tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tests/tpm2_key_protector_test: Add more NV index mode tests

Browse Source 
Two more NV index test cases are added to test key sealing and
unsealing with the NV index handle 0x1000000.

Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Gary Lin 2025-04-07 16:29:24 +08:00 committed by Daniel Kiper
parent 9f66a4719b
commit 2043b6899b
1 changed files with 40 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
tests/tpm2_key_protector_test.in
View File

@ -226,7 +226,23 @@ EOF
} }
tpm2_seal_unseal_nv() { tpm2_seal_unseal_nv() {
nv_index="0x81000000" handle_type="$1"
key_type="$2"
extra_opt=""
extra_grub_opt=""
if [ "$handle_type" = "nvindex" ]; then
nv_index="0x1000000"
else
nv_index="0x81000000"
fi
if [ "$key_type" = "tpm2key" ]; then
extra_opt="--tpm2key"
else
extra_grub_opt="--pcrs=0,1"
fi
grub_cfg=${tpm2testdir}/testcase.cfg grub_cfg=${tpm2testdir}/testcase.cfg
@ -247,7 +263,7 @@ tpm2_seal_unseal_nv() {
# Write the TPM unsealing script # Write the TPM unsealing script
cat > ${grub_cfg} <<EOF cat > ${grub_cfg} <<EOF
loopback luks (host)${luksfile} loopback luks (host)${luksfile}
tpm2_key_protector_init --mode=nv --nvindex=${nv_index} --pcrs=0,1 tpm2_key_protector_init --mode=nv --nvindex=${nv_index} ${extra_grub_opt}
if cryptomount -a --protector tpm2; then if cryptomount -a --protector tpm2; then
cat (crypto0)+1 cat (crypto0)+1
fi fi
@ -290,28 +306,35 @@ exit_status=0
for i in "${!srktests[@]}"; do for i in "${!srktests[@]}"; do
tpm2_seal_unseal ${srktests[$i]} || ret=$? tpm2_seal_unseal ${srktests[$i]} || ret=$?
if [ "${ret}" -eq 0 ]; then if [ "${ret}" -eq 0 ]; then
echo "TPM2 [${srktests[$i]}]: PASS" echo "TPM2 [SRK][${srktests[$i]}]: PASS"
elif [ "${ret}" -eq 1 ]; then elif [ "${ret}" -eq 1 ]; then
echo "TPM2 [${srktests[$i]}]: FAIL" echo "TPM2 [SRK][${srktests[$i]}]: FAIL"
ret=0 ret=0
exit_status=1 exit_status=1
else else
echo "Unexpected failure [${srktests[$i]}]" >&2 echo "Unexpected failure [SRK][${srktests[$i]}]" >&2
exit ${ret} exit ${ret}
fi fi
done done
# Testcase for NV index mode # Testcases for NV index mode
tpm2_seal_unseal_nv || ret=$? declare -a nvtests=()
if [ "${ret}" -eq 0 ]; then nvtests+=("persistent raw")
echo "TPM2 [NV Index]: PASS" nvtests+=("nvindex raw")
elif [ "${ret}" -eq 1 ]; then nvtests+=("nvindex tpm2key")
echo "TPM2 [NV Index]: FAIL"
ret=0 for i in "${!nvtests[@]}"; do
exit_status=1 tpm2_seal_unseal_nv ${nvtests[$i]} || ret=$?
else if [ "${ret}" -eq 0 ]; then
echo "Unexpected failure [NV index]" >&2 echo "TPM2 [NV Index][${nvtests[$i]}]: PASS"
exit ${ret} elif [ "${ret}" -eq 1 ]; then
fi echo "TPM2 [NV Index][${nvtests[$i]}]: FAIL"
ret=0
exit_status=1
else
echo "Unexpected failure [NV index][${nvtests[$i]}]" >&2
exit ${ret}
fi
done
exit ${exit_status} exit ${exit_status}