]> git.proxmox.com Git - swtpm.git/blob - tests/test_tpm2_save_load_state_3
projects / swtpm.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Support filenames with spaces in some functions
[swtpm.git] / tests / test_tpm2_save_load_state_3
1 #!/usr/bin/env bash
2
3 # For the license, see the LICENSE file in the root directory.
4 #set -x
5
6 if [ ${SWTPM_TEST_IBMTSS2:-0} -eq 0 ]; then
7 echo "SWTPM_TEST_IBMTSS2 must be set to run this test."
8 exit 77
9 fi
10
11 type -p nvdefinespace startup &>/dev/null
12 if [ $? -ne 0 ]; then
13 PREFIX=tss
14 type -p ${PREFIX}nvdefinespace ${PREFIX}startup
15 fi
16 if [ $? -ne 0 ]; then
17 echo "Could not find TPM2 tools (e.g., (tss)startup, (tss)nvdefinespace) in PATH."
18 exit 77
19 fi
20 TOOLSPATH=$(dirname $(type -P ${PREFIX}startup))
21
22 ROOT=${abs_top_builddir:-$(dirname "$0")/..}
23 TESTDIR=${abs_top_testdir:-$(dirname "$0")}
24
25 SWTPM=swtpm
26 SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM}
27 SWTPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl
28 TPMDIR="$(mktemp -d)" || exit 1
29 PID_FILE=$TPMDIR/${SWTPM}.pid
30 SOCK_PATH=$TPMDIR/sock
31 CMD_PATH=$TPMDIR/cmd
32 RESP_PATH=$TPMDIR/resp
33 LOGFILE=$TPMDIR/logfile
34 VOLATILESTATE=$TPMDIR/volatile
35 TMPFILE=$TPMDIR/tmpfile
36 BINFILE=$TPMDIR/binfile
37 SIGFILE=$TPMDIR/sigfile
38 SIGFILE2=$TPMDIR/sigfile2
39 TMP2FILE=$TPMDIR/tmpfile2
40 PRIVKEY=$TPMDIR/privkey.pem
41 PUBKEY=$TPMDIR/pubkey.pem
42 PUBKEYCONTEXT=$TPMDIR/pubkey.context
43
44 HKEYPRIV=${TESTDIR}/data/tpm2state3/hkey.priv
45 HKEYPUB=${TESTDIR}/data/tpm2state3/hkey.pub
46
47 source ${TESTDIR}/test_common
48 source ${TESTDIR}/common
49 skip_test_no_tpm20 "${SWTPM_EXE}"
50
51
52 trap "cleanup" SIGTERM EXIT
53
54 function cleanup()
55 {
56 rm -rf $TPMDIR
57 # remove files from tss tools
58 rm -f h01*.bin nvp*.bin
59 if [ -n "$PID" ]; then
60 kill_quiet -SIGTERM $PID 2>/dev/null
61 fi
62 }
63
64 function test_nvram_state()
65 {
66 local create="$1"
67 local check="$2"
68
69 local i res rc act exp ody
70
71 if [ $create -eq 1 ]; then
72 # the 1st and 2nd spaces are 'orderly' and will be cleared by reset
73 ody="+at ody"
74 for ((i=0; i < 10; i++)); do
75 printf "Creating NVRAM location 01%06x\n" $i
76 # the '+at wd' allows us to only write once
77 ${TOOLSPATH}/${PREFIX}nvdefinespace \
78 -ha $(printf "01%06x" $i) \
79 -sz $((100 + i * 10)) \
80 -pwdn nnn \
81 +at wst \
82 +at wd \
83 $ody \
84 -hi o >/dev/null
85 if [ $? -ne 0 ]; then
86 echo "Error: nvdefinespace failed for i = $i."
87 exit 1
88 fi
89
90 if [ $i -eq 1 ]; then
91 ody=""
92 fi
93
94 ${TOOLSPATH}/${PREFIX}nvwrite \
95 -ha $(printf "01%06x" $i) \
96 -ic "Hello TPM2" \
97 -pwdn nnn
98 if [ $? -ne 0 ]; then
99 echo "Error: nwrite failed for i = $i."
100 exit 1
101 fi
102
103 ${TOOLSPATH}/${PREFIX}nvwritelock \
104 -ha $(printf "01%06x" $i) \
105 -pwdn nnn
106 if [ $? -ne 0 ]; then
107 echo "Error: nwritelock failed for i = $i."
108 exit 1
109 fi
110 done
111
112 # Create a counter space
113 echo "Creating NVRAM location 01000010 for counter"
114 ${TOOLSPATH}/${PREFIX}nvdefinespace \
115 -hi o \
116 -ha 01000010 \
117 -pwdn nnn \
118 -ty c >/dev/null
119 if [ $? -ne 0 ]; then
120 echo "Error: nvdefinespace for counter failed."
121 exit 1
122 fi
123
124 echo "Incrementing the counter at location 01000010"
125 ${TOOLSPATH}/${PREFIX}nvincrement \
126 -ha 01000010 \
127 -pwdn nnn >/dev/null
128 if [ $? -ne 0 ]; then
129 echo "Error: nvincrement failed."
130 exit 1
131 fi
132 fi
133
134 if [ $check -eq 1 ]; then
135 local last=0
136
137 if [ $create -eq 0 ]; then
138 last=2
139 fi
140
141 # The orderly indices must not be readable UNLESS they were just
142 # created. In the latter case we skip this first loop here.
143 for ((i=0; i < last; i++)); do
144 printf "Checking orderly NVRAM location 01%06x after reset\n" $i
145 ${TOOLSPATH}/${PREFIX}nvread \
146 -ha $(printf "01%06x" $i) \
147 -pwdn nnn \
148 -sz 10 > $TMPFILE
149 if [ $? -eq 0 ]; then
150 echo "Error: nvread succeeded for orderly NVRAM index; i = $i"
151 cat $TMPFILE
152 exit 1
153 fi
154 done
155
156 # test the non-orderly indices OR orderly we just created above
157 for ((i=last; i < 10; i++)); do
158 printf "Checking NVRAM location 01%06x\n" $i
159 ${TOOLSPATH}/${PREFIX}nvread \
160 -ha $(printf "01%06x" $i) \
161 -pwdn nnn \
162 -sz 10 > $TMPFILE
163 if [ $? -ne 0 ]; then
164 echo "Error: nvread failed for i = $i"
165 cat $TMPFILE
166 exit 1
167 fi
168
169 # we want one line with xdigits and spaces
170 res=$(cat $TMPFILE | \
171 grep -E "^[ [:xdigit:]]+$" |
172 wc -l)
173 if [ $res -ne 1 ]; then
174 echo "Error: nvread did not show expected results"
175 cat $TMPFILE
176 fi
177
178 ${TOOLSPATH}/${PREFIX}nvwrite \
179 -ha $(printf "01%06x" $i) \
180 -ic "Hello TPM2" \
181 -pwdn nnn > $TMPFILE
182 rc=$?
