OLD | NEW |
1 #!/bin/sh -u | 1 #!/bin/sh -u |
2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 # | 5 # |
6 # Test the chromeos TPM recovery script by faking the entire execution | 6 # Test the chromeos TPM recovery script by faking the entire execution |
7 # environment. | 7 # environment. |
8 | 8 |
9 rm -rf tpm_recovery_test_workdir | 9 rm -rf tpm_recovery_test_workdir |
10 mkdir tpm_recovery_test_workdir | 10 mkdir tpm_recovery_test_workdir |
11 cd tpm_recovery_test_workdir | 11 cd tpm_recovery_test_workdir |
12 | 12 |
13 export USR_BIN=. | 13 test_kind= |
14 export USR_SBIN=. | 14 if [ $# -ge 1 ]; then |
15 export DOT_RECOVERY=.recovery | 15 test_kind="$1" |
16 export ACPI_DIR=. | 16 fi |
17 | 17 |
18 ctr=../chromeos_tpm_recovery | 18 if [ "$test_kind" != "" -a "$test_kind" != "fake" ]; then |
| 19 echo "$0: usage: $0 [fake]" |
| 20 echo "With fake as the argument, use a simulated TPM instead of the real one" |
| 21 fi |
19 | 22 |
20 # build the permanent environment | 23 if [ "$test_kind" = "fake" ]; then |
| 24 export USR_BIN=. |
| 25 export USR_SBIN=. |
| 26 export USR_LOCAL_BIN=. |
| 27 export USR_LOCAL_SBIN=. |
| 28 export DOT_RECOVERY=.recovery |
| 29 export ACPI_DIR=. |
| 30 ctr=../chromeos_tpm_recovery |
| 31 tpmc=./tpmc |
| 32 else |
| 33 ctr=/usr/sbin/chromeos_tpm_recovery |
| 34 tpmc=tpmc |
| 35 fi |
| 36 |
| 37 # For simplicity, build the permanent environment as if we prepared to run the |
| 38 # fake test, even if we're running the test on a real TPM. |
21 | 39 |
22 echo > .recovery | 40 echo > .recovery |
23 echo 3 > BINF.0 | 41 echo 3 > BINF.0 |
24 echo 0 > CRSW | 42 echo 0 > CHSW |
25 | 43 |
26 space_overhead=200 | 44 export NVRAM_SPACE_OVERHEAD=200 |
| 45 space_overhead=$NVRAM_SPACE_OVERHEAD |
27 | 46 |
28 # build tpmc | 47 # build tpmc |
29 cat > tpmc <<"EOF" | 48 cat > tpmc <<"EOF" |
30 #!/bin/sh -u | 49 #!/bin/sh -u |
31 # Fake tpmc program | 50 # Fake tpmc program |
32 | 51 |
33 definespace () { | 52 definespace () { |
34 index=$2 | 53 index=$2 |
35 size=$3 | 54 size=$3 |
36 permissions=$4 | 55 permissions=$4 |
37 space_overhead=200 | 56 space_overhead=$NVRAM_SPACE_OVERHEAD |
38 | 57 |
39 if [ -e space.$index.data -a -e tpm-owned ]; then | 58 if [ -e space.$index.data -a -e tpm-owned ]; then |
40 echo "cannot redefine space without auth" | 59 echo "cannot redefine space without auth" |
41 fi | 60 fi |
42 | 61 |
43 totalsize=$(( $size + $space_overhead )) | 62 totalsize=$(( $size + $space_overhead )) |
44 free=$(cat nvram.freespace) | 63 free=$(cat nvram.freespace) |
45 | 64 |
46 if [ $totalsize -gt $free ]; then | 65 if [ $totalsize -gt $free ]; then |
47 echo "tpmc: definespace: need $totalsize, available $free" | |
48 return 17 # NO_SPACE | 66 return 17 # NO_SPACE |
49 fi | 67 fi |
50 | 68 |
51 if [ $index != 0xf004 ]; then | 69 if [ $index != 0xf004 ]; then |
52 echo $size > space.$index.size | 70 echo $size > space.$index.size |
53 echo $permissions > space.$index.perm | 71 echo $permissions > space.$index.perm |
54 for i in $(seq 1 $(($size))); do | 72 for i in $(seq 1 $(($size))); do |
55 echo -n "ff " >> space.$index.data | 73 echo -n "ff " >> space.$index.data |
56 done | 74 done |
57 echo $(( $free - $totalsize )) > nvram.freespace | 75 echo $(( $free - $totalsize )) > nvram.freespace |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
