]>
git.proxmox.com Git - swtpm.git/blob - tests/test_tpm2_save_load_state_2
3 # For the license, see the LICENSE file in the root directory.
6 if [ ${SWTPM_TEST_IBMTSS2:-0} -eq 0 ]; then
7 echo "SWTPM_TEST_IBMTSS2 must be set to run this test."
11 type -p nvdefinespace startup
&>/dev
/null
14 type -p ${PREFIX}nvdefinespace
${PREFIX}startup
17 echo "Could not find TPM2 tools (e.g., (tss)startup, (tss)nvdefinespace) in PATH."
20 TOOLSPATH
=$
(dirname $
(type -P ${PREFIX}startup
))
22 ROOT
=${abs_top_builddir:-$(dirname "$0")/..}
23 TESTDIR
=${abs_top_testdir:-$(dirname "$0")}
26 SWTPM_EXE
=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
27 SWTPM_IOCTL
=$ROOT/src
/swtpm_ioctl
/swtpm_ioctl
29 PID_FILE
=$TPMDIR/${SWTPM}.pid
30 SOCK_PATH
=$TPMDIR/sock
32 RESP_PATH
=$TPMDIR/resp
33 LOGFILE
=$TPMDIR/logfile
34 TMPFILE
=$TPMDIR/tmpfile
35 BINFILE
=$TPMDIR/binfile
36 SIGFILE
=$TPMDIR/sigfile
38 source ${TESTDIR}/test_common
39 source ${TESTDIR}/common
41 trap "cleanup" SIGTERM EXIT
46 # remove files from tss tools
47 rm -f h01
*.bin nvp
*.bin
48 if [ -n "$PID" ]; then
49 kill_quiet
-SIGTERM $PID 2>/dev
/null
53 # Fill up the NVRAM space with 2048 bit signing keys and then an NVRAM area that
54 # fills it up to the last byte. We want to make sure that the OBJECTs that the
55 # RSA keys are creating in NVRAM can be loaded into the NVRAM again when the size
56 # of the OBJECT increases when for example the size of the RSA keys increases.
57 # This may force us to increase the NVRAM memory space in libtpms then.
58 function fillup_nvram
()
65 if [ $create -eq 1 ]; then
66 # Fill up the NVRAM space with RSA 2048 keys;
67 # exactly 65 have to fit
68 ${TOOLSPATH}/${PREFIX}createprimary
-hi o
-si > $TMPFILE
70 echo "Error: createprimary failed."
73 if [ -z "$(grep 80000000 $TMPFILE)" ]; then
74 echo "Error: createprimary did not result in expected handle 80000000"
77 for ((i
= 0x81000000; i
< 0x81000100; i
++)); do
78 ${TOOLSPATH}/${PREFIX}evictcontrol \
81 -hp $
(printf "%x" $i) &>$TMPFILE ||
break
83 ${TOOLSPATH}/${PREFIX}getcapability
-cap 1 -pr 81000000 -pc 80 > $TMPFILE
84 # We need know we need to see '65 Handles' for state created with
85 # libtpms-0.6.0 and 128kb NVRAM size
86 grep -i "65 Handles" $TMPFILE
88 echo "Error: Did not find '65 Handles' keyword in output"
93 # Fill up the rest of the NVRAM with a single NVRAM index whose size
94 # we now have to find;
95 # for reference: libtpms v0.6.0 allowed 236 bytes
96 for ((sz
= 0; ; sz
++)); do
97 ${TOOLSPATH}/${PREFIX}nvdefinespace \
100 -sz ${sz} > ${TMPFILE} ||
break
101 # this worked, so lets remove it and try the next size
102 #echo "NVRAM space of size $sz could be created"
103 ${TOOLSPATH}/${PREFIX}nvundefinespace \
105 -ha 01000000 > ${TMPFILE}
107 if [ $sz -gt 0 ]; then
109 echo "Creating final space of size ${sz}"
110 ${TOOLSPATH}/${PREFIX}nvdefinespace \
113 -sz ${sz} > ${TMPFILE}
114 if [ $?
-ne 0 ]; then
115 echo "Error: Could not create final NVRAM space."
120 if [ $sz -eq 0 ]; then
121 echo "Error: NVRAM space could not be created at all; not enough space!"
123 elif [ $sz -lt 236 ]; then
124 echo "Error: Insufficient NVRAM memory. Needed to create an NVRAM index with size 236 bytes."
126 elif [ $sz -gt 236 ]; then
127 echo "Error: The NVRAM index is too large. Only needed 236 bytes but got $sz bytes."
130 echo "The NVRAM index is exactly of the right size (236 bytes)."
133 echo -n "123" > $BINFILE
134 ${TOOLSPATH}/${PREFIX}sign \
137 -os ${SIGFILE} > $TMPFILE
138 if [ $?
-ne 0 ]; then
139 echo "Error: Could not create signature."