183 if [ $rc -eq 0 ]; then
184 echo "Error: nwrite succeeded for i = $i."
185 exit 1
186 fi
187 done
188
189 # Read the counter
190 echo "Checking counter value at location 01000010"
191 ${TOOLSPATH}/${PREFIX}nvread \
192 -ha 01000010 \
193 -pwdn nnn \
194 -sz 8 \
195 -of $BINFILE > $TMPFILE
196 if [ $? -ne 0 ]; then
197 echo "Error: nvread of counter failed."
198 cat $TMPFILE
199 exit 1
200 fi
201 exp=' 00 00 00 00 00 00 00 01'
202 act="$(od -t x1 -A n < $BINFILE)"
203 if [ "$act" != "$exp" ]; then
204 echo "Error: Counter has unexpected value."
205 echo " expected: $exp"
206 echo " actual : $act"
207 fi
208 fi
209 }
210
211 function test_primary()
212 {
213 local create="$1"
214 local check="$2"
215 # whether we are using previous stored stated that had a different
216 # key and we have to use the old signature
217 local previousstate="$3"
218
219 local i res rc
220
221 if [ $create -eq 1 ]; then
222 # Create a permanent primary key that we expecte
223 # to again see after the TPM has been restarted
224 ${TOOLSPATH}/${PREFIX}createprimary -hi o -si > $TMPFILE
225 if [ $? -ne 0 ]; then
226 echo "Error: createprimary failed."
227 exit 1
228 fi
229 if [ -z "$(grep 80000000 $TMPFILE)" ]; then
230 echo "Error: createprimary did not result in expected handle 80000000"
231 exit 1
232 fi
233 ${TOOLSPATH}/${PREFIX}evictcontrol -ho 80000000 -hp 81000000 -hi o
234 if [ $? -ne 0 ]; then
235 echo "Error: evictcontrol did not work"
236 exit 1
237 fi
238 ${TOOLSPATH}/${PREFIX}flushcontext -ha 80000000
239
240 echo -n "123" > $BINFILE
241 ${TOOLSPATH}/${PREFIX}sign -hk 81000000 -if ${BINFILE} -os ${SIGFILE} > $TMPFILE
242 if [ $? -ne 0 ]; then
243 echo "Error: Could not create signature."
244 cat $TMPFILE
245 exit 1
246 fi
247 fi
248
249 if [ $check -eq 1 ]; then
250 printf "Checking availability of key with perm. handle 0x81000000\n"
251 ${TOOLSPATH}/${PREFIX}getcapability -cap 1 -pr 0x81000000 >$TMPFILE
252 if [ -z "$(grep 81000000 $TMPFILE)" ]; then
253 echo "Could not find key with permanent handle 0x81000000"
254 exit 1
255 fi
256 printf "Verifying signature with this key\n"
257 echo -n "123" > $BINFILE
258 if [ $previousstate -eq 0 ]; then
259 ${TOOLSPATH}/${PREFIX}verifysignature -hk 81000000 \
260 -is ${SIGFILE} \
261 -if ${BINFILE} > $TMPFILE
262 else
263 ${TOOLSPATH}/${PREFIX}verifysignature -hk 81000000 \
264 -is ${TESTDIR}/data/tpm2state3/signature.bin \
265 -if ${BINFILE} > $TMPFILE
266 fi
267 if [ $? -ne 0 ]; then
268 echo "Verifying signature failed."
269 exit 1
270 fi
271 fi
272 }
273
274 # Allocate a SHA256 PCR bank
275 # This will prevent shutdown -s (with state)
276 function test_pcr_allocation()
277 {
278 local create="$1"
279 local check="$2"
280
281 local i res rc ha
282
283 if [ -z "$($TOOLSPATH/${PREFIX}pcrallocate | grep sha512)" ]; then
284 echo " Skipping PCR Allocate test since it does not support sha512"
285 return 0
286 fi
287
288 if [ $create -eq 1 ]; then
289 echo "Allocating SHA256 PCR bank"
290 ${TOOLSPATH}/${PREFIX}pcrallocate -sha512 +sha256
291
292 for ((ha = 0; ha < 24; ha++)); do
293 ${TOOLSPATH}/${PREFIX}pcrread -ha ${ha} -halg sha512 > $TMPFILE
294 if [ -z "$(grep "^count 1.*$" $TMPFILE)" ]; then
295 echo "Error: PCR ${ha} in SHA512 bank should be available for read before reboot"
296 cat $TMPFILE
297 exit 1
298 fi
299 ${TOOLSPATH}/${PREFIX}pcrread -ha ${ha} -halg sha256 > $TMPFILE
300 if [ -z "$(grep "^count 1.*$" $TMPFILE)" ]; then
301 echo "Error: PCR ${ha} in SHA256 bank should be available for read before reboot"
302 cat $TMPFILE
303 exit 1
304 fi
305 done
306 fi
307
308 if [ $check -eq 1 ]; then
309 echo "Checking the PCR Allocation"
310
311 for ((ha = 0; ha < 24; ha++)); do
312 ${TOOLSPATH}/${PREFIX}pcrread -ha ${ha} -halg sha512 > $TMPFILE
313 if [ -z "$(grep "^count 0.*$" $TMPFILE)" ]; then
314 echo "Error: PCR ${ha} in SHA512 bank should be unavailable for read after reboot"
315 cat $TMPFILE
316 exit 1
317 fi
318
319 ${TOOLSPATH}/${PREFIX}pcrread -ha ${ha} -halg sha256 > $TMPFILE
320 if [ -z "$(grep "^count 1.*$" $TMPFILE)" ]; then
321 echo "Error: PCR ${ha} in SHA256 bank should be available for read after reboot"
322 exit 1
323 fi
324 done
325 fi
326 }
327
328 function test_hierarchy()
329 {
330 local create="$1"
331 local check="$2"
332
333 local hi pwdn pwda
334
335 if [ $create -eq 1 ]; then
336 echo "Setting hierarchy passwords"
337 # Change the hierarchy password; the 'p' hierarchy has
338 # no effect on permanent RAM, so we won't test that
339 for hi in "l" "e" "o"; do
340 pwdn="${hi}${hi}${hi}"
341 ${TOOLSPATH}/${PREFIX}hierarchychangeauth \
342 -hi ${hi} \
343 -pwdn ${pwdn} > $TMPFILE
344 if [ $? -ne 0 ]; then
345 echo "Error: hierarchychangeauth failed to set password."
