| #!/usr/bin/env bash |
| |
| # For the license, see the LICENSE file in the root directory. |
| #set -x |
| |
| if [ ${SWTPM_TEST_IBMTSS2:-0} -eq 0 ]; then |
| echo "SWTPM_TEST_IBMTSS2 must be set to run this test." |
| exit 77 |
| fi |
| |
| type -p nvdefinespace startup &>/dev/null |
| if [ $? -ne 0 ]; then |
| PREFIX=tss |
| type -p ${PREFIX}nvdefinespace ${PREFIX}startup |
| fi |
| if [ $? -ne 0 ]; then |
| echo "Could not find TPM2 tools (e.g., (tss)startup, (tss)nvdefinespace) in PATH." |
| exit 77 |
| fi |
| TOOLSPATH=$(dirname $(type -P ${PREFIX}startup)) |
| |
| ROOT=${abs_top_builddir:-$(dirname "$0")/..} |
| TESTDIR=${abs_top_testdir:-$(dirname "$0")} |
| |
| SWTPM=swtpm |
| SWTPM_EXE=${SWTPM_EXE:-$ROOT/src/swtpm/$SWTPM} |
| SWTPM_IOCTL=$ROOT/src/swtpm_ioctl/swtpm_ioctl |
| TPMDIR=`mktemp -d` |
| PID_FILE=$TPMDIR/${SWTPM}.pid |
| SOCK_PATH=$TPMDIR/sock |
| CMD_PATH=$TPMDIR/cmd |
| RESP_PATH=$TPMDIR/resp |
| LOGFILE=$TPMDIR/logfile |
| VOLATILESTATE=$TPMDIR/volatile |
| TMPFILE=$TPMDIR/tmpfile |
| BINFILE=$TPMDIR/binfile |
| SIGFILE=$TPMDIR/sigfile |
| SIGFILE2=$TPMDIR/sigfile2 |
| TMP2FILE=$TPMDIR/tmpfile2 |
| |
| |
| HKEYPRIV=${TESTDIR}/data/tpm2state3/hkey.priv |
| HKEYPUB=${TESTDIR}/data/tpm2state3/hkey.pub |
| |
| source ${TESTDIR}/test_common |
| source ${TESTDIR}/common |
| |
| trap "cleanup" SIGTERM EXIT |
| |
| function cleanup() |
| { |
| rm -rf $TPMDIR |
| # remove files from tss tools |
| rm -f h01*.bin nvp*.bin |
| if [ -n "$PID" ]; then |
| kill_quiet -SIGTERM $PID 2>/dev/null |
| fi |
| } |
| |
| function test_nvram_state() |
| { |
| local create="$1" |
| local check="$2" |
| |
| local i res rc act exp |
| |
| if [ $create -eq 1 ]; then |
| for ((i=0; i < 10; i++)); do |
| printf "Creating NVRAM location 01%06x\n" $i |
| # the '+at wd' allows us to only write once |
| ${TOOLSPATH}/${PREFIX}nvdefinespace \ |
| -ha $(printf "01%06x" $i) \ |
| -sz $((100 + i * 10)) \ |
| -pwdn nnn \ |
| +at wst \ |
| +at wd \ |
| -hi o >/dev/null |
| if [ $? -ne 0 ]; then |
| echo "Error: nvdefinespace failed for i = $i." |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}nvwrite \ |
| -ha $(printf "01%06x" $i) \ |
| -ic "Hello TPM2" \ |
| -pwdn nnn |
| if [ $? -ne 0 ]; then |
| echo "Error: nwrite failed for i = $i." |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}nvwritelock \ |
| -ha $(printf "01%06x" $i) \ |
| -pwdn nnn |
| if [ $? -ne 0 ]; then |
| echo "Error: nwritelock failed for i = $i." |
| exit 1 |
| fi |
| done |
| |
| # Create a counter space |
| echo "Creating NVRAM location 01000010 for counter" |
| ${TOOLSPATH}/${PREFIX}nvdefinespace \ |
| -hi o \ |
| -ha 01000010 \ |
| -pwdn nnn \ |
| -ty c >/dev/null |
| if [ $? -ne 0 ]; then |
| echo "Error: nvdefinespace for counter failed." |
| exit 1 |
| fi |
| |
| echo "Incrementing the counter at location 01000010" |
| ${TOOLSPATH}/${PREFIX}nvincrement \ |
| -ha 01000010 \ |
| -pwdn nnn >/dev/null |
| if [ $? -ne 0 ]; then |
| echo "Error: nvincrement failed." |
| exit 1 |
| fi |
| fi |
| |
| if [ $check -eq 1 ]; then |
| for ((i=0; i < 10; i++)); do |
| printf "Checking NVRAM location 01%06x\n" $i |
| ${TOOLSPATH}/${PREFIX}nvread \ |
| -ha $(printf "01%06x" $i) \ |
| -pwdn nnn \ |
| -sz 10 > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: nvread failed for i = $i" |
| cat $TMPFILE |
| exit 1 |
| fi |
| |
| # we want one line with xdigits and spaces |
