utility/chromeos_tpm_recovery_test - Issue 4087012: Test the tpm recovery script with a real TPM.

Side by Side Diff: utility/chromeos_tpm_recovery_test

Issue 4087012: Test the tpm recovery script with a real TPM. (Closed) Base URL: http://git.chromium.org/git/vboot_reference.git

Patch Set: cleanup Created 10 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 #!/bin/sh -u	1 #!/bin/sh -u

2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.	2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.

3 # Use of this source code is governed by a BSD-style license that can be	3 # Use of this source code is governed by a BSD-style license that can be

4 # found in the LICENSE file.	4 # found in the LICENSE file.

5 #	5 #

6 # Test the chromeos TPM recovery script by faking the entire execution	6 # Test the chromeos TPM recovery script by faking the entire execution

7 # environment.	7 # environment.

8	8

9 rm -rf tpm_recovery_test_workdir	9 rm -rf tpm_recovery_test_workdir

10 mkdir tpm_recovery_test_workdir	10 mkdir tpm_recovery_test_workdir

11 cd tpm_recovery_test_workdir	11 cd tpm_recovery_test_workdir

12	12

13 export USR_BIN=.	13 test_kind=

14 export USR_SBIN=.	14 if [ $# -ge 1 ]; then

15 export DOT_RECOVERY=.recovery	15 test_kind="$1"

16 export ACPI_DIR=.	16 fi

17	17

18 ctr=../chromeos_tpm_recovery	18 if [ "$test_kind" != "" -a "$test_kind" != "fake" ]; then

	19 echo "$0: usage: $0 [fake]"

	20 echo "With fake as the argument, use a simulated TPM instead of the real one"

	21 fi

19	22

20 # build the permanent environment	23 if [ "$test_kind" = "fake" ]; then

	24 export USR_BIN=.

	25 export USR_SBIN=.

	26 export USR_LOCAL_BIN=.

	27 export USR_LOCAL_SBIN=.

	28 export DOT_RECOVERY=.recovery

	29 export ACPI_DIR=.

	30 ctr=../chromeos_tpm_recovery

	31 tpmc=./tpmc

	32 else

	33 ctr=/usr/sbin/chromeos_tpm_recovery

	34 tpmc=tpmc

	35 fi

	36

	37 # For simplicity, build the permanent environment as if we prepared to run the

	38 # fake test, even if we're running the test on a real TPM.

21	39

22 echo > .recovery	40 echo > .recovery

23 echo 3 > BINF.0	41 echo 3 > BINF.0

24 echo 0 > CRSW	42 echo 0 > CHSW

25	43

26 space_overhead=200	44 export NVRAM_SPACE_OVERHEAD=200

	45 space_overhead=$NVRAM_SPACE_OVERHEAD

27	46

28 # build tpmc	47 # build tpmc

29 cat > tpmc <<"EOF"	48 cat > tpmc <<"EOF"

30 #!/bin/sh -u	49 #!/bin/sh -u

31 # Fake tpmc program	50 # Fake tpmc program

32	51

33 definespace () {	52 definespace () {

34 index=$2	53 index=$2

35 size=$3	54 size=$3

36 permissions=$4	55 permissions=$4

37 space_overhead=200	56 space_overhead=$NVRAM_SPACE_OVERHEAD

38	57

39 if [ -e space.$index.data -a -e tpm-owned ]; then	58 if [ -e space.$index.data -a -e tpm-owned ]; then

40 echo "cannot redefine space without auth"	59 echo "cannot redefine space without auth"

41 fi	60 fi

42	61

43 totalsize=$(( $size + $space_overhead ))	62 totalsize=$(( $size + $space_overhead ))

44 free=$(cat nvram.freespace)	63 free=$(cat nvram.freespace)

45	64

46 if [ $totalsize -gt $free ]; then	65 if [ $totalsize -gt $free ]; then

47 echo "tpmc: definespace: need $totalsize, available $free"

48 return 17 # NO_SPACE	66 return 17 # NO_SPACE

49 fi	67 fi

50	68

51 if [ $index != 0xf004 ]; then	69 if [ $index != 0xf004 ]; then

52 echo $size > space.$index.size	70 echo $size > space.$index.size

53 echo $permissions > space.$index.perm	71 echo $permissions > space.$index.perm

