Google Git
Sign in
fuchsia / third_party / github.com / stefanberger / swtpm / bb2c7ed14e5efe1db938e05569285bdf0ee45a7f / . / tests / test_ctrlchannel
blob: 3a6dbfcdebaa2eea866ac5af5a77b4cce88ea93d [file] [log] [blame]
#!/usr/bin/env bash
# For the license, see the LICENSE file in the root directory.
# shellcheck disable=SC2035,SC2061
ROOT=${abs_top_builddir:-$(dirname "$0")/..}
TESTDIR=${abs_top_testdir:-$(dirname "$0")}
TPMDIR="$(mktemp -d)" || exit 1
SWTPM_CTRL_UNIX_PATH=$TPMDIR/sock
PID_FILE=$TPMDIR/swtpm.pid
LOG_FILE=$TPMDIR/swtpm.log
CMD_PATH=$TPMDIR/cmd
RESP_PATH=$TPMDIR/resp
source "${TESTDIR}/test_common"
trap "cleanup" SIGTERM EXIT
function cleanup()
{
rm -rf "$TPMDIR"
if [ -n "$PID" ]; then
kill_quiet -SIGTERM "$PID" 2>/dev/null
fi
}
SWTPM_INTERFACE=socket+unix
SWTPM_SERVER_PORT=65430
SWTPM_SERVER_NAME=localhost
source "${TESTDIR}/common"
skip_test_no_tpm12 "${SWTPM_EXE}"
# Test 1: test the control channel on the socket tpm
# OS X would not allow nobody to access the $TPMDIR easily; skip it
if [ "$(id -u)" -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
FOWNER=",uid=nobody,gid=$(id -Gn nobody | cut -d" " -f1)"
FILEOWNER="$(id -u nobody) $(id -G nobody | cut -d" " -f1)"
RUNAS="--runas nobody"
if ! chown nobody "$TPMDIR"; then
echo "Error: Could not change ownership of $TPMDIR"
exit 1
fi
fi
if [[ "$(uname -s)" =~ CYGWIN_NT- ]]; then
FILEMODE=661
else
FILEMODE=621
fi
case "$(uname -s)" in
FreeBSD)
kldload pty
;;
esac
# use a pseudo terminal
if [ -c /dev/ptmx ]; then
exec 100<>/dev/ptmx
elif [ -c /dev/ptm ]; then
exec 100<>/dev/ptm
else
echo "Could not find chardev for opening file descriptor."
exit 1
fi
case $(uname -s) in
Linux|CYGWIN_NT-|Darwin)
PIDPARAM="fd=101"
exec 101<>"$PID_FILE"
;;
*)
PIDPARAM="file=$PID_FILE"
;;
esac
$SWTPM_EXE socket \
--fd 100 \
--tpmstate "dir=$TPMDIR" \
--pid "$PIDPARAM" \
--ctrl "type=unixio,path=$SWTPM_CTRL_UNIX_PATH,mode=${FILEMODE}${FOWNER}" \
--log "file=$LOG_FILE,level=20" \
${RUNAS:+${RUNAS}} \
--daemon \
${SWTPM_TEST_SECCOMP_OPT:+${SWTPM_TEST_SECCOMP_OPT}}
exec 100>&-
exec 101>&-
if [ ! -f "$PID_FILE" ]; then
echo "Error: Socket TPM did not write pidfile."
exit 1
fi
PID=$(cat "$PID_FILE")
# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x01')"
if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
exp=" 00 00 00 00 00 01 7f ff"
else
exp=" 00 00 00 00 00 01 6f ff"
fi
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_GET_CAPABILITY:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
filemode=$(get_filemode "$SWTPM_CTRL_UNIX_PATH")
if [ "$filemode" != "$FILEMODE" ]; then
echo "Filemode bits are wrong"
echo "Expected: $FILEMODE"
echo "Actual : $filemode"
exit 1
fi
fileowner=$(get_fileowner "$SWTPM_CTRL_UNIX_PATH")
if [ -n "$FILEOWNER" ] && [ "$fileowner" != "$FILEOWNER" ]; then
echo "File ownership is wrong"
echo "Expected: $FILEOWNER"
echo "Actual : $fileowner"
exit 1
fi
# Send TPM_Init to the TPM: CMD_INIT = 0x00 00 00 02 + flags
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x02\x00\x00\x00\x00')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_INIT:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send unknown command to the TPM
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\xff\xff')"
exp=" 00 00 00 0a"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from sending unsupported command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0a')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_STORE_VOLATILE:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if [ ! -r "$TPMDIR/tpm-00.volatilestate" ]; then
echo "Error: Socket TPM: Did not write volatile state file"
exit 1
fi
# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0f')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# To enable coverage of the above running as non-root we change the .gcda
# files' ownership with this small hack
if [ "$(id -u)" -eq 0 ] && [ "$(uname -s)" != "Darwin" ]; then
find "$ROOT" -name *.gcda -exec chown nobody {} \;
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_file_gone "$PID_FILE" 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
if wait_process_gone "${PID}" 4; then
echo "Error: TPM should not be running anymore."
