commit 789ed27842 ("test/py: replace 'tpm2 init, startup, selftest' sequences")
changed some of the tpm2 init sequences to 'tpm2 autostart' instead of
calling 'tpm init', 'tpm startup TPM2_SU_CLEAR', 'tpm2 self_test full'.
The autostart command calls the afforementioned sequence and on top of
that deals with the 'tpm2 init' return codes if the tpm is already
started. Since we initialize the tpm from various subsystems now,
replace the last remaining instances of 'tpm2 init' with 'tpm2
autostart'. Since the latter calls 'tpm2 init' anyway we will still be
implicitly testing the validity of that command
It's worth noting that since 'tpm2 autostart' performs the startup and
self tests sequences of the tpm we could drop
'test_tpm2_sandbox_self_test_full' and 'test_tpm2_startup, but let's
keep the since they test tpm commands and options
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false positive.
So let's switch over to a PCR which is more suitable and is defined for
OS use. It's worth noting that we are using PCR10 here, since PCR9 is
used internally by U-Boot if we choose to measure the loaded DTB
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Currently we only read the pcr updates once on test_tpm2_pcr_read().
It turns out that the tpm init sequence of force_init() which consists
of:
- tpm2 init
- tpm2 startup TPM2_SU_CLEAR
- tpm2 self_test full
- tpm2 clear TPM2_RH_LOCKOUT
also counts as an update. Running this in the console verifies the
update bump
=> tpm2 init
=> tpm2 startup TPM2_SU_CLEAR
=> tpm2 self_test full
=> tpm pcr_read 10 $loadaddr
PCR #10 content (28 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=> tpm2 clear TPM2_RH_LOCKOUT
=> tpm pcr_read 10 $loadaddr
PCR #10 content (29 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>
With the recent changes of replacing 'tpm2 init' with 'tpm2 autostart'
we end up always running the full init. The reason is 'tpm init'
returns -EBUSY if the tpm is already open, while 'tpm autostart' handles
ths gracefully and continues with the initialization. It's worth noting
that this won't affect the device functionality at all since
retriggering the startup sequence and selftests has no side effects.
Instead of relying on the initial value, reread the 'known updates'
just before updating the PCR to ensure we read the correct values
before testing
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Instead of copy pasting the commands needed to start a TPM consisting
of:
- tpm init
- tpm startup TPM2_SU_CLEAR
- tpm2 self_test full
use the newly added 'autostart' which does the same thing and simplify
our python scripts
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
With TPM emulation enabled in u-boot-test-hooks we should also provide the
tpm2 command used for the test/py/tests/test_tpm2.py test.
One of the Python TPMv2 tests expects sandbox specific values. So disable
it on other platforms.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
These tests currently run in a particular sequence, with some of them
depending on the actions of earlier tests.
Add a check for sandbox and reset to a known state at the start of each
test, so that all tests can run in parallel.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tpm test cases relies on tpm device setup. Provide an environment
variable "env__tpm_device_test_skip = True" to skip the test case
if tpm device is not present.
Only needed will have to add variable to the py-test framework.
Test runs successfully even this variable is absent.
Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.
Add support for this, using U-Boot's sha256 support.
For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.
Signed-off-by: Simon Glass <sjg@chromium.org>
While using the 'tpm' command should work on most cases, this test suite
only works with TPMv2 and since the work to make both versions build at
the same time, we might end up having both 'tpm' (TPMv1) and 'tpm2'
(TPMv2) commands available at the same time. Ensure this test suite
always use the right one.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Some functions have different behaviour when the given address is 0
(assumed to be NULL by the function).
find_ram_base() does not return 0 anymore so it's safe to remove those
offsets.
Suggested-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Quentin Schulz <quentin.schulz@bootlin.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
Add tests for the TPMv2.x commands.
These commands may run both on a physical TPM and with the sandbox
driver.
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