54 for i in $(seq 1 $(($size))); do	72 for i in $(seq 1 $(($size))); do

55 echo -n "ff " >> space.$index.data	73 echo -n "ff " >> space.$index.data

56 done	74 done

57 echo $(( $free - $totalsize )) > nvram.freespace	75 echo $(( $free - $totalsize )) > nvram.freespace

(...skipping 77 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
135 exit 1	153 exit 1

136 ;;	154 ;;

137 esac	155 esac

138	156

139 EOF	157 EOF

140	158

141 # build nvtool	159 # build nvtool

142 cat > tpm-nvtool <<"EOF"	160 cat > tpm-nvtool <<"EOF"

143 #!/bin/sh -u	161 #!/bin/sh -u

144	162

145 space_overhead=200	163 space_overhead=$NVRAM_SPACE_OVERHEAD

146	164

147 print_space () {	165 print_space () {

148 index=$1	166 local index=$1

149 printf "# NV Index 0x%08x" $(( $index ))	167 printf "# NV Index 0x%08x" $(( $index ))

150 echo " uninteresting random garbage"	168 echo " uninteresting random garbage"

151 echo " further random garbage"	169 echo " further random garbage"

152 echo ""	170 echo ""

153 }	171 }

154	172

155 if [ "$1" = "--release" ]; then	173 if [ "$1" = "--release" ]; then

156 if [ "$2" != "--index" -o \	174 if [ "$2" != "--index" -o \

157 "$4" != "--owner_password" ]; then	175 "$4" != "--owner_password" ]; then

158 echo "sorry, picky tpm-nvtool"	176 echo "sorry, picky tpm-nvtool"

(...skipping 26 matching lines...) Expand all Loading...
185 EOF	203 EOF

186	204

187 # build tcsd	205 # build tcsd

188 cat > tcsd <<"EOF"	206 cat > tcsd <<"EOF"

189 #!/bin/sh -u	207 #!/bin/sh -u

190 trap "{ rm tcsd_is_running; }" EXIT	208 trap "{ rm tcsd_is_running; }" EXIT

191 echo > tcsd_is_running	209 echo > tcsd_is_running

192 sleep 365d	210 sleep 365d

193 EOF	211 EOF

194	212

	213 tcsd_pid=0

	214

	215 start_tcsd () {

	216 if [ $tcsd_pid -ne 0 ]; then

	217 echo TCSD is already started

	218 exit 1

	219 fi

	220 tcsd -f &

	221 tcsd_pid=$!

	222 sleep 2

	223 }

	224

	225 stop_tcsd () {

	226 if [ $tcsd_pid -eq 0 ]; then

	227 echo TCSD is already stopped

	228 exit 1

	229 fi

	230 kill $tcsd_pid

	231 sleep 0.5

	232 kill $tcsd_pid > /dev/null 2>&1

	233 sleep 0.5

	234 wait $tcsd_pid > /dev/null 2>&1 # we trust that tcsd will agree to die

	235 tcsd_pid=0

	236 }

	237

	238 tpm_clear_and_reenable () {

	239 tpmc clear

	240 tpmc enable

	241 tpmc activate

	242 }

	243

	244 takeownership () {

	245 if [ "$test_kind" = "fake" ]; then

	246 touch tpm_owned

	247 else

	248 tpm_clear_and_reenable

	249 start_tcsd

	250 tpm_takeownership -y -z

	251 stop_tcsd

	252 fi

	253 }

	254

	255 remove_chromeos_spaces () {

	256 if [ "$test_kind" = "fake" ]; then

	257 rm -f space.*

	258 echo 1500 > nvram.freespace

	259 else

	260 takeownership

	261 start_tcsd

	262 tpm-nvtool --release --index 0x1007 --owner_password ""

	263 tpm-nvtool --release --index 0x1008 --owner_password ""

	264 stop_tcsd

	265 tpm_clear_and_reenable

	266 fi

	267 }

	268

195 chmod 755 tpmc tpm-nvtool tpm_takeownership tcsd	269 chmod 755 tpmc tpm-nvtool tpm_takeownership tcsd

196	270

	271 echo "starting test, results in $(pwd)/log"

197 echo "starting TPM recovery test" > log	272 echo "starting TPM recovery test" > log

198	273

	274 if ps ax \| grep "tcs[d]"; then

	275 echo "a tcsd is process appears to be running, please kill it first"