| res=$(cat $TMPFILE | \ |
| grep -E "^[ [:xdigit:]]+$" | |
| wc -l) |
| if [ $res -ne 1 ]; then |
| echo "Error: nvread did not show expected results" |
| cat $TMPFILE |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}nvwrite \ |
| -ha $(printf "01%06x" $i) \ |
| -ic "Hello TPM2" \ |
| -pwdn nnn > $TMPFILE |
| rc=$? |
| if [ $rc -eq 0 ]; then |
| echo "Error: nwrite succeeded for i = $i." |
| exit 1 |
| fi |
| done |
| |
| # Read the counter |
| echo "Checking counter value at location 01000010" |
| ${TOOLSPATH}/${PREFIX}nvread \ |
| -ha 01000010 \ |
| -pwdn nnn \ |
| -sz 8 \ |
| -of $BINFILE > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: nvread of counter failed." |
| cat $TMPFILE |
| exit 1 |
| fi |
| exp=' 00 00 00 00 00 00 00 01' |
| act="$(od -t x1 -A n < $BINFILE)" |
| if [ "$act" != "$exp" ]; then |
| echo "Error: Counter has unexpected value." |
| echo " expected: $exp" |
| echo " actual : $act" |
| fi |
| fi |
| } |
| |
| function test_primary() |
| { |
| local create="$1" |
| local check="$2" |
| # whether we are using previous stored stated that had a different |
| # key and we have to use the old signature |
| local previousstate="$3" |
| |
| local i res rc |
| |
| if [ $create -eq 1 ]; then |
| # Create a permanent primary key that we expecte |
| # to again see after the TPM has been restarted |
| ${TOOLSPATH}/${PREFIX}createprimary -hi o -si > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: createprimary failed." |
| exit 1 |
| fi |
| if [ -z "$(grep 80000000 $TMPFILE)" ]; then |
| echo "Error: createprimary did not result in expected handle 80000000" |
| exit 1 |
| fi |
| ${TOOLSPATH}/${PREFIX}evictcontrol -ho 80000000 -hp 81000000 -hi o |
| if [ $? -ne 0 ]; then |
| echo "Error: evictcontrol did not work" |
| exit 1 |
| fi |
| ${TOOLSPATH}/${PREFIX}flushcontext -ha 80000000 |
| |
| echo -n "123" > $BINFILE |
| ${TOOLSPATH}/${PREFIX}sign -hk 81000000 -if ${BINFILE} -os ${SIGFILE} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not create signature." |
| cat $TMPFILE |
| exit 1 |
| fi |
| fi |
| |
| if [ $check -eq 1 ]; then |
| printf "Checking availability of key with perm. handle 0x81000000\n" |
| ${TOOLSPATH}/${PREFIX}getcapability -cap 1 -pr 0x81000000 >$TMPFILE |
| if [ -z "$(grep 81000000 $TMPFILE)" ]; then |
| echo "Could not find key with permanent handle 0x81000000" |
| exit 1 |
| fi |
| printf "Verifying signature with this key\n" |
| echo -n "123" > $BINFILE |
| if [ $previousstate -eq 0 ]; then |
| ${TOOLSPATH}/${PREFIX}verifysignature -hk 81000000 \ |
| -is ${SIGFILE} \ |
| -if ${BINFILE} > $TMPFILE |
| else |
| ${TOOLSPATH}/${PREFIX}verifysignature -hk 81000000 \ |
| -is ${TESTDIR}/data/tpm2state3/signature.bin \ |
| -if ${BINFILE} > $TMPFILE |
| fi |
| if [ $? -ne 0 ]; then |
| echo "Verifying signature failed." |
| exit 1 |
| fi |
| fi |
| } |
| |
| # Allocate a SHA256 PCR bank |
| # This will prevent shutdown -s (with state) |
| function test_pcr_allocation() |
| { |
| local create="$1" |
| local check="$2" |
| |
| local i res rc ha |
| |
| if [ -z "$($TOOLSPATH/${PREFIX}pcrallocate | grep sha512)" ]; then |
| echo " Skipping PCR Allocate test since it does not support sha512" |
| return 0 |
| fi |
| |
| if [ $create -eq 1 ]; then |
| echo "Allocating SHA256 PCR bank" |
| ${TOOLSPATH}/${PREFIX}pcrallocate -sha512 +sha256 |
| |
| for ((ha = 0; ha < 24; ha++)); do |
