feat(ci): Measured boot hash verification scripts
Move away from dependency on external fTPM and OP-TEE binaries through
using our own scripts to validate the hashes in the TF-A event log
during measured boot tests.
Change-Id: Ifd1fa8ce7d2091510b4c8242e25438e4d9aa61bb
Signed-off-by: Slava Andrianov <slava.andrianov@arm.com>
diff --git a/expect/tftf.inc b/expect/tftf.inc
index b47d1c3..095403b 100644
--- a/expect/tftf.inc
+++ b/expect/tftf.inc
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2023 Arm Limited. All rights reserved.
+# Copyright (c) 2023-2025 Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -10,21 +10,32 @@
expect_re "Running at NS-EL(