diff options
| author | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2023-06-07 12:18:12 +0300 |
|---|---|---|
| committer | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2023-06-13 08:51:07 +0300 |
| commit | 011f015540d788227a1a2d16dd6245120827bdec (patch) | |
| tree | 64307bb64b8e02a6e4cdac1b75be9654461d76af | |
| parent | 789ed27842563a7a067ed0c5d2511d0e470b00c8 (diff) | |
| download | u-boot-011f015540d788227a1a2d16dd6245120827bdec.zip u-boot-011f015540d788227a1a2d16dd6245120827bdec.tar.gz u-boot-011f015540d788227a1a2d16dd6245120827bdec.tar.bz2 | |
test/py: Account PCR updates properly during testing
Currently we only read the pcr updates once on test_tpm2_pcr_read().
It turns out that the tpm init sequence of force_init() which consists
of:
- tpm2 init
- tpm2 startup TPM2_SU_CLEAR
- tpm2 self_test full
- tpm2 clear TPM2_RH_LOCKOUT
also counts as an update. Running this in the console verifies the
update bump
=> tpm2 init
=> tpm2 startup TPM2_SU_CLEAR
=> tpm2 self_test full
=> tpm pcr_read 10 $loadaddr
PCR #10 content (28 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=> tpm2 clear TPM2_RH_LOCKOUT
=> tpm pcr_read 10 $loadaddr
PCR #10 content (29 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>
With the recent changes of replacing 'tpm2 init' with 'tpm2 autostart'
we end up always running the full init. The reason is 'tpm init'
returns -EBUSY if the tpm is already open, while 'tpm autostart' handles
ths gracefully and continues with the initialization. It's worth noting
that this won't affect the device functionality at all since
retriggering the startup sequence and selftests has no side effects.
Instead of relying on the initial value, reread the 'known updates'
just before updating the PCR to ensure we read the correct values
before testing
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
| -rw-r--r-- | test/py/tests/test_tpm2.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py index 1ade66a..fce689c 100644 --- a/test/py/tests/test_tpm2.py +++ b/test/py/tests/test_tpm2.py @@ -272,6 +272,12 @@ def test_tpm2_pcr_extend(u_boot_console): force_init(u_boot_console) ram = u_boot_utils.find_ram_base(u_boot_console) + read_pcr = u_boot_console.run_command('tpm2 pcr_read 0 0x%x' % (ram + 0x20)) + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + str = re.findall(r'\d+ known updates', read_pcr)[0] + updates = int(re.findall(r'\d+', str)[0]) + u_boot_console.run_command('tpm2 pcr_extend 0 0x%x' % ram) output = u_boot_console.run_command('echo $?') assert output.endswith('0') |