 echo "received: $res"
383 exit 1
384 fi
385
386 # Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
387 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
388 exp=" 00 00 00 00 00 00 00 00"
389 if [ "$res" != "$exp" ]; then
390 echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
391 echo " actual : $res"
392 echo " expected: $exp"
393 exit 1
394 fi
395
396 # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
397 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
398 exp=" 00 00 00 00"
399 if [ "$res" != "$exp" ]; then
400 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
401 echo " actual : $res"
402 echo " expected: $exp"
403 exit 1
404 fi
405
406 if wait_file_gone $PID_FILE 2; then
407 echo "Error: TPM should have removed PID file by now."
408 exit 1
409 fi
410
411 if wait_process_gone ${PID} 4; then
412 echo "Error: Socket TPM should not be running anymore."
413 exit 1
414 fi
415
416 # Expecting to see an error message for the unknown command
417 check_logfile_patterns_level_1 $LOG_FILE 1
418 rm -f $LOG_FILE
419
420 echo "OK"
421
422 # Test 3: test the control channel on the socket tpm: resume encrypted state
423
424 # copy all the state files
425 cp ${TESTDIR}/data/tpmstate2/* ${TPMDIR}
426
427 run_swtpm ${SWTPM_INTERFACE} \
428 --tpmstate dir=$TPMDIR \
429 --pid file=$PID_FILE \
430 --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
431 --log file=$LOG_FILE,level=20 \
432 --flags not-need-init
433
434 if wait_for_file $PID_FILE 3; then
435 echo "Error: Socket TPM did not write pidfile."
436 exit 1
437 fi
438
439 PID="$(cat $PID_FILE)"
440
441 # Read PCR 10
442 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
443 res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
444 exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
445 if [ "$res" != "$exp" ]; then
446 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
447 echo "expected: $exp"
448 echo "received: $res"
449 exit 1
450 fi
451
452 # Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
453 # cmd | flags | type | offset |
454 vstate="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
455 # result | flags | totlength | length |
456 exp=" 00 00 00 00 00 00 00 02 00 00 05 22 00 00 05 22"
457 if [ "${vstate:0:48}" != "$exp" ]; then
458 echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
459 echo " actual : ${vstate:0:48}"
460 echo " expected: $exp"
461 exit 1
462 fi
463
464 # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
465 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
466 exp=" 00 00 00 00"
467 if [ "$res" != "$exp" ]; then
468 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
469 echo " actual : $res"
470 echo " expected: $exp"
471 exit 1
472 fi
473
474 if wait_file_gone $PID_FILE 2; then
475 echo "Error: TPM should have removed PID file by now."
476 exit 1
477 fi
478
479 if wait_process_gone ${PID} 4; then
480 echo "Error: Socket TPM should not be running anymore."
481 exit 1
482 fi
483
484 check_logfile_patterns_level_20 $LOG_FILE
485 rm -f $LOG_FILE
486
487 echo "OK"
488
489 # remove volatile state
490 rm -f $TPMDIR/*.volatilestate
491
492 run_swtpm ${SWTPM_INTERFACE} \
493 --tpmstate dir=$TPMDIR \
494 --pid file=$PID_FILE \
495 --key pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512 \
496 --log file=$LOG_FILE \
497 --flags not-need-init
498
499 if wait_for_file $PID_FILE 3; then
500 echo "Error: Socket TPM did not write pidfile."
501 exit 1
502 fi
503
504 PID="$(cat $PID_FILE)"
505
506 # Read PCR 10 -- this should fail now
507 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
508 res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
509 exp=' 00 c4 00 00 00 0a 00 00 00 26'
510 if [ "$res" != "$exp" ]; then
511 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
512 echo "expected: $exp"
513 echo "received: $res"
514 exit 1
515 fi
516
517 # Send stop command to the TPM: CMD_STOP = 00 00 00 0e
518 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
519 exp=" 00 00 00 00"
520 if [ "$res" != "$exp" ]; then
521 echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
522 echo " actual : $res"
523 echo " expected: $exp"
524 exit 1
525 fi
526
527 # Send the volatile state to the TPM (while it is stopped)
528 # | cmd | flags | type |
529 vstate=${vstate:48}
530 size=$((${#vstate} / 3))
531 size=$(printf "%08x" $size | sed 's/\([0-9a-f]\{2\}\)/\\x\1/g')
532 vstate=$(echo "${vstate}" | sed 's/ /\\x/g')
533 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} "\x00\x00\x00\x0d\x00\x00\x00\x02\x00\x00\x00\x02${size}${vstate}")"
534 exp=" 00 00 00 00"
535 if [ "$res" != "$exp" ]; then
536 echo "Error: Socket TPM: Unexpected response from CMD_SET_STATEBLOB:"
537 echo " actual : $res"
538 echo " expected: $exp"
539 exit 1
540 fi
541
542 # Send init command to the TPM: CMD_INIT = 00 00 00 02
543 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
544 exp=" 00 00 00 00"
545 if [ "$res" != "$exp" ]; then
546 echo "Error: Socket TPM: Unexpected response from CMD_INIT:"
547 echo " actual : $res"
548 echo " expected: $exp"
549 exit 1
550 fi
551
552 # Read PCR 10 -- has to return same result as before
553 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
554 res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
555 exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
556 if [ "$res" != "$exp" ]; then
557 echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
558 echo "expected: $exp"
559 echo "received: $res"
560 exit 1
561 fi
562
563 # Reset PCR 20 while in locality 0 -- should not work
564 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
565 res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
566 exp=' 00 c4 00 00 00 0a 00 00 00 33'
567 if [ "$res" != "$exp" ]; then
568 echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result"
569 echo "expected: $exp"
570 echo "received: $res"
571 exit 1
572 fi
573
574 # In locality 2 we can reset PCR 20
575 # Set the localoty on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality>
576 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x05\x02')"
577 exp=" 00 00 00 00"
578 if [ "$res" != "$exp" ]; then
579 echo "Error: Socket TPM: Unexpected response from CMD_SET_LOCALITY:"
580 echo " actual : $res"
581 echo " expected: $exp"
582 exit 1
583 fi
584
585 # Reset PCR 20 while in locality 2 -- has to work
586 swtpm_open_cmddev ${SWTPM_INTERFACE} 100
587 res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
588 exp=' 00 c4 00 00 00 0a 00 00 00 00'
589 if [ "$res" != "$exp" ]; then
590 echo "Error: Could not reset PCR 20 in locality 2"
591 echo "expected: $exp"
592 echo "received: $res"
593 exit 1
594 fi
595
596 # Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
597 res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
598 exp=" 00 00 00 00"
599 if [ "$res" != "$exp" ]; then
600 echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
601 echo " actual : $res"
602 echo " expected: $exp"
603 exit 1
604 fi
605
606 if wait_file_gone $PID_FILE 2; then
607 echo "Error: TPM should have removed PID file by now."
608 exit 1
609 fi
610
611 if wait_process_gone ${PID} 4; then
612 echo "Error: Socket TPM should not be running anymore."
613 exit 1
614 fi
615
616 # (Currently) expecting to see nothing in the log file
617 check_logfile_patterns_level_1 $LOG_FILE 0
618 rm -f $LOG_FILE
619
620 echo "OK"
621
622 exit 0
Software TPM used for PVE's Virtual Machines