ci(measured_boot): update expect script to check non-zero PCR1 value
Updated expect script to check the non-zero value of PCR1 as it contains
the measurement of critical data.
Change-Id: I03c52fddb9e7caf7e8009d7b7524ba5a20c2e1ca
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/expect/linux-tpm.exp b/expect/linux-tpm.exp
index 9d137e8..de34988 100644
--- a/expect/linux-tpm.exp
+++ b/expect/linux-tpm.exp
@@ -15,6 +15,7 @@
# regexp for non-zero PCR0
set non_zero_pcr "(?!(\\s00){16})((\\s(\[0-9a-f\]){2}){16}\\s)"
+set zero_pcr "(\\s00){16}\\s+(00\\s){16}"
expect {
# Parse the event log from the debug logs and store the digests
@@ -64,6 +65,23 @@
exp_continue
}
+ "#" {
+ # get PCR1 value
+ send "pcrread -ha 1\n"
+ }
+
+ timeout {
+ exit_timeout
+ }
+}
+
+expect {
+ # Pass condition: PCR1 must not be all zeros.
+
+ -re $non_zero_pcr {
+ exp_continue
+ }
+
"#" { }
timeout {
@@ -72,11 +90,11 @@
}
# Iterate over the rest of PCRs and check that they all are zeros.
-for {set i 1} {$i < 11} {incr i} {
+for {set i 2} {$i < 11} {incr i} {
send "pcrread -ha $i\n"
expect {
- -re "(\\s00){16}\\s+(00\\s){16}" { }
+ -re $zero_pcr { }
-re $non_zero_pcr {
exit_uart -1