1*758e9fbaSOystein Eftevaag#!/usr/bin/env bash 2*758e9fbaSOystein Eftevaag#;**********************************************************************; 3*758e9fbaSOystein Eftevaag# Copyright (c) 2017 - 2018, Intel Corporation 4*758e9fbaSOystein Eftevaag# All rights reserved. 5*758e9fbaSOystein Eftevaag# 6*758e9fbaSOystein Eftevaag# Redistribution and use in source and binary forms, with or without 7*758e9fbaSOystein Eftevaag# modification, are permitted provided that the following conditions are met: 8*758e9fbaSOystein Eftevaag# 9*758e9fbaSOystein Eftevaag# 1. Redistributions of source code must retain the above copyright notice, 10*758e9fbaSOystein Eftevaag# this list of conditions and the following disclaimer. 11*758e9fbaSOystein Eftevaag# 12*758e9fbaSOystein Eftevaag# 2. Redistributions in binary form must reproduce the above copyright notice, 13*758e9fbaSOystein Eftevaag# this list of conditions and the following disclaimer in the documentation 14*758e9fbaSOystein Eftevaag# and/or other materials provided with the distribution. 15*758e9fbaSOystein Eftevaag# 16*758e9fbaSOystein Eftevaag# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17*758e9fbaSOystein Eftevaag# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18*758e9fbaSOystein Eftevaag# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19*758e9fbaSOystein Eftevaag# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 20*758e9fbaSOystein Eftevaag# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21*758e9fbaSOystein Eftevaag# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22*758e9fbaSOystein Eftevaag# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23*758e9fbaSOystein Eftevaag# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24*758e9fbaSOystein Eftevaag# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25*758e9fbaSOystein Eftevaag# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 26*758e9fbaSOystein Eftevaag# THE POSSIBILITY OF SUCH DAMAGE. 27*758e9fbaSOystein Eftevaag#;**********************************************************************; 28*758e9fbaSOystein Eftevaagset -u 29*758e9fbaSOystein Eftevaag 30*758e9fbaSOystein Eftevaagusage_error () 31*758e9fbaSOystein Eftevaag{ 32*758e9fbaSOystein Eftevaag echo "$0: $*" >&2 33*758e9fbaSOystein Eftevaag print_usage >&2 34*758e9fbaSOystein Eftevaag exit 2 35*758e9fbaSOystein Eftevaag} 36*758e9fbaSOystein Eftevaagprint_usage () 37*758e9fbaSOystein Eftevaag{ 38*758e9fbaSOystein Eftevaag cat <<END 39*758e9fbaSOystein EftevaagUsage: 40*758e9fbaSOystein Eftevaag int-log-compiler.sh TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS] 41*758e9fbaSOystein EftevaagEND 42*758e9fbaSOystein Eftevaag} 43*758e9fbaSOystein Eftevaagwhile test $# -gt 0; do 44*758e9fbaSOystein Eftevaag case $1 in 45*758e9fbaSOystein Eftevaag --help) print_usage; exit $?;; 46*758e9fbaSOystein Eftevaag --) shift; break;; 47*758e9fbaSOystein Eftevaag -*) usage_error "invalid option: '$1'";; 48*758e9fbaSOystein Eftevaag *) break;; 49*758e9fbaSOystein Eftevaag esac 50*758e9fbaSOystein Eftevaag shift 51*758e9fbaSOystein Eftevaagdone 52*758e9fbaSOystein Eftevaag 53*758e9fbaSOystein Eftevaag# Verify the running shell and OS environment is sufficient to run these tests. 