| OLD | NEW |
|---|
| 1 #!/bin/sh -u | 1 #!/bin/sh -u |
| 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 # | 5 # |
| 6 # Test the chromeos TPM recovery script by faking the entire execution | 6 # Test the chromeos TPM recovery script by faking the entire execution |
| 7 # environment. | 7 # environment. |
| 8 | 8 |
| 9 rm -rf tpm_recovery_test_workdir | 9 rm -rf tpm_recovery_test_workdir |
| 10 mkdir tpm_recovery_test_workdir | 10 mkdir tpm_recovery_test_workdir |
| 11 cd tpm_recovery_test_workdir | 11 cd tpm_recovery_test_workdir |
| 12 | 12 |
| 13 export USR_BIN=. | 13 export USR_BIN=. |
| 14 export USR_SBIN=. | 14 export USR_SBIN=. |
| 15 export DOT_RECOVERY=.recovery | 15 export DOT_RECOVERY=.recovery |
| 16 export ACPI_DIR=. | 16 export ACPI_DIR=. |
| 17 | 17 |
| 18 ctr=../chromeos_tpm_recovery | 18 ctr=../chromeos_tpm_recovery |
| 19 | 19 |
| 20 # build the permanent environment | 20 # build the permanent environment |
| 21 | 21 |
| 22 echo > .recovery | 22 echo > .recovery |
| 23 echo 3 > BINF.0 | 23 echo 3 > BINF.0 |
| 24 echo 0 > CRSW | 24 echo 0 > CRSW |
| 25 | 25 |
| 26 space_overhead=200 |
| 27 |
| 26 # build tpmc | 28 # build tpmc |
| 27 cat > tpmc <<"EOF" | 29 cat > tpmc <<"EOF" |
| 28 #!/bin/sh -u | 30 #!/bin/sh -u |
| 29 # Fake tpmc program | 31 # Fake tpmc program |
| 30 | 32 |
| 31 definespace () { | 33 definespace () { |
| 32 index=$2 | 34 index=$2 |
| 33 size=$3 | 35 size=$3 |
| 34 permissions=$4 | 36 permissions=$4 |
| 37 space_overhead=200 |
| 35 | 38 |
| 36 if [ -e space.$index.data -a -e tpm-owned ]; then | 39 if [ -e space.$index.data -a -e tpm-owned ]; then |
| 37 echo "cannot redefine space without auth" | 40 echo "cannot redefine space without auth" |
| 38 fi | 41 fi |
| 39 | 42 |
| 43 totalsize=$(( $size + $space_overhead )) |
| 44 free=$(cat nvram.freespace) |
| 45 |
| 46 if [ $totalsize -gt $free ]; then |
| 47 echo "tpmc: definespace: need $totalsize, available $free" |
| 48 return 17 # NO_SPACE |
| 49 fi |
| 50 |
| 40 if [ $index != 0xf004 ]; then | 51 if [ $index != 0xf004 ]; then |
| 41 echo $size > space.$index.size | 52 echo $size > space.$index.size |
| 42 echo $permissions > space.$index.perm | 53 echo $permissions > space.$index.perm |
| 43 for i in $(seq 1 $(($size))); do | 54 for i in $(seq 1 $(($size))); do |
| 44 echo -n "ff " >> space.$index.data | 55 echo -n "ff " >> space.$index.data |
| 45 done | 56 done |
| 57 echo $(( $free - $totalsize )) > nvram.freespace |
| 46 fi | 58 fi |
| 47 return 0 | 59 return 0 |
| 48 } | 60 } |
| 49 | 61 |
| 50 case $1 in | 62 case $1 in |
| 51 | 63 |
| 52 clear) | 64 clear) |
| 53 rm -f tpm-owned | 65 rm -f tpm-owned |
| 54 ;; | 66 ;; |
| 55 | 67 |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 123 exit 1 | 135 exit 1 |
| 124 ;; | 136 ;; |
| 125 esac | 137 esac |
| 126 | 138 |
| 127 EOF | 139 EOF |
| 128 | 140 |
| 129 # build nvtool | 141 # build nvtool |
| 130 cat > tpm-nvtool <<"EOF" | 142 cat > tpm-nvtool <<"EOF" |
| 131 #!/bin/sh -u | 143 #!/bin/sh -u |
| 132 | 144 |
| 145 space_overhead=200 |
| 146 |
| 133 print_space () { | 147 print_space () { |
| 134 index=$1 | 148 index=$1 |
| 135 echo "# NV Index $index" | 149 printf "# NV Index 0x%08x" $(( $index )) |
| 136 echo " uninteresting random garbage" | 150 echo " uninteresting random garbage" |
| 137 echo " further random garbage" | 151 echo " further random garbage" |
| 138 echo "" | 152 echo "" |
| 139 } | 153 } |
| 140 | 154 |
| 141 if [ "$1" = "--release" ]; then | 155 if [ "$1" = "--release" ]; then |
| 142 if [ "$2" != "--index" -o \ | 156 if [ "$2" != "--index" -o \ |
| 143 "$4" != "--owner_password" ]; then | 157 "$4" != "--owner_password" ]; then |
| 144 echo "sorry, picky tpm-nvtool" | 158 echo "sorry, picky tpm-nvtool" |
| 145 exit 1 | 159 exit 1 |
| 146 fi | 160 fi |
| 147 index=$3 | 161 index=$3 |
| 148 if [ ! -f tpm-owned ]; then | 162 if [ ! -f tpm-owned ]; then |