346 cat $TMPFILE
347 exit 1
348 fi
349 done
350 fi
351
352 if [ $check -eq 1 ]; then
353 echo "Checking previously set hierarchy passwords"
354 for hi in "l" "e" "o"; do
355 pwda="${hi}${hi}${hi}"
356 pwdn="new-${pwda}"
357
358 ${TOOLSPATH}/${PREFIX}hierarchychangeauth \
359 -hi ${hi} \
360 -pwda ${pwda} \
361 -pwdn ${pwdn} > $TMPFILE
362 if [ $? -ne 0 ]; then
363 echo "Error: hierarchychangeauth failed to change password."
364 cat $TMPFILE
365 exit 1
366 fi
367
368 # change back
369 ${TOOLSPATH}/${PREFIX}hierarchychangeauth \
370 -hi ${hi} \
371 -pwda ${pwdn} \
372 -pwdn ${pwda} > $TMPFILE
373 if [ $? -ne 0 ]; then
374 echo "Error: hierarchychangeauth failed to change back password."
375 cat $TMPFILE
376 exit 1
377 fi
378 done
379 fi
380 }
381
382 function test_hash_context()
383 {
384 local create="$1"
385 local check="$2"
386
387 local res tmpfile
388
389 if [ $create -eq 1 ]; then
390 echo -n "123" > ${TMP2FILE}
391
392 echo "Starting a sha1 sequence"
393 res="$(${TOOLSPATH}/${PREFIX}hashsequencestart -halg sha1)"
394 if [ $? -ne 0 ]; then
395 echo "Error: Could not start hash sequence."
396 exit 1
397 fi
398 SHA1_SEQUENCE_HANDLE="$(echo $res | cut -d " " -f3)"
399 echo "sha1 sequence handle: $SHA1_SEQUENCE_HANDLE"
400
401 ${TOOLSPATH}/${PREFIX}sequenceupdate \
402 -hs ${SHA1_SEQUENCE_HANDLE} \
403 -if ${TMP2FILE}
404 if [ $? -ne 0 ]; then
405 echo "Error: Could not updated the sha1 sequence."
406 exit 1
407 fi
408 echo "Updated sha1 sequence."
409
410 echo "Starting a sha256 sequence"
411 res="$(${TOOLSPATH}/${PREFIX}hashsequencestart -halg sha256)"
412 if [ $? -ne 0 ]; then
413 echo "Error: Could not start sha256 sequence."
414 exit 1
415 fi
416 SHA256_SEQUENCE_HANDLE="$(echo $res | cut -d " " -f3)"
417 echo "sha256 sequence handle: $SHA256_SEQUENCE_HANDLE"
418
419 ${TOOLSPATH}/${PREFIX}sequenceupdate \
420 -hs ${SHA256_SEQUENCE_HANDLE} \
421 -if ${TMP2FILE}
422 if [ $? -ne 0 ]; then
423 echo "Error: Could not updated the hash sequence."
424 exit 1
425 fi
426 echo "Updated sha256 sequence."
427
428 echo "Starting a sha384 sequence"
429 res="$(${TOOLSPATH}/${PREFIX}hashsequencestart -halg sha384)"
430 if [ $? -ne 0 ]; then
431 echo "Error: Could not start sha384 sequence."
432 exit 1
433 fi
434 SHA384_SEQUENCE_HANDLE="$(echo $res | cut -d " " -f3)"
435 echo "sha384 sequence handle: $SHA384_SEQUENCE_HANDLE"
436
437 ${TOOLSPATH}/${PREFIX}sequenceupdate \
438 -hs ${SHA384_SEQUENCE_HANDLE} \
439 -if ${TMP2FILE}
440 if [ $? -ne 0 ]; then
441 echo "Error: Could not updated the hash sequence."
442 exit 1
443 fi
444 echo "Updated sha384 sequence."
445 fi
446
447 if [ $check -eq 1 ]; then
448 echo -n "456" > ${TMP2FILE}
449
450 echo "Completing previously started sha1 sequence"
451 touch $TPMDIR/h${SHA1_SEQUENCE_HANDLE}.bin
452 res=$(${TOOLSPATH}/${PREFIX}sequencecomplete \
453 -hs ${SHA1_SEQUENCE_HANDLE} \
454 -if ${TMP2FILE} -v |
455 tail -n 4 |
456 grep " 7c 4a 8d ")
457 if [ -z "$res" ]; then
458 echo "Error: Did not get expected result from completing sha1 sequence."
459 exit 1
460 fi
461
462 echo "Completing previously started sha256 sequence"
463 touch $TPMDIR/h${SHA256_SEQUENCE_HANDLE}.bin
464 res=$(${TOOLSPATH}/${PREFIX}sequencecomplete \
465 -hs ${SHA256_SEQUENCE_HANDLE} \
466 -if ${TMP2FILE} -v |
467 tail -n 4 |
468 grep " 8d 96 9e ")
469 if [ -z "$res" ]; then
470 echo "Error: Did not get expected result from completing sha256 sequence."
471 exit 1
472 fi
473
474 echo "Completing previously started sha384 sequence"
475 touch $TPMDIR/h${SHA384_SEQUENCE_HANDLE}.bin
476 res=$(${TOOLSPATH}/${PREFIX}sequencecomplete \
477 -hs ${SHA384_SEQUENCE_HANDLE} \
478 -if ${TMP2FILE} -v |
479 tail -n 4 |
480 grep " 0a 98 9e ")
481 if [ -z "$res" ]; then
482 echo "Error: Did not get expected result from completing sha384 sequence."
