TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / build / refs/heads/rpi3-boot-fix / . / trusted-keys.exp
blob: 546b4872c6d7d1f68fd3be21682ee39cc06c4302 [file] [log] [blame]
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]1#!/usr/bin/expect -f
2#
3# This script test Linux trusted keys support using OP-TEE as a trust
4# source. The return code is 0 for success, >0 for error.
5#
6
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]7set timeout 5
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]8set tk_id 0
9set ek_id 0
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]10# Wait for next prompt, dealing with key ID, failure message and timeout
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]11proc check_keyctl_result arg {
12 expect {
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]13 -re {(\d+)\r} {
14 set ::$arg $expect_out(1,string)
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]15 exp_continue
16 }
Jerome Forissier4d36aea2022-11-08 14:25:46 +0100[diff] [blame]17 "add_key: No such device" {
18 info [join {"Skipping test due to 'No such device':"
19 "trusted keys are not supported"
20 "(missing driver? CFG_CORE_DYN_SHM=n?)\n"}]
21 exit 0
22 }
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]23 "FAILED" {
24 info "!!! Error\n"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]25 exit 1
26 }
27 timeout {
28 info "!!! Timeout\n"
29 exit 1
30 }
31 "# "
32 }
33}
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]34proc run_cmd arg {
35 send -- [append arg " || fail\r"]
36}
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]37info "Running: keyctl tests...\n"
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]38expect "# "
39send -- "function fail { echo FAILED ; }\r"
40expect "# "
41run_cmd "keyctl add trusted kmk \"new 32\" @u"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]42check_keyctl_result tk_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]43run_cmd "keyctl add encrypted evm \"new trusted:kmk 32\" @u"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]44check_keyctl_result ek_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]45run_cmd "keyctl pipe $tk_id > kmk.blob"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]46check_keyctl_result tk_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]47run_cmd "keyctl pipe $ek_id > evm.blob"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]48check_keyctl_result ek_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]49run_cmd "keyctl revoke $ek_id"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]50check_keyctl_result ek_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]51run_cmd "keyctl revoke $tk_id"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]52check_keyctl_result tk_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]53run_cmd "keyctl add trusted kmk \"load `cat kmk.blob`\" @u"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]54check_keyctl_result tk_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]55run_cmd "keyctl add encrypted evm \"load `cat evm.blob`\" @u"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]56check_keyctl_result ek_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]57run_cmd "keyctl pipe $tk_id > kmk.blob2"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]58check_keyctl_result tk_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]59run_cmd "keyctl pipe $ek_id > evm.blob2"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]60check_keyctl_result ek_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]61run_cmd "diff kmk.blob kmk.blob2"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]62check_keyctl_result tk_id
Jerome Forissiere4129292022-11-08 10:45:23 +0100[diff] [blame]63run_cmd "diff evm.blob evm.blob2"
Sumit Garg45cf44c2021-12-24 17:02:25 +0530[diff] [blame]64check_keyctl_result ek_id
65info "Status: keyctl tests successful\n"