54*758e9fbaSOystein Eftevaagsanity_test () 55*758e9fbaSOystein Eftevaag{ 56*758e9fbaSOystein Eftevaag # Check special file 57*758e9fbaSOystein Eftevaag if [ ! -e /dev/urandom ]; then 58*758e9fbaSOystein Eftevaag echo "Missing file /dev/urandom; exiting" 59*758e9fbaSOystein Eftevaag exit 1 60*758e9fbaSOystein Eftevaag fi 61*758e9fbaSOystein Eftevaag 62*758e9fbaSOystein Eftevaag # Check ps 63*758e9fbaSOystein Eftevaag PS_LINES=$(ps -e 2>/dev/null | wc -l) 64*758e9fbaSOystein Eftevaag if [ "$PS_LINES" -eq 0 ] ; then 65*758e9fbaSOystein Eftevaag echo "Command ps not listing processes; exiting" 66*758e9fbaSOystein Eftevaag exit 1 67*758e9fbaSOystein Eftevaag fi 68*758e9fbaSOystein Eftevaag 69*758e9fbaSOystein Eftevaag if [ -z "$(which tpm_server)" ]; then 70*758e9fbaSOystein Eftevaag echo "tpm_server not on PATH; exiting" 71*758e9fbaSOystein Eftevaag exit 1 72*758e9fbaSOystein Eftevaag fi 73*758e9fbaSOystein Eftevaag 74*758e9fbaSOystein Eftevaag if [ -z "$(which ss)" ]; then 75*758e9fbaSOystein Eftevaag echo "ss not on PATH; exiting" 76*758e9fbaSOystein Eftevaag exit 1 77*758e9fbaSOystein Eftevaag fi 78*758e9fbaSOystein Eftevaag} 79*758e9fbaSOystein Eftevaag 80*758e9fbaSOystein Eftevaag# This function takes a PID as a parameter and determines whether or not the 81*758e9fbaSOystein Eftevaag# process is currently running. If the daemon is running 0 is returned. Any 82*758e9fbaSOystein Eftevaag# other value indicates that the daemon isn't running. 83*758e9fbaSOystein Eftevaagdaemon_status () 84*758e9fbaSOystein Eftevaag{ 85*758e9fbaSOystein Eftevaag local pid=$1 86*758e9fbaSOystein Eftevaag 87*758e9fbaSOystein Eftevaag if [ $(kill -0 "${pid}" 2> /dev/null) ]; then 88*758e9fbaSOystein Eftevaag echo "failed to detect running daemon with PID: ${pid}"; 89*758e9fbaSOystein Eftevaag return 1 90*758e9fbaSOystein Eftevaag fi 91*758e9fbaSOystein Eftevaag return 0 92*758e9fbaSOystein Eftevaag} 93*758e9fbaSOystein Eftevaag 94*758e9fbaSOystein Eftevaag# This is a generic function to start a daemon, setup the environment 95*758e9fbaSOystein Eftevaag# variables, redirect output to a log file, store the PID of the daemon 96*758e9fbaSOystein Eftevaag# in a file and disconnect the daemon from the parent shell. 97*758e9fbaSOystein Eftevaagdaemon_start () 98*758e9fbaSOystein Eftevaag{ 99*758e9fbaSOystein Eftevaag local daemon_bin="$1" 100*758e9fbaSOystein Eftevaag local daemon_opts="$2" 101*758e9fbaSOystein Eftevaag local daemon_log_file="$3" 102*758e9fbaSOystein Eftevaag local daemon_pid_file="$4" 103*758e9fbaSOystein Eftevaag local daemon_env="$5" 104*758e9fbaSOystein Eftevaag 105*758e9fbaSOystein Eftevaag env ${daemon_env} stdbuf -o0 -e0 ${daemon_bin} ${daemon_opts} > ${daemon_log_file} 2>&1 & 106*758e9fbaSOystein Eftevaag local ret=$? 107*758e9fbaSOystein Eftevaag local pid=$! 108*758e9fbaSOystein Eftevaag if [ ${ret} -ne 0 ]; then 109*758e9fbaSOystein Eftevaag echo "failed to start daemon: \"${daemon_bin}\" with env: \"${daemon_env}\"" 110*758e9fbaSOystein Eftevaag exit ${ret} 111*758e9fbaSOystein Eftevaag fi 112*758e9fbaSOystein Eftevaag sleep 1 113*758e9fbaSOystein Eftevaag daemon_status "${pid}" 114*758e9fbaSOystein Eftevaag if [ $? -ne 0 ]; then 115*758e9fbaSOystein Eftevaag echo "daemon died after successfully starting in background, check " \ 116*758e9fbaSOystein Eftevaag "log file: ${daemon_log_file}" 117*758e9fbaSOystein Eftevaag return 1 118*758e9fbaSOystein Eftevaag fi 119*758e9fbaSOystein Eftevaag echo ${pid} > ${daemon_pid_file} 120*758e9fbaSOystein Eftevaag disown ${pid} 121*758e9fbaSOystein Eftevaag echo "successfully started daemon: ${daemon_bin} with PID: ${pid}" 122*758e9fbaSOystein