135 exit 1 | 153 exit 1 |
136 ;; | 154 ;; |
137 esac | 155 esac |
138 | 156 |
139 EOF | 157 EOF |
140 | 158 |
141 # build nvtool | 159 # build nvtool |
142 cat > tpm-nvtool <<"EOF" | 160 cat > tpm-nvtool <<"EOF" |
143 #!/bin/sh -u | 161 #!/bin/sh -u |
144 | 162 |
145 space_overhead=200 | 163 space_overhead=$NVRAM_SPACE_OVERHEAD |
146 | 164 |
147 print_space () { | 165 print_space () { |
148 index=$1 | 166 local index=$1 |
149 printf "# NV Index 0x%08x" $(( $index )) | 167 printf "# NV Index 0x%08x" $(( $index )) |
150 echo " uninteresting random garbage" | 168 echo " uninteresting random garbage" |
151 echo " further random garbage" | 169 echo " further random garbage" |
152 echo "" | 170 echo "" |
153 } | 171 } |
154 | 172 |
155 if [ "$1" = "--release" ]; then | 173 if [ "$1" = "--release" ]; then |
156 if [ "$2" != "--index" -o \ | 174 if [ "$2" != "--index" -o \ |
157 "$4" != "--owner_password" ]; then | 175 "$4" != "--owner_password" ]; then |
158 echo "sorry, picky tpm-nvtool" | 176 echo "sorry, picky tpm-nvtool" |
(...skipping 26 matching lines...) Expand all Loading... |
185 EOF | 203 EOF |
186 | 204 |
187 # build tcsd | 205 # build tcsd |
188 cat > tcsd <<"EOF" | 206 cat > tcsd <<"EOF" |
189 #!/bin/sh -u | 207 #!/bin/sh -u |
190 trap "{ rm tcsd_is_running; }" EXIT | 208 trap "{ rm tcsd_is_running; }" EXIT |
191 echo > tcsd_is_running | 209 echo > tcsd_is_running |
192 sleep 365d | 210 sleep 365d |
193 EOF | 211 EOF |
194 | 212 |
| 213 tcsd_pid=0 |
| 214 |
| 215 start_tcsd () { |
| 216 if [ $tcsd_pid -ne 0 ]; then |
| 217 echo TCSD is already started |
| 218 exit 1 |
| 219 fi |
| 220 tcsd -f & |
| 221 tcsd_pid=$! |
| 222 sleep 2 |
| 223 } |
| 224 |
| 225 stop_tcsd () { |
| 226 if [ $tcsd_pid -eq 0 ]; then |
| 227 echo TCSD is already stopped |
| 228 exit 1 |
| 229 fi |
| 230 kill $tcsd_pid |
| 231 sleep 0.5 |
| 232 kill $tcsd_pid > /dev/null 2>&1 |
| 233 sleep 0.5 |
| 234 wait $tcsd_pid > /dev/null 2>&1 # we trust that tcsd will agree to die |
| 235 tcsd_pid=0 |
| 236 } |
| 237 |
| 238 tpm_clear_and_reenable () { |
| 239 tpmc clear |
| 240 tpmc enable |
| 241 tpmc activate |
| 242 } |
| 243 |
| 244 takeownership () { |
| 245 if [ "$test_kind" = "fake" ]; then |
| 246 touch tpm_owned |
| 247 else |
| 248 tpm_clear_and_reenable |
| 249 start_tcsd |
| 250 tpm_takeownership -y -z |
| 251 stop_tcsd |
| 252 fi |
| 253 } |
| 254 |
| 255 remove_chromeos_spaces () { |
| 256 if [ "$test_kind" = "fake" ]; then |
| 257 rm -f space.* |
| 258 echo 1500 > nvram.freespace |
| 259 else |
| 260 takeownership |
| 261 start_tcsd |
| 262 tpm-nvtool --release --index 0x1007 --owner_password "" |
| 263 tpm-nvtool --release --index 0x1008 --owner_password "" |
| 264 stop_tcsd |
| 265 tpm_clear_and_reenable |
| 266 fi |
| 267 } |
| 268 |
195 chmod 755 tpmc tpm-nvtool tpm_takeownership tcsd | 269 chmod 755 tpmc tpm-nvtool tpm_takeownership tcsd |
196 | 270 |
| 271 echo "starting test, results in $(pwd)/log" |
197 echo "starting TPM recovery test" > log | 272 echo "starting TPM recovery test" > log |
198 | 273 |
| 274 if ps ax | grep "tcs[d]"; then |
| 275 echo "a tcsd is process appears to be running, please kill it first" |
| 276 exit 1 |
| 277 fi |
| 278 |
199 # normal run | 279 # normal run |
