diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2024-04-18 14:21:11 -0400 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2024-04-18 15:14:40 -0400 |
commit | 24c012620da53ba71df2f703c7cc21247db11c72 (patch) | |
tree | 91c63bf3180521c1049a911aad1938ce706e5aad | |
parent | a9d52c05faf1509cf45c97834fbd14a5268b8d6f (diff) | |
download | openssl_tpm2_engine-24c012620da53ba71df2f703c7cc21247db11c72.tar.gz |
tests: enable sha1 bank if the vtpm comes with it disabled
Some vTPM implementations are shipping with the TCG recommendation to
disable the SHA1 bank. This will cause some PCR based policy tests
which depend on it to fail, so re-enable the sha1 bank if this is
detected.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rwxr-xr-x | tests/start_sw_tpm.sh | 67 |
1 files changed, 43 insertions, 24 deletions
diff --git a/tests/start_sw_tpm.sh b/tests/start_sw_tpm.sh index e8f4eda..5f249a5 100755 --- a/tests/start_sw_tpm.sh +++ b/tests/start_sw_tpm.sh @@ -3,36 +3,55 @@ set -x # remove any prior TPM contents rm -f NVChip h*.bin *.permall -if [ -x "${TPMSERVER}" ]; then -${TPMSERVER} > /dev/null 2>&1 & -else -${SWTPM} socket --tpm2 --server type=tcp,port=2321 --ctrl type=tcp,port=2322 --tpmstate dir=`pwd` & -fi -pid=$! -echo ${pid} > tpm_server.pid -## -# This powers on the tpm and starts it -# then we derive the RSA version of the storage seed and -# store it permanently at handle 81000001 and flush the transient -## -a=0; while [ $a -lt 10 ]; do - if [ ! -x "${TPMSERVER}" -a -x "${SWTPM_IOCTL}" ]; then - ${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -i + +start_tpm() +{ + if [ -x "${TPMSERVER}" ]; then + ${TPMSERVER} > /dev/null 2>&1 & else - tsspowerup + ${SWTPM} socket --tpm2 --server type=tcp,port=2321 --ctrl type=tcp,port=2322 --tpmstate dir=`pwd` & fi - if [ $? -eq 0 ]; then - break; + pid=$! + echo ${pid} > tpm_server.pid + ## + # This powers on the tpm and starts it + # then we derive the RSA version of the storage seed and + # store it permanently at handle 81000001 and flush the transient + ## + a=0; while [ $a -lt 10 ]; do + if [ ! -x "${TPMSERVER}" -a -x "${SWTPM_IOCTL}" ]; then + ${SWTPM_IOCTL} --tcp 127.0.0.1:2322 -i + else + tsspowerup + fi + if [ $? -eq 0 ]; then + break; + fi + sleep 1 + a=$[$a+1] + done + if [ $a -eq 10 ]; then + echo "Waited 10s for tpm_server to come up; exiting" + exit 1 fi + tssstartup || exit 1 +} + +start_tpm +if [ "$(tssgetcapability -cap 5|sed -n '4,4p;5q'|xargs)" = "00 00 00" ]; then + ## + # sha1 bank is disabled, so re-enable it (otherwise some test will fail) + ## + tsspcrallocate +sha1 + ## + # not effective until TPM restart + ## + kill -TERM $(cat tpm_server.pid) + rm tpm_server.pid sleep 1 - a=$[$a+1] -done -if [ $a -eq 10 ]; then - echo "Waited 10s for tpm_server to come up; exiting" - exit 1 + start_tpm fi -tssstartup && \ key=$(tsscreateprimary -hi o -st -rsa|sed 's/Handle //') && \ tssevictcontrol -hi o -ho ${key} -hp 81000001 && \ tssflushcontext -ha ${key} |