]>
Commit | Line | Data |
---|---|---|
2dffe1c6 MR |
1 | # SPDX-License-Identifier: GPL-2.0+ |
2 | # Copyright (c) 2018, Bootlin | |
3 | # Author: Miquel Raynal <miquel.raynal@bootlin.com> | |
4 | ||
5 | import os.path | |
6 | import pytest | |
7 | import u_boot_utils | |
8 | import re | |
9 | import time | |
10 | ||
11 | """ | |
12 | Test the TPMv2.x related commands. You must have a working hardware setup in | |
13 | order to do these tests. | |
14 | ||
15 | Notes: | |
16 | * These tests will prove the password mechanism. The TPM chip must be cleared of | |
17 | any password. | |
18 | * Commands like pcr_setauthpolicy and pcr_resetauthpolicy are not implemented | |
19 | here because they would fail the tests in most cases (TPMs do not implement them | |
20 | and return an error). | |
8870daaa KR |
21 | |
22 | ||
23 | Note: | |
24 | This test doesn't rely on boardenv_* configuration value but can change test | |
25 | behavior. | |
26 | ||
27 | * Setup env__tpm_device_test_skip to True if tests with TPM devices should be | |
28 | skipped. | |
29 | ||
2dffe1c6 MR |
30 | """ |
31 | ||
32 | updates = 0 | |
33 | ||
34 | def force_init(u_boot_console, force=False): | |
35 | """When a test fails, U-Boot is reset. Because TPM stack must be initialized | |
36 | after each reboot, we must ensure these lines are always executed before | |
37 | trying any command or they will fail with no reason. Executing 'tpm init' | |
38 | twice will spawn an error used to detect that the TPM was not reset and no | |
39 | initialization code should be run. | |
40 | """ | |
8870daaa KR |
41 | skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) |
42 | if skip_test: | |
43 | pytest.skip('skip TPM device test') | |
d87434a2 | 44 | output = u_boot_console.run_command('tpm2 init') |
2dffe1c6 MR |
45 | if force or not 'Error' in output: |
46 | u_boot_console.run_command('echo --- start of init ---') | |
d87434a2 MR |
47 | u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR') |
48 | u_boot_console.run_command('tpm2 self_test full') | |
49 | u_boot_console.run_command('tpm2 clear TPM2_RH_LOCKOUT') | |
2dffe1c6 MR |
50 | output = u_boot_console.run_command('echo $?') |
51 | if not output.endswith('0'): | |
d87434a2 | 52 | u_boot_console.run_command('tpm2 clear TPM2_RH_PLATFORM') |
2dffe1c6 MR |
53 | u_boot_console.run_command('echo --- end of init ---') |
54 | ||
17d1fe1c SG |
55 | def is_sandbox(cons): |
56 | # Array slice removes leading/trailing quotes. | |
57 | sys_arch = cons.config.buildconfig.get('config_sys_arch', '"sandbox"')[1:-1] | |
58 | return sys_arch == 'sandbox' | |
59 | ||
2dffe1c6 MR |
60 | @pytest.mark.buildconfigspec('cmd_tpm_v2') |
61 | def test_tpm2_init(u_boot_console): | |
62 | """Init the software stack to use TPMv2 commands.""" | |
8870daaa KR |
63 | skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) |
64 | if skip_test: | |
65 | pytest.skip('skip TPM device test') | |
d87434a2 | 66 | u_boot_console.run_command('tpm2 init') |
2dffe1c6 MR |
67 | output = u_boot_console.run_command('echo $?') |
68 | assert output.endswith('0') | |
69 | ||
70 | @pytest.mark.buildconfigspec('cmd_tpm_v2') | |
71 | def test_tpm2_startup(u_boot_console): | |
72 | """Execute a TPM2_Startup command. | |
73 | ||
74 | Initiate the TPM internal state machine. | |
75 | """ | |
17d1fe1c SG |
76 | u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR') |
77 | output = u_boot_console.run_command('echo $?') | |
78 | assert output.endswith('0') | |
79 | ||
80 | def tpm2_sandbox_init(u_boot_console): | |
81 | """Put sandbox back into a known state so we can run a test | |
82 | ||
83 | This allows all tests to run in parallel, since no test depends on another. | |
84 | """ | |
