1 # Copyright 2014 The Chromium OS Authors. All rights reserved. 2 # Use of this source code is governed by a BSD-style license that can be 3 # found in the LICENSE file. 4 5 import hashlib, logging 6 7 from autotest_lib.client.common_lib import error 8 from autotest_lib.server.cros.faft.firmware_test import FirmwareTest 9 10 11 class firmware_TPMExtend(FirmwareTest): 12 """Test to ensure TPM PCRs are extended correctly.""" 13 version = 1 14 15 def initialize(self, host, cmdline_args): 16 super(firmware_TPMExtend, self).initialize(host, cmdline_args) 17 self.switcher.setup_mode('normal') 18 self.setup_usbkey(usbkey=True, host=False) 19 20 def _check_pcr(self, num, hash_obj): 21 """Returns true iff PCR |num| was extended with hashlib |hash_obj|.""" 22 pcrs_file='/sys/class/*/tpm0/device/pcrs' 23 pcrs = '\n'.join(self.faft_client.system.run_shell_command_get_output( 24 'cat %s' % pcrs_file)) 25 logging.debug('Dumping PCRs read from device: \n%s', pcrs) 26 extended = hashlib.sha1('\0' * 20 + hash_obj.digest()[:20]).hexdigest() 27 spaced = ' '.join(extended[i:i+2] for i in xrange(0, len(extended), 2)) 28 logging.debug('PCR %d should contain hash: %s', num, spaced) 29 return ('PCR-%.2d: %s' % (num, spaced.upper())) in pcrs 30 31 def run_once(self): 32 logging.info('Verifying HWID digest in PCR1') 33 hwid = self.faft_client.system.run_shell_command_get_output( 34 'crossystem hwid')[0] 35 logging.debug('HWID reported by device is: %s', hwid) 36 if not self._check_pcr(1, hashlib.sha256(hwid)): 37 error.TestFail('PCR1 was not extended with SHA256 digest of HWID!') 38 39 logging.info('Verifying bootmode digest in PCR0 in normal mode') 40 self.check_state((self.checkers.crossystem_checker, { 41 'devsw_boot': '0', 42 'mainfw_type': 'normal' 43 })) 44 # dev_mode: 0, rec_mode: 0, keyblock_flags: "normal" (1) 45 if not self._check_pcr(0, hashlib.sha1(chr(0) + chr(0) + chr(1))): 46 error.TestFail('PCR0 was not extended with bootmode 0|0|1!') 47 48 logging.info('Verifying bootmode digest in PCR0 in recovery mode') 49 self.switcher.reboot_to_mode(to_mode='rec') 50 self.check_state((self.checkers.crossystem_checker, { 51 'devsw_boot': '0', 52 'mainfw_type': 'recovery' 53 })) 54 # dev_mode: 0, rec_mode: 1, keyblock_flags: "unknown" (0) 55 if not self._check_pcr(0, hashlib.sha1(chr(0) + chr(1) + chr(0))): 56 error.TestFail('PCR0 was not extended with bootmode 0|1|0!') 57 58 logging.info('Transitioning to dev mode for next test') 59 self.switcher.reboot_to_mode(to_mode='dev') 60 61 logging.info('Verifying bootmode digest in PCR0 in developer mode') 62 self.check_state((self.checkers.crossystem_checker, { 63 'devsw_boot': '1', 64 'mainfw_type': 'developer' 65 })) 66 # dev_mode: 1, rec_mode: 0, keyblock_flags: "normal" (1) 67 if not self._check_pcr(0, hashlib.sha1(chr(1) + chr(0) + chr(1))): 68 error.TestFail('PCR0 was not extended with bootmode 1|0|1!') 69 70 logging.info('Verifying bootmode digest in PCR0 in dev-recovery mode') 71 self.switcher.reboot_to_mode(to_mode='rec') 72 self.check_state((self.checkers.crossystem_checker, { 73 'devsw_boot': '1', 74 'mainfw_type': 'recovery' 75 })) 76 # dev_mode: 1, rec_mode: 1, keyblock_flags: "unknown" (0) 77 if not self._check_pcr(0, hashlib.sha1(chr(1) + chr(1) + chr(0))): 78 error.TestFail('PCR0 was not extended with bootmode 1|1|0!') 79 80 logging.info('All done, returning to normal mode') 81 self.switcher.reboot_to_mode(to_mode='normal') 82
