utility/chromeos_tpm_recovery_test - Issue 3838008: Script to diagnose and fix TPM problems in recovery mode.

Side by Side Diff: utility/chromeos_tpm_recovery_test

Issue 3838008: Script to diagnose and fix TPM problems in recovery mode. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git

Patch Set: remove confusing and at best marginally useful statement Created 10 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 #!/bin/sh -u

	2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.

	3 # Use of this source code is governed by a BSD-style license that can be

	4 # found in the LICENSE file.

	5 #

	6 # Test the chromeos TPM recovery script by faking the entire execution

	7 # environment.

	8

	9 rm -rf tpm_recovery_test_workdir

	10 mkdir tpm_recovery_test_workdir

	11 cd tpm_recovery_test_workdir

	12

	13 export USR_BIN=.

	14 export USR_SBIN=.

	15 export DOT_RECOVERY=.recovery

	16 export ACPI_DIR=.

	17

	18 ctr=../chromeos_tpm_recovery

	19

	20 # build the permanent environment

	21

	22 echo > .recovery

	23 echo 3 > BINF.0

	24 echo 0 > CRSW

	25

	26 # build tpmc

	27 cat > tpmc <<"EOF"

	28 #!/bin/sh -u

	29 # Fake tpmc program

	30

	31 definespace () {

	32 index=$2

	33 size=$3

	34 permissions=$4

	35

	36 if [ -e space.$index.data -a -e tpm-owned ]; then

	37 echo "cannot redefine space without auth"

	38 fi

	39

	40 if [ $index != 0xf004 ]; then

	41 echo $size > space.$index.size

	42 echo $permissions > space.$index.perm

	43 for i in $(seq 1 $(($size))); do

	44 echo -n "ff " >> space.$index.data

	45 done

	46 fi

	47 return 0

	48 }

	49

	50 case $1 in

	51

	52 clear)

	53 rm -f tpm-owned

	54 ;;

	55

	56 enable)

	57 # boring

	58 ;;

	59

	60 activate)

	61 # boring

	62 ;;

	63

	64 definespace)

	65 definespace $*

	66 ;;

	67

	68 getp)

	69 echo space blah has permissions $(cat space.$2.perm)

	70 ;;

	71

	72 read)

	73 index=$2

	74 size=$3

	75 maxsize=$(cat space.$index.size)

	76 if [ $(($size > $maxsize)) -eq 1 ]; then

	77 echo "size $size too large for space (max is $maxsize)"

	78 exit 1

	79 fi

	80 dd if=space.$index.data bs=1 count=$(($3 * 3)) 2> /dev/null

	81 ;;

	82

	83 write)

	84 args="$@"

	85 index=$2

	86 bytes="$(echo $args \| sed 's/[^ ]* [^ ]* //')"

	87 size=$(echo $bytes \| wc -w)

	88 maxsize=$(cat space.$index.size)

	89 if [ $(($size > $maxsize)) -eq 1 ]; then

	90 echo "size $size too large for space (max is $(($maxsize)))"

	91 exit 1

	92 fi

	93 re=$(echo "$bytes " \| sed 's/././g')

	94 sed "s/$re/$bytes /" < space.$index.data > _tmp_

	95 mv _tmp_ space.$index.data

	96 ;;

	97

	98 getpf)

	99 echo "disable 0"

	100 echo "deactivated 0"

	101 echo "nvLocked 1"

	102 echo "physicalPresenceLifetimeLock 1"

	103 echo "physicalPresenceHWEnable 0"

	104 echo "physicalPresenceCMDEnable 1"

	105 ;;

	106

	107 getvf)

	108 echo "bGlobalLock 1"

	109 echo "physicalPresence 1"

	110 echo "physicalPresenceLock 0"

	111 ;;

	112

	113 ppfin)

	114 # boring

	115 ;;

	116

	117 ppon)

	118 # boring

	119 ;;

	120

	121 *)

	122 echo "tpmc: invalid command $1"

	123 exit 1

	124 ;;

	125 esac

	126

	127 EOF

	128

	129 # build nvtool

	130 cat > tpm-nvtool <<"EOF"

	131 #!/bin/sh -u

	132

	133 print_space () {

	134 index=$1

	135 echo "# NV Index $index"

	136 echo " uninteresting random garbage"

	137 echo " further random garbage"

	138 echo ""

	139 }

	140

	141 if [ "$1" = "--release" ]; then

	142 if [ "$2" != "--index" -o \

	143 "$4" != "--owner_password" ]; then

	144 echo "sorry, picky tpm-nvtool"

	145 exit 1

	146 fi

	147 index=$3

	148 if [ ! -f tpm-owned ]; then

	149 echo "tpm is unowned"

	150 exit 1

	151 fi

	152 rm space.$index.*

	153 elif [ "$1" = "--list" ]; then

	154 for s in space.*.data; do

	155 print_space $(echo $s \| sed -e "s/[^.]\.//" -e "s/\..//")

	156 done

	157 fi

	158 EOF

	159

	160 # build tpm_takeownership

	161 cat > tpm_takeownership <<"EOF"

	162 #!/bin/sh -u

	163 if [ -f tpm-owned ]; then

	164 echo "tpm is already owned"

	165 exit 1

	166 fi

	167 echo > tpm-owned

	168 EOF

	169

	170 # build tcsd

	171 cat > tcsd <<"EOF"

	172 #!/bin/sh -u

	173 trap "{ rm tcsd_is_running; }" EXIT

	174 echo > tcsd_is_running

	175 sleep 365d

	176 EOF

	177

	178 chmod 755 tpmc tpm-nvtool tpm_takeownership tcsd

	179

	180 echo "starting TPM recovery test" > log

	181

	182 # normal run

	183

	184 ./tpmc definespace 0x1007 0xa 0x8001

	185 ./tpmc definespace 0x1008 0xd 0x1

	186 ./tpmc write 0x1008 01 4c 57 52 47

	187 touch tpm-owned

	188

	189 echo "TEST: normal run" > log

	190 $ctr log

	191

	192 # attempt to hijack kernel space

	193

	194 rm space.*

	195

	196 ./tpmc definespace 0x1007 0xa 0x8001

	197 ./tpmc definespace 0x1008 0xd 0x1

	198 touch tpm-owned

	199

	200 echo "TEST: bad kernel space ID" >> log

	201 $ctr log

	202

	203 # attempt to hijack kernel space

	204

	205 rm space.*

	206

	207 ./tpmc definespace 0x1007 0xa 0x8001

	208 ./tpmc definespace 0x1008 0xc 0x1

	209 touch tpm-owned

	210

	211 echo "TEST: bad kernel space size" >> log

	212 $ctr log

	213

OLD	NEW

« no previous file with comments | « utility/chromeos_tpm_recovery ('k') | no next file » | no next file with comments »