feat(ci): Measured boot hash verification scripts
Move away from dependency on external fTPM and OP-TEE binaries through
using our own scripts to validate the hashes in the TF-A event log
during measured boot tests.
Change-Id: Ifd1fa8ce7d2091510b4c8242e25438e4d9aa61bb
Signed-off-by: Slava Andrianov <slava.andrianov@arm.com>
diff --git a/expect/compare_hashes.inc b/expect/compare_hashes.inc
new file mode 100644
index 0000000..4e9c358
--- /dev/null
+++ b/expect/compare_hashes.inc
@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2025 Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# Expect script for monitoring the results of the TFA event log hash
+# verification script
+#
+
+set mismatched_marker "Mismatched"
+set missing_marker "not found"
+
+set compare_hash_path $env(ci_root)
+append compare_hash_path "/script/verify_hashes.py"
+
+set hash_verification_output [exec python3 $compare_hash_path 2>@1]
+puts $hash_verification_output
+if {[regexp $mismatched_marker|$missing_marker $hash_verification_output]} {
+ message "Hash mismatch or missing hash detected"
+ exit_uart -1
+}
diff --git a/expect/linux-tpm-384.exp b/expect/linux-tpm-384.exp
index 9dd4731..7ab9bf2 100644
--- a/expect/linux-tpm-384.exp
+++ b/expect/linux-tpm-384.exp
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2021-2025, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -11,14 +11,12 @@
source [file join [file dirname [info script]] utils.inc]
source [file join [file dirname [info script]] handle-arguments.inc]
-# File to store the event log from the ftpm service.
-set TFA_DIGEST [get_param tfa_digest "tfa_event_log"]
-set FTPM_DIGEST [get_param ftpm_digest "ftpm_event_log"]
+set TFA_EVENT_LOG [get_param tfa_log "tfa_event_log"]
# regexp for non-zero PCR0
set non_zero_pcr "(?!(\\s00){16})((\\s(\[0-9a-f\]){2}){16}\\s)"
-capture_log $TFA_DIGEST "Booting BL31|Finished using crypto library"
+capture_log $TFA_EVENT_LOG "Booting BL31|Finished using crypto library"
expect {
"login" {
@@ -52,4 +50,6 @@
expect_string "#" "finished reading PCRs"
-compare_log $TFA_DIGEST $FTPM_DIGEST
+if {[info exists ::env(verify_hashes)]} {
+ source [file join [file dirname [info script]] compare_hashes.inc]
+}
diff --git a/expect/linux-tpm.exp b/expect/linux-tpm.exp
index 27ff89e..2bb6654 100644
--- a/expect/linux-tpm.exp
+++ b/expect/linux-tpm.exp
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2025, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -9,15 +9,13 @@
source [file join [file dirname [info script]] utils.inc]
source [file join [file dirname [info script]] handle-arguments.inc]
-# File to store the event log from the ftpm service.
-set TFA_DIGEST [get_param tfa_digest "tfa_event_log"]
-set FTPM_DIGEST [get_param ftpm_digest "ftpm_event_log"]
+set TFA_EVENT_LOG [get_param tfa_log "tfa_event_log"]
# regexp for non-zero PCR0
set non_zero_pcr "(?!(\\s00){16})((\\s(\[0-9a-f\]){2}){16}\\s)"
set zero_pcr "(\\s00){16}\\s+(00\\s){16}"
-capture_log $TFA_DIGEST "Booting BL31|Finished using crypto library"
+capture_log $TFA_EVENT_LOG "Booting BL31|Finished using crypto library"
expect {
"login" {
@@ -70,4 +68,6 @@
expect_string "#" "finished reading PCRs"
-compare_log $TFA_DIGEST $FTPM_DIGEST
+if {[info exists ::env(verify_hashes)]} {
+ source [file join [file dirname [info script]] compare_hashes.inc]
+}
diff --git a/expect/tftf.inc b/expect/tftf.inc
index b47d1c3..095403b 100644
--- a/expect/tftf.inc
+++ b/expect/tftf.inc
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023 Arm Limited. All rights reserved.