| ${TOOLSPATH}/${PREFIX}pcrread -ha ${ha} -halg sha512 > $TMPFILE |
| if [ -z "$(grep "^count 1.*$" $TMPFILE)" ]; then |
| echo "Error: PCR ${ha} in SHA512 bank should be available for read before reboot" |
| cat $TMPFILE |
| exit 1 |
| fi |
| ${TOOLSPATH}/${PREFIX}pcrread -ha ${ha} -halg sha256 > $TMPFILE |
| if [ -z "$(grep "^count 1.*$" $TMPFILE)" ]; then |
| echo "Error: PCR ${ha} in SHA256 bank should be available for read before reboot" |
| cat $TMPFILE |
| exit 1 |
| fi |
| done |
| fi |
| |
| if [ $check -eq 1 ]; then |
| echo "Checking the PCR Allocation" |
| |
| for ((ha = 0; ha < 24; ha++)); do |
| ${TOOLSPATH}/${PREFIX}pcrread -ha ${ha} -halg sha512 > $TMPFILE |
| if [ -z "$(grep "^count 0.*$" $TMPFILE)" ]; then |
| echo "Error: PCR ${ha} in SHA512 bank should be unavailable for read after reboot" |
| cat $TMPFILE |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}pcrread -ha ${ha} -halg sha256 > $TMPFILE |
| if [ -z "$(grep "^count 1.*$" $TMPFILE)" ]; then |
| echo "Error: PCR ${ha} in SHA256 bank should be available for read after reboot" |
| exit 1 |
| fi |
| done |
| fi |
| } |
| |
| function test_hierarchy() |
| { |
| local create="$1" |
| local check="$2" |
| |
| local hi pwdn pwda |
| |
| if [ $create -eq 1 ]; then |
| echo "Setting hierarchy passwords" |
| # Change the hierarchy password; the 'p' hierarchy has |
| # no effect on permanent RAM, so we won't test that |
| for hi in "l" "e" "o"; do |
| pwdn="${hi}${hi}${hi}" |
| ${TOOLSPATH}/${PREFIX}hierarchychangeauth \ |
| -hi ${hi} \ |
| -pwdn ${pwdn} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: hierarchychangeauth failed to set password." |
| cat $TMPFILE |
| exit 1 |
| fi |
| done |
| fi |
| |
| if [ $check -eq 1 ]; then |
| echo "Checking previously set hierarchy passwords" |
| for hi in "l" "e" "o"; do |
| pwda="${hi}${hi}${hi}" |
| pwdn="new-${pwda}" |
| |
| ${TOOLSPATH}/${PREFIX}hierarchychangeauth \ |
| -hi ${hi} \ |
| -pwda ${pwda} \ |
| -pwdn ${pwdn} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: hierarchychangeauth failed to change password." |
| cat $TMPFILE |
| exit 1 |
| fi |
| |
| # change back |
| ${TOOLSPATH}/${PREFIX}hierarchychangeauth \ |
| -hi ${hi} \ |
| -pwda ${pwdn} \ |
| -pwdn ${pwda} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: hierarchychangeauth failed to change back password." |
| cat $TMPFILE |
| exit 1 |
| fi |
| done |
| fi |
| } |
| |
| function test_hash_context() |
| { |
| local create="$1" |
| local check="$2" |
| |
| local res tmpfile |
| |
| if [ $create -eq 1 ]; then |
| echo -n "123" > ${TMP2FILE} |
| |
| echo "Starting a sha1 sequence" |
| res="$(${TOOLSPATH}/${PREFIX}hashsequencestart -halg sha1)" |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not start hash sequence." |
| exit 1 |
| fi |
| SHA1_SEQUENCE_HANDLE="$(echo $res | cut -d " " -f3)" |
| echo "sha1 sequence handle: $SHA1_SEQUENCE_HANDLE" |
| |
| ${TOOLSPATH}/${PREFIX}sequenceupdate \ |
| -hs ${SHA1_SEQUENCE_HANDLE} \ |
| -if ${TMP2FILE} |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not updated the sha1 sequence." |
| exit 1 |
| fi |
| echo "Updated sha1 sequence." |
| |
| echo "Starting a sha256 sequence" |
| res="$(${TOOLSPATH}/${PREFIX}hashsequencestart -halg sha256)" |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not start sha256 sequence." |
| exit 1 |
| fi |
