Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-01-09 14:19:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
27bf9db67e
swtpm/tests/test_ctrlchannel
Stefan Berger 27bf9db67e swtpm: Use tag-length-value blocks to store data in v2 format 
Prepend tag-length-value (tlv) headers in front of all data being stored in
the byte stream following the header. This lets us uniquely identify plain
data (= TPM state), encrypted data (= encrytped TPM state), migration data
(which is wrapped plain or encrytped TPM state), and an HMAC block to
validate the plain data.

We keep support for version 1 for reading the data but convert them to
version 2 when writing them out. This way we loose backwards compatibility
(downgrading of swtpm is not possible), but it allows us to extend the state
in the future by adding addition blocks with tlv headers.

Version 1 of the encryption was prepending the hash on the plaintext data
then encrypting all of it. This method is not so good. In version 2 we now
use Encrypt-then-MAC (EtM) where we encrypt the data and then calculate an
HMAC on the encrypted data.

Files written by the swtpm didn't have a header before. Now they also get a
header. This means that the state written into files and the state retrieved
using the API (swtpm_ioctl --save) have the same format, but still differ
in so far as the API wraps the data in a tlv header for migration, which the
files written out as state would never get.

Adapt a couple of test cases show file sizes and hashes have changed now.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2018-06-20 10:05:45 -04:00