Eftevaag return 0 123*758e9fbaSOystein Eftevaag} 124*758e9fbaSOystein Eftevaag# function to start the simulator 125*758e9fbaSOystein Eftevaag# This also that we have a private place to store the NVChip file. Since we 126*758e9fbaSOystein Eftevaag# can't tell the simulator what to name this file we must generate a random 127*758e9fbaSOystein Eftevaag# directory under /tmp, move to this directory, start the simulator, then 128*758e9fbaSOystein Eftevaag# return to the old pwd. 129*758e9fbaSOystein Eftevaagsimulator_start () 130*758e9fbaSOystein Eftevaag{ 131*758e9fbaSOystein Eftevaag local sim_bin="$1" 132*758e9fbaSOystein Eftevaag local sim_port="$2" 133*758e9fbaSOystein Eftevaag local sim_log_file="$3" 134*758e9fbaSOystein Eftevaag local sim_pid_file="$4" 135*758e9fbaSOystein Eftevaag local sim_tmp_dir="$5" 136*758e9fbaSOystein Eftevaag # simulator port is a random port between 1024 and 65535 137*758e9fbaSOystein Eftevaag 138*758e9fbaSOystein Eftevaag cd ${sim_tmp_dir} 139*758e9fbaSOystein Eftevaag daemon_start "${sim_bin}" "-port ${sim_port}" "${sim_log_file}" \ 140*758e9fbaSOystein Eftevaag "${sim_pid_file}" "" 141*758e9fbaSOystein Eftevaag local ret=$? 142*758e9fbaSOystein Eftevaag cd - 143*758e9fbaSOystein Eftevaag return $ret 144*758e9fbaSOystein Eftevaag} 145*758e9fbaSOystein Eftevaag# function to stop a running daemon 146*758e9fbaSOystein Eftevaag# This function takes a single parameter: a file containing the PID of the 147*758e9fbaSOystein Eftevaag# process to be killed. The PID is extracted and the daemon killed. 148*758e9fbaSOystein Eftevaagdaemon_stop () 149*758e9fbaSOystein Eftevaag{ 150*758e9fbaSOystein Eftevaag local pid_file=$1 151*758e9fbaSOystein Eftevaag local pid=0 152*758e9fbaSOystein Eftevaag local ret=0 153*758e9fbaSOystein Eftevaag 154*758e9fbaSOystein Eftevaag if [ ! -f ${pid_file} ]; then 155*758e9fbaSOystein Eftevaag echo "failed to stop daemon, no pid file: ${pid_file}" 156*758e9fbaSOystein Eftevaag return 1 157*758e9fbaSOystein Eftevaag fi 158*758e9fbaSOystein Eftevaag pid=$(cat ${pid_file}) 159*758e9fbaSOystein Eftevaag daemon_status "${pid}" 160*758e9fbaSOystein Eftevaag ret=$? 161*758e9fbaSOystein Eftevaag if [ ${ret} -ne 0 ]; then 162*758e9fbaSOystein Eftevaag echo "failed to detect running daemon with PID: ${pid}"; 163*758e9fbaSOystein Eftevaag return ${ret} 164*758e9fbaSOystein Eftevaag fi 165*758e9fbaSOystein Eftevaag kill ${pid} 166*758e9fbaSOystein Eftevaag ret=$? 167*758e9fbaSOystein Eftevaag if [ ${ret} -ne 0 ]; then 168*758e9fbaSOystein Eftevaag echo "failed to kill daemon process with PID: ${pid}" 169*758e9fbaSOystein Eftevaag fi 170*758e9fbaSOystein Eftevaag return ${ret} 171*758e9fbaSOystein Eftevaag} 172*758e9fbaSOystein Eftevaag 173*758e9fbaSOystein EftevaagOS=$(uname) 174*758e9fbaSOystein Eftevaag 175*758e9fbaSOystein Eftevaagif [ "$OS" == "Linux" ]; then 176*758e9fbaSOystein Eftevaag sanity_test 177*758e9fbaSOystein Eftevaagfi 178*758e9fbaSOystein Eftevaag 179*758e9fbaSOystein Eftevaag# Once option processing is done, $@ should be the name of the test executable 180*758e9fbaSOystein Eftevaag# followed by all of the options passed to the test executable. 