| SHA256_SEQUENCE_HANDLE="$(echo $res | cut -d " " -f3)" |
| echo "sha256 sequence handle: $SHA256_SEQUENCE_HANDLE" |
| |
| ${TOOLSPATH}/${PREFIX}sequenceupdate \ |
| -hs ${SHA256_SEQUENCE_HANDLE} \ |
| -if ${TMP2FILE} |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not updated the hash sequence." |
| exit 1 |
| fi |
| echo "Updated sha256 sequence." |
| |
| echo "Starting a sha384 sequence" |
| res="$(${TOOLSPATH}/${PREFIX}hashsequencestart -halg sha384)" |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not start sha384 sequence." |
| exit 1 |
| fi |
| SHA384_SEQUENCE_HANDLE="$(echo $res | cut -d " " -f3)" |
| echo "sha384 sequence handle: $SHA384_SEQUENCE_HANDLE" |
| |
| ${TOOLSPATH}/${PREFIX}sequenceupdate \ |
| -hs ${SHA384_SEQUENCE_HANDLE} \ |
| -if ${TMP2FILE} |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not updated the hash sequence." |
| exit 1 |
| fi |
| echo "Updated sha384 sequence." |
| fi |
| |
| if [ $check -eq 1 ]; then |
| echo -n "456" > ${TMP2FILE} |
| |
| echo "Completing previously started sha1 sequence" |
| touch $TPMDIR/h${SHA1_SEQUENCE_HANDLE}.bin |
| res=$(${TOOLSPATH}/${PREFIX}sequencecomplete \ |
| -hs ${SHA1_SEQUENCE_HANDLE} \ |
| -if ${TMP2FILE} -v | |
| tail -n 4 | |
| grep " 7c 4a 8d ") |
| if [ -z "$res" ]; then |
| echo "Error: Did not get expected result from completing sha1 sequence." |
| exit 1 |
| fi |
| |
| echo "Completing previously started sha256 sequence" |
| touch $TPMDIR/h${SHA256_SEQUENCE_HANDLE}.bin |
| res=$(${TOOLSPATH}/${PREFIX}sequencecomplete \ |
| -hs ${SHA256_SEQUENCE_HANDLE} \ |
| -if ${TMP2FILE} -v | |
| tail -n 4 | |
| grep " 8d 96 9e ") |
| if [ -z "$res" ]; then |
| echo "Error: Did not get expected result from completing sha256 sequence." |
| exit 1 |
| fi |
| |
| echo "Completing previously started sha384 sequence" |
| touch $TPMDIR/h${SHA384_SEQUENCE_HANDLE}.bin |
| res=$(${TOOLSPATH}/${PREFIX}sequencecomplete \ |
| -hs ${SHA384_SEQUENCE_HANDLE} \ |
| -if ${TMP2FILE} -v | |
| tail -n 4 | |
| grep " 0a 98 9e ") |
| if [ -z "$res" ]; then |
| echo "Error: Did not get expected result from completing sha384 sequence." |
| exit 1 |
| fi |
| fi |
| } |
| |
| function test_session() |
| { |
| local create="$1" |
| local check="$2" |
| # whether we are using previous stored stated that had a different |
| # key and we have to use the old signature |
| local previousstate="$3" |
| |
| local i res rc |
| |
| if [ $create -eq 1 ]; then |
| # Create a permanent primary key that we expecte |
| # to again see after the TPM has been restarted |
| ${TOOLSPATH}/${PREFIX}createprimary -hi o -st > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: createprimary for creating storage key failed." |
| exit 1 |
| fi |
| if [ -z "$(grep 80000000 $TMPFILE)" ]; then |
| echo "Error: createprimary did not result in expected handle 80000000" |
| cat $TMPFILE |
| exit 1 |
| fi |
| ${TOOLSPATH}/${PREFIX}evictcontrol -ho 80000000 -hp 81000000 -hi o |
| if [ $? -ne 0 ]; then |
| echo "Error: evictcontrol did not work" |
| exit 1 |
| fi |
| ${TOOLSPATH}/${PREFIX}flushcontext -ha 80000000 |
| |
| ${TOOLSPATH}/${PREFIX}startauthsession -se h -bi 81000000 > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not start an auth session." |
| cat $TMPFILE |
| exit 1 |
| fi |
| AUTHSESSION_HANDLE=$(cat $TMPFILE | sed 's/Handle//') |
| if [ -z "${AUTHSESSION_HANDLE}" ]; then |
