From patchwork Wed Jun 7 09:18:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 1791599 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=Fbb6z2ce; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Qbhbl3qhpz20Ty for ; Wed, 7 Jun 2023 19:18:43 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3C64E86041; Wed, 7 Jun 2023 11:18:26 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Fbb6z2ce"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CE87D8601B; Wed, 7 Jun 2023 11:18:22 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 57B8B85FE5 for ; Wed, 7 Jun 2023 11:18:20 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-3f7368126a6so31151545e9.0 for ; Wed, 07 Jun 2023 02:18:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686129500; x=1688721500; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+jVq2OddlVjRaPr/FhntmVPqCfr2d9gdwu0LcnqXwp0=; b=Fbb6z2ceKr4WJLKKx6v8CYuDVoTVLXrvCCOggiJ8bK3i/FbT75NkIpLlotDEB6RdwF As6LgvFLZNjFXfDrKQHJsXXg+r12mrxClwIzi+akxC3yNVPc4JBkcIg06D23kCHeN1ue rGmXjSZuxGh62iG5S9GTyL65bKp1W/FItgt8bNTt+Jml1aS6kjHlkEqomS+qpLGCFgZ7 5rcJG5caiqfPzWG9TuBwSwKdhkrTHzDAcF5Ews5c5U9QDW6PsHMzfe6aDgO2humwlZ49 8Xm/eNUCcd2wFvX8yCaqXL2H0CWXs2zx6mJwnyx3XZt1cLvI1g3gWsYvpxWWtTooTT93 yS3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686129500; x=1688721500; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+jVq2OddlVjRaPr/FhntmVPqCfr2d9gdwu0LcnqXwp0=; b=jTBBCeMKtecu/OSvyWmSIuNQ0RQ4VfPIc6jNc1zUGVT5EjmxJDwYW0QfznQoeYl7pC d2h9WqqZJbXzlX3aoi4xoTk00Vg+1SJFyqxo1nubgxH2HpTuFRuoyME4zYQe3OpfuZik DRGfMre4ZO68EnriYeomX4WXhnFYbWUnGoNwZEe0G3Mpmy4WopXbYzoQHu+zXzo2Bui2 QCXeBuUDuI2eMz/lwOKZRIFhCkk3dI9tHAuc02sCiuEmzOTQM+hil24jY6Sizrp+zHAF Z91nradXDiuIC20IHf4LWVU9HSq3Ca1EoQj/z6n7aryS06ySfhQU9Uvq5z4ylJQ6bnGw V6UA== X-Gm-Message-State: AC+VfDwTK+ATpyiUYogrzWfGcDspfdsR/V1g40kZ6Ye6Rapm/uwN/v1D r+3RQf+rwVmSWecGp71lyXvoE9eqBWE38w4djxzk5A== X-Google-Smtp-Source: ACHHUZ5ThzXtJa2jdoWpvWdprNnrohXaXDqz81uM7GeLEpuFudO8sPIolNwhI3KBfoTS4dMYhkyf4A== X-Received: by 2002:a05:600c:22c3:b0:3f4:27ff:7d48 with SMTP id 3-20020a05600c22c300b003f427ff7d48mr4156077wmg.19.1686129499921; Wed, 07 Jun 2023 02:18:19 -0700 (PDT) Received: from localhost.localdomain (ppp089210114029.access.hol.gr. [89.210.114.29]) by smtp.gmail.com with ESMTPSA id o10-20020a1c750a000000b003f50d6ee334sm454569wmc.47.2023.06.07.02.18.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jun 2023 02:18:19 -0700 (PDT) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH 1/3 v2] tpm: Add 'tpm autostart' shell command Date: Wed, 7 Jun 2023 12:18:10 +0300 Message-Id: <20230607091812.1916435-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230607091812.1916435-1-ilias.apalodimas@linaro.org> References: <20230607091812.1916435-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean For a TPM device to be operational we need to initialize it and perform its startup sequence. The 'tpm init' command currently calls tpm_init() which ends up calling the ->open() per-device callback and performs the initial hardware configuration as well as requesting locality 0 for the caller. There no code that currently calls tpm_init() without following up with a tpm_startup() and tpm_self_test_full() or tpm_continue_self_test(). So let's add a 'tpm autostart' command and call tpm_auto_start() which leaves the device in an operational state. It's worth noting that calling tpm_init() only, doesn't