Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-08-22 19:04:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
stable-0.8
swtpm/tests/test_ctrlchannel4
Stefan Berger 6fbb219db9 swtpm: Implement CMD_LOCK_STORAGE to lock storage 
Implement CMD_LOCK_STORAGE / PTM_LOCK_STORAGE for a user to be able to
lock the storage of the storage backend (if supported) after its lock
has been released for example when the 'savestate' blob was received
while the TPM state was migrated.

Also adjust test case and extend man pages.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2022-09-06 14:08:45 -04:00

139 lines
3.4 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
# For the license, see the LICENSE file in the root directory.
ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
TPMDIR="$(mktemp -d)" || exit 1
SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
PID_FILE=$TPMDIR/swtpm.pid
LOG_FILE=$TPMDIR/swtpm.log
source ${TESTDIR}/test_common
trap "cleanup" SIGTERM EXIT
function cleanup()
{
rm -rf $TPMDIR
if [ -n "$PID" ]; then
kill_quiet -SIGTERM $PID 2>/dev/null
fi
}
SWTPM_INTERFACE=socket+unix
source ${TESTDIR}/common
skip_test_no_chardev "${SWTPM_EXE}"
skip_test_no_tpm12 "${SWTPM_EXE}"
# Test 1: test the control channel on the chardev tpm
exec 100<>/dev/ptmx
$SWTPM_EXE chardev \
--fd 100 \
--tpmstate dir=$TPMDIR \
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH \
--log file=$LOG_FILE,level=20 \
${SWTPM_TEST_SECCOMP_OPT} &
exec 100>&-
if wait_for_file $PID_FILE 3; then
echo "Error: Chardev TPM did not write pidfile."
exit 1
fi
PID="$(cat $PID_FILE)"
# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
exp=" 00 00 00 00 00 01 7f ff"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_GET_CAPABILITY:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_INIT:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send unknown command to the TPM
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
exp=" 00 00 00 0a"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from sending unsupported command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_STORE_VOLATILE:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
echo "Error: Socket TPM: Did not write volatile state file"
exit 1
fi
# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_process_gone ${PID} 4; then
echo "Error: TPM should not be running anymore."
exit 1
fi
if wait_file_gone $PID_FILE 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
check_logfile_patterns_level_20 $LOG_FILE
rm -f $LOG_FILE
echo "OK"
Reference in New Issue View Git Blame Copy Permalink