[PATCH 8/9] test: Account PCR updates properly during testing
Simon Glass
sjg at chromium.org
Wed May 10 16:31:54 CEST 2023
Hi Ilias,
On Wed, 10 May 2023 at 01:44, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Currently we only read the pcr updates once on test_tpm2_pcr_read().
> It turns out that the tpm init sequence of force_init() which consists
> of:
> - tpm2 init
> - tpm2 startup TPM2_SU_CLEAR
> - tpm2 self_test full
> - tpm2 clear TPM2_RH_LOCKOUT
>
> also counts as an update. Running this in the console verifies the
> update bump
> => tpm2 init
> => tpm2 startup TPM2_SU_CLEAR
> => tpm2 self_test full
> => tpm pcr_read 10 $loadaddr
> PCR #10 content (28 known updates):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> => tpm2 clear TPM2_RH_LOCKOUT
> => tpm pcr_read 10 $loadaddr
> PCR #10 content (29 known updates):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> =>
>
> Instead of relying on the initial read do a read just before updating
> the PCR to ensure we read the correct values before testing
>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
> test/py/tests/test_tpm2.py | 6 ++++++
> 1 file changed, 6 insertions(+)
Reviewed-by: Simon Glass <sjg at chromium.org>
How do these tests pass today? Or do they not?
Regards,
Simon
More information about the U-Boot
mailing list