diff mbox series

[4/6] oeqa runtime: add ftpm.py test

Message ID 20240430123732.534277-5-mikko.rapeli@linaro.org
State New
Headers show
Series TPM and fTPM test | expand

Commit Message

Mikko Rapeli April 30, 2024, 12:37 p.m. UTC 
Test checks that ftpm kernel driver interfaces are available.
If fTPM optee TA is missing or crashes, the kernel driver does not
show the interfaces. A more functional tests would be to use tpm2-tools
from meta-security/meta-tpm but those require additional layer
dependencies which are maybe too much for now. tpm2-tools also depend
on starting tpm2-abrmd before the tools work. The ftpm kernel driver
depends on fully running tee-supplicant in userspace and the optee
side ftpm TA which takes some time. When manually running the tests
some of them failed since ftpm was not yet initialized. The boot
was not complete in those cases so added a workaround for that.
Better would be for all of the tests to start only once boot is
complete, not when ssh is available. Also, the qemuarm64-secureboot
machine includes optee and ftpm TA but does u-boot is not configured
to use the TPM device so boot is not measured.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 meta-arm/lib/oeqa/runtime/cases/ftpm.py | 41 +++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 meta-arm/lib/oeqa/runtime/cases/ftpm.py
diff mbox series

Patch

diff --git a/meta-arm/lib/oeqa/runtime/cases/ftpm.py b/meta-arm/lib/oeqa/runtime/cases/ftpm.py
new file mode 100644
index 00000000..1fd3cf88
--- /dev/null
+++ b/meta-arm/lib/oeqa/runtime/cases/ftpm.py
@@ -0,0 +1,41 @@ 
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os
+
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.oetimeout import OETimeout
+
+class FtpmTestSuite(OERuntimeTestCase):
+    """
+    Minimal test for optee-ftpm and ftpm kernel driver interfaces
+    """
+    @OETimeout(200)
+    def test_ftpm(self):
+        # device files, need tee-supplicant fully initialized which takes some time
+        # and tests seem to run before boot is complete
+        cmd = "ls -l /dev/tpm0 /dev/tpmrm0 || ( runlevel; sleep 10; ls -l /dev/tpm0 /dev/tpmrm0 )"
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+        # tpm version
+        cmd = "cat /sys/class/tpm/tpm0/tpm_version_major"
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+        self.assertEqual(output, "2", msg='\n'.join([cmd, output]))
+
+        # sha384 pcrs
+        cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha384/"${c}"; done'
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+        # sha256 pcrs
+        cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha256/"${c}"; done'
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+        # sha1 pcrs
+        cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha1/"${c}"; done'
+        status, output = self.target.run(cmd, timeout=60)
+        self.assertEqual(status, 0, msg='\n'.join([cmd, output]))