trusted-keys.exp - OP-TEE/build - TrustedFirmware Git Browser

 #!/usr/bin/expect -f
 #
 # This script test Linux trusted keys support using OP-TEE as a trust
 # source. The return code is 0 for success, >0 for error.
 #

 set timeout 5
 set tk_id 0
 set ek_id 0
 # Wait for next prompt, dealing with key ID, failure message and timeout
 proc check_keyctl_result arg {
 	expect {
 		-re {(\d+)\r} {
 			set ::$arg $expect_out(1,string)
 			exp_continue
 		}
 		"add_key: No such device" {
 			info [join {"Skipping test due to 'No such device':"
 				    "trusted keys are not supported"
 				    "(missing driver? CFG_CORE_DYN_SHM=n?)\n"}]
 			exit 0
 		}
 		"FAILED" {
 			info "!!! Error\n"
 			exit 1
 		}
 		timeout {
 			info "!!! Timeout\n"
 			exit 1
 		}
 		"# "
 	}
 }
 proc run_cmd arg {
 	send -- [append arg " || fail\r"]
 }
 info "Running: keyctl tests...\n"
 expect "# "
 send -- "function fail { echo FAILED ; }\r"
 expect "# "
 run_cmd "keyctl add trusted kmk \"new 32\" @u"
 check_keyctl_result tk_id
 run_cmd "keyctl add encrypted evm \"new trusted:kmk 32\" @u"
 check_keyctl_result ek_id
 run_cmd "keyctl pipe $tk_id > kmk.blob"
 check_keyctl_result tk_id
 run_cmd "keyctl pipe $ek_id > evm.blob"
 check_keyctl_result ek_id
 run_cmd "keyctl revoke $ek_id"
 check_keyctl_result ek_id
 run_cmd "keyctl revoke $tk_id"
 check_keyctl_result tk_id
 run_cmd "keyctl add trusted kmk \"load `cat kmk.blob`\" @u"
 check_keyctl_result tk_id
 run_cmd "keyctl add encrypted evm \"load `cat evm.blob`\" @u"
 check_keyctl_result ek_id
 run_cmd "keyctl pipe $tk_id > kmk.blob2"
 check_keyctl_result tk_id
 run_cmd "keyctl pipe $ek_id > evm.blob2"
 check_keyctl_result ek_id
 run_cmd "diff kmk.blob kmk.blob2"
 check_keyctl_result tk_id
 run_cmd "diff evm.blob evm.blob2"
 check_keyctl_result ek_id
 info "Status: keyctl tests successful\n"
	#!/usr/bin/expect -f
	#
	# This script test Linux trusted keys support using OP-TEE as a trust
	# source. The return code is 0 for success, >0 for error.
	#

	set timeout 5
	set tk_id 0
	set ek_id 0
	# Wait for next prompt, dealing with key ID, failure message and timeout
	proc check_keyctl_result arg {
	expect {
	-re {(\d+)\r} {
	set ::$arg $expect_out(1,string)
	exp_continue
	}
	"add_key: No such device" {
	info [join {"Skipping test due to 'No such device':"
	"trusted keys are not supported"
	"(missing driver? CFG_CORE_DYN_SHM=n?)\n"}]
	exit 0
	}
	"FAILED" {
	info "!!! Error\n"
	exit 1
	}
	timeout {
	info "!!! Timeout\n"
	exit 1
	}
	"# "
	}
	}
	proc run_cmd arg {
	send -- [append arg " \|\| fail\r"]
	}
	info "Running: keyctl tests...\n"
	expect "# "
	send -- "function fail { echo FAILED ; }\r"
	expect "# "
	run_cmd "keyctl add trusted kmk \"new 32\" @u"
	check_keyctl_result tk_id
	run_cmd "keyctl add encrypted evm \"new trusted:kmk 32\" @u"
	check_keyctl_result ek_id
	run_cmd "keyctl pipe $tk_id > kmk.blob"
	check_keyctl_result tk_id
	run_cmd "keyctl pipe $ek_id > evm.blob"
	check_keyctl_result ek_id
	run_cmd "keyctl revoke $ek_id"
	check_keyctl_result ek_id
	run_cmd "keyctl revoke $tk_id"
	check_keyctl_result tk_id
	run_cmd "keyctl add trusted kmk \"load `cat kmk.blob`\" @u"
	check_keyctl_result tk_id
	run_cmd "keyctl add encrypted evm \"load `cat evm.blob`\" @u"
	check_keyctl_result ek_id
	run_cmd "keyctl pipe $tk_id > kmk.blob2"
	check_keyctl_result tk_id
	run_cmd "keyctl pipe $ek_id > evm.blob2"
	check_keyctl_result ek_id
	run_cmd "diff kmk.blob kmk.blob2"
	check_keyctl_result tk_id
	run_cmd "diff evm.blob evm.blob2"
	check_keyctl_result ek_id
	info "Status: keyctl tests successful\n"