483 exit 1
484 fi
485 fi
486 }
487
488 function test_session()
489 {
490 local create="$1"
491 local check="$2"
492 # whether we are using previous stored stated that had a different
493 # key and we have to use the old signature
494 local previousstate="$3"
495
496 local i res rc
497
498 if [ $create -eq 1 ]; then
499 # Create a permanent primary key that we expecte
500 # to again see after the TPM has been restarted
501 ${TOOLSPATH}/${PREFIX}createprimary -hi o -st > $TMPFILE
502 if [ $? -ne 0 ]; then
503 echo "Error: createprimary for creating storage key failed."
504 exit 1
505 fi
506 if [ -z "$(grep 80000000 $TMPFILE)" ]; then
507 echo "Error: createprimary did not result in expected handle 80000000"
508 cat $TMPFILE
509 exit 1
510 fi
511 ${TOOLSPATH}/${PREFIX}evictcontrol -ho 80000000 -hp 81000000 -hi o
512 if [ $? -ne 0 ]; then
513 echo "Error: evictcontrol did not work"
514 exit 1
515 fi
516 ${TOOLSPATH}/${PREFIX}flushcontext -ha 80000000
517
518 ${TOOLSPATH}/${PREFIX}startauthsession -se h -bi 81000000 > $TMPFILE
519 if [ $? -ne 0 ]; then
520 echo "Error: Could not start an auth session."
521 cat $TMPFILE
522 exit 1
523 fi
524 AUTHSESSION_HANDLE=$(cat $TMPFILE | sed 's/Handle//')
525 if [ -z "${AUTHSESSION_HANDLE}" ]; then
526 echo "Error: Could not get auth session handle."
527 exit 1
528 fi
529 fi
530
531 if [ $check -eq 1 ]; then
532 echo "Using auth session ${AUTHSESSION_HANDLE} to create a key."
533 ${TOOLSPATH}/${PREFIX}create \
534 -hp 81000000 \
535 -st \
536 -se0 ${AUTHSESSION_HANDLE} 1
537 if [ $? -ne 0 ]; then
538 echo "Error: Could not create key using authsession"
539 exit 1
540 fi
541 echo "Successfully created key"
542 fi
543 }
544
545 function test_hmac_context()
546 {
547 local create="$1"
548 local check="$2"
549 # whether we are using previous stored stated that had a different
550 # key and we have to use the old signature
551 local previousstate="$3"
552
553 local i res rc
554
555 if [ $create -eq 1 ]; then
556 ${TOOLSPATH}/${PREFIX}createprimary -hi o -st > $TMPFILE
557 if [ $? -ne 0 ]; then
558 echo "Error: createprimary failed."
559 exit 1
560 fi
561 if [ -z "$(grep 80000000 $TMPFILE)" ]; then
562 echo "Error: createprimary did not result in expected handle 80000000"
563 exit 1
564 fi
565
566 ${TOOLSPATH}/${PREFIX}create -hp 80000000 -kh \
567 -opr ${HKEYPRIV} -opu ${HKEYPUB} > $TMPFILE
568 if [ $? -ne 0 ]; then
569 echo "Error: could not create key for HMAC"
570 exit 1
571 fi
572
573 ${TOOLSPATH}/${PREFIX}load -hp 80000000 \
574 -ipr ${HKEYPRIV} -ipu ${HKEYPUB} -v > $TMPFILE
575 if [ $? -ne 0 ]; then
576 echo "Error: could not load key for HMAC"
577 cat $TMPFILE
578 exit 1
579 fi
580 if [ -z "$(grep 80000001 $TMPFILE)" ]; then
581 echo "Error: load did not result in expected handle 80000001"
582 exit 1
583 fi
584
585 ${TOOLSPATH}/${PREFIX}hmacstart -hk 80000001 > $TMPFILE
586 if [ $? -ne 0 ]; then
587 echo "Error: could not start HMAC sequence"
588 exit 1
589 fi
590 if [ -z "$(grep 80000002 $TMPFILE)" ]; then
591 echo "Error: load did not result in expected handle 80000002"
592 exit 1
593 fi
594
595 echo -n "123" > ${TMP2FILE}
596 ${TOOLSPATH}/${PREFIX}sequenceupdate \
597 -hs 80000002 \
598 -if ${TMP2FILE}
599 if [ $? -ne 0 ]; then
600 echo "Error: Could not updated the HMAC sequence."
601 exit 1
602 fi
603 echo "Updated HMAC sequence."
604 fi
605
606 if [ $check -eq 1 ]; then
607 echo -n "456" > ${TMP2FILE}
608
609 echo "Completing previously started HMAC sequence"
610 touch $TPMDIR/h80000002.bin
611 ${TOOLSPATH}/${PREFIX}sequencecomplete \
612 -hs 80000002 \
613 -if ${TMP2FILE} -v |
614 tail -n 4 > ${TMPFILE}
615 if [ -z "$(grep " 6e 40 33 1a " ${TMPFILE})" ]; then
616 echo "Error: Did not get expected result from completing HMAC sequence."
617 cat $TMPFILE
618 exit 1
619 fi
620 fi
621 }
622
623 function test_primary_volatile_load()
624 {
625 local create="$1"
626 local check="$2"
627 # whether we are using previous stored stated that had a different
628 # key and we have to use the old signature
629 local previousstate="$3"
630
631 local i res rc
632
633 if [ $create -eq 1 ]; then
634 # Create a permanent primary key that we expecte
635 # to again see after the TPM has been restarted
636 ${TOOLSPATH}/${PREFIX}createprimary -hi o -si > $TMPFILE
637 if [ $? -ne 0 ]; then
638 echo "Error: createprimary failed."
639 exit 1
640 fi
641 if [ -z "$(grep 80000000 $TMPFILE)" ]; then
642 echo "Error: createprimary did not result in expected handle 80000000"
643 exit 1
644 fi
645
646 echo -n "123" > $BINFILE
647 ${TOOLSPATH}/${PREFIX}sign -hk 80000000 -if ${BINFILE} -os ${SIGFILE} > $TMPFILE
648 if [ $? -ne 0 ]; then
649 echo "Error: Could not create signature."
650 cat $TMPFILE
651 exit 1
652 fi
653
654 printf "Verifying signature with this key (create phase)\n"
655 ${TOOLSPATH}/${PREFIX}verifysignature -hk 80000000 \
656 -is ${SIGFILE} \
657 -if ${BINFILE} > $TMPFILE
658 if [ $? -ne 0 ]; then
659 echo "Verifying signature failed."