85 | u_boot_console.restart_uboot() | |
86 | u_boot_console.run_command('tpm2 init') | |
87 | output = u_boot_console.run_command('echo $?') | |
88 | assert output.endswith('0') | |
2dffe1c6 | 89 | |
8870daaa KR |
90 | skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) |
91 | if skip_test: | |
92 | pytest.skip('skip TPM device test') | |
d87434a2 | 93 | u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR') |
2dffe1c6 MR |
94 | output = u_boot_console.run_command('echo $?') |
95 | assert output.endswith('0') | |
96 | ||
17d1fe1c SG |
97 | u_boot_console.run_command('tpm2 self_test full') |
98 | output = u_boot_console.run_command('echo $?') | |
99 | assert output.endswith('0') | |
100 | ||
2dffe1c6 | 101 | @pytest.mark.buildconfigspec('cmd_tpm_v2') |
17d1fe1c | 102 | def test_tpm2_sandbox_self_test_full(u_boot_console): |
2dffe1c6 MR |
103 | """Execute a TPM2_SelfTest (full) command. |
104 | ||
105 | Ask the TPM to perform all self tests to also enable full capabilities. | |
106 | """ | |
17d1fe1c SG |
107 | if is_sandbox(u_boot_console): |
108 | u_boot_console.restart_uboot() | |
109 | u_boot_console.run_command('tpm2 init') | |
110 | output = u_boot_console.run_command('echo $?') | |
111 | assert output.endswith('0') | |
112 | ||
113 | u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR') | |
114 | output = u_boot_console.run_command('echo $?') | |
115 | assert output.endswith('0') | |
2dffe1c6 | 116 | |
8870daaa KR |
117 | skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) |
118 | if skip_test: | |
119 | pytest.skip('skip TPM device test') | |
d87434a2 | 120 | u_boot_console.run_command('tpm2 self_test full') |
2dffe1c6 MR |
121 | output = u_boot_console.run_command('echo $?') |
122 | assert output.endswith('0') | |
123 | ||
124 | @pytest.mark.buildconfigspec('cmd_tpm_v2') | |
125 | def test_tpm2_continue_self_test(u_boot_console): | |
126 | """Execute a TPM2_SelfTest (continued) command. | |
127 | ||
128 | Ask the TPM to finish its self tests (alternative to the full test) in order | |
129 | to enter a fully operational state. | |
130 | """ | |
131 | ||
8870daaa KR |
132 | skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) |
133 | if skip_test: | |
134 | pytest.skip('skip TPM device test') | |
17d1fe1c SG |
135 | if is_sandbox(u_boot_console): |
136 | tpm2_sandbox_init(u_boot_console) | |
d87434a2 | 137 | u_boot_console.run_command('tpm2 self_test continue') |
2dffe1c6 MR |
138 | output = u_boot_console.run_command('echo $?') |
139 | assert output.endswith('0') | |
140 | ||
141 | @pytest.mark.buildconfigspec('cmd_tpm_v2') | |
142 | def test_tpm2_clear(u_boot_console): | |
143 | """Execute a TPM2_Clear command. | |
144 | ||
145 | Ask the TPM to reset entirely its internal state (including internal | |
146 | configuration, passwords, counters and DAM parameters). This is half of the | |
147 | TAKE_OWNERSHIP command from TPMv1. | |
148 | ||
149 | Use the LOCKOUT hierarchy for this. The LOCKOUT/PLATFORM hierarchies must | |
150 | not have a password set, otherwise this test will fail. ENDORSEMENT and | |
151 | PLATFORM hierarchies are also available. | |
152 | """ | |
17d1fe1c SG |
153 | if is_sandbox(u_boot_console): |
154 | tpm2_sandbox_init(u_boot_console) | |
2dffe1c6 | 155 | |
8870daaa KR |
156 | skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) |
157 | if skip_test: | |
158 | pytest.skip('skip TPM device test') | |
d87434a2 | 159 | u_boot_console.run_command('tpm2 clear TPM2_RH_LOCKOUT') |
2dffe1c6 MR |
160 | output = u_boot_console.run_command('echo $?') |
161 | assert output.endswith('0') | |
162 | ||
d87434a2 | 163 | u_boot_console.run_command('tpm2 clear TPM2_RH_PLATFORM') |
2dffe1c6 MR |