allow a someone to use the TPM since the startup sequence is mandatory. We always repeat the pattern of calling - tpm_init() - tpm_startup() - tpm_self_test_full() or tpm_continue_self_test() Signed-off-by: Ilias Apalodimas Reviewed-by: Simon Glass --- - Changes since v1: None cmd/tpm-common.c | 16 ++++++++++++++++ cmd/tpm-user-utils.h | 1 + cmd/tpm-v1.c | 6 +++++- cmd/tpm-v2.c | 6 ++++++ 4 files changed, 28 insertions(+), 1 deletion(-) -- 2.39.2 diff --git a/cmd/tpm-common.c b/cmd/tpm-common.c index d0c63cadf413..a7dc23d85d5d 100644 --- a/cmd/tpm-common.c +++ b/cmd/tpm-common.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "tpm-user-utils.h" static struct udevice *tpm_dev; @@ -367,6 +368,21 @@ int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) return report_return_code(tpm_init(dev)); } +int do_tpm_autostart(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + struct udevice *dev; + int rc; + + if (argc != 1) + return CMD_RET_USAGE; + rc = get_tpm(&dev); + if (rc) + return rc; + + return report_return_code(tpm_auto_start(dev)); +} + int do_tpm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { struct cmd_tbl *tpm_commands, *cmd; diff --git a/cmd/tpm-user-utils.h b/cmd/tpm-user-utils.h index de4a934aab6c..dfa11353e122 100644 --- a/cmd/tpm-user-utils.h +++ b/cmd/tpm-user-utils.h @@ -20,6 +20,7 @@ int get_tpm(struct udevice **devp); int do_tpm_device(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); +int do_tpm_autostart(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_info(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_tpm_report_state(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); diff --git a/cmd/tpm-v1.c b/cmd/tpm-v1.c index 0efb079b0a9b..3b95c950cc96 100644 --- a/cmd/tpm-v1.c +++ b/cmd/tpm-v1.c @@ -655,6 +655,7 @@ TPM_COMMAND_NO_ARG(tpm_physical_disable) static struct cmd_tbl tpm1_commands[] = { U_BOOT_CMD_MKENT(device, 0, 1, do_tpm_device, "", ""), U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""), + U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_autostart, "", ""), U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""), U_BOOT_CMD_MKENT(startup, 0, 1, do_tpm_startup, "", ""), @@ -733,9 +734,12 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, " device [num device]\n" " - Show all devices or set the specified device\n" " info - Show information about the TPM\n" +" autostart\n" +" - Initalize the tpm, perform a Startup(clear) and run a full selftest\n" +" sequence\n" " init\n" " - Put TPM into a state where it waits for 'startup' command.\n" -" startup mode\n" +" startup mode\n" " - Issue TPM_Starup command. is one of TPM_ST_CLEAR,\n" " TPM_ST_STATE, and TPM_ST_DEACTIVATED.\n" "Admin Testing Commands:\n" diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index d93b83ada934..7e479b9dfe36 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -370,6 +370,7 @@ static struct cmd_tbl tpm2_commands[] = { U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""), U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""), U_BOOT_CMD_MKENT(change_auth, 0, 1, do_tpm_change_auth, "", ""), + U_BOOT_CMD_MKENT(autostart, 0, 1, do_tpm_autostart, "", ""), U_BOOT_CMD_MKENT(pcr_setauthpolicy, 0, 1, do_tpm_pcr_setauthpolicy, "", ""), U_BOOT_CMD_MKENT(pcr_setauthvalue, 0, 1, @@ -392,8 +393,13 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " Show information about the TPM.