u_boot_console.run_command('tpm2 clear TPM2_RH_PLATFORM')
u_boot_console.run_command('echo --- end of init ---')
+def is_sandbox(cons):
+ # Array slice removes leading/trailing quotes.
+ sys_arch = cons.config.buildconfig.get('config_sys_arch', '"sandbox"')[1:-1]
+ return sys_arch == 'sandbox'
+
@pytest.mark.buildconfigspec('cmd_tpm_v2')
def test_tpm2_init(u_boot_console):
"""Init the software stack to use TPMv2 commands."""
-
skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False)
if skip_test:
pytest.skip('skip TPM device test')
-
u_boot_console.run_command('tpm2 init')
output = u_boot_console.run_command('echo $?')
assert output.endswith('0')
Initiate the TPM internal state machine.
"""
+ u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+def tpm2_sandbox_init(u_boot_console):
+ """Put sandbox back into a known state so we can run a test
+
+ This allows all tests to run in parallel, since no test depends on another.
+ """
+ u_boot_console.restart_uboot()
+ u_boot_console.run_command('tpm2 init')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False)
if skip_test:
output = u_boot_console.run_command('echo $?')
assert output.endswith('0')
+ u_boot_console.run_command('tpm2 self_test full')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
@pytest.mark.buildconfigspec('cmd_tpm_v2')
-def test_tpm2_self_test_full(u_boot_console):
+def test_tpm2_sandbox_self_test_full(u_boot_console):
"""Execute a TPM2_SelfTest (full) command.
Ask the TPM to perform all self tests to also enable full capabilities.
"""
+ if is_sandbox(u_boot_console):
+ u_boot_console.restart_uboot()
+ u_boot_console.run_command('tpm2 init')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
+
+ u_boot_console.run_command('tpm2 startup TPM2_SU_CLEAR')
+ output = u_boot_console.run_command('echo $?')
+ assert output.endswith('0')
skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False)
if skip_test:
skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False)
if skip_test:
pytest.skip('skip TPM device test')
+ if is_sandbox(u_boot_console):
+ tpm2_sandbox_init(u_boot_console)
u_boot_console.run_command('tpm2 self_test continue')
output = u_boot_console.run_command('echo $?')
assert output.endswith('0')
not have a password set, otherwise this test will fail. ENDORSEMENT and
PLATFORM hierarchies are also available.
"""
+ if is_sandbox(u_boot_console):
+ tpm2_sandbox_init(u_boot_console)
skip_test = u_boot_console.config.env.get('env__tpm_device_test_skip', False)
if skip_test:
Use the LOCKOUT hierarchy for this. ENDORSEMENT and PLATFORM hierarchies are
also available.
"""
-
+ if is_sandbox(u_boot_console):
+ tpm2_sandbox_init(u_boot_console)
force_init(u_boot_console)
u_boot_console.run_command('tpm2 change_auth TPM2_RH_LOCKOUT unicorn')
There is no expected default values because it would depend on the chip
used. We can still save them in order to check they have changed later.
"""
+ if is_sandbox(u_boot_console):
+ tpm2_sandbox_init(u_boot_console)
force_init(u_boot_console)
ram = u_boot_utils.find_ram_base(u_boot_console)
the authentication, otherwise the lockout will be engaged after the first
failed authentication attempt.
"""
-
+ if is_sandbox(u_boot_console):
+ tpm2_sandbox_init(u_boot_console)
force_init(u_boot_console)
ram = u_boot_utils.find_ram_base(u_boot_console)
Perform a PCR read of the 0th PCR. Must be zero.
"""
+ if is_sandbox(u_boot_console):
+ tpm2_sandbox_init(u_boot_console)
force_init(u_boot_console)
ram = u_boot_utils.find_ram_base(u_boot_console)
No authentication mechanism is used here, not protecting against packet
replay, yet.
"""
-
+ if is_sandbox(u_boot_console):
+ tpm2_sandbox_init(u_boot_console)
force_init(u_boot_console)
ram = u_boot_utils.find_ram_base(u_boot_console)