| 149 echo "tpm is unowned" | 163 echo "tpm is unowned" |
| 150 exit 1 | 164 exit 1 |
| 151 fi | 165 fi |
| 166 size=$(cat space.$index.size) |
| 167 free=$(cat nvram.freespace) |
| 152 rm space.$index.* | 168 rm space.$index.* |
| 169 echo $(( $size + $space_overhead + $free )) > nvram.freespace |
| 153 elif [ "$1" = "--list" ]; then | 170 elif [ "$1" = "--list" ]; then |
| 154 for s in space.*.data; do | 171 for s in space.*.data; do |
| 155 print_space $(echo $s | sed -e "s/[^.]*\.//" -e "s/\..*//") | 172 print_space $(echo $s | sed -e "s/[^.]*\.//" -e "s/\..*//") |
| 156 done | 173 done |
| 157 fi | 174 fi |
| 158 EOF | 175 EOF |
| 159 | 176 |
| 160 # build tpm_takeownership | 177 # build tpm_takeownership |
| 161 cat > tpm_takeownership <<"EOF" | 178 cat > tpm_takeownership <<"EOF" |
| 162 #!/bin/sh -u | 179 #!/bin/sh -u |
| (...skipping 10 matching lines...) Expand all Loading... |
| 173 trap "{ rm tcsd_is_running; }" EXIT | 190 trap "{ rm tcsd_is_running; }" EXIT |
| 174 echo > tcsd_is_running | 191 echo > tcsd_is_running |
| 175 sleep 365d | 192 sleep 365d |
| 176 EOF | 193 EOF |
| 177 | 194 |
| 178 chmod 755 tpmc tpm-nvtool tpm_takeownership tcsd | 195 chmod 755 tpmc tpm-nvtool tpm_takeownership tcsd |
| 179 | 196 |
| 180 echo "starting TPM recovery test" > log | 197 echo "starting TPM recovery test" > log |
| 181 | 198 |
| 182 # normal run | 199 # normal run |
| 200 echo "TEST: normal run" > log |
| 201 |
| 202 echo 1500 > nvram.freespace |
| 183 | 203 |
| 184 ./tpmc definespace 0x1007 0xa 0x8001 | 204 ./tpmc definespace 0x1007 0xa 0x8001 |
| 185 ./tpmc definespace 0x1008 0xd 0x1 | 205 ./tpmc definespace 0x1008 0xd 0x1 |
| 186 ./tpmc write 0x1008 01 4c 57 52 47 | 206 ./tpmc write 0x1008 01 4c 57 52 47 |
| 187 touch tpm-owned | 207 touch tpm-owned |
| 188 | 208 |
| 189 echo "TEST: normal run" > log | |
| 190 $ctr log | 209 $ctr log |
| 191 | 210 |
| 192 # attempt to hijack kernel space | 211 # Kernel space with wrong ID |
| 212 echo "TEST: bad kernel space ID" >> log |
| 193 | 213 |
| 194 rm space.* | 214 rm space.* |
| 215 echo 1500 > nvram.freespace |
| 195 | 216 |
| 196 ./tpmc definespace 0x1007 0xa 0x8001 | 217 ./tpmc definespace 0x1007 0xa 0x8001 |
| 197 ./tpmc definespace 0x1008 0xd 0x1 | 218 ./tpmc definespace 0x1008 0xd 0x1 |
| 198 touch tpm-owned | 219 touch tpm-owned |
| 199 | 220 |
| 200 echo "TEST: bad kernel space ID" >> log | |
| 201 $ctr log | 221 $ctr log |
| 202 | 222 |
| 203 # attempt to hijack kernel space | 223 # Kernel space with wrong size |
| 224 echo "TEST: bad kernel space size" >> log |
| 204 | 225 |
| 205 rm space.* | 226 rm space.* |
| 227 echo 1500 > nvram.freespace |
| 206 | 228 |
| 207 ./tpmc definespace 0x1007 0xa 0x8001 | 229 ./tpmc definespace 0x1007 0xa 0x8001 |
| 208 ./tpmc definespace 0x1008 0xc 0x1 | 230 ./tpmc definespace 0x1008 0xc 0x1 |
| 209 touch tpm-owned | 231 touch tpm-owned |
| 210 | 232 |
| 211 echo "TEST: bad kernel space size" >> log | |
| 212 $ctr log | 233 $ctr log |
| 213 | 234 |
| 235 # Kernel space with wrong size AND bogus space to exhaust nvram |
| 236 echo "TEST: bad kernel space size and no room" >> log |
| 237 |
| 238 rm space.* |
| 239 echo 1500 > nvram.freespace |
| 240 |
| 241 ./tpmc definespace 0x1007 0xa 0x8001 |
| 242 ./tpmc definespace 0x1008 0x1 0x1 |
| 243 space_hog_size=$(printf "0x%x" \ |
| 244 $(( $(cat nvram.freespace) - $space_overhead - 1 )) ) |
| 245 echo "remaining $(cat nvram.freespace) bytes" >> log |
| 246 echo "hogging $(( $space_hog_size )) bytes" >> log |
| 247 ./tpmc definespace 0xcafe $space_hog_size 0x1 || echo "hogging failed!" >> log |
| 248 touch tpm-owned |
| 249 |
| 250 $ctr log |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4183005:
Add NVRAM size limit to nano-emulator and add test to recover from NVRAM hog attack. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git