\n" "state\n" " Show internal state from the TPM (if available)\n" +"autostart\n" +" Initalize the tpm, perform a Startup(clear) and run a full selftest\n" +" sequence\n" "init\n" " Initialize the software stack. Always the first command to issue.\n" +" 'tpm startup' is the only acceptable command after a 'tpm init' has been\n" +" issued\n" "startup \n" " Issue a TPM2_Startup command.\n" " is one of:\n" From patchwork Wed Jun 7 09:18:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 1791600 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=WUSBr8Mp; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Qbhbz6JZ3z20Ty for ; Wed, 7 Jun 2023 19:18:55 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 72AA086071; Wed, 7 Jun 2023 11:18:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="WUSBr8Mp"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 74CB88603A; Wed, 7 Jun 2023 11:18:24 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 73FB486005 for ; Wed, 7 Jun 2023 11:18:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-3f7378a75c0so29380525e9.3 for ; Wed, 07 Jun 2023 02:18:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686129501; x=1688721501; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HGAcG+APmSoi8S8Sca75wTj0oiVNRl7K4lV82fxoy48=; b=WUSBr8MpYANeCe/mC0D5UIlUoCsOpEnTltMjM5BQUj8Mjn37WxYSzpjmOshgrFG/NN KmKp+huKMz0vB6aTsIPfls5tGdDXRU+M2oPq2YlZnsnnRqUPlM+93mqrgj/NBePcuNr0 8/Bo6w0UWWz/dMMRYPnZVK9bfDdljlyysh83hYY6ts3FKxvelG8Mm8LBovTIW1+01yRI eCmNWMyKCVGbRIj/PsbGQymY17UjwVEEZwy84Ww6E85cemhkiOhben8J+Fu7Qnez79xe 5G0EiEpDFogwTMhskOSys/DYfjFc1viMqpVmQqHWC2mqv55SS3XNiwwfROgi3BxSCdfz 5oyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686129501; x=1688721501; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HGAcG+APmSoi8S8Sca75wTj0oiVNRl7K4lV82fxoy48=; b=RDnzLmc6HjQw56mOudFd1g3+sZyrDXguA6zuHFa7fCSg/6PjojWXzsKo8F1DZZeh7N N2TCg+cdTzh4BOWSwNpwnvXbTOtqnafd/xSYbijirsXOqVbO8GQI2vnCrtCU0kojlcDE yaJN8vKecxLDi6VXHDRap7yAWKS+2ENC3NVmjzdmArlcxxHFQ05Bb+O+5/DmKJdkIjo8 LW4U0HtkOPWmpKxHdQrd0k2MWmtTniBsPZPokEPhu1XhamUqT7V1Ki0VyD3SoKcDaPuI ddd07NwpUDdWncVEU672wS2l6LEFfzaerDtxiZvD/wmLg0jAsSXoFPJo2kl+4zavXx5s TiRA== X-Gm-Message-State: AC+VfDzhI2qqByiz2a8/zl+5Nuq+7/kzXxdWKAzF/TANQOl3b93R51kN GQnFj9WrKruggs6NUzOqSVCecHSeWPHcjqLvMY1Y0Q== X-Google-Smtp-Source: ACHHUZ6wXgD1MtL+MGH5zm6bOxknJWI83XyZI5dwLbrIgR3N/6zJXTHujay0ZEpwwnLz9YwEcI3wEg== X-Received: by 2002:a7b:c7d1:0:b0:3f6:683:628b with SMTP id z17-20020a7bc7d1000000b003f60683628bmr4177248wmk.3.1686129500928; Wed, 07 Jun 2023 02:18:20 -0700 (PDT) Received: from localhost.localdomain (ppp089210114029.access.hol.gr. [89.210.114.29]) by smtp.gmail.com with ESMTPSA id o10-20020a1c750a000000b003f50d6ee334sm454569wmc.47.2023.06.07.02.18.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jun 2023 02:18:20 -0700 (PDT) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH 2/3 v2] test/py: replace 'tpm2 init, startup, selftest' sequences Date: Wed, 7 Jun 2023 12:18:11 +0300 Message-Id: <20230607091812.1916435-3-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230607091812.1916435-1-ilias.apalodimas@linaro.org> References: <20230607091812.1916435-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Instead of copy pasting the commands needed to start a TPM consisting of: - tpm init - tpm startup TPM2_SU_CLEAR - tpm2 self_test full use the newly added 'autostart' which does the same thing and