feat(ci): Measured boot hash verification scripts Move away from dependency on external fTPM and OP-TEE binaries through using our own scripts to validate the hashes in the TF-A event log during measured boot tests. Change-Id: Ifd1fa8ce7d2091510b4c8242e25438e4d9aa61bb Signed-off-by: Slava Andrianov <slava.andrianov@arm.com>

commit: 192ee178035089d5445d1e0fc48324f291b8dbf5 [log] [tgz]
author: Slava Andrianov <slava.andrianov@arm.com> Wed Jun 11 15:40:43 2025 -0500
committer: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Fri Aug 08 16:35:56 2025 +0000
tree: 850a29285cc42a41286dda8c1d07649d99c99aa3
parent: 49e4c6d2c5db27a077423732b02c51c38be28200 [diff] [blame]
diff --git a/expect/compare_hashes.inc b/expect/compare_hashes.inc
new file mode 100644
index 0000000..4e9c358
--- /dev/null
+++ b/expect/compare_hashes.inc

@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2025 Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# Expect script for monitoring the results of the TFA event log hash
+# verification script
+#
+
+set mismatched_marker "Mismatched"
+set missing_marker "not found"
+
+set compare_hash_path $env(ci_root)
+append compare_hash_path "/script/verify_hashes.py"
+
+set hash_verification_output [exec python3 $compare_hash_path 2>@1]
+puts $hash_verification_output
+if {[regexp $mismatched_marker|$missing_marker $hash_verification_output]} {
+    message "Hash mismatch or missing hash detected"
+    exit_uart -1
+}
commit	192ee178035089d5445d1e0fc48324f291b8dbf5	[log] [tgz]
author	Slava Andrianov <slava.andrianov@arm.com>	Wed Jun 11 15:40:43 2025 -0500
committer	Lauren Wehrmeister <lauren.wehrmeister@arm.com>	Fri Aug 08 16:35:56 2025 +0000
tree	850a29285cc42a41286dda8c1d07649d99c99aa3
parent	49e4c6d2c5db27a077423732b02c51c38be28200 [diff] [blame]