expect-lava/linux-tpm.exp

#
# Copyright (c) 2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
# Expect script for Linux/Buildroot using Measured Boot & fTPM
#

non_zero_pcr='(?!(\s00){16})((\s([0-9a-f]){2}){16}\s)'

# Parse the event log from the debug logs and store the digests
# so they can be matched later with what the fTPM read.

expect_string+=('m;Booting Trusted Firmware;Booting BL31;Digest(\s|\w)*:\s(\w{2}\s){16}@: (\w{2}\s){16}@Event(\s|\w)*:\s\w+\s')

# Wait for the login prompt
expect_string+=("i;buildroot login:")

# Login then load the fTPM driver and retrieves PCR0
# Pass condition: PCR0 and PCR1 must not be all zeros.
expect_string+=("i;#;;;root")
expect_string+=("i;${non_zero_pcr};;;ftpm")
expect_string+=("i;#")
expect_string+=("i;${non_zero_pcr};;;pcrread -ha 1")

# Iterate over the rest of PCRs and check that they all are zeros.
zero_pcr="(\s00){16}\s+(00\s){16}"
for i in $(seq 2 11); do
    expect_string+=("i;#")
    expect_string+=("i;${zero_pcr};;;pcrread -ha $i")
done

expect_string+=("i;#;;;@") # Flush newline after final prompt