| echo "Error: Could not get auth session handle." |
| exit 1 |
| fi |
| fi |
| |
| if [ $check -eq 1 ]; then |
| echo "Using auth session ${AUTHSESSION_HANDLE} to create a key." |
| ${TOOLSPATH}/${PREFIX}create \ |
| -hp 81000000 \ |
| -st \ |
| -se0 ${AUTHSESSION_HANDLE} 1 |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not create key using authsession" |
| exit 1 |
| fi |
| echo "Successfully created key" |
| fi |
| } |
| |
| function test_hmac_context() |
| { |
| local create="$1" |
| local check="$2" |
| # whether we are using previous stored stated that had a different |
| # key and we have to use the old signature |
| local previousstate="$3" |
| |
| local i res rc |
| |
| if [ $create -eq 1 ]; then |
| ${TOOLSPATH}/${PREFIX}createprimary -hi o -st > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: createprimary failed." |
| exit 1 |
| fi |
| if [ -z "$(grep 80000000 $TMPFILE)" ]; then |
| echo "Error: createprimary did not result in expected handle 80000000" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}create -hp 80000000 -kh \ |
| -opr ${HKEYPRIV} -opu ${HKEYPUB} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: could not create key for HMAC" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}load -hp 80000000 \ |
| -ipr ${HKEYPRIV} -ipu ${HKEYPUB} -v > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: could not load key for HMAC" |
| cat $TMPFILE |
| exit 1 |
| fi |
| if [ -z "$(grep 80000001 $TMPFILE)" ]; then |
| echo "Error: load did not result in expected handle 80000001" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}hmacstart -hk 80000001 > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: could not start HMAC sequence" |
| exit 1 |
| fi |
| if [ -z "$(grep 80000002 $TMPFILE)" ]; then |
| echo "Error: load did not result in expected handle 80000002" |
| exit 1 |
| fi |
| |
| echo -n "123" > ${TMP2FILE} |
| ${TOOLSPATH}/${PREFIX}sequenceupdate \ |
| -hs 80000002 \ |
| -if ${TMP2FILE} |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not updated the HMAC sequence." |
| exit 1 |
| fi |
| echo "Updated HMAC sequence." |
| fi |
| |
| if [ $check -eq 1 ]; then |
| echo -n "456" > ${TMP2FILE} |
| |
| echo "Completing previously started HMAC sequence" |
| touch $TPMDIR/h80000002.bin |
| ${TOOLSPATH}/${PREFIX}sequencecomplete \ |
| -hs 80000002 \ |
| -if ${TMP2FILE} -v | |
| tail -n 4 > ${TMPFILE} |
| if [ -z "$(grep " 6e 40 33 1a " ${TMPFILE})" ]; then |
| echo "Error: Did not get expected result from completing HMAC sequence." |
| cat $TMPFILE |
| exit 1 |
| fi |
| fi |
| } |
| |
| function test_primary_volatile_load() |
| { |
| local create="$1" |
| local check="$2" |
| # whether we are using previous stored stated that had a different |
| # key and we have to use the old signature |
| local previousstate="$3" |
| |
| local i res rc |
| |
| if [ $create -eq 1 ]; then |
| # Create a permanent primary key that we expecte |
| # to again see after the TPM has been restarted |
| ${TOOLSPATH}/${PREFIX}createprimary -hi o -si > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: createprimary failed." |
| exit 1 |
| fi |
| if [ -z "$(grep 80000000 $TMPFILE)" ]; then |
| echo "Error: createprimary did not result in expected handle 80000000" |
| exit 1 |
| fi |
| |
| echo -n "123" > $BINFILE |
| ${TOOLSPATH}/${PREFIX}sign -hk 80000000 -if ${BINFILE} -os ${SIGFILE} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not create signature." |