164 | output = u_boot_console.run_command('echo $?') |
165 | assert output.endswith('0') | |
166 | ||
167 | @pytest.mark.buildconfigspec('cmd_tpm_v2') | |
168 | def test_tpm2_change_auth(u_boot_console): | |
169 | """Execute a TPM2_HierarchyChangeAuth command. | |
170 | ||
171 | Ask the TPM to change the owner, ie. set a new password: 'unicorn' | |
172 | ||
173 | Use the LOCKOUT hierarchy for this. ENDORSEMENT and PLATFORM hierarchies are | |
174 | also available. | |
175 | """ | |
17d1fe1c SG |
176 | if is_sandbox(u_boot_console): |
177 | tpm2_sandbox_init(u_boot_console) | |
2dffe1c6 MR |
178 | force_init(u_boot_console) |
179 | ||
d87434a2 | 180 | u_boot_console.run_command('tpm2 change_auth TPM2_RH_LOCKOUT unicorn') |
2dffe1c6 MR |
181 | output = u_boot_console.run_command('echo $?') |
182 | assert output.endswith('0') | |
183 | ||
d87434a2 | 184 | u_boot_console.run_command('tpm2 clear TPM2_RH_LOCKOUT unicorn') |
2dffe1c6 | 185 | output = u_boot_console.run_command('echo $?') |
d87434a2 | 186 | u_boot_console.run_command('tpm2 clear TPM2_RH_PLATFORM') |
2dffe1c6 MR |
187 | assert output.endswith('0') |
188 | ||
617270b9 | 189 | @pytest.mark.buildconfigspec('sandbox') |
2dffe1c6 MR |
190 | @pytest.mark.buildconfigspec('cmd_tpm_v2') |
191 | def test_tpm2_get_capability(u_boot_console): | |
192 | """Execute a TPM_GetCapability command. | |
193 | ||
194 | Display one capability. In our test case, let's display the default DAM | |
195 | lockout counter that should be 0 since the CLEAR: | |
196 | - TPM_CAP_TPM_PROPERTIES = 0x6 | |
197 | - TPM_PT_LOCKOUT_COUNTER (1st parameter) = PTR_VAR + 14 | |
198 | ||
199 | There is no expected default values because it would depend on the chip | |
200 | used. We can still save them in order to check they have changed later. | |
201 | """ | |
17d1fe1c SG |
202 | if is_sandbox(u_boot_console): |
203 | tpm2_sandbox_init(u_boot_console) | |
2dffe1c6 MR |
204 | |
205 | force_init(u_boot_console) | |
206 | ram = u_boot_utils.find_ram_base(u_boot_console) | |
207 | ||
d87434a2 | 208 | read_cap = u_boot_console.run_command('tpm2 get_capability 0x6 0x20e 0x200 1') #0x%x 1' % ram) |
2dffe1c6 MR |
209 | output = u_boot_console.run_command('echo $?') |
210 | assert output.endswith('0') | |
211 | assert 'Property 0x0000020e: 0x00000000' in read_cap | |
212 | ||
213 | @pytest.mark.buildconfigspec('cmd_tpm_v2') | |
214 | def test_tpm2_dam_parameters(u_boot_console): | |
215 | """Execute a TPM2_DictionaryAttackParameters command. | |
216 | ||
217 | Change Dictionary Attack Mitigation (DAM) parameters. Ask the TPM to change: | |
218 | - Max number of failed authentication before lockout: 3 | |
219 | - Time before the failure counter is automatically decremented: 10 sec | |
220 | - Time after a lockout failure before it can be attempted again: 0 sec | |
221 | ||
222 | For an unknown reason, the DAM parameters must be changed before changing | |
223 | the authentication, otherwise the lockout will be engaged after the first | |
224 | failed authentication attempt. | |
225 | """ | |
17d1fe1c SG |
226 | if is_sandbox(u_boot_console): |
227 | tpm2_sandbox_init(u_boot_console) | |
2dffe1c6 MR |
228 | force_init(u_boot_console) |
229 | ram = u_boot_utils.find_ram_base(u_boot_console) | |
230 | ||
231 | # Set the DAM parameters to known values | |
d87434a2 | 232 | u_boot_console.run_command('tpm2 dam_parameters 3 10 0') |
2dffe1c6 MR |
233 | output = u_boot_console.run_command('echo $?') |
234 | assert output.endswith('0') | |
235 | ||
236 | # Check the values have been saved | |
d87434a2 | 237 | read_cap = u_boot_console.run_command('tpm2 get_capability 0x6 0x20f 0x%x 3' % ram) |
2dffe1c6 MR |
238 | output = u_boot_console.run_command('echo $?') |
