tests: Modify test to create 2 orderly indices

Modify the test_tpm2_save_load_state_3 to create 2 orderly NVRAM indices in the first two locations. Those indices will be cleared by a reset of the TPM and therefore cannot be read once the TPM 2 restarts after the reset. This also provides better test coverage. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger · Apr 9, 2020 · 39b49a4 · 39b49a4
1 parent 0194fb2
commit 39b49a4
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 3 deletions.
diff --git a/tests/data/tpm2state3/signature.bin b/tests/data/tpm2state3/signature.bin
diff --git a/tests/data/tpm2state3/tpm2-00.permall b/tests/data/tpm2state3/tpm2-00.permall
diff --git a/tests/test_tpm2_save_load_state_3 b/tests/test_tpm2_save_load_state_3
@@ -62,9 +62,11 @@ function test_nvram_state()
 	local create="$1"
 	local check="$2"
 
-	local i res rc act exp
+	local i res rc act exp ody
 
 	if [ $create -eq 1 ]; then
+		# the 1st and 2nd spaces are 'orderly' and will be cleared by reset
+		ody="+at ody"
 		for ((i=0; i < 10; i++)); do
 			printf "Creating NVRAM location 01%06x\n" $i
 			# the '+at wd' allows us to only write once
@@ -74,12 +76,17 @@ function test_nvram_state()
 				-pwdn nnn \
 				+at wst \
 				+at wd \
+				$ody \
 				-hi o >/dev/null
 			if [ $? -ne 0 ]; then
 				echo "Error: nvdefinespace failed for i = $i."
 				exit 1
 			fi
 
+			if [ $i -eq 1 ]; then
+				ody=""
+			fi
+
 			${TOOLSPATH}/${PREFIX}nvwrite \
 				-ha $(printf "01%06x" $i) \
 				-ic "Hello TPM2" \
@@ -121,13 +128,35 @@ function test_nvram_state()
 	fi
 
 	if [ $check -eq 1 ]; then
-		for ((i=0; i < 10; i++)); do
+		local last=0
+
+		if [ $create -eq 0 ]; then
+			last=2
+		fi
+
+		# The orderly indices must not be readable UNLESS they were just
+		# created. In the latter case we skip this first loop here.
+		for ((i=0; i < last; i++)); do
+			printf "Checking orderly NVRAM location 01%06x after reset\n" $i
+			${TOOLSPATH}/${PREFIX}nvread \
+				-ha $(printf "01%06x" $i) \
+				-pwdn nnn \
+				-sz 10 > $TMPFILE
+			if [ $? -eq 0 ]; then
+				echo "Error: nvread succeeded for orderly NVRAM index; i = $i"
+				cat $TMPFILE
+				exit 1
+			fi
+		done
+
+		# test the non-orderly indices OR orderly we just created above
+		for ((i=last; i < 10; i++)); do
 			printf "Checking NVRAM location 01%06x\n" $i
 			${TOOLSPATH}/${PREFIX}nvread \
 				-ha $(printf "01%06x" $i) \
 				-pwdn nnn \
 				-sz 10 > $TMPFILE
-			if [ $? -ne  0 ]; then
+			if [ $? -ne 0 ]; then
 				echo "Error: nvread failed for i = $i"
 				cat $TMPFILE
 				exit 1