simplify our python scripts Signed-off-by: Ilias Apalodimas Reviewed-by: Simon Glass --- Changes since v1: None test/py/tests/test_tpm2.py | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) -- 2.39.2 diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py index d2ad6f9e73c0..1ade66a7eda4 100644 --- a/test/py/tests/test_tpm2.py +++ b/test/py/tests/test_tpm2.py @@ -41,11 +41,9 @@ def force_init(u_boot_console, force=False): skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) if skip_test: pytest.skip('skip TPM device test') - output = u_boot_console.run_command('tpm2 init') + output = u_boot_console.run_command('tpm2 autostart') if force or not 'Error' in output: u_boot_console.run_command('echo --- start of init ---') - u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR') - u_boot_console.run_command('tpm2 self_test full') u_boot_console.run_command('tpm2 clear TPM2_RH_LOCKOUT') output = u_boot_console.run_command('echo $?') if not output.endswith('0'): @@ -83,20 +81,13 @@ def tpm2_sandbox_init(u_boot_console): This allows all tests to run in parallel, since no test depends on another. """ u_boot_console.restart_uboot() - u_boot_console.run_command('tpm2 init') + u_boot_console.run_command('tpm2 autostart') output = u_boot_console.run_command('echo $?') assert output.endswith('0') skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False) if skip_test: pytest.skip('skip TPM device test') - u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR') - output = u_boot_console.run_command('echo $?') - assert output.endswith('0') - - u_boot_console.run_command('tpm2 self_test full') - output = u_boot_console.run_command('echo $?') - assert output.endswith('0') @pytest.mark.buildconfigspec('cmd_tpm_v2') def test_tpm2_sandbox_self_test_full(u_boot_console): From patchwork Wed Jun 7 09:18:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 1791601 X-Patchwork-Delegate: apalos@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=yDLrJUnd; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QbhcG5xrYz20Ty for ; Wed, 7 Jun 2023 19:19:10 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A155086065; Wed, 7 Jun 2023 11:18:32 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="yDLrJUnd"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2F4E286005; Wed, 7 Jun 2023 11:18:25 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 70D5C8471B for ; Wed, 7 Jun 2023 11:18:22 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-3f6e1394060so59711885e9.3 for ; Wed, 07 Jun 2023 02:18:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686129502; x=1688721502; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rUELE9BmGM3YtfwyXcxh/N24GWahH3YY8SVllWBW9EU=; b=yDLrJUndT7iYhKjLhF4YW+wyZ8PS21Yl+Xog5XdAXtTnUjL5zVcSmZw58fqkssJeIQ S7A1zxP9h3sfwoC8GmTFfDs1dysC6OaydimMY/Oav9UauDVifMFQ/a9Wq0AB8HnBr9wu LUNXBw+jYMR0LdjItieJGku/7WBkOPRY93U1P4kf0z1IAcIB4jEVYisvBZhvevUWechm W08ddzb5o6bKruJ+rr5Vswf6qs62AseLMxWA+oDV/75y0U6N4e+IcO8GIH2iDGJ/VWXF kFgn7hCUwL4h7xetdogB6/I1YuR0fAxxqO0+guMH9fsSM3giB8hA8qe6+sGQOsOFXnj5 hLFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686129502; x=1688721502; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rUELE9BmGM3YtfwyXcxh/N24GWahH3YY8SVllWBW9EU=; b=DZpEcXoxbUlMyFJ0RlQFdHP63pv9wk7ZyWdVig9a6WHdNe/sDAHaA1j7UgYx/iO+Rp A9v2fKYzgI5nVcT0D7oSK4KkmE1H3VnWYqO2A7x/5ZsTbJ8Qv9Ry51K2eeRPYbT2eBRG