660 exit 1
661 fi
662 fi
663
664 if [ $check -eq 1 ]; then
665 local sigfile=${SIGFILE} hash1 hash2
666
667 if [ $previousstate -ne 0 ]; then
668 sigfile=${TESTDIR}/data/tpm2state3d/signature2.bin
669 fi
670
671 printf "Checking availability of key with handle 0x80000000\n"
672 ${TOOLSPATH}/${PREFIX}getcapability -cap 1 -pr 0x80000000 >$TMPFILE
673 if [ -z "$(grep 80000000 $TMPFILE)" ]; then
674 echo "Could not find key with handle 0x80000000"
675 exit 1
676 fi
677
678 printf "Verifying signature with this key (check phase)\n"
679 echo -n "123" > $BINFILE
680 ${TOOLSPATH}/${PREFIX}verifysignature -hk 80000000 \
681 -is ${sigfile} \
682 -if ${BINFILE} > $TMPFILE
683 if [ $? -ne 0 ]; then
684 echo "Verifying signature failed."
685 exit 1
686 fi
687
688 if [ $previousstate -eq 0 ]; then
689 ${TOOLSPATH}/${PREFIX}sign -hk 80000000 -if ${BINFILE} -os ${SIGFILE2} > $TMPFILE
690 if [ $? -ne 0 ]; then
691 echo "Error: Could not create signature."
692 cat $TMPFILE
693 exit 1
694 fi
695 hash1=$(get_sha1_file ${SIGFILE})
696 hash2=$(get_sha1_file ${SIGFILE2})
697 if [ "${hash1}" != "${hash2}" ]; then
698 echo "Error: hashes of signatures are different. Loaded key may be different."
699 exit 1
700 fi
701 fi
702 fi
703 }
704
705 # libtpms issue #195: Create an external key and load it into the TPM 2
706 # and do a context save/load cycle
707 function test_external_key()
708 {
709 local create="$1"
710 local check="$2"
711
712 if [ $create -eq 1 ]; then
713 ${CERTTOOL} --generate-privkey --bits 2048 --outfile ${PRIVKEY} &>/dev/null
714 ${CERTTOOL} --pubkey-info --load-privkey ${PRIVKEY} > ${PUBKEY}
715 $TOOLSPATH/${PREFIX}loadexternal -hi o -ipem ${PUBKEY} > $TMPFILE
716 if [ $? -ne 0 ]; then
717 echo "Error: loadexternal failed."
718 exit 1
719 fi
720 if [ -z "$(grep 80000001 $TMPFILE)" ]; then
721 echo "Error: loadexternal did not result in expected handle 80000001"
722 exit 1
723 fi
724 fi
725
726 if [ $check -eq 1 ]; then
727 $TOOLSPATH/${PREFIX}contextsave -ha 80000001 -of ${PUBKEYCONTEXT}
728 if [ $? -ne 0 ]; then
729 echo "Error: contextsave on loaded public key failed."
730 exit 1
731 fi
732 $TOOLSPATH/${PREFIX}flushcontext -ha 80000001
733 $TOOLSPATH/${PREFIX}contextload -if ${PUBKEYCONTEXT} > $TMPFILE
734 if [ $? -ne 0 ]; then
735 echo "Error: contextload on context of public key failed."
736 exit 1
737 fi
738 if [ -z "$(grep 80000001 $TMPFILE)" ]; then
739 echo "Error: contextload did not result in expected handle 80000001"
740 exit 1
741 fi
742 fi
743 }
744
745 export TPM_SERVER_TYPE=raw
746 export TPM_SERVER_NAME=127.0.0.1
747 export TPM_INTERFACE_TYPE=socsim
748 export TPM_COMMAND_PORT=65533
749 export TPM_DATA_DIR=$TPMDIR
750 export TPM_SESSION_ENCKEY="807e2bfe898ddaed8fa6310e716a24dc" # for sessions
751
752 $SWTPM_EXE socket \
753 --server port=${TPM_COMMAND_PORT} \
754 --tpmstate dir=$TPMDIR \
755 --pid file=$PID_FILE \
756 --ctrl type=unixio,path=$SOCK_PATH \
757 --log file=$LOGFILE,level=20 \
758 --tpm2 \
759 ${SWTPM_TEST_SECCOMP_OPT} &
760
761 if wait_for_file $PID_FILE 3; then
762 echo "Error: (1) Socket TPM did not write pidfile."
763 exit 1
764 fi
765
766 PID="$(cat $PID_FILE)"
767
768 # Send TPM_Init
769 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
770 if [ $? -ne 0 ]; then
771 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
772 exit 1
773 fi
774
775 ${TOOLSPATH}/${PREFIX}startup -c
776 if [ $? -ne 0 ]; then
777 echo "Error: tpm_startup clear failed."
778 exit 1
779 fi
780
781 test_nvram_state 1 1
782 test_primary 1 1 0
783 test_pcr_allocation 1 0 # can only check after reboot
784 test_hierarchy 1 1
785
786 ${TOOLSPATH}/${PREFIX}shutdown -c
787 if [ $? -ne 0 ]; then
788 echo "Error: tpm_shutdown clear failed."
789 cat $LOGFILE
790 exit 1
791 fi
792
793 # Send Shutdown
794 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
795 if [ $? -ne 0 ]; then
796 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
797 exit 1
798 fi
799
800 echo "============================" >> $LOGFILE
801
802 echo "TPM was shut down"
803
804 # Store this state for later usage
805 # cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state3;
806 # cp $SIGFILE ${TESTDIR}/data/tpm2state3/signature.bin
807
808 #################################################################
809 # Run TPM2 with the created state and verify it's the same
810
811 $SWTPM_EXE socket \
812 --server port=${TPM_COMMAND_PORT} \
813 --tpmstate dir=$TPMDIR \
814 --pid file=$PID_FILE \
815 --ctrl type=unixio,path=$SOCK_PATH \
816 --log file=$LOGFILE,level=20 \
817 --tpm2 \
818 ${SWTPM_TEST_SECCOMP_OPT} &
819
820 if wait_for_file $PID_FILE 3; then
821 echo "Error: (2) Socket TPM did not write pidfile."
