[PATCH] tpm: Add TPM2_GetTestResult command support

Simon Glass sjg at chromium.org
Mon Jul 3 15:30:53 CEST 2023 

Hi Julia,

On Mon, 3 Jul 2023 at 14:03, Julia Daxenberger
<julia.daxenberger at infineon.com> wrote:
>
> Add TPM2_GetTestResult command support and change the command file and the
> help accordingly. Add Python tests and sandbox driver functionality.
>
> The TPM2_GetTestResult command is performed after the TPM2_SelfTest command
> and returns manufacturer-specific information regarding the results of the
> self-test and an indication of the test status.
>
> Signed-off-by: Julia Daxenberger <julia.daxenberger at infineon.com>
> ---
>  cmd/tpm-v2.c                   | 60 +++++++++++++++++++++++++
>  drivers/tpm/tpm2_tis_sandbox.c | 47 ++++++++++++++++++-
>  include/tpm-v2.h               | 23 ++++++++++
>  lib/tpm-v2.c                   | 82 ++++++++++++++++++++++++++++++++++
>  test/py/tests/test_tpm2.py     | 50 +++++++++++++++++++++
>  5 files changed, 261 insertions(+), 1 deletion(-)
>

Reviewed-by: Simon Glass <sjg at chromium.org>


See below

[..]

> diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
> index d2ad6f9e73..aad1d7a55b 100644
> --- a/test/py/tests/test_tpm2.py
> +++ b/test/py/tests/test_tpm2.py
> @@ -1,6 +1,7 @@
>  # SPDX-License-Identifier: GPL-2.0+
>  # Copyright (c) 2018, Bootlin
>  # Author: Miquel Raynal <miquel.raynal at bootlin.com>
> +# Copyright (C) 2023 Infineon Technologies AG
>
>  import os.path
>  import pytest
> @@ -316,3 +317,52 @@ def test_tpm2_cleanup(u_boot_console):
>      """Ensure the TPM is cleared from password or test related configuration."""
>
>      force_init(u_boot_console, True)
> +
> + at pytest.mark.buildconfigspec('cmd_tpm_v2')
> +def test_tpm2_get_test_result(u_boot_console):
> +    """Execute a TPM_GetTestResult command.
> +
> +    Ask the TPM to get the test result of the self test.
> +    Display the Test Result and Test Result Data.
> +
> +    Expected default return value of tpm2_get_test_result, if the TPM has not been initialized:
> +    - TPM2_RC_INITIALIZE = TPM2_RC_VER1 + 0x0000 = 0x00000100.
> +
> +    Expected default value for test_result:
> +    - TPM_RC_NEEDS_TEST = 0x00000153, if tpm2 self_test has not been executed.
> +    - TPM_RC_SUCCESS = 0x00000000, if testing is complete without functional failures.
> +
> +    There is no expected default value for the test result data because it would depend on the chip
> +    used. The test result data is therefore not tested.
> +    """
> +    if is_sandbox(u_boot_console):
> +        u_boot_console.restart_uboot()

We should get rid of this somehow. We don't want sandbox rebooting
inthe middle of a test. It makes debugging painful, apart from
anything else. What TPM state needs to be reset?

Looking at tpm2_tis_sandbox.c it is probably the s_state variable. The
TPM state can be preserved across runs and is stored in the state
file.

But if the state file is not being used (no -s argument) then the TPM
should be reset each time DM is brought back up, i.e. between every
test.

So, do we even need this reset?

Regards,
Simon

More information about the U-Boot mailing list