239 | assert output.endswith('0') | |
240 | assert 'Property 0x0000020f: 0x00000003' in read_cap | |
241 | assert 'Property 0x00000210: 0x0000000a' in read_cap | |
242 | assert 'Property 0x00000211: 0x00000000' in read_cap | |
243 | ||
244 | @pytest.mark.buildconfigspec('cmd_tpm_v2') | |
245 | def test_tpm2_pcr_read(u_boot_console): | |
246 | """Execute a TPM2_PCR_Read command. | |
247 | ||
248 | Perform a PCR read of the 0th PCR. Must be zero. | |
249 | """ | |
17d1fe1c SG |
250 | if is_sandbox(u_boot_console): |
251 | tpm2_sandbox_init(u_boot_console) | |
2dffe1c6 MR |
252 | |
253 | force_init(u_boot_console) | |
f4eef40b | 254 | ram = u_boot_utils.find_ram_base(u_boot_console) |
2dffe1c6 | 255 | |
d87434a2 | 256 | read_pcr = u_boot_console.run_command('tpm2 pcr_read 0 0x%x' % ram) |
2dffe1c6 MR |
257 | output = u_boot_console.run_command('echo $?') |
258 | assert output.endswith('0') | |
259 | ||
260 | # Save the number of PCR updates | |
261 | str = re.findall(r'\d+ known updates', read_pcr)[0] | |
262 | global updates | |
263 | updates = int(re.findall(r'\d+', str)[0]) | |
264 | ||
265 | # Check the output value | |
266 | assert 'PCR #0 content' in read_pcr | |
267 | assert '00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00' in read_pcr | |
268 | ||
269 | @pytest.mark.buildconfigspec('cmd_tpm_v2') | |
270 | def test_tpm2_pcr_extend(u_boot_console): | |
271 | """Execute a TPM2_PCR_Extend command. | |
272 | ||
273 | Perform a PCR extension with a known hash in memory (zeroed since the board | |
274 | must have been rebooted). | |
275 | ||
276 | No authentication mechanism is used here, not protecting against packet | |
277 | replay, yet. | |
278 | """ | |
17d1fe1c SG |
279 | if is_sandbox(u_boot_console): |
280 | tpm2_sandbox_init(u_boot_console) | |
2dffe1c6 | 281 | force_init(u_boot_console) |
f4eef40b | 282 | ram = u_boot_utils.find_ram_base(u_boot_console) |
2dffe1c6 | 283 | |
d87434a2 | 284 | u_boot_console.run_command('tpm2 pcr_extend 0 0x%x' % ram) |
2dffe1c6 MR |
285 | output = u_boot_console.run_command('echo $?') |
286 | assert output.endswith('0') | |
287 | ||
1c6608bd SG |
288 | # Read the value back into a different place so we can still use 'ram' as |
289 | # our zero bytes | |
290 | read_pcr = u_boot_console.run_command('tpm2 pcr_read 0 0x%x' % (ram + 0x20)) | |
2dffe1c6 MR |
291 | output = u_boot_console.run_command('echo $?') |
292 | assert output.endswith('0') | |
293 | assert 'f5 a5 fd 42 d1 6a 20 30 27 98 ef 6e d3 09 97 9b' in read_pcr | |
294 | assert '43 00 3d 23 20 d9 f0 e8 ea 98 31 a9 27 59 fb 4b' in read_pcr | |
295 | ||
296 | str = re.findall(r'\d+ known updates', read_pcr)[0] | |
297 | new_updates = int(re.findall(r'\d+', str)[0]) | |
298 | assert (updates + 1) == new_updates | |
299 | ||
1c6608bd SG |
300 | u_boot_console.run_command('tpm2 pcr_extend 0 0x%x' % ram) |
301 | output = u_boot_console.run_command('echo $?') | |
302 | assert output.endswith('0') | |
303 | ||
304 | read_pcr = u_boot_console.run_command('tpm2 pcr_read 0 0x%x' % (ram + 0x20)) | |
305 | output = u_boot_console.run_command('echo $?') | |
306 | assert output.endswith('0') | |
307 | assert '7a 05 01 f5 95 7b df 9c b3 a8 ff 49 66 f0 22 65' in read_pcr | |
308 | assert 'f9 68 65 8b 7a 9c 62 64 2c ba 11 65 e8 66 42 f5' in read_pcr | |
309 | ||
310 | str = re.findall(r'\d+ known updates', read_pcr)[0] | |
311 | new_updates = int(re.findall(r'\d+', str)[0]) | |
312 | assert (updates + 2) == new_updates | |
313 | ||
2dffe1c6 MR |
314 | @pytest.mark.buildconfigspec('cmd_tpm_v2') |
315 | def test_tpm2_cleanup(u_boot_console): | |
316 | """Ensure the TPM is cleared from password or test related configuration.""" | |
317 | ||
318 | force_init(u_boot_console, True) |