| cat $TMPFILE |
| exit 1 |
| fi |
| |
| printf "Verifying signature with this key (create phase)\n" |
| ${TOOLSPATH}/${PREFIX}verifysignature -hk 80000000 \ |
| -is ${SIGFILE} \ |
| -if ${BINFILE} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Verifying signature failed." |
| exit 1 |
| fi |
| fi |
| |
| if [ $check -eq 1 ]; then |
| local sigfile=${SIGFILE} hash1 hash2 |
| |
| if [ $previousstate -ne 0 ]; then |
| sigfile=${TESTDIR}/data/tpm2state3d/signature2.bin |
| fi |
| |
| printf "Checking availability of key with handle 0x80000000\n" |
| ${TOOLSPATH}/${PREFIX}getcapability -cap 1 -pr 0x80000000 >$TMPFILE |
| if [ -z "$(grep 80000000 $TMPFILE)" ]; then |
| echo "Could not find key with handle 0x80000000" |
| exit 1 |
| fi |
| |
| printf "Verifying signature with this key (check phase)\n" |
| echo -n "123" > $BINFILE |
| ${TOOLSPATH}/${PREFIX}verifysignature -hk 80000000 \ |
| -is ${sigfile} \ |
| -if ${BINFILE} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Verifying signature failed." |
| exit 1 |
| fi |
| |
| if [ $previousstate -eq 0 ]; then |
| ${TOOLSPATH}/${PREFIX}sign -hk 80000000 -if ${BINFILE} -os ${SIGFILE2} > $TMPFILE |
| if [ $? -ne 0 ]; then |
| echo "Error: Could not create signature." |
| cat $TMPFILE |
| exit 1 |
| fi |
| hash1=$(get_sha1_file ${SIGFILE}) |
| hash2=$(get_sha1_file ${SIGFILE2}) |
| if [ "${hash1}" != "${hash2}" ]; then |
| echo "Error: hashes of signatures are different. Loaded key may be different." |
| exit 1 |
| fi |
| fi |
| fi |
| } |
| |
| export TPM_SERVER_TYPE=raw |
| export TPM_INTERFACE_TYPE=socsim |
| export TPM_COMMAND_PORT=65533 |
| export TPM_DATA_DIR=$TPMDIR |
| export TPM_SESSION_ENCKEY="807e2bfe898ddaed8fa6310e716a24dc" # for sessions |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (1) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}startup -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_startup clear failed." |
| exit 1 |
| fi |
| |
| test_nvram_state 1 1 |
| test_primary 1 1 0 |
| test_pcr_allocation 1 0 # can only check after reboot |
| test_hierarchy 1 1 |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| echo "============================" >> $LOGFILE |
| |
| echo "TPM was shut down" |
| |
| # Store this state for later usage |
| # cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state3; |
| # cp $SIGFILE ${TESTDIR}/data/tpm2state3/signature.bin |
| |
| ################################################################# |
| # Run TPM2 with the created state and verify it's the same |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (2) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| echo "TPM re-started" |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}startup -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_startup clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| test_nvram_state 0 1 |
| test_primary 0 1 0 |
| test_pcr_allocation 0 1 |
| test_hierarchy 0 1 |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| echo "============================" >> $LOGFILE |
| |
| echo "TPM was shut down" |
| |
| ################################################################# |
| # Run TPM2 with previously saved state and verify it's the same |
| |
| rm -f $TPMDIR/* |