181*758e9fbaSOystein EftevaagTEST_BIN=$(realpath "$1") 182*758e9fbaSOystein EftevaagTEST_DIR=$(dirname "$1") 183*758e9fbaSOystein EftevaagTEST_NAME=$(basename "${TEST_BIN}") 184*758e9fbaSOystein Eftevaag 185*758e9fbaSOystein Eftevaag# start an instance of the simulator for the test, have it use a random port 186*758e9fbaSOystein EftevaagSIM_LOG_FILE=${TEST_BIN}_simulator.log 187*758e9fbaSOystein EftevaagSIM_PID_FILE=${TEST_BIN}_simulator.pid 188*758e9fbaSOystein EftevaagSIM_TMP_DIR=$(mktemp -d /tmp/tpm_server_XXXXXX) 189*758e9fbaSOystein EftevaagPORT_MIN=1024 190*758e9fbaSOystein EftevaagPORT_MAX=65534 191*758e9fbaSOystein EftevaagBACKOFF_FACTOR=2 192*758e9fbaSOystein EftevaagBACKOFF_MAX=6 193*758e9fbaSOystein EftevaagBACKOFF=1 194*758e9fbaSOystein Eftevaag 195*758e9fbaSOystein Eftevaagsock_tool="unknown" 196*758e9fbaSOystein Eftevaag 197*758e9fbaSOystein Eftevaagif [ "$OS" == "Linux" ]; then 198*758e9fbaSOystein Eftevaag sock_tool="ss -lntp4" 199*758e9fbaSOystein Eftevaagelif [ "$OS" == "FreeBSD" ]; then 200*758e9fbaSOystein Eftevaag sock_tool="sockstat -l4" 201*758e9fbaSOystein Eftevaagfi 202*758e9fbaSOystein Eftevaag 203*758e9fbaSOystein Eftevaagfor i in $(seq ${BACKOFF_MAX}); do 204*758e9fbaSOystein Eftevaag SIM_PORT_DATA=$(od -A n -N 2 -t u2 /dev/urandom | awk -v min=${PORT_MIN} -v max=${PORT_MAX} '{print ($1 % (max - min)) + min}') 205*758e9fbaSOystein Eftevaag if [ $(expr ${SIM_PORT_DATA} % 2) -eq 1 ]; then 206*758e9fbaSOystein Eftevaag SIM_PORT_DATA=$((${SIM_PORT_DATA}-1)) 207*758e9fbaSOystein Eftevaag fi 208*758e9fbaSOystein Eftevaag SIM_PORT_CMD=$((${SIM_PORT_DATA}+1)) 209*758e9fbaSOystein Eftevaag echo "Starting simulator on port ${SIM_PORT_DATA}" 210*758e9fbaSOystein Eftevaag simulator_start tpm_server ${SIM_PORT_DATA} ${SIM_LOG_FILE} ${SIM_PID_FILE} ${SIM_TMP_DIR} 211*758e9fbaSOystein Eftevaag sleep 1 # give daemon time to bind to ports 212*758e9fbaSOystein Eftevaag if [ ! -s ${SIM_PID_FILE} ] ; then 213*758e9fbaSOystein Eftevaag echo "Simulator PID file is empty or missing. Giving up." 214*758e9fbaSOystein Eftevaag exit 1 215*758e9fbaSOystein Eftevaag fi 216*758e9fbaSOystein Eftevaag PID=$(cat ${SIM_PID_FILE}) 217*758e9fbaSOystein Eftevaag echo "simulator PID: ${PID}"; 218*758e9fbaSOystein Eftevaag ${sock_tool} 2> /dev/null | grep "${PID}" | grep "${SIM_PORT_DATA}" 219*758e9fbaSOystein Eftevaag ret_data=$? 220*758e9fbaSOystein Eftevaag ${sock_tool} 2> /dev/null | grep "${PID}" | grep "${SIM_PORT_CMD}" 221*758e9fbaSOystein Eftevaag ret_cmd=$? 222*758e9fbaSOystein Eftevaag if [ \( $ret_data -eq 0 \) -a \( $ret_cmd -eq 0 \) ]; then 223*758e9fbaSOystein Eftevaag echo "Simulator with PID ${PID} bound to port ${SIM_PORT_DATA} and " \ 224*758e9fbaSOystein Eftevaag "${SIM_PORT_CMD} successfully."; 225*758e9fbaSOystein Eftevaag break 226*758e9fbaSOystein Eftevaag fi 227*758e9fbaSOystein Eftevaag echo "Port conflict? Cleaning up PID: ${PID}" 228*758e9fbaSOystein Eftevaag kill "${PID}" 229*758e9fbaSOystein Eftevaag BACKOFF=$((${BACKOFF}*${BACKOFF_FACTOR})) 230*758e9fbaSOystein Eftevaag echo "Failed to start simulator: port ${SIM_PORT_DATA} or " \ 231*758e9fbaSOystein Eftevaag "${SIM_PORT_CMD} probably in use. Retrying in ${BACKOFF}." 