[PATCH 8/9] test: Account PCR updates properly during testing
Ilias Apalodimas
ilias.apalodimas at linaro.org
Wed May 10 09:43:56 CEST 2023
Currently we only read the pcr updates once on test_tpm2_pcr_read().
It turns out that the tpm init sequence of force_init() which consists
of:
- tpm2 init
- tpm2 startup TPM2_SU_CLEAR
- tpm2 self_test full
- tpm2 clear TPM2_RH_LOCKOUT
also counts as an update. Running this in the console verifies the
update bump
=> tpm2 init
=> tpm2 startup TPM2_SU_CLEAR
=> tpm2 self_test full
=> tpm pcr_read 10 $loadaddr
PCR #10 content (28 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=> tpm2 clear TPM2_RH_LOCKOUT
=> tpm pcr_read 10 $loadaddr
PCR #10 content (29 known updates):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>
Instead of relying on the initial read do a read just before updating
the PCR to ensure we read the correct values before testing
Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
---
test/py/tests/test_tpm2.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
index bae3095393c2..57722fdc5977 100644
--- a/test/py/tests/test_tpm2.py
+++ b/test/py/tests/test_tpm2.py
@@ -281,6 +281,12 @@ def test_tpm2_pcr_extend(u_boot_console):
force_init(u_boot_console)
ram = u_boot_utils.find_ram_base(u_boot_console)
+ read_pcr = u_boot_console.run_command('tpm2 pcr_read 10 0x%x' % (ram + 0x20))
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+ str = re.findall(r'\d+ known updates', read_pcr)[0]
+ updates = int(re.findall(r'\d+', str)[0])
+
u_boot_console.run_command('tpm2 pcr_extend 10 0x%x' % ram)
output = u_boot_console.run_command('echo $?')
assert output.endswith('0')
--
2.39.2
More information about the U-Boot
mailing list