145 if [ $check -eq 1 ]; then
146 ${TOOLSPATH}/${PREFIX}getcapability
-cap 1 -pr 81000000 -pc 80 > $TMPFILE
147 # We need know we need to see '65 Handles' for state created with
148 # libtpms-0.6.0 and 128kb NVRAM size
149 grep -i "65 Handles" $TMPFILE
150 if [ $?
-ne 0 ]; then
151 echo "Error: Did not find '65 Handles' keyword in output"
156 printf "Verifying signature with all the persisted keys\n"
157 echo -n "123" > $BINFILE
158 for ((i
= 0x81000000; i
< 0x81000040; i
++)); do
159 ${TOOLSPATH}/${PREFIX}verifysignature \
160 -hk $
(printf "%x" $i) \
162 -if ${BINFILE} > $TMPFILE
163 if [ $?
-ne 0 ]; then
164 echo "Verifying signature failed for handle $(printf "%x
" $i)."
171 export TPM_SERVER_TYPE
=raw
172 export TPM_SERVER_NAME
=127.0.0.1
173 export TPM_INTERFACE_TYPE
=socsim
174 export TPM_COMMAND_PORT
=65446
175 export TPM_DATA_DIR
=$TPMDIR
176 export TPM_SESSION_ENCKEY
="807e2bfe898ddaed8fa6310e716a24dc" # for sessions
179 --server port
=${TPM_COMMAND_PORT} \
180 --tpmstate dir
=$TPMDIR \
181 --pid file=$PID_FILE \
182 --ctrl type=unixio
,path
=$SOCK_PATH \
183 --log file=$LOGFILE,level
=20 \
185 ${SWTPM_TEST_SECCOMP_OPT} &
187 if wait_for_file
$PID_FILE 3; then
188 echo "Error: (1) Socket TPM did not write pidfile."
192 PID
="$(cat $PID_FILE)"
195 act
=$
($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
196 if [ $?
-ne 0 ]; then
197 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
201 ${TOOLSPATH}/${PREFIX}startup
-c
202 if [ $?
-ne 0 ]; then
203 echo "Error: tpm_startup clear failed."
210 act
=$
($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
211 if [ $?
-ne 0 ]; then
212 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
216 if wait_process_gone
${PID} 4; then
217 echo "Error: swtpm did not shut down"
221 echo "============================" >> $LOGFILE
223 echo "TPM was shut down"
225 # Store this state for later usage; use a really old version of libtpms: 0.6.0
226 #cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state5;
227 #cp $SIGFILE ${TESTDIR}/data/tpm2state5/signature.bin
229 #################################################################
230 # Run TPM2 with the created state and verify it's the same
233 --server port
=${TPM_COMMAND_PORT} \
234 --tpmstate dir
=$TPMDIR \
235 --pid file=$PID_FILE \
236 --ctrl type=unixio
,path
=$SOCK_PATH \
237 --log file=$LOGFILE,level
=20 \
239 ${SWTPM_TEST_SECCOMP_OPT} &
241 if wait_for_file
$PID_FILE 3; then
242 echo "Error: (2) Socket TPM did not write pidfile."
246 echo "TPM re-started"
248 PID
="$(cat $PID_FILE)"
251 act
=$
($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
252 if [ $?
-ne 0 ]; then
253 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
258 ${TOOLSPATH}/${PREFIX}startup
-c
259 if [ $?
-ne 0 ]; then
260 echo "Error: tpm_startup clear failed."
267 ${TOOLSPATH}/${PREFIX}shutdown
-c
268 if [ $?
-ne 0 ]; then
269 echo "Error: tpm_shutdown clear failed."
275 act
=$
($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
276 if [ $?
-ne 0 ]; then
277 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
281 echo "============================" >> $LOGFILE
283 echo "TPM was shut down"
285 #################################################################
286 # Run TPM2 with previously saved state and verify it's the same
289 cp -f ${TESTDIR}/data
/tpm2state
5/tpm2-00.permall
$TPMDIR/tpm2-00.permall
290 cp ${TESTDIR}/data
/tpm2state
5/signature.bin
$SIGFILE
293 --server port
=${TPM_COMMAND_PORT} \
294 --tpmstate dir
=$TPMDIR \
295 --pid file=$PID_FILE \
296 --ctrl type=unixio
,path
=$SOCK_PATH \
297 --log file=$LOGFILE,level
=20 \
299 ${SWTPM_TEST_SECCOMP_OPT} &
301 if wait_for_file
$PID_FILE 3; then
302 echo "Error: (3) Socket TPM did not write pidfile."
306 echo "TPM started with previously generated state"
308 PID
="$(cat $PID_FILE)"
311 act
=$
($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
312 if [ $?
-ne 0 ]; then
313 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
317 ${TOOLSPATH}/${PREFIX}startup
-c
318 if [ $?
-ne 0 ]; then
319 echo "Error: tpm_startup clear failed."
326 ${TOOLSPATH}/${PREFIX}shutdown
-c
327 if [ $?
-ne 0 ]; then
328 echo "Error: tpm_shutdown clear failed."
334 act
=$
($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
335 if [ $?
-ne 0 ]; then
336 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"