	276 exit 1

	277 fi

	278

199 # normal run	279 # normal run

200 echo "TEST: normal run" > log	280 test_normal_run () {

	281 echo "TEST: normal run" >> log

201	282

202 echo 1500 > nvram.freespace	283 remove_chromeos_spaces

	284 $tpmc definespace 0x1007 0xa 0x8001

	285 $tpmc definespace 0x1008 0xd 0x1

	286 $tpmc write 0x1008 01 4c 57 52 47

	287 takeownership

203	288

204 ./tpmc definespace 0x1007 0xa 0x8001	289 $ctr log

205 ./tpmc definespace 0x1008 0xd 0x1	290 }

206 ./tpmc write 0x1008 01 4c 57 52 47

207 touch tpm-owned

208

209 $ctr log

210	291

211 # Kernel space with wrong ID	292 # Kernel space with wrong ID

212 echo "TEST: bad kernel space ID" >> log	293 test_wrong_id () {

	294 echo "TEST: bad kernel space ID" >> log

213	295

214 rm space.*	296 remove_chromeos_spaces

215 echo 1500 > nvram.freespace	297 $tpmc definespace 0x1007 0xa 0x8001

	298 $tpmc definespace 0x1008 0xd 0x1

	299 takeownership

216	300

217 ./tpmc definespace 0x1007 0xa 0x8001	301 $ctr log

218 ./tpmc definespace 0x1008 0xd 0x1	302 }

219 touch tpm-owned

220

221 $ctr log

222	303

223 # Kernel space with wrong size	304 # Kernel space with wrong size

224 echo "TEST: bad kernel space size" >> log	305 test_wrong_size () {

	306 echo "TEST: bad kernel space size" >> log

225	307

226 rm space.*	308 remove_chromeos_spaces

227 echo 1500 > nvram.freespace	309 $tpmc definespace 0x1007 0xa 0x8001

	310 $tpmc definespace 0x1008 0xc 0x1

	311 takeownership

228	312

229 ./tpmc definespace 0x1007 0xa 0x8001	313 $ctr log

230 ./tpmc definespace 0x1008 0xc 0x1	314 }

231 touch tpm-owned

232

233 $ctr log

234	315

235 # Kernel space with wrong size AND bogus space to exhaust nvram	316 # Kernel space with wrong size AND bogus space to exhaust nvram

236 echo "TEST: bad kernel space size and no room" >> log	317 test_wrong_size_hog () {

	318 echo "TEST: bad kernel space size and no room" >> log

237	319

238 rm space.*	320 remove_chromeos_spaces

239 echo 1500 > nvram.freespace	321 $tpmc definespace 0x1007 0xa 0x8001

	322 $tpmc definespace 0x1008 0x1 0x1

	323 if [ "$test_kind" = "fake" ]; then

	324 space_hog_size=$(( $(cat nvram.freespace) - $space_overhead - 1 ))

	325 echo "remaining $(cat nvram.freespace) bytes" >> log

	326 else

	327 space_hog_size=$(( $(tpm-nvsize) - 2 ))

	328 fi

	329 echo "hogging $(( $space_hog_size )) bytes" >> log

	330 $tpmc definespace 0xcafe $(printf "0x%x" $space_hog_size) 0x1 \

	331 \|\| echo "hogging failed!" >> log

	332 takeownership

240	333

241 ./tpmc definespace 0x1007 0xa 0x8001	334 $ctr log

242 ./tpmc definespace 0x1008 0x1 0x1	335 }

243 space_hog_size=$(printf "0x%x" \

244 $(( $(cat nvram.freespace) - $space_overhead - 1 )) )

245 echo "remaining $(cat nvram.freespace) bytes" >> log

246 echo "hogging $(( $space_hog_size )) bytes" >> log

247 ./tpmc definespace 0xcafe $space_hog_size 0x1 \|\| echo "hogging failed!" >> log

248 touch tpm-owned

249	336

250 $ctr log	337 test_normal_run

	338 test_wrong_id

	339 test_wrong_size

	340 test_wrong_size_hog

	341

	342 echo "test completed" >> log

	343 echo "test completed"

OLD	NEW

« no previous file with comments | « utility/chromeos_tpm_recovery ('k') | utility/tpm-nvsize » ('j') | no next file with comments »