| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- # SPDX-License-Identifier: BSD-3-Clause
- source helpers.sh
- POLICYSESSION=1
- session_file=session.dat
- cleanup() {
- rm -f $session_file nvwrite.policy
- if [ "${1}" != "no-shutdown" ]; then
- shut_down
- fi
- }
- setup_nv_written_policy() {
- if [ $1 == $POLICYSESSION ];then
- tpm2 startauthsession -S $session_file --policy-session
- else
- tpm2 startauthsession -S $session_file
- fi
- tpm2 policycommandcode -S $session_file TPM2_CC_NV_Write
- tpm2 policynvwritten -S $session_file -L nvwrite.policy c
- }
- trap cleanup EXIT
- start_up
- cleanup "no-shutdown"
- tpm2 clear
- # Create a write once NV index. To do this the NV index is defined with a write
- # policy that is valid only if the NV index attribute "TPMA_NV_WRITTEN" was
- # never set.
- #Define the NV index write policy
- setup_nv_written_policy
- tpm2 flushcontext $session_file
- # Define the NV index with the policy
- tpm2 nvdefine -s 1 -a "authread|policywrite" -p nvrdpass -L nvwrite.policy
- # Write the NV index by satisfying the policy
- setup_nv_written_policy $POLICYSESSION
- echo 0xAA | xxd -r -p | tpm2 nvwrite 0x01000000 -i- -P session:$session_file
- tpm2 flushcontext $session_file
- # Attempt writing the NV index again
- setup_nv_written_policy $POLICYSESSION
- trap - ERR
- echo 0xAA | xxd -r -p | tpm2 nvwrite 0x01000000 -i- -P session:$session_file
- if [ $? != 1 ];then
- echo "FAIL: Expected tpm2 policynvwritten to fail!"
- exit 1
- fi
- trap onerror ERR
- tpm2 flushcontext session.dat
- exit 0
|