822 exit 1
823 fi
824
825 echo "TPM re-started"
826
827 PID="$(cat $PID_FILE)"
828
829 # Send TPM_Init
830 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
831 if [ $? -ne 0 ]; then
832 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
833 exit 1
834 fi
835
836 ${TOOLSPATH}/${PREFIX}startup -c
837 if [ $? -ne 0 ]; then
838 echo "Error: tpm_startup clear failed."
839 cat $LOGFILE
840 exit 1
841 fi
842
843 test_nvram_state 0 1
844 test_primary 0 1 0
845 test_pcr_allocation 0 1
846 test_hierarchy 0 1
847
848 ${TOOLSPATH}/${PREFIX}shutdown -c
849 if [ $? -ne 0 ]; then
850 echo "Error: tpm_shutdown clear failed."
851 cat $LOGFILE
852 exit 1
853 fi
854
855 # Send Shutdown
856 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
857 if [ $? -ne 0 ]; then
858 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
859 exit 1
860 fi
861
862 echo "============================" >> $LOGFILE
863
864 echo "TPM was shut down"
865
866 #################################################################
867 # Run TPM2 with previously saved state and verify it's the same
868
869 rm -f $TPMDIR/*
870 cp -f ${TESTDIR}/data/tpm2state3/tpm2-00.permall $TPMDIR/tpm2-00.permall
871
872 $SWTPM_EXE socket \
873 --server port=${TPM_COMMAND_PORT} \
874 --tpmstate dir=$TPMDIR \
875 --pid file=$PID_FILE \
876 --ctrl type=unixio,path=$SOCK_PATH \
877 --log file=$LOGFILE,level=20 \
878 --tpm2 \
879 ${SWTPM_TEST_SECCOMP_OPT} &
880
881 if wait_for_file $PID_FILE 3; then
882 echo "Error: (3) Socket TPM did not write pidfile."
883 exit 1
884 fi
885
886 echo "TPM started with previously generated state"
887
888 PID="$(cat $PID_FILE)"
889
890 # Send TPM_Init
891 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
892 if [ $? -ne 0 ]; then
893 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
894 exit 1
895 fi
896
897 ${TOOLSPATH}/${PREFIX}startup -c
898 if [ $? -ne 0 ]; then
899 echo "Error: tpm_startup clear failed."
900 cat $LOGFILE
901 exit 1
902 fi
903
904 test_nvram_state 0 1
905 test_primary 0 1 1
906 test_pcr_allocation 0 1
907 test_hierarchy 0 1
908
909 ${TOOLSPATH}/${PREFIX}shutdown -c
910 if [ $? -ne 0 ]; then
911 echo "Error: tpm_shutdown clear failed."
912 cat $LOGFILE
913 exit 1
914 fi
915
916 # Send Shutdown
917 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
918 if [ $? -ne 0 ]; then
919 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
920 exit 1
921 fi
922
923 echo "Test 1 OK"
924
925 #
926 #
927 # Tests with volatile state
928 #
929 #
930
931 rm -f ${TPMDIR}/*
932
933 $SWTPM_EXE socket \
934 --server port=${TPM_COMMAND_PORT} \
935 --tpmstate dir=$TPMDIR \
936 --pid file=$PID_FILE \
937 --ctrl type=unixio,path=$SOCK_PATH \
938 --log file=$LOGFILE,level=20 \
939 --tpm2 \
940 ${SWTPM_TEST_SECCOMP_OPT} &
941
942 if wait_for_file $PID_FILE 3; then
943 echo "Error: (3) Socket TPM did not write pidfile."
944 exit 1
945 fi
946
947 PID="$(cat $PID_FILE)"
948
949 # Send TPM_Init
950 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
951 if [ $? -ne 0 ]; then
952 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
953 exit 1
954 fi
955
956 ${TOOLSPATH}/${PREFIX}startup -c
957 if [ $? -ne 0 ]; then
958 echo "Error: tpm_startup clear failed."
959 cat $LOGFILE
960 exit 1
961 fi
962
963 test_session 1 1
964 test_hash_context 1 0
965
966 act=$($SWTPM_IOCTL --unix $SOCK_PATH -v 2>&1)
967 if [ $? -ne 0 ]; then
968 echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act"
969 exit 1
970 fi
971
972 ${TOOLSPATH}/${PREFIX}shutdown -c
973 if [ $? -ne 0 ]; then
974 echo "Error: tpm_shutdown clear failed."
975 cat $LOGFILE
976 exit 1
977 fi
978
979 # Send Shutdown
980 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
981 if [ $? -ne 0 ]; then
982 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
983 exit 1
984 fi
985
986 #################################################################
987 # Run TPM2 with the saved volatile state
988
989 # create a backup for running the next test...
990 # cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state3b/tpm2-00.permall
991 # cp $TPMDIR/tpm2-00.volatilestate ${TESTDIR}/data/tpm2state3b/tpm2-00.volatilestate
992 # cp $TPMDIR/h02000000.bin ${TESTDIR}/data/tpm2state3b/h02000000.bin
993 # cp $TPMDIR/h81000000.bin ${TESTDIR}/data/tpm2state3b/h81000000.bin
994
995 $SWTPM_EXE socket \
996 --server port=${TPM_COMMAND_PORT} \
997 --tpmstate dir=$TPMDIR \
998 --pid file=$PID_FILE \
999 --ctrl type=unixio,path=$SOCK_PATH \
1000 --log file=$LOGFILE,level=20 \
1001 --tpm2 \
1002 ${SWTPM_TEST_SECCOMP_OPT} &
1003
1004 if wait_for_file $PID_FILE 3; then
1005 echo "Error: (3) Socket TPM did not write pidfile."
1006 exit 1
1007 fi
1008
1009 PID="$(cat $PID_FILE)"
1010
1011 # Send TPM_Init
1012 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
1013 if [ $? -ne 0 ]; then
1014 cat $LOGFILE
1015 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
1016 exit 1
1017 fi
1018
1019 test_hash_context 0 1
1020 test_session 0 1
1021
1022 ${TOOLSPATH}/${PREFIX}shutdown -c
1023 if [ $? -ne 0 ]; then
1024 echo "Error: tpm_shutdown clear failed."
