mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-01-12 03:10:15 +00:00
Code Issues Projects Releases Wiki Activity

oeqa runtime: add ftpm.py test

Browse Source 
Test checks that ftpm kernel driver interfaces are available.
If fTPM optee TA is missing or crashes, the kernel driver does not
show the interfaces. A more functional tests would be to use tpm2-tools
from meta-security/meta-tpm but those require additional layer
dependencies which are maybe too much for now. tpm2-tools also depend
on starting tpm2-abrmd before the tools work. The ftpm kernel driver
depends on fully running tee-supplicant in userspace and the optee
side ftpm TA which takes some time. When manually running the tests
some of them failed since ftpm was not yet initialized. The boot
was not complete in those cases so added a workaround for that.
Better would be for all of the tests to start only once boot is
complete, not when ssh is available. Also, the qemuarm64-secureboot
machine includes optee and ftpm TA but does u-boot is not configured
to use the TPM device so boot is not measured.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Mikko Rapeli
2024-04-30 15:37:30 +03:00
committed by Jon Mason
parent d450786667
commit ba315f7242
1 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
meta-arm/lib/oeqa/runtime/cases/ftpm.py Normal file
View File

@@ -0,0 +1,41 @@
#
# SPDX-License-Identifier: MIT
#
import os
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.oetimeout import OETimeout
class FtpmTestSuite(OERuntimeTestCase):
"""
Minimal test for optee-ftpm and ftpm kernel driver interfaces
"""
@OETimeout(200)
def test_ftpm(self):
# device files, need tee-supplicant fully initialized which takes some time
# and tests seem to run before boot is complete
cmd = "ls -l /dev/tpm0 /dev/tpmrm0 || ( runlevel; sleep 10; ls -l /dev/tpm0 /dev/tpmrm0 )"
status, output = self.target.run(cmd, timeout=60)
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
# tpm version
cmd = "cat /sys/class/tpm/tpm0/tpm_version_major"
status, output = self.target.run(cmd, timeout=60)
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
self.assertEqual(output, "2", msg='\n'.join([cmd, output]))
# sha384 pcrs
cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha384/"${c}"; done'
status, output = self.target.run(cmd, timeout=60)
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
# sha256 pcrs
cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha256/"${c}"; done'
status, output = self.target.run(cmd, timeout=60)
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
# sha1 pcrs
cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha1/"${c}"; done'
status, output = self.target.run(cmd, timeout=60)
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))