commit 45cf44c5d3ba6bf58af8cfb0c5acb0c057352451
author Sumit Garg <sumit.garg@linaro.org> Fri Dec 24 17:02:25 2021 +0530
committer Jérôme Forissier <jerome@forissier.org> Mon Jan 03 08:33:13 2022 +0100
tree 15324b6d6177d19f3313c55ecdd54c1f91e3694e
parent 495dc6ad9cb88e35cf016375eef36a75628c6d3b

qemu: Enable Linux Trusted Keys test setup

Brief description of changes:
- Enable Qemu kernel configs for Trusted Keys.
- Add keyutils buildroot package.
- Enable Trusted Keys early TA in OP-TEE.
- Create a new test script (trusted-keys.exp) which is invoked as part
  of "make check" for automated Trusted Keys tests.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

trusted-keys.exp

diff --git a/trusted-keys.exp b/trusted-keys.exp
new file mode 100644
index 0000000..c6e3327
--- /dev/null
+++ b/trusted-keys.exp
@@ -0,0 +1,60 @@
+#!/usr/bin/expect -f
+#
+# This script test Linux trusted keys support using OP-TEE as a trust
+# source. The return code is 0 for success, >0 for error.
+#
+
+set timeout 60
+set tk_id 0
+set ek_id 0
+proc check_keyctl_result arg {
+	expect {
+		-re "(\n)(\\d+)" {
+			set ::$arg $expect_out(2,string)
+			exp_continue
+		}
+		-re "Operation not permitted" {
+			info "keyctl failed: Operation not permitted\n"
+			exit 1
+		}
+		-re "No such device" {
+			info "keyctl failed: Trusted Keys support missing\n"
+			exit 1
+		}
+		-re "\n---" {
+			info "keyctl failed: mismatch\n"
+			exit 1
+		}
+		timeout {
+			info "!!! Timeout\n"
+			exit 1
+		}
+		"# "
+	}
+}
+info "Running: keyctl tests...\n"
+send -- "keyctl add trusted kmk \"new 32\" @u\r"
+check_keyctl_result tk_id
+send -- "keyctl add encrypted evm \"new trusted:kmk 32\" @u\r"
+check_keyctl_result ek_id
+send -- "keyctl pipe $tk_id > kmk.blob\r"
+check_keyctl_result tk_id
+send -- "keyctl pipe $ek_id > evm.blob\r"
+check_keyctl_result ek_id
+send -- "keyctl revoke $ek_id\r"
+check_keyctl_result ek_id
+send -- "keyctl revoke $tk_id\r"
+check_keyctl_result tk_id
+send -- "keyctl add trusted kmk \"load `cat kmk.blob`\" @u\r"
+check_keyctl_result tk_id
+send -- "keyctl add encrypted evm \"load `cat evm.blob`\" @u\r"
+check_keyctl_result ek_id
+send -- "keyctl pipe $tk_id > kmk.blob2\r"
+check_keyctl_result tk_id
+send -- "keyctl pipe $ek_id > evm.blob2\r"
+check_keyctl_result ek_id
+send -- "diff kmk.blob kmk.blob2\r"
+check_keyctl_result tk_id
+send -- "diff evm.blob evm.blob2\r"
+check_keyctl_result ek_id
+info "Status: keyctl tests successful\n"