200 echo "TEST: normal run" > log | 280 test_normal_run () { |
| 281 echo "TEST: normal run" >> log |
201 | 282 |
202 echo 1500 > nvram.freespace | 283 remove_chromeos_spaces |
| 284 $tpmc definespace 0x1007 0xa 0x8001 |
| 285 $tpmc definespace 0x1008 0xd 0x1 |
| 286 $tpmc write 0x1008 01 4c 57 52 47 |
| 287 takeownership |
203 | 288 |
204 ./tpmc definespace 0x1007 0xa 0x8001 | 289 $ctr log |
205 ./tpmc definespace 0x1008 0xd 0x1 | 290 } |
206 ./tpmc write 0x1008 01 4c 57 52 47 | |
207 touch tpm-owned | |
208 | |
209 $ctr log | |
210 | 291 |
211 # Kernel space with wrong ID | 292 # Kernel space with wrong ID |
212 echo "TEST: bad kernel space ID" >> log | 293 test_wrong_id () { |
| 294 echo "TEST: bad kernel space ID" >> log |
213 | 295 |
214 rm space.* | 296 remove_chromeos_spaces |
215 echo 1500 > nvram.freespace | 297 $tpmc definespace 0x1007 0xa 0x8001 |
| 298 $tpmc definespace 0x1008 0xd 0x1 |
| 299 takeownership |
216 | 300 |
217 ./tpmc definespace 0x1007 0xa 0x8001 | 301 $ctr log |
218 ./tpmc definespace 0x1008 0xd 0x1 | 302 } |
219 touch tpm-owned | |
220 | |
221 $ctr log | |
222 | 303 |
223 # Kernel space with wrong size | 304 # Kernel space with wrong size |
224 echo "TEST: bad kernel space size" >> log | 305 test_wrong_size () { |
| 306 echo "TEST: bad kernel space size" >> log |
225 | 307 |
226 rm space.* | 308 remove_chromeos_spaces |
227 echo 1500 > nvram.freespace | 309 $tpmc definespace 0x1007 0xa 0x8001 |
| 310 $tpmc definespace 0x1008 0xc 0x1 |
| 311 takeownership |
228 | 312 |
229 ./tpmc definespace 0x1007 0xa 0x8001 | 313 $ctr log |
230 ./tpmc definespace 0x1008 0xc 0x1 | 314 } |
231 touch tpm-owned | |
232 | |
233 $ctr log | |
234 | 315 |
235 # Kernel space with wrong size AND bogus space to exhaust nvram | 316 # Kernel space with wrong size AND bogus space to exhaust nvram |
236 echo "TEST: bad kernel space size and no room" >> log | 317 test_wrong_size_hog () { |
| 318 echo "TEST: bad kernel space size and no room" >> log |
237 | 319 |
238 rm space.* | 320 remove_chromeos_spaces |
239 echo 1500 > nvram.freespace | 321 $tpmc definespace 0x1007 0xa 0x8001 |
| 322 $tpmc definespace 0x1008 0x1 0x1 |
| 323 if [ "$test_kind" = "fake" ]; then |
| 324 space_hog_size=$(( $(cat nvram.freespace) - $space_overhead - 1 )) |
| 325 echo "remaining $(cat nvram.freespace) bytes" >> log |
| 326 else |
| 327 space_hog_size=$(( $(tpm-nvsize) - 2 )) |
| 328 fi |
| 329 echo "hogging $(( $space_hog_size )) bytes" >> log |
| 330 $tpmc definespace 0xcafe $(printf "0x%x" $space_hog_size) 0x1 \ |
| 331 || echo "hogging failed!" >> log |
| 332 takeownership |
240 | 333 |
241 ./tpmc definespace 0x1007 0xa 0x8001 | 334 $ctr log |
242 ./tpmc definespace 0x1008 0x1 0x1 | 335 } |
243 space_hog_size=$(printf "0x%x" \ | |
244 $(( $(cat nvram.freespace) - $space_overhead - 1 )) ) | |
245 echo "remaining $(cat nvram.freespace) bytes" >> log | |
246 echo "hogging $(( $space_hog_size )) bytes" >> log | |
247 ./tpmc definespace 0xcafe $space_hog_size 0x1 || echo "hogging failed!" >> log | |
248 touch tpm-owned | |
249 | 336 |
250 $ctr log | 337 test_normal_run |
| 338 test_wrong_id |
| 339 test_wrong_size |
| 340 test_wrong_size_hog |
| 341 |
| 342 echo "test completed" >> log |
| 343 echo "test completed" |
OLD | NEW |