592 lines
17 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# For the license, see the LICENSE file in the root directory.
DIR=$(dirname "$0")
ROOT=${DIR}/..
TPMDIR=`mktemp -d`
SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
PID_FILE=$TPMDIR/swtpm.pid
LOG_FILE=$TPMDIR/swtpm.log
CMD_PATH=$TPMDIR/cmd
RESP_PATH=$TPMDIR/resp
source ${DIR}/test_common
trap "cleanup" SIGTERM EXIT
function cleanup()
{
rm -rf $TPMDIR
if [ -n "$PID" ]; then
kill -SIGTERM $PID 2>/dev/null
fi
}
SWTPM_INTERFACE=socket+unix
SWTPM_SERVER_PORT=65430
SWTPM_SERVER_NAME=localhost
source ${DIR}/common
# Test 1: test the control channel on the socket tpm
# use a pseudo terminal
if [ -c /dev/ptmx ]; then
exec 100<>/dev/ptmx
elif [ -c /dev/ptm ]; then
exec 100<>/dev/ptm
else
echo "Could not find chardev for opening file descriptor."
exit 1
fi
$SWTPM_EXE socket \
--fd 100 \
--tpmstate dir=$TPMDIR \
--pid file=$PID_FILE \
--ctrl type=unixio,path=$SWTPM_CTRL_UNIX_PATH \
--log file=$LOG_FILE,level=20 &
exec 100>&-
if wait_for_file $PID_FILE 3; then
echo "Error: Socket TPM did not write pidfile."
exit 1
fi
PID="$(cat $PID_FILE)"
# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
if [[ "$(uname -s)" =~ (Linux|OpenBSD) ]]; then
exp=" 00 00 00 00 00 00 7f ff"
else
exp=" 00 00 00 00 00 00 6f ff"
fi
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_GET_CAPABILITY:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_INIT:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send unknown command to the TPM
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
exp=" 00 00 00 0a"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from sending unsupported command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_STORE_VOLATILE:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
echo "Error: Socket TPM: Did not write volatile state file"
exit 1
fi
# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_file_gone $PID_FILE 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
kill -0 $PID 2>/dev/null
if [ $? -eq 0 ]; then
echo "Error: TPM should not be running anymore."
exit 1
fi
check_logfile_patterns_level_20 $LOG_FILE
rm -f $LOG_FILE
echo "OK"
# Test 2: test the control channel on the socket tpm
# There are a few more tests here that require sending commands to the TPM
# use a pseudo terminal
run_swtpm ${SWTPM_INTERFACE} \
--tpmstate dir=$TPMDIR \
--pid file=$PID_FILE \
--log file=$LOG_FILE
if wait_for_file $PID_FILE 3; then
echo "Error: Socket TPM did not write pidfile."
cat $LOG_FILE
exit 1
fi
PID="$(cat $PID_FILE)"
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x01')"
if [[ "$(uname -s)" =~ (Linux|OpenBSD) ]]; then
exp=" 00 00 00 00 00 00 7f ff"
else
exp=" 00 00 00 00 00 00 6f ff"
fi
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_CAPABILITY:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_INIT:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send unknown command to the TPM
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\xff\xff')"
exp=" 00 00 00 0a"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending unsupported command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Startup the TPM
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')"
exp=' 00 c4 00 00 00 0a 00 00 00 00'
if [ "$res" != "$exp" ]; then
echo "Error: Did not get expected result from TPM_Startup(ST_Clear)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0a')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STORE_VOLATILE:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if [ ! -r $TPMDIR/tpm-00.volatilestate ]; then
echo "Error: Socket TPM: Did not write volatile state file"
exit 1
fi
# 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 2. Send command to start HASH : CMD_HASH_START = 00 00 00 06
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x06')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_START command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 2.1. Send command to hash data : CMD_HASH_DATA = 00 00 00 07 uint32(length) data
# We send 0x100 null bytes
echo -en '\x00\x00\x00\x07\x00\x00\x20\x00' > $CMD_PATH
dd if=/dev/zero count=$((0x2000)) bs=1 >> $CMD_PATH 2>/dev/null
socat -x -t10 FILE:$CMD_PATH,rdonly UNIX-CONNECT:$SWTPM_CTRL_UNIX_PATH 2>&1 | \
sed -n '/^ /p' | \
tail -n1 > $RESP_PATH
res="$(cat $RESP_PATH)"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_DATA command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 3. Send command to end HASH : CMD_HASH_END = 00 00 00 08
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x08')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_END command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 4. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
exp=" 00 00 00 00 01 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 5. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0b\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 6. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x04')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Read PCR 17
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
# cmd | flags | type | offset |
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
# result | flags | totlength | length |
exp=" 00 00 00 00 00 00 00 00 00 00 04 e5 00 00 04 e5"
if [ "${res:0:48}" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Read PCR 17 -- should fail now
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
exp=' 00 c4 00 00 00 0a 00 00 00 09'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0f')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_file_gone $PID_FILE 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
kill -0 $PID 2>/dev/null
if [ $? -eq 0 ]; then
echo "Error: Socket TPM should not be running anymore."
exit 1
fi
# Expecting to see an error message for the unknown command
check_logfile_patterns_level_1 $LOG_FILE 1
rm -f $LOG_FILE
echo "OK"
# Test 3: test the control channel on the socket tpm: resume encrypted state
# copy all the state files
cp ${PWD}/${DIR}/data/tpmstate2/* ${TPMDIR}
run_swtpm ${SWTPM_INTERFACE} \
--tpmstate dir=$TPMDIR \
--pid file=$PID_FILE \
--key pwdfile=${PWD}/${DIR}/data/tpmstate2/pwdfile.txt \
--log file=$LOG_FILE,level=20 \
--flags not-need-init
if wait_for_file $PID_FILE 3; then
echo "Error: Socket TPM did not write pidfile."
exit 1
fi
PID="$(cat $PID_FILE)"
# Read PCR 10
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
# cmd | flags | type | offset |
vstate="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
# result | flags | totlength | length |
exp=" 00 00 00 00 00 00 00 02 00 00 05 0c 00 00 05 0c"
if [ "${vstate:0:48}" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
echo " actual : ${vstate:0:48}"
echo " expected: $exp"
exit 1
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_file_gone $PID_FILE 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
kill -0 $PID 2>/dev/null
if [ $? -eq 0 ]; then
echo "Error: Socket TPM should not be running anymore."
exit 1
fi
check_logfile_patterns_level_20 $LOG_FILE
rm -f $LOG_FILE
echo "OK"
# remove volatile state
rm -f $TPMDIR/*.volatilestate
run_swtpm ${SWTPM_INTERFACE} \
--tpmstate dir=$TPMDIR \
--pid file=$PID_FILE \
--key pwdfile=${PWD}/${DIR}/data/tpmstate2/pwdfile.txt \
--log file=$LOG_FILE \
--flags not-need-init
if wait_for_file $PID_FILE 3; then
echo "Error: Socket TPM did not write pidfile."
exit 1
fi
PID="$(cat $PID_FILE)"
# Read PCR 10 -- this should fail now
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 0a 00 00 00 26'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send the volatile state to the TPM (while it is stopped)
# | cmd | flags | type |
vstate=${vstate:48}
size=$((${#vstate} / 3))
size=$(printf "%08x" $size | sed 's/\([0-9a-f]\{2\}\)/\\x\1/g')
vstate=$(echo "${vstate}" | sed 's/ /\\x/g')
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} "\x00\x00\x00\x0d\x00\x00\x00\x02\x00\x00\x00\x02${size}${vstate}")"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SET_STATEBLOB:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send init command to the TPM: CMD_INIT = 00 00 00 02
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x02\x00\x00\x00\x00')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_INIT:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Read PCR 10 -- has to return same result as before
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Reset PCR 20 while in locality 0 -- should not work
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
exp=' 00 c4 00 00 00 0a 00 00 00 33'
if [ "$res" != "$exp" ]; then
echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# In locality 2 we can reset PCR 20
# Set the localoty on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality>
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x05\x02')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SET_LOCALITY:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Reset PCR 20 while in locality 2 -- has to work
swtpm_open_cmddev ${SWTPM_INTERFACE} 100
res="$(swtpm_cmd_tx ${SWTPM_INTERFACE} '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
exp=' 00 c4 00 00 00 0a 00 00 00 00'
if [ "$res" != "$exp" ]; then
echo "Error: Could not reset PCR 20 in locality 2"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx ${SWTPM_INTERFACE} '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_file_gone $PID_FILE 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
kill -0 $PID 2>/dev/null
if [ $? -eq 0 ]; then
echo "Error: Socket TPM should not be running anymore."
exit 1
fi
# (Currently) expecting to see nothing in the log file
check_logfile_patterns_level_1 $LOG_FILE 0
rm -f $LOG_FILE
echo "OK"
exit 0
Reference in New Issue View Git Blame Copy Permalink