1025 cat $LOGFILE
1026 exit 1
1027 fi
1028
1029 # Send Shutdown
1030 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
1031 if [ $? -ne 0 ]; then
1032 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
1033 exit 1
1034 fi
1035
1036 #####################################################################
1037 # Run TPM2 with previously saved (volatile) state and verify it's
1038 # working as well
1039
1040 cp -f ${TESTDIR}/data/tpm2state3b/tpm2-00.permall $TPMDIR/tpm2-00.permall
1041 cp -f ${TESTDIR}/data/tpm2state3b/tpm2-00.volatilestate $TPMDIR/tpm2-00.volatilestate
1042 cp -f ${TESTDIR}/data/tpm2state3b/h02000000.bin $TPMDIR/h02000000.bin
1043 cp -f ${TESTDIR}/data/tpm2state3b/h81000000.bin $TPMDIR/h81000000.bin
1044
1045 $SWTPM_EXE socket \
1046 --server port=${TPM_COMMAND_PORT} \
1047 --tpmstate dir=$TPMDIR \
1048 --pid file=$PID_FILE \
1049 --ctrl type=unixio,path=$SOCK_PATH \
1050 --log file=$LOGFILE,level=20 \
1051 --tpm2 \
1052 ${SWTPM_TEST_SECCOMP_OPT} &
1053
1054 if wait_for_file $PID_FILE 3; then
1055 echo "Error: (3) Socket TPM did not write pidfile."
1056 exit 1
1057 fi
1058
1059 echo "TPM started with previously generated state"
1060
1061 PID="$(cat $PID_FILE)"
1062
1063 # Send TPM_Init
1064 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
1065 if [ $? -ne 0 ]; then
1066 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
1067 tail -n 10 $LOGFILE
1068 exit 1
1069 fi
1070
1071 test_hash_context 0 1
1072 test_session 0 1
1073
1074 # Send Shutdown
1075 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
1076 if [ $? -ne 0 ]; then
1077 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
1078 exit 1
1079 fi
1080
1081 echo "Test 2 OK"
1082
1083 #
1084 #
1085 # Tests with volatile state -- 2nd test
1086 #
1087 #
1088
1089 rm -f ${TPMDIR}/*
1090
1091 $SWTPM_EXE socket \
1092 --server port=${TPM_COMMAND_PORT} \
1093 --tpmstate dir=$TPMDIR \
1094 --pid file=$PID_FILE \
1095 --ctrl type=unixio,path=$SOCK_PATH \
1096 --log file=$LOGFILE,level=20 \
1097 --tpm2 \
1098 ${SWTPM_TEST_SECCOMP_OPT} &
1099
1100 if wait_for_file $PID_FILE 3; then
1101 echo "Error: (3) Socket TPM did not write pidfile."
1102 exit 1
1103 fi
1104
1105 PID="$(cat $PID_FILE)"
1106
1107 # Send TPM_Init
1108 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
1109 if [ $? -ne 0 ]; then
1110 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
1111 exit 1
1112 fi
1113
1114 ${TOOLSPATH}/${PREFIX}startup -c
1115 if [ $? -ne 0 ]; then
1116 echo "Error: tpm_startup clear failed."
1117 cat $LOGFILE
1118 exit 1
1119 fi
1120
1121 # we only run this to generate the AES key which is different every time...
1122 # test_hmac_context 1 0
1123
1124 act=$($SWTPM_IOCTL --unix $SOCK_PATH -v 2>&1)
1125 if [ $? -ne 0 ]; then
1126 echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act"
1127 exit 1
1128 fi
1129
1130 ${TOOLSPATH}/${PREFIX}shutdown -c
1131 if [ $? -ne 0 ]; then
1132 echo "Error: tpm_shutdown clear failed."
1133 cat $LOGFILE
1134 exit 1
1135 fi
1136
1137 # Send Shutdown
1138 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
1139 if [ $? -ne 0 ]; then
1140 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
1141 exit 1
1142 fi
1143
1144 #################################################################
1145 # Run TPM2 with the saved volatile state
1146
1147 # create a backup for running the next test...
1148 # cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state3c/tpm2-00.permall
1149 # cp $TPMDIR/tpm2-00.volatilestate ${TESTDIR}/data/tpm2state3c/tpm2-00.volatilestate
1150
1151 #echo $TPMDIR
1152 #ls -l $TPMDIR
1153 $SWTPM_EXE socket \
1154 --server port=${TPM_COMMAND_PORT} \
1155 --tpmstate dir=$TPMDIR \
1156 --pid file=$PID_FILE \
1157 --ctrl type=unixio,path=$SOCK_PATH \
1158 --log file=$LOGFILE,level=20 \
1159 --tpm2 \
1160 ${SWTPM_TEST_SECCOMP_OPT} &
1161
1162 if wait_for_file $PID_FILE 3; then
1163 echo "Error: (3) Socket TPM did not write pidfile."
1164 exit 1
1165 fi
1166
1167 PID="$(cat $PID_FILE)"
1168
1169 # Send TPM_Init
1170 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
1171 if [ $? -ne 0 ]; then
1172 cat $LOGFILE
1173 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
1174 exit 1
1175 fi
1176
1177 # since the AES key is different every time, we cannot run
1178 # the HMAC function that's using it since the result would
1179 # be different every time
1180 # test_hmac_context 0 1
1181
1182 ${TOOLSPATH}/${PREFIX}shutdown -c
1183 if [ $? -ne 0 ]; then
1184 echo "Error: tpm_shutdown clear failed."
1185 cat $LOGFILE
1186 exit 1
1187 fi
1188
1189 # Send Shutdown
1190 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
1191 if [ $? -ne 0 ]; then
1192 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
1193 exit 1
1194 fi
1195
1196 #####################################################################
1197 # Run TPM2 with previously saved (volatile) state and verify it's
1198 # working as well
1199
1200 cp -f ${TESTDIR}/data/tpm2state3c/tpm2-00.volatilestate $TPMDIR/tpm2-00.volatilestate
1201 cp -f ${TESTDIR}/data/tpm2state3c/tpm2-00.permall $TPMDIR/tpm2-00.permall
1202
1203 $SWTPM_EXE socket \
1204 --server port=${TPM_COMMAND_PORT} \
1205 --tpmstate dir=$TPMDIR \
1206 --pid file=$PID_FILE \
1207 --ctrl type=unixio,path=$SOCK_PATH \
1208 --log file=$LOGFILE,level=20 \
1209 --tpm2 \
1210 ${SWTPM_TEST_SECCOMP_OPT} &
1211
1212 if wait_for_file $PID_FILE 3; then
1213 echo "Error: (3) Socket TPM did not write pidfile."
