Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
test
/
integration
/
tests
/
abrmd_policycountertimer.sh

abrmd_policycountertimer.sh 2.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. # SPDX-License-Identifier: BSD-3-Clause
    2. 

  2. 

  3. source helpers.sh
    4. 

  4. 

  5. cleanup() {
    6. 

  6. 

  7.   rm -f session.ctx prim.ctx key.pub key.priv key.ctx policy.countertimer.minute
    8. 

  8. 

  9.   if [ "$1" != "no-shut-down" ]; then
    10. 

  10.      shut_down
    11. 

  11.   fi
    12. 

  12. }
    13. 

  13. 

  14. trap cleanup EXIT
    15. 

  15. 

  16. start_up
    17. 

  17. 

  18. cleanup "no-shut-down"
    19. 

  19. 

  20. tpm2 clear
    21. 

  21. 

  22. #
    23. 

  23. # Create a sealing object with a policy that evaluates for first minute after
    24. 

  24. # TPM restart. NOTE the time is 60000 milliseconds.
    25. 

  25. #
    26. 

  26. tpm2 startauthsession -S session.ctx
    27. 

  27. 

  28. tpm2 policycountertimer -S session.ctx -L policy.countertimer.minute --ult \
    29. 

  29. 60000
    30. 

  30. 

  31. tpm2 flushcontext session.ctx
    32. 

  32. 

  33. tpm2 createprimary -C o -c prim.ctx -Q
    34. 

  34. 

  35. echo "SUPERSECRET" | \
    36. 

  36. tpm2 create -Q -u key.pub -r key.priv -i- -C prim.ctx \
    37. 

  37. -L policy.countertimer.minute -a "fixedtpm|fixedparent" -c key.ctx
    38. 

  38. 

  39. #
    40. 

  40. # ASSUMING 1 minute hasn't elapsed since clear, Try unseal in the first minute
    41. 

  41. # -- Should pass
    42. 

  42. #
    43. 

  43. tpm2 startauthsession -S session.ctx --policy-session
    44. 

  44. 

  45. tpm2 policycountertimer -S session.ctx -L policy.countertimer.minute --ult \
    46. 

  46. 60000
    47. 

  47. 

  48. tpm2 unseal -c key.ctx -p session:session.ctx
    49. 

  49. 

  50. tpm2 flushcontext session.ctx
    51. 

  51. 

  52. #
    53. 

  53. # Test if a policycountertimer evaluates with the clock
    54. 

  54. #
    55. 

  55. tpm2 clear
    56. 

  56. tpm2 startauthsession -S session.ctx --policy-session
    57. 

  57. tpm2 policycountertimer -S session.ctx --ult clock=60000
    58. 

  58. tpm2 flushcontext session.ctx
    59. 

  59. 

  60. #
    61. 

  61. # Test if a policycountertimer evaluates with the TPM clocks safe flag
    62. 

  62. # Assuming the safe flag is set since with just started and cleared the TPM
    63. 

  63. #
    64. 

  64. tpm2 clear
    65. 

  65. tpm2 startauthsession -S session.ctx --policy-session
    66. 

  66. tpm2 policycountertimer -S session.ctx safe
    67. 

  67. tpm2 flushcontext session.ctx
    68. 

  68. 

  69. #
    70. 

  70. # Test if a policycountertimer evaluates with the TPM reset count
    71. 

  71. # Assuming the value is zero since we just cleared the TPM
    72. 

  72. #
    73. 

  73. tpm2 clear
    74. 

  74. tpm2 startauthsession -S session.ctx --policy-session
    75. 

  75. tpm2 policycountertimer -S session.ctx resets=0
    76. 

  76. tpm2 flushcontext session.ctx
    77. 

  77. 

  78. #
    79. 

  79. # Test if a policycountertimer evaluates with the TPM restart count
    80. 

  80. # Assuming the value is zero since we just cleared the TPM
    81. 

  81. #
    82. 

  82. tpm2 clear
    83. 

  83. tpm2 startauthsession -S session.ctx --policy-session
    84. 

  84. tpm2 policycountertimer -S session.ctx restarts=0
    85. 

  85. tpm2 flushcontext session.ctx
    86. 

  86. 

  87. exit 0
    88.