exit 1
fi
check_logfile_patterns_level_20 "$LOG_FILE"
rm -f "$LOG_FILE"
echo "OK"
# Test 2: test the control channel on the socket tpm
# There are a few more tests here that require sending commands to the TPM
# use a pseudo terminal
run_swtpm "${SWTPM_INTERFACE}" \
--tpmstate "dir=$TPMDIR" \
--pid "file=$PID_FILE" \
--log "file=$LOG_FILE" \
--flags startup-clear \
${RUNAS:+${RUNAS}}
PID=$SWTPM_PID
if wait_for_file "${PID_FILE}" 4; then
echo "Error: Socket TPM did not write pidfile."
cat "$LOG_FILE"
exit 1
fi
validate_pidfile "$PID" "$PID_FILE"
# Get the capability bits: CMD_GET_CAPABILITY = 0x00 00 00 01
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x01')"
if [[ "$(uname -s)" =~ (Linux|OpenBSD|FreeBSD|NetBSD|Darwin|DragonFly) ]]; then
exp=" 00 00 00 00 00 01 7f ff"
else
exp=" 00 00 00 00 00 01 6f ff"
fi
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_CAPABILITY:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send unknown command to the TPM
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\xff\xff')"
exp=" 00 00 00 0a"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending unsupported command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Startup the TPM; we use --flags startup-clear, so expect this to fail with error 0x26 (INVALID POST INIT)
res="$(swtpm_cmd_tx "${SWTPM_INTERFACE}" '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01')"
exp=' 00 c4 00 00 00 0a 00 00 00 26'
if [ "$res" != "$exp" ]; then
echo "Error: Did not get expected result from TPM_Startup(ST_Clear)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Save the volatile state: CMD_STORE_VOLATILE = 0x00 00 00 0a
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0a')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STORE_VOLATILE:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if [ ! -r "$TPMDIR/tpm-00.volatilestate" ]; then
echo "Error: Socket TPM: Did not write volatile state file"
exit 1
fi
# 1. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x04')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 2. Send command to start HASH : CMD_HASH_START = 00 00 00 06
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x06')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_START command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 2.1. Send command to hash data : CMD_HASH_DATA = 00 00 00 07 uint32(length) data
# We send 0x100 null bytes
echo -en '\x00\x00\x00\x07\x00\x00\x20\x00' > "$CMD_PATH"
dd if=/dev/zero count=$((0x2000)) bs=1 >> "$CMD_PATH" 2>/dev/null
socat -x -t10 "FILE:$CMD_PATH,rdonly" "UNIX-CONNECT:$SWTPM_CTRL_UNIX_PATH" 2>&1 | \
sed -n '/^ /p' | \
tail -n1 > "$RESP_PATH"
res="$(cat "$RESP_PATH")"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_DATA command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 3. Send command to end HASH : CMD_HASH_END = 00 00 00 08
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x08')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_HASH_END command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 4. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x04')"
exp=" 00 00 00 00 01 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 5. Send command to reset TPM established flag: CMD_RESET_TPMESTABLISHED = 00 00 00 0b 03
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0b\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# 6. Send command to get TPM established flag: CMD_GET_TPMESTABLISHED = 00 00 00 04
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x04')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from sending CMD_GET_TPMESTABLISHED command:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Read PCR 17
res="$(swtpm_cmd_tx "${SWTPM_INTERFACE}" '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c4 e1 e1 c9 81 c0 cd b1 e0 43 df 97 20 72 f9 5d a9 ff 06 ff'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
# cmd | flags | type | offset |
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
# result | flags | totlength | length |
exp=" 00 00 00 00 00 00 00 00 00 00 04 e5 00 00 04 e5"
if [ "${res:0:48}" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Read PCR 17 -- should fail now
res="$(swtpm_cmd_tx "${SWTPM_INTERFACE}" '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x11')"
exp=' 00 c4 00 00 00 0a 00 00 00 09'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(17)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Send get config command to the TPM: CMD_GET_CONFIG = 00 00 00 0f
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0f')"
exp=" 00 00 00 00 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_CONFIG:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_file_gone "$PID_FILE" 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
if wait_process_gone "${PID}" 4; then
echo "Error: Socket TPM should not be running anymore."
exit 1
fi
# Expecting to see an error message for the unknown command
check_logfile_patterns_level_1 "$LOG_FILE" 1
rm -f "$LOG_FILE"
echo "OK"
# Test 3: test the control channel on the socket tpm: resume encrypted state
# copy all the state files
cp "${TESTDIR}"/data/tpmstate2/* "${TPMDIR}"
run_swtpm "${SWTPM_INTERFACE}" \
--tpmstate "dir=$TPMDIR" \
--pid "file=$PID_FILE" \
--key "pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512" \
--log "file=$LOG_FILE,level=20" \
--flags not-need-init
PID=$SWTPM_PID
if wait_for_file "$PID_FILE" 3; then
echo "Error: Socket TPM did not write pidfile."