+# Copyright (c) 2023-2025 Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -10,21 +10,32 @@
expect_re "Running at NS-EL(1|2)"
+# Compares event log of TF-A in BL2 against event logs of BL32 and BL33
+# currently not available for all measured boot tests
if {[info exists ::env(measured_boot)]} {
- capture_and_compare_log tftf_event_log "TEST COMPLETE" tfa_event_log
+ capture_and_compare_log tftf_event_log "TEST COMPLETE" $TFA_EVENT_LOG
}
+set uart_return_value ""
expect {
"Tests Failed : 0" {
expect_string "Exiting tests." "all TFTF tests passed"
- exit_uart 0
+ set uart_return_value 0
}
"Tests Passed : 0" {
expect_string "Exiting tests." "no TFTF tests passed"
- exit_uart -1
+ set uart_return_value -1
}
-re "Tests Failed : \[^0]" {
expect_string "Exiting tests." "one or more TFTF tests failed"
- exit_uart -1
+ set uart_return_value -1
}
}
+
+# Verifies the hashes in the TF-A event log for measured boot tests
+if {[info exists ::env(verify_hashes)]} {
+ message "Starting measured boot hash verification"
+ source [file join [file dirname [info script]] compare_hashes.inc]
+}
+
+exit_uart $uart_return_value
diff --git a/expect/tpm-logs.exp b/expect/tpm-logs.exp
index e46beb6..8b4bb62 100644
--- a/expect/tpm-logs.exp
+++ b/expect/tpm-logs.exp
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2025, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -9,9 +9,4 @@
source [file join [file dirname [info script]] utils.inc]
source [file join [file dirname [info script]] handle-arguments.inc]
-# File to store the event log from the ftpm service.
-set FTPM_DIGEST [get_param ftpm_digest "ftpm_event_log"]
-
-capture_log $FTPM_DIGEST "returned value"
-
-source [file join [file dirname [info script]] uart-hold.inc]
\ No newline at end of file
+source [file join [file dirname [info script]] uart-hold.inc]
diff --git a/expect/trusted-firmware.inc b/expect/trusted-firmware.inc
index f2c4e99..f6c6652 100644
--- a/expect/trusted-firmware.inc
+++ b/expect/trusted-firmware.inc
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+# Copyright (c) 2019-2025, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -8,6 +8,8 @@
# This script is not standalone and should be sourced by a top expect script.
#
+set TFA_EVENT_LOG [get_param tfa_log "tfa_event_log"]
+
# Initial boot message won't be present if we're starting at BL31. Skip waiting
# for them by inspecting the environment variable 'skip_early_boot_msgs'.
if {![info exists ::env(skip_early_boot_msgs)]} {
@@ -28,11 +30,14 @@
# Capture the event log from TF-A if we are running with measured boot
# enabled.
- if {[info exists ::env(measured_boot)]} {
- capture_log tfa_event_log "BL1: Booting BL31|Finished using crypto library"
+ if {[info exists ::env(measured_boot)] || [info exists ::env(verify_hashes)]} {
+ capture_log $TFA_EVENT_LOG "BL1: Booting BL31|Finished using crypto library"
} else {
expect_string "BL1: Booting BL31"
}
} else {
message "Skipping early boot messages from BL1 and BL2"
+ if {[info exists ::env(verify_hashes)]} {
+ capture_log $TFA_EVENT_LOG "BL1: Booting BL31|BL2: Booting BL31|Finished using crypto library"
+ }
}
diff --git a/expect/tsp.exp b/expect/tsp.exp
index 24b99fd..ba8d4c6 100644
--- a/expect/tsp.exp
+++ b/expect/tsp.exp
@@ -43,11 +43,12 @@
}
}
+set TFA_EVENT_LOG [get_param tfa_log "tfa_event_log"]
# In case of measured boot, capture the event log that's been passed to the TSP,
# this is used to ensure that the same event log is produced in BL2. Match the
# previously stored digest with the one generated by the TSP service.
if {[info exists ::env(measured_boot)]} {
- capture_and_compare_log tsp_event_log "TSP: cpu" tfa_event_log
+ capture_and_compare_log tsp_event_log "TSP: cpu" $TFA_EVENT_LOG
}
-source [file join [file dirname [info script]] uart-hold.inc]
\ No newline at end of file
+source [file join [file dirname [info script]] uart-hold.inc]