232*758e9fbaSOystein Eftevaag sleep ${BACKOFF} 233*758e9fbaSOystein Eftevaag if [ $i -eq 10 ]; then 234*758e9fbaSOystein Eftevaag echo "Failed to start simulator after $i tries. Giving up."; 235*758e9fbaSOystein Eftevaag exit 1 236*758e9fbaSOystein Eftevaag fi 237*758e9fbaSOystein Eftevaagdone 238*758e9fbaSOystein Eftevaag 239*758e9fbaSOystein Eftevaagwhile true; do 240*758e9fbaSOystein Eftevaag 241*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 242*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 243*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 244*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 245*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_startup 246*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 247*758e9fbaSOystein Eftevaag echo "TPM_StartUp failed" 248*758e9fbaSOystein Eftevaag ret=99 249*758e9fbaSOystein Eftevaag break 250*758e9fbaSOystein Eftevaagfi 251*758e9fbaSOystein Eftevaag 252*758e9fbaSOystein EftevaagEKPUB_FILE=${TEST_BIN}_ekpub.pem 253*758e9fbaSOystein EftevaagEKCERT_FILE=${TEST_BIN}_ekcert.crt 254*758e9fbaSOystein EftevaagEKCERT_PEM_FILE=${TEST_BIN}_ekcert.pem 255*758e9fbaSOystein Eftevaag 256*758e9fbaSOystein Eftevaag 257*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 258*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 259*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 260*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 261*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_getek>$EKPUB_FILE 262*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 263*758e9fbaSOystein Eftevaag echo "TPM_getek failed" 264*758e9fbaSOystein Eftevaag ret=99 265*758e9fbaSOystein Eftevaag break 266*758e9fbaSOystein Eftevaagfi 267*758e9fbaSOystein Eftevaag 268*758e9fbaSOystein EftevaagEKECCPUB_FILE=${TEST_BIN}_ekeccpub.pem 269*758e9fbaSOystein EftevaagEKECCCERT_FILE=${TEST_BIN}_ekecccert.crt 270*758e9fbaSOystein EftevaagEKECCCERT_PEM_FILE=${TEST_BIN}_ekecccert.pem 271*758e9fbaSOystein Eftevaag 272*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 273*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 274*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 275*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 276*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_getek_ecc>$EKECCPUB_FILE 277*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 278*758e9fbaSOystein Eftevaag echo "TPM_getek_ecc failed" 279*758e9fbaSOystein Eftevaag ret=99 280*758e9fbaSOystein Eftevaag break 281*758e9fbaSOystein Eftevaagfi 282*758e9fbaSOystein Eftevaag 283*758e9fbaSOystein EftevaagINTERMEDCA_FILE=${TEST_BIN}_intermedecc-ca 284*758e9fbaSOystein EftevaagROOTCA_FILE=${TEST_BIN}_root-ca 285*758e9fbaSOystein Eftevaag 286*758e9fbaSOystein Eftevaagif [ "$OS" == "Linux" ]; then 287*758e9fbaSOystein Eftevaag SCRIPTDIR="$(dirname $(realpath $0))/" 288*758e9fbaSOystein Eftevaag ${SCRIPTDIR}/ekca/create_ca.sh "${EKPUB_FILE}" "${EKECCPUB_FILE}" "${EKCERT_FILE}" \ 289*758e9fbaSOystein Eftevaag "${EKECCCERT_FILE}" "${INTERMEDCA_FILE}" "${ROOTCA_FILE}" >${TEST_BIN}_ca.log 2>&1 290*758e9fbaSOystein Eftevaag if [ $? -ne 0 ]; then 291*758e9fbaSOystein Eftevaag echo "ek-cert ca failed" 292*758e9fbaSOystein Eftevaag ret=99 293*758e9fbaSOystein Eftevaag break 294*758e9fbaSOystein Eftevaag fi 295*758e9fbaSOystein Eftevaagfi 296*758e9fbaSOystein Eftevaag 297*758e9fbaSOystein Eftevaag# Determine the fingerprint of the RSA EK public. 298*758e9fbaSOystein EftevaagFINGERPRINT=$(openssl pkey -pubin -inform PEM -in $EKPUB_FILE -outform DER | sha256sum | cut -f 1 -d ' ') 299*758e9fbaSOystein Eftevaagexport FAPI_TEST_FINGERPRINT=" { \"hashAlg\" : \"sha256\", \"digest\" : \"$FINGERPRINT\" }" 300*758e9fbaSOystein Eftevaagopenssl x509 -inform DER -in $EKCERT_FILE -outform PEM -out $EKCERT_PEM_FILE 301*758e9fbaSOystein Eftevaagexport FAPI_TEST_CERTIFICATE="file:${EKCERT_PEM_FILE}" 302*758e9fbaSOystein Eftevaag 303*758e9fbaSOystein Eftevaag# Determine the fingerprint of the RSA EK public. 