KluBZpg9Ry5zgEwLFvLfBAWR/B6pmvZtOqNqGE4nHbuBvtU8IxrdXJQPQx/jkPJjnwvC 8eUXdjcN7I5fmpR9pJv7XsVnI2oaNoWsg1fL/I6H+PKwN9vfrgdgG1JeD+dubrEryCa7 H1MZ1CYF2uycuMQW7KXstIhdQlKdJEuNqpoXVk+2QOMdo3slTmD7Q5fqFyDAfnnGfJYs +pxw== X-Gm-Message-State: AC+VfDzhP6Hb9CMD3thTg3Tso0iRGz5OfTqYxilu498bhK5o+ddFEuI6 xyHtbKk4bNEG2B4FlCkyh6T3bKTUvRoWfK8wX23+Zg== X-Google-Smtp-Source: ACHHUZ71F3YsEtEWfA2SYz9CxFi+P8IwGK+6uRwXS0B3QRuO+fl6U0FHWmkYoLlOMBVTTAeJCLSyIw== X-Received: by 2002:a05:600c:2216:b0:3f7:e497:a9f8 with SMTP id z22-20020a05600c221600b003f7e497a9f8mr4083191wml.38.1686129501938; Wed, 07 Jun 2023 02:18:21 -0700 (PDT) Received: from localhost.localdomain (ppp089210114029.access.hol.gr. [89.210.114.29]) by smtp.gmail.com with ESMTPSA id o10-20020a1c750a000000b003f50d6ee334sm454569wmc.47.2023.06.07.02.18.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jun 2023 02:18:21 -0700 (PDT) From: Ilias Apalodimas To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Simon Glass Subject: [PATCH 3/3 v2] test/py: Account PCR updates properly during testing Date: Wed, 7 Jun 2023 12:18:12 +0300 Message-Id: <20230607091812.1916435-4-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230607091812.1916435-1-ilias.apalodimas@linaro.org> References: <20230607091812.1916435-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Currently we only read the pcr updates once on test_tpm2_pcr_read(). It turns out that the tpm init sequence of force_init() which consists of: - tpm2 init - tpm2 startup TPM2_SU_CLEAR - tpm2 self_test full - tpm2 clear TPM2_RH_LOCKOUT also counts as an update. Running this in the console verifies the update bump => tpm2 init => tpm2 startup TPM2_SU_CLEAR => tpm2 self_test full => tpm pcr_read 10 $loadaddr PCR #10 content (28 known updates): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 => tpm2 clear TPM2_RH_LOCKOUT => tpm pcr_read 10 $loadaddr PCR #10 content (29 known updates): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 => With the recent changes of replacing 'tpm2 init' with 'tpm2 autostart' we end up always running the full init. The reason is 'tpm init' returns -EBUSY if the tpm is already open, while 'tpm autostart' handles ths gracefully and continues with the initialization. It's worth noting that this won't affect the device functionality at all since retriggering the startup sequence and selftests has no side effects. Instead of relying on the initial value, reread the 'known updates' just before updating the PCR to ensure we read the correct values before testing Signed-off-by: Ilias Apalodimas Reviewed-by: Simon Glass --- Changes since v1: - new patch to fix the python testing failures test/py/tests/test_tpm2.py | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.39.2 diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py index 1ade66a7eda4..fce689cd992d 100644 --- a/test/py/tests/test_tpm2.py +++ b/test/py/tests/test_tpm2.py @@ -272,6 +272,12 @@ def test_tpm2_pcr_extend(u_boot_console): force_init(u_boot_console) ram = u_boot_utils.find_ram_base(u_boot_console) + read_pcr = u_boot_console.run_command('tpm2 pcr_read 0 0x%x' % (ram + 0x20)) + output = u_boot_console.run_command('echo $?') + assert output.endswith('0') + str = re.findall(r'\d+ known updates', read_pcr)[0] + updates = int(re.findall(r'\d+', str)[0]) + u_boot_console.run_command('tpm2 pcr_extend 0 0x%x' % ram) output = u_boot_console.run_command('echo $?') assert output.endswith('0')