Currently we only read the pcr updates once on test_tpm2_pcr_read().
It turns out that the tpm init sequence of force_init() which consists
of:
- tpm2 init
- tpm2 startup TPM2_SU_CLEAR
- tpm2 self_test full
- tpm2 clear TPM2_RH_LOCKOUT
also counts as an update. Running this in the console verifies the
update bump
=> tpm2 init
=> tpm2 startup TPM2_SU_CLEAR
=> tpm2 self_test full
=> tpm pcr_read 10 $loadaddr
PCR #10 content (28 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=> tpm2 clear TPM2_RH_LOCKOUT
=> tpm pcr_read 10 $loadaddr
PCR #10 content (29 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>
With the recent changes of replacing 'tpm2 init' with 'tpm2 autostart'
we end up always running the full init. The reason is 'tpm init'
returns -EBUSY if the tpm is already open, while 'tpm autostart' handles
ths gracefully and continues with the initialization. It's worth noting
that this won't affect the device functionality at all since
retriggering the startup sequence and selftests has no side effects.
Instead of relying on the initial value, reread the 'known updates'
just before updating the PCR to ensure we read the correct values
before testing
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of copy pasting the commands needed to start a TPM consisting
of:
- tpm init
- tpm startup TPM2_SU_CLEAR
- tpm2 self_test full
use the newly added 'autostart' which does the same thing and simplify
our python scripts
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With TPM emulation enabled in u-boot-test-hooks we should also provide the
tpm2 command used for the test/py/tests/test_tpm2.py test.
One of the Python TPMv2 tests expects sandbox specific values. So disable
it on other platforms.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
These tests currently run in a particular sequence, with some of them
depending on the actions of earlier tests.
Add a check for sandbox and reset to a known state at the start of each
test, so that all tests can run in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tpm test cases relies on tpm device setup. Provide an environment
variable "env__tpm_device_test_skip = True" to skip the test case
if tpm device is not present.
Only needed will have to add variable to the py-test framework.
Test runs successfully even this variable is absent.
Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.
Add support for this, using U-Boot's sha256 support.
For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.
Signed-off-by: Simon Glass <sjg@chromium.org>
While using the 'tpm' command should work on most cases, this test suite
only works with TPMv2 and since the work to make both versions build at
the same time, we might end up having both 'tpm' (TPMv1) and 'tpm2'
(TPMv2) commands available at the same time. Ensure this test suite
always use the right one.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some functions have different behaviour when the given address is 0
(assumed to be NULL by the function).
find_ram_base() does not return 0 anymore so it's safe to remove those
offsets.
Suggested-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Quentin Schulz <quentin.schulz@bootlin.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
Add tests for the TPMv2.x commands.
These commands may run both on a physical TPM and with the sandbox
driver.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