304*758e9fbaSOystein EftevaagFINGERPRINT_ECC=$(openssl pkey -pubin -inform PEM -in $EKECCPUB_FILE -outform DER | sha256sum | cut -f 1 -d ' ') 305*758e9fbaSOystein Eftevaagexport FAPI_TEST_FINGERPRINT_ECC=" { \"hashAlg\" : \"sha256\", \"digest\" : \"$FINGERPRINT_ECC\" }" 306*758e9fbaSOystein Eftevaagopenssl x509 -inform DER -in $EKECCCERT_FILE -outform PEM -out $EKECCCERT_PEM_FILE 307*758e9fbaSOystein Eftevaagexport FAPI_TEST_CERTIFICATE_ECC="file:${EKECCCERT_PEM_FILE}" 308*758e9fbaSOystein Eftevaag 309*758e9fbaSOystein Eftevaagcat $EKCERT_FILE | \ 310*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 311*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 312*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 313*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 314*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_writeekcert 1C00002 315*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 316*758e9fbaSOystein Eftevaag echo "TPM_writeekcert failed" 317*758e9fbaSOystein Eftevaag ret=99 318*758e9fbaSOystein Eftevaag break 319*758e9fbaSOystein Eftevaagfi 320*758e9fbaSOystein Eftevaag 321*758e9fbaSOystein Eftevaagcat $EKECCCERT_FILE | \ 322*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 323*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 324*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 325*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 326*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_writeekcert 1C0000A 327*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 328*758e9fbaSOystein Eftevaag echo "TPM_writeekcert failed" 329*758e9fbaSOystein Eftevaag ret=99 330*758e9fbaSOystein Eftevaagfi 331*758e9fbaSOystein Eftevaag 332*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 333*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 334*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 335*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 336*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_transientempty 337*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 338*758e9fbaSOystein Eftevaag echo "TPM transient area not empty => skipping" 339*758e9fbaSOystein Eftevaag ret=99 340*758e9fbaSOystein Eftevaag break 341*758e9fbaSOystein Eftevaagfi 342*758e9fbaSOystein Eftevaag 343*758e9fbaSOystein EftevaagTPMSTATE_FILE1=${TEST_BIN}_state1 344*758e9fbaSOystein EftevaagTPMSTATE_FILE2=${TEST_BIN}_state2 345*758e9fbaSOystein Eftevaag 346*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 347*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 348*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 349*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 350*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>$TPMSTATE_FILE1 351*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 352*758e9fbaSOystein Eftevaag echo "Error during dumpstate" 353*758e9fbaSOystein Eftevaag ret=99 354*758e9fbaSOystein Eftevaag break 355*758e9fbaSOystein Eftevaagfi 356*758e9fbaSOystein Eftevaag 357*758e9fbaSOystein Eftevaagecho "Execute the test script" 358*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 359*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 360*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 361*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 362*758e9fbaSOystein Eftevaag FAPI_TEST_ROOT_CERT=${ROOTCA_FILE}.pem \ 363*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all $@ 364*758e9fbaSOystein Eftevaagret=$? 