| cp -f ${TESTDIR}/data/tpm2state3/tpm2-00.permall $TPMDIR/tpm2-00.permall |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| echo "TPM started with previously generated state" |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}startup -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_startup clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| test_nvram_state 0 1 |
| test_primary 0 1 1 |
| test_pcr_allocation 0 1 |
| test_hierarchy 0 1 |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| echo "Test 1 OK" |
| |
| # |
| # |
| # Tests with volatile state |
| # |
| # |
| |
| rm -f ${TPMDIR}/* |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}startup -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_startup clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| test_session 1 1 |
| test_hash_context 1 0 |
| |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -v 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| ################################################################# |
| # Run TPM2 with the saved volatile state |
| |
| # create a backup for running the next test... |
| # cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state3b/tpm2-00.permall |
| # cp $TPMDIR/tpm2-00.volatilestate ${TESTDIR}/data/tpm2state3b/tpm2-00.volatilestate |
| # cp $TPMDIR/h02000000.bin ${TESTDIR}/data/tpm2state3b/h02000000.bin |
| # cp $TPMDIR/h81000000.bin ${TESTDIR}/data/tpm2state3b/h81000000.bin |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| cat $LOGFILE |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| test_hash_context 0 1 |
| test_session 0 1 |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| ##################################################################### |
| # Run TPM2 with previously saved (volatile) state and verify it's |
| # working as well |
| |
| cp -f ${TESTDIR}/data/tpm2state3b/tpm2-00.permall $TPMDIR/tpm2-00.permall |
| cp -f ${TESTDIR}/data/tpm2state3b/tpm2-00.volatilestate $TPMDIR/tpm2-00.volatilestate |
| cp -f ${TESTDIR}/data/tpm2state3b/h02000000.bin $TPMDIR/h02000000.bin |
| cp -f ${TESTDIR}/data/tpm2state3b/h81000000.bin $TPMDIR/h81000000.bin |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| echo "TPM started with previously generated state" |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| tail -n 10 $LOGFILE |
| exit 1 |
| fi |
| |
| test_hash_context 0 1 |
| test_session 0 1 |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| echo "Test 2 OK" |
| |
| # |
| # |
| # Tests with volatile state -- 2nd test |
| # |
| # |
| |
| rm -f ${TPMDIR}/* |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}startup -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_startup clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # we only run this to generate the AES key which is different every time... |
| # test_hmac_context 1 0 |
| |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -v 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| ################################################################# |
| # Run TPM2 with the saved volatile state |
| |
| # create a backup for running the next test... |
| # cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state3c/tpm2-00.permall |
| # cp $TPMDIR/tpm2-00.volatilestate ${TESTDIR}/data/tpm2state3c/tpm2-00.volatilestate |
| |
| #echo $TPMDIR |
| #ls -l $TPMDIR |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| cat $LOGFILE |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| # since the AES key is different every time, we cannot run |
