[PATCH 8/9] test: Account PCR updates properly during testing
Ilias Apalodimas
ilias.apalodimas at linaro.org
Wed May 10 17:25:29 CEST 2023
Hi Simon,
On Wed, 10 May 2023 at 17:32, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Ilias,
>
> On Wed, 10 May 2023 at 01:44, Ilias Apalodimas
> <ilias.apalodimas at linaro.org> wrote:
> >
> > Currently we only read the pcr updates once on test_tpm2_pcr_read().
> > It turns out that the tpm init sequence of force_init() which consists
> > of:
> > - tpm2 init
> > - tpm2 startup TPM2_SU_CLEAR
> > - tpm2 self_test full
> > - tpm2 clear TPM2_RH_LOCKOUT
> >
> > also counts as an update. Running this in the console verifies the
> > update bump
> > => tpm2 init
> > => tpm2 startup TPM2_SU_CLEAR
> > => tpm2 self_test full
> > => tpm pcr_read 10 $loadaddr
> > PCR #10 content (28 known updates):
> > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > => tpm2 clear TPM2_RH_LOCKOUT
> > => tpm pcr_read 10 $loadaddr
> > PCR #10 content (29 known updates):
> > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > =>
> >
> > Instead of relying on the initial read do a read just before updating
> > the PCR to ensure we read the correct values before testing
> >
> > Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > ---
> > test/py/tests/test_tpm2.py | 6 ++++++
> > 1 file changed, 6 insertions(+)
>
> Reviewed-by: Simon Glass <sjg at chromium.org>
>
> How do these tests pass today? Or do they not?
They, what I suspect was happening is that the order of testing, or
init changed with Eddies patches. As a consequence the test started
failing because it ended up with updates bumped by two instead of 1.
Regardless I think this makes sense to apply overall as the current
logic was making too many assumptions on the order of tests or the TPM
state.
Regards
/Ilias
>
> Regards,
> Simon
More information about the U-Boot
mailing list