365*758e9fbaSOystein Eftevaagecho "Script returned $ret" 366*758e9fbaSOystein Eftevaag 367*758e9fbaSOystein Eftevaag#We check the state before a reboot to see if transients and NV were chagned. 368*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 369*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 370*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 371*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 372*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>$TPMSTATE_FILE2 373*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 374*758e9fbaSOystein Eftevaag echo "Error during dumpstate" 375*758e9fbaSOystein Eftevaag ret=99 376*758e9fbaSOystein Eftevaag break 377*758e9fbaSOystein Eftevaagfi 378*758e9fbaSOystein Eftevaag 379*758e9fbaSOystein Eftevaagif [ "$(cat $TPMSTATE_FILE1)" != "$(cat $TPMSTATE_FILE2)" ]; then 380*758e9fbaSOystein Eftevaag echo "TPM changed state during test" 381*758e9fbaSOystein Eftevaag echo "State before ($TPMSTATE_FILE1):" 382*758e9fbaSOystein Eftevaag cat $TPMSTATE_FILE1 383*758e9fbaSOystein Eftevaag echo "State after ($TPMSTATE_FILE2):" 384*758e9fbaSOystein Eftevaag cat $TPMSTATE_FILE2 385*758e9fbaSOystein Eftevaag ret=1 386*758e9fbaSOystein Eftevaag break 387*758e9fbaSOystein Eftevaagfi 388*758e9fbaSOystein Eftevaag 389*758e9fbaSOystein Eftevaagbreak 390*758e9fbaSOystein Eftevaag 391*758e9fbaSOystein Eftevaag#TODO: Add a tpm-restart/reboot here 392*758e9fbaSOystein Eftevaag 393*758e9fbaSOystein Eftevaag#We check the state again after a reboot to see if PCR allocations were chagned. 394*758e9fbaSOystein Eftevaagenv TPM20TEST_TCTI_NAME="socket" \ 395*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_ADDRESS="127.0.0.1" \ 396*758e9fbaSOystein Eftevaag TPM20TEST_SOCKET_PORT="${SIM_PORT_DATA}" \ 397*758e9fbaSOystein Eftevaag TPM20TEST_TCTI="mssim:host=127.0.0.1,port=${SIM_PORT_DATA}" \ 398*758e9fbaSOystein Eftevaag G_MESSAGES_DEBUG=all ./test/helper/tpm_dumpstate>$TPMSTATE_FILE2 399*758e9fbaSOystein Eftevaagif [ $? -ne 0 ]; then 400*758e9fbaSOystein Eftevaag echo "Error during dumpstate" 401*758e9fbaSOystein Eftevaag ret=99 402*758e9fbaSOystein Eftevaag break 403*758e9fbaSOystein Eftevaagfi 404*758e9fbaSOystein Eftevaag 405*758e9fbaSOystein Eftevaagif [ "$(cat $TPMSTATE_FILE1)" != "$(cat $TPMSTATE_FILE2)" ]; then 406*758e9fbaSOystein Eftevaag echo "TPM changed state during test" 407*758e9fbaSOystein Eftevaag echo "State before ($TPMSTATE_FILE1):" 408*758e9fbaSOystein Eftevaag cat $TPMSTATE_FILE1 409*758e9fbaSOystein Eftevaag echo "State after ($TPMSTATE_FILE2):" 410*758e9fbaSOystein Eftevaag cat $TPMSTATE_FILE2 411*758e9fbaSOystein Eftevaag ret=1 412*758e9fbaSOystein Eftevaag break 413*758e9fbaSOystein Eftevaagfi 414*758e9fbaSOystein Eftevaag 415*758e9fbaSOystein Eftevaagbreak 416*758e9fbaSOystein Eftevaagdone 417*758e9fbaSOystein Eftevaag 418*758e9fbaSOystein Eftevaag# This sleep is sadly necessary: If we kill the tabrmd w/o sleeping for a 419*758e9fbaSOystein Eftevaag# second after the test finishes the simulator will die too. Bug in the 420*758e9fbaSOystein Eftevaag# simulator? 421*758e9fbaSOystein Eftevaagsleep 1 422*758e9fbaSOystein Eftevaag# teardown 423*758e9fbaSOystein Eftevaagdaemon_stop ${SIM_PID_FILE} 424*758e9fbaSOystein Eftevaagrm -rf ${SIM_TMP_DIR} ${SIM_PID_FILE} 425*758e9fbaSOystein Eftevaag 426*758e9fbaSOystein Eftevaagexit $ret 427