| Index: utility/chromeos_tpm_recovery_test
|
| diff --git a/utility/chromeos_tpm_recovery_test b/utility/chromeos_tpm_recovery_test
|
| index b73bfe6e1905bc15f8df5e91f720c86ec61129c6..4e6a5d85f5665ccb6ce70746ca92de7c8c02d997 100755
|
| --- a/utility/chromeos_tpm_recovery_test
|
| +++ b/utility/chromeos_tpm_recovery_test
|
| @@ -10,20 +10,39 @@ rm -rf tpm_recovery_test_workdir
|
| mkdir tpm_recovery_test_workdir
|
| cd tpm_recovery_test_workdir
|
|
|
| -export USR_BIN=.
|
| -export USR_SBIN=.
|
| -export DOT_RECOVERY=.recovery
|
| -export ACPI_DIR=.
|
| +test_kind=
|
| +if [ $# -ge 1 ]; then
|
| + test_kind="$1"
|
| +fi
|
| +
|
| +if [ "$test_kind" != "" -a "$test_kind" != "fake" ]; then
|
| + echo "$0: usage: $0 [fake]"
|
| + echo "With fake as the argument, use a simulated TPM instead of the real one"
|
| +fi
|
|
|
| -ctr=../chromeos_tpm_recovery
|
| +if [ "$test_kind" = "fake" ]; then
|
| + export USR_BIN=.
|
| + export USR_SBIN=.
|
| + export USR_LOCAL_BIN=.
|
| + export USR_LOCAL_SBIN=.
|
| + export DOT_RECOVERY=.recovery
|
| + export ACPI_DIR=.
|
| + ctr=../chromeos_tpm_recovery
|
| + tpmc=./tpmc
|
| +else
|
| + ctr=/usr/sbin/chromeos_tpm_recovery
|
| + tpmc=tpmc
|
| +fi
|
|
|
| -# build the permanent environment
|
| +# For simplicity, build the permanent environment as if we prepared to run the
|
| +# fake test, even if we're running the test on a real TPM.
|
|
|
| echo > .recovery
|
| echo 3 > BINF.0
|
| -echo 0 > CRSW
|
| +echo 0 > CHSW
|
|
|
| -space_overhead=200
|
| +export NVRAM_SPACE_OVERHEAD=200
|
| +space_overhead=$NVRAM_SPACE_OVERHEAD
|
|
|
| # build tpmc
|
| cat > tpmc <<"EOF"
|
| @@ -34,7 +53,7 @@ definespace () {
|
| index=$2
|
| size=$3
|
| permissions=$4
|
| - space_overhead=200
|
| + space_overhead=$NVRAM_SPACE_OVERHEAD
|
|
|
| if [ -e space.$index.data -a -e tpm-owned ]; then
|
| echo "cannot redefine space without auth"
|
| @@ -44,7 +63,6 @@ definespace () {
|
| free=$(cat nvram.freespace)
|
|
|
| if [ $totalsize -gt $free ]; then
|
| - echo "tpmc: definespace: need $totalsize, available $free"
|
| return 17 # NO_SPACE
|
| fi
|
|
|
| @@ -142,10 +160,10 @@ EOF
|
| cat > tpm-nvtool <<"EOF"
|
| #!/bin/sh -u
|
|
|
| -space_overhead=200
|
| +space_overhead=$NVRAM_SPACE_OVERHEAD
|
|
|
| print_space () {
|
| - index=$1
|
| + local index=$1
|
| printf "# NV Index 0x%08x" $(( $index ))
|
| echo " uninteresting random garbage"
|
| echo " further random garbage"
|
| @@ -192,59 +210,134 @@ echo > tcsd_is_running
|
| sleep 365d
|
| EOF
|
|
|
| +tcsd_pid=0
|
| +
|
| +start_tcsd () {
|
| + if [ $tcsd_pid -ne 0 ]; then
|
| + echo TCSD is already started
|
| + exit 1
|
| + fi
|
| + tcsd -f &
|
| + tcsd_pid=$!
