TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / tf-a-ci-scripts / 0bcf41357dac279fb752ea108badeb840457af5f / . / expect / linux-tpm.exp
blob: ee8ae8ae79d0b883f0f91ca2bf7c7c0953f2e992 [file] [log] [blame]
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]1#
Sandrine Bailleux0bcf4132022-03-31 11:15:51 +0200[diff] [blame^]2# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6# Expect script for Linux/Buildroot using Measured Boot & fTPM
7#
8
9source [file join [file dirname [info script]] utils.inc]
10source [file join [file dirname [info script]] handle-arguments.inc]
11
12# File to store the event log from the ftpm service.
13set TFA_DIGEST [get_param tfa_digest "tfa_event_log"]
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]14
15# regexp for non-zero PCR0
16set non_zero_pcr "(?!(\\s00){16})((\\s(\[0-9a-f\]){2}){16}\\s)"
Manish V Badarkhefc146c42021-11-24 15:34:00 +0000[diff] [blame]17set zero_pcr "(\\s00){16}\\s+(00\\s){16}"
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]18
19expect {
Sandrine Bailleux0bcf4132022-03-31 11:15:51 +0200[diff] [blame^]20 # Wait for the start of the event log dump.
21 "TCG_EfiSpecIDEvent:" {
22 set digest_log [open $TFA_DIGEST w]
23 }
24
25 timeout {
26 exit_timeout
27 }
28}
29
30expect {
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]31 # Parse the event log from the debug logs and store the digests
Sandrine Bailleux0bcf4132022-03-31 11:15:51 +0200[diff] [blame^]32 # so they can be matched later with what the fTPM reads.
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]33
34 -re "Digest(\\s|\\w)*:\\s(\\w{2}\\s){16}|\
35 : (\\w{2}\\s){16}|\
36 Event(\\s|\\w)*:\\s\\w+\\s" {
37 puts $digest_log $expect_out(0,string)
38 exp_continue
39 }
40
41 -exact "Booting BL31" {
42 close $digest_log
43 }
44
45 timeout {
46 exit_timeout
47 }
48}
49
50expect {
51 "login" {
52 send "root\n"
53 }
54
55 timeout {
56 exit_timeout
57 }
58}
59
60expect {
61 "#" {
62 # Load the fTPM driver and retrieves PCR0
63 send "ftpm\n"
64 }
65
66 timeout {
67 exit_timeout
68 }
69}
70
71expect {
72 # Pass condition: PCR0 must not be all zeros.
73
74 -re $non_zero_pcr {
75 exp_continue
76 }
77
Manish V Badarkhefc146c42021-11-24 15:34:00 +0000[diff] [blame]78 "#" {
79 # get PCR1 value
80 send "pcrread -ha 1\n"
81 }
82
83 timeout {
84 exit_timeout
85 }
86}
87
88expect {
89 # Pass condition: PCR1 must not be all zeros.
90
91 -re $non_zero_pcr {
92 exp_continue
93 }
94
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]95 "#" { }
96
97 timeout {
98 exit_timeout
99 }
100}
101
102# Iterate over the rest of PCRs and check that they all are zeros.
Manish V Badarkhefc146c42021-11-24 15:34:00 +0000[diff] [blame]103for {set i 2} {$i < 11} {incr i} {
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]104 send "pcrread -ha $i\n"
105
106 expect {
Manish V Badarkhefc146c42021-11-24 15:34:00 +0000[diff] [blame]107 -re $zero_pcr { }
Javier Almansa Sobrino98de5032020-09-17 12:47:05 +0100[diff] [blame]108
109 -re $non_zero_pcr {
110 exit_uart -1
111 }
112
113 timeout {
114 exit_timeout
115 }
116 }
117}
118
119# Match the previously stored digest with the one generated by the
120# fTPM service. The pass criteria is that both digests must match,
121# meaning that TF-A successfully passed the event log to the TPM service.
122expect {
123 "#" {
124 spawn diff -s $TFA_DIGEST ftpm_event_log
125 }
126
127 timeout {
128 exit_timeout
129 }
130}
131
132expect {
133 -exact "are identical" {
134 exit_uart 0
135 }
136}
137
138exit_uart -1