exit 1
fi
validate_pidfile "$PID" "$PID_FILE"
# Read PCR 10
res="$(swtpm_cmd_tx "${SWTPM_INTERFACE}" '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Get the volatile state of the TPM: CMD_GET_STATEBLOB = 00 00 00 0c
# cmd | flags | type | offset |
vstate="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00')"
# result | flags | totlength | length |
exp=" 00 00 00 00 00 00 00 02 00 00 05 22 00 00 05 22"
if [ "${vstate:0:48}" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_GET_STATEBLOB:"
echo " actual : ${vstate:0:48}"
echo " expected: $exp"
exit 1
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_file_gone "$PID_FILE" 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
if wait_process_gone "${PID}" 4; then
echo "Error: Socket TPM should not be running anymore."
exit 1
fi
check_logfile_patterns_level_20 "$LOG_FILE"
rm -f "$LOG_FILE"
echo "OK"
# remove volatile state
rm -f "$TPMDIR"/*.volatilestate
run_swtpm "${SWTPM_INTERFACE}" \
--tpmstate "dir=$TPMDIR" \
--pid "file=$PID_FILE" \
--key "pwdfile=${TESTDIR}/data/tpmstate2/pwdfile.txt,kdf=sha512" \
--log "file=$LOG_FILE" \
--flags not-need-init
PID=$SWTPM_PID
if wait_for_file "$PID_FILE" 3; then
echo "Error: Socket TPM did not write pidfile."
exit 1
fi
validate_pidfile "$PID" "$PID_FILE"
# Read PCR 10 -- this should fail now
res="$(swtpm_cmd_tx "${SWTPM_INTERFACE}" '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 0a 00 00 00 26'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Send stop command to the TPM: CMD_STOP = 00 00 00 0e
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x0e')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_STOP:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send the volatile state to the TPM (while it is stopped)
# | cmd | flags | type |
vstate=${vstate:48}
size=$((${#vstate} / 3))
size=$(printf "%08x" $size | sed 's/\([0-9a-f]\{2\}\)/\\x\1/g')
vstate=${vstate// /\\x}
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" "\x00\x00\x00\x0d\x00\x00\x00\x02\x00\x00\x00\x02${size}${vstate}")"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SET_STATEBLOB:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Send init command to the TPM: CMD_INIT = 00 00 00 02
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x02\x00\x00\x00\x00')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_INIT:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Read PCR 10 -- has to return same result as before
res="$(swtpm_cmd_tx "${SWTPM_INTERFACE}" '\x00\xC1\x00\x00\x00\x0E\x00\x00\x00\x15\x00\x00\x00\x0a')"
exp=' 00 c4 00 00 00 1e 00 00 00 00 c7 8a 6e 94 c7 3c 4d 7f c3 05 c8 a6 6b bf 15 45 f4 ed b7 a5'
if [ "$res" != "$exp" ]; then
echo "Error: (1) Did not get expected result from TPM_PCRRead(10)"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Reset PCR 20 while in locality 0 -- should not work
res="$(swtpm_cmd_tx "${SWTPM_INTERFACE}" '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
exp=' 00 c4 00 00 00 0a 00 00 00 33'
if [ "$res" != "$exp" ]; then
echo "Error: Trying to reset PCR 20 in locality 0 returned unexpected result"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# In locality 2 we can reset PCR 20
# Set the localoty on the TPM: CMD_SET_LOCALITY = 00 00 00 05 <locality>
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x05\x02')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SET_LOCALITY:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
# Reset PCR 20 while in locality 2 -- has to work
res="$(swtpm_cmd_tx "${SWTPM_INTERFACE}" '\x00\xC1\x00\x00\x00\x0F\x00\x00\x00\xC8\x00\x03\x00\x00\x10')"
exp=' 00 c4 00 00 00 0a 00 00 00 00'
if [ "$res" != "$exp" ]; then
echo "Error: Could not reset PCR 20 in locality 2"
echo "expected: $exp"
echo "received: $res"
exit 1
fi
# Send shutdown command to the TPM: CMD_SHUTDOWN = 00 00 00 03
res="$(swtpm_ctrl_tx "${SWTPM_INTERFACE}" '\x00\x00\x00\x03')"
exp=" 00 00 00 00"
if [ "$res" != "$exp" ]; then
echo "Error: Socket TPM: Unexpected response from CMD_SHUTDOWN:"
echo " actual : $res"
echo " expected: $exp"
exit 1
fi
if wait_file_gone "$PID_FILE" 2; then
echo "Error: TPM should have removed PID file by now."
exit 1
fi
if wait_process_gone "${PID}" 4; then
echo "Error: Socket TPM should not be running anymore."
exit 1
fi
# (Currently) expecting to see nothing in the log file
check_logfile_patterns_level_1 "$LOG_FILE" 0
rm -f "$LOG_FILE"
echo "OK"
exit 0