|
| + sleep 2
|
| +}
|
| +
|
| +stop_tcsd () {
|
| + if [ $tcsd_pid -eq 0 ]; then
|
| + echo TCSD is already stopped
|
| + exit 1
|
| + fi
|
| + kill $tcsd_pid
|
| + sleep 0.5
|
| + kill $tcsd_pid > /dev/null 2>&1
|
| + sleep 0.5
|
| + wait $tcsd_pid > /dev/null 2>&1 # we trust that tcsd will agree to die
|
| + tcsd_pid=0
|
| +}
|
| +
|
| +tpm_clear_and_reenable () {
|
| + tpmc clear
|
| + tpmc enable
|
| + tpmc activate
|
| +}
|
| +
|
| +takeownership () {
|
| + if [ "$test_kind" = "fake" ]; then
|
| + touch tpm_owned
|
| + else
|
| + tpm_clear_and_reenable
|
| + start_tcsd
|
| + tpm_takeownership -y -z
|
| + stop_tcsd
|
| + fi
|
| +}
|
| +
|
| +remove_chromeos_spaces () {
|
| + if [ "$test_kind" = "fake" ]; then
|
| + rm -f space.*
|
| + echo 1500 > nvram.freespace
|
| + else
|
| + takeownership
|
| + start_tcsd
|
| + tpm-nvtool --release --index 0x1007 --owner_password ""
|
| + tpm-nvtool --release --index 0x1008 --owner_password ""
|
| + stop_tcsd
|
| + tpm_clear_and_reenable
|
| + fi
|
| +}
|
| +
|
| chmod 755 tpmc tpm-nvtool tpm_takeownership tcsd
|
|
|
| +echo "starting test, results in $(pwd)/log"
|
| echo "starting TPM recovery test" > log
|
|
|
| -# normal run
|
| -echo "TEST: normal run" > log
|
| +if ps ax | grep "tcs[d]"; then
|
| + echo "a tcsd is process appears to be running, please kill it first"
|
| + exit 1
|
| +fi
|
|
|
| -echo 1500 > nvram.freespace
|
| +# normal run
|
| +test_normal_run () {
|
| + echo "TEST: normal run" >> log
|
|
|
| -./tpmc definespace 0x1007 0xa 0x8001
|
| -./tpmc definespace 0x1008 0xd 0x1
|
| -./tpmc write 0x1008 01 4c 57 52 47
|
| -touch tpm-owned
|
| + remove_chromeos_spaces
|
| + $tpmc definespace 0x1007 0xa 0x8001
|
| + $tpmc definespace 0x1008 0xd 0x1
|
| + $tpmc write 0x1008 01 4c 57 52 47
|
| + takeownership
|
|
|
| -$ctr log
|
| + $ctr log
|
| +}
|
|
|
| # Kernel space with wrong ID
|
| -echo "TEST: bad kernel space ID" >> log
|
| +test_wrong_id () {
|
| + echo "TEST: bad kernel space ID" >> log
|
|
|
| -rm space.*
|
| -echo 1500 > nvram.freespace
|
| + remove_chromeos_spaces
|
| + $tpmc definespace 0x1007 0xa 0x8001
|
| + $tpmc definespace 0x1008 0xd 0x1
|
| + takeownership
|
|
|
| -./tpmc definespace 0x1007 0xa 0x8001
|
| -./tpmc definespace 0x1008 0xd 0x1
|
| -touch tpm-owned
|
| -
|
| -$ctr log
|
| + $ctr log
|
| +}
|
|
|
| # Kernel space with wrong size
|
| -echo "TEST: bad kernel space size" >> log
|
| +test_wrong_size () {
|
| + echo "TEST: bad kernel space size" >> log
|
|
|
| -rm space.*
|
| -echo 1500 > nvram.freespace
|
| + remove_chromeos_spaces
|
| + $tpmc definespace 0x1007 0xa 0x8001
|
| + $tpmc definespace 0x1008 0xc 0x1
|
| + takeownership
|
|
|
| -./tpmc definespace 0x1007 0xa 0x8001
|
| -./tpmc definespace 0x1008 0xc 0x1
|
| -touch tpm-owned
|
| -
|
| -$ctr log
|
| + $ctr log
|
| +}
|
|
|
| # Kernel space with wrong size AND bogus space to exhaust nvram
|
| -echo "TEST: bad kernel space size and no room" >> log
|
| +test_wrong_size_hog () {
|
| + echo "TEST: bad kernel space size and no room" >> log
|
| +
|
| + remove_chromeos_spaces
|
| + $tpmc definespace 0x1007 0xa 0x8001
|
| + $tpmc definespace 0x1008 0x1 0x1
|
| + if [ "$test_kind" = "fake" ]; then
|
| + space_hog_size=$(( $(cat nvram.freespace) - $space_overhead - 1 ))
|
| + echo "remaining $(cat nvram.freespace) bytes" >> log
|
| + else
|
| + space_hog_size=$(( $(tpm-nvsize) - 2 ))
|
| + fi
|
| + echo "hogging $(( $space_hog_size )) bytes" >> log
|
| + $tpmc definespace 0xcafe $(printf "0x%x" $space_hog_size) 0x1 \
|
| + || echo "hogging failed!" >> log
|
| + takeownership
|
|
|
| -rm space.*
|
| -echo 1500 > nvram.freespace
|
| + $ctr log
|
| +}
|
|
|
| -./tpmc definespace 0x1007 0xa 0x8001
|
| -./tpmc definespace 0x1008 0x1 0x1
|
| -space_hog_size=$(printf "0x%x" \
|
| - $(( $(cat nvram.freespace) - $space_overhead - 1 )) )
|
| -echo "remaining $(cat nvram.freespace) bytes" >> log
|
| -echo "hogging $(( $space_hog_size )) bytes" >> log
|
| -./tpmc definespace 0xcafe $space_hog_size 0x1 || echo "hogging failed!" >> log
|
| -touch tpm-owned
|
| +test_normal_run
|
| +test_wrong_id
|
| +test_wrong_size
|
| +test_wrong_size_hog
|
|
|
| -$ctr log
|
| +echo "test completed" >> log
|
| +echo "test completed"
|
|
|
Chromium Code Reviews
Issue 4087012:
Test the tpm recovery script with a real TPM. (Closed)
Base URL: http://git.chromium.org/git/vboot_reference.git