1214 exit 1
1215 fi
1216
1217 echo "TPM started with previously generated state"
1218
1219 PID="$(cat $PID_FILE)"
1220
1221 # Send TPM_Init
1222 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
1223 if [ $? -ne 0 ]; then
1224 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
1225 exit 1
1226 fi
1227
1228 test_hmac_context 0 1
1229
1230 # Send Shutdown
1231 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
1232 if [ $? -ne 0 ]; then
1233 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
1234 exit 1
1235 fi
1236
1237 echo "Test 3 OK"
1238
1239
1240 #
1241 #
1242 # Tests with volatile state -- 3rd test
1243 #
1244 #
1245
1246 rm -f ${TPMDIR}/*
1247
1248 $SWTPM_EXE socket \
1249 --server port=${TPM_COMMAND_PORT} \
1250 --tpmstate dir=$TPMDIR \
1251 --pid file=$PID_FILE \
1252 --ctrl type=unixio,path=$SOCK_PATH \
1253 --log file=$LOGFILE,level=20 \
1254 --tpm2 \
1255 ${SWTPM_TEST_SECCOMP_OPT} &
1256
1257 if wait_for_file $PID_FILE 3; then
1258 echo "Error: (3) Socket TPM did not write pidfile."
1259 exit 1
1260 fi
1261
1262 PID="$(cat $PID_FILE)"
1263
1264 # Send TPM_Init
1265 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
1266 if [ $? -ne 0 ]; then
1267 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
1268 exit 1
1269 fi
1270
1271 ${TOOLSPATH}/${PREFIX}startup -c
1272 if [ $? -ne 0 ]; then
1273 echo "Error: tpm_startup clear failed."
1274 cat $LOGFILE
1275 exit 1
1276 fi
1277
1278 test_primary_volatile_load 1 0 0
1279 test_external_key 1 1
1280
1281 act=$($SWTPM_IOCTL --unix $SOCK_PATH -v 2>&1)
1282 if [ $? -ne 0 ]; then
1283 echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act"
1284 exit 1
1285 fi
1286
1287 ${TOOLSPATH}/${PREFIX}shutdown -c
1288 if [ $? -ne 0 ]; then
1289 echo "Error: tpm_shutdown clear failed."
1290 cat $LOGFILE
1291 exit 1
1292 fi
1293
1294 # Send Shutdown
1295 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
1296 if [ $? -ne 0 ]; then
1297 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
1298 exit 1
1299 fi
1300
1301 #################################################################
1302 # Run TPM2 with the saved volatile state
1303
1304 # create a backup for running the next test...
1305 # cp $TPMDIR/tpm2-00.volatilestate ${TESTDIR}/data/tpm2state3d/tpm2-00.volatilestate
1306 # cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state3d/tpm2-00.permall
1307 # cp $SIGFILE ${TESTDIR}/data/tpm2state3d/signature2.bin
1308
1309 #echo $TPMDIR
1310 #ls -l $TPMDIR
1311 $SWTPM_EXE socket \
1312 --server port=${TPM_COMMAND_PORT} \
1313 --tpmstate dir=$TPMDIR \
1314 --pid file=$PID_FILE \
1315 --ctrl type=unixio,path=$SOCK_PATH \
1316 --log file=$LOGFILE,level=20 \
1317 --tpm2 \
1318 ${SWTPM_TEST_SECCOMP_OPT} &
1319
1320 if wait_for_file $PID_FILE 3; then
1321 echo "Error: (3) Socket TPM did not write pidfile."
1322 exit 1
1323 fi
1324
1325 PID="$(cat $PID_FILE)"
1326
1327 # Send TPM_Init
1328 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
1329 if [ $? -ne 0 ]; then
1330 cat $LOGFILE
1331 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
1332 exit 1
1333 fi
1334
1335 test_primary_volatile_load 0 1 0
1336 test_external_key 0 1
1337
1338 ${TOOLSPATH}/${PREFIX}shutdown -c
1339 if [ $? -ne 0 ]; then
1340 echo "Error: tpm_shutdown clear failed."
1341 cat $LOGFILE
1342 exit 1
1343 fi
1344
1345 # Send Shutdown
1346 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
1347 if [ $? -ne 0 ]; then
1348 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
1349 exit 1
1350 fi
1351
1352 #####################################################################
1353 # Run TPM2 with previously saved (volatile) state and verify it's
1354 # working as well
1355
1356 cp -f ${TESTDIR}/data/tpm2state3d/tpm2-00.permall $TPMDIR/tpm2-00.permall
1357 cp -f ${TESTDIR}/data/tpm2state3d/tpm2-00.volatilestate $TPMDIR/tpm2-00.volatilestate
1358
1359 $SWTPM_EXE socket \
1360 --server port=${TPM_COMMAND_PORT} \
1361 --tpmstate dir=$TPMDIR \
1362 --pid file=$PID_FILE \
1363 --ctrl type=unixio,path=$SOCK_PATH \
1364 --log file=$LOGFILE,level=20 \
1365 --tpm2 \
1366 ${SWTPM_TEST_SECCOMP_OPT} &
1367
1368 if wait_for_file $PID_FILE 3; then
1369 echo "Error: (3) Socket TPM did not write pidfile."
1370 exit 1
1371 fi
1372
1373 echo "TPM started with previously generated state"
1374
1375 PID="$(cat $PID_FILE)"
1376
1377 # Send TPM_Init
1378 act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1)
1379 if [ $? -ne 0 ]; then
1380 echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act"
1381 exit 1
1382 fi
1383
1384 test_primary_volatile_load 0 1 1
1385 test_external_key 0 1
1386 # Create the orderly nv indices and have them cleared (for coverage)
1387 test_nvram_state 1 1
1388
1389 ${TOOLSPATH}/${PREFIX}clear -hi p
1390 if [ $? -ne 0 ]; then
1391 echo "Error: clear failed."
1392 cat $LOGFILE
1393 exit 1
1394 fi
1395
1396 # Send Shutdown
1397 act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1)
1398 if [ $? -ne 0 ]; then
1399 echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act"
1400 exit 1
1401 fi
1402
1403 echo "Test 4 OK"
1404
1405 exit 0
Software TPM used for PVE's Virtual Machines