| # the HMAC function that's using it since the result would |
| # be different every time |
| # test_hmac_context 0 1 |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| ##################################################################### |
| # Run TPM2 with previously saved (volatile) state and verify it's |
| # working as well |
| |
| cp -f ${TESTDIR}/data/tpm2state3c/tpm2-00.volatilestate $TPMDIR/tpm2-00.volatilestate |
| cp -f ${TESTDIR}/data/tpm2state3c/tpm2-00.permall $TPMDIR/tpm2-00.permall |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| echo "TPM started with previously generated state" |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| test_hmac_context 0 1 |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| echo "Test 3 OK" |
| |
| |
| # |
| # |
| # Tests with volatile state -- 3rd test |
| # |
| # |
| |
| rm -f ${TPMDIR}/* |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}startup -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_startup clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| test_primary_volatile_load 1 0 0 |
| |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -v 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_STORE_VOLATILE failed: $act" |
| exit 1 |
| fi |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| ################################################################# |
| # Run TPM2 with the saved volatile state |
| |
| # create a backup for running the next test... |
| # cp $TPMDIR/tpm2-00.volatilestate ${TESTDIR}/data/tpm2state3d/tpm2-00.volatilestate |
| # cp $TPMDIR/tpm2-00.permall ${TESTDIR}/data/tpm2state3d/tpm2-00.permall |
| # cp $SIGFILE ${TESTDIR}/data/tpm2state3d/signature2.bin |
| |
| #echo $TPMDIR |
| #ls -l $TPMDIR |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| cat $LOGFILE |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| test_primary_volatile_load 0 1 0 |
| |
| ${TOOLSPATH}/${PREFIX}shutdown -c |
| if [ $? -ne 0 ]; then |
| echo "Error: tpm_shutdown clear failed." |
| cat $LOGFILE |
| exit 1 |
| fi |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| ##################################################################### |
| # Run TPM2 with previously saved (volatile) state and verify it's |
| # working as well |
| |
| cp -f ${TESTDIR}/data/tpm2state3d/tpm2-00.permall $TPMDIR/tpm2-00.permall |
| cp -f ${TESTDIR}/data/tpm2state3d/tpm2-00.volatilestate $TPMDIR/tpm2-00.volatilestate |
| |
| $SWTPM_EXE socket \ |
| --server port=${TPM_COMMAND_PORT} \ |
| --tpmstate dir=$TPMDIR \ |
| --pid file=$PID_FILE \ |
| --ctrl type=unixio,path=$SOCK_PATH \ |
| --log file=$LOGFILE,level=20 \ |
| --tpm2 \ |
| ${SWTPM_TEST_SECCOMP_OPT} & |
| |
| if wait_for_file $PID_FILE 3; then |
| echo "Error: (3) Socket TPM did not write pidfile." |
| exit 1 |
| fi |
| |
| echo "TPM started with previously generated state" |
| |
| PID="$(cat $PID_FILE)" |
| |
| # Send TPM_Init |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -i 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_INIT failed: $act" |
| exit 1 |
| fi |
| |
| test_primary_volatile_load 0 1 1 |
| |
| # Send Shutdown |
| act=$($SWTPM_IOCTL --unix $SOCK_PATH -s 2>&1) |
| if [ $? -ne 0 ]; then |
| echo "Error: $SWTPM_IOCTL CMD_SHUTDOWN failed: $act" |
| exit 1 |
| fi |
| |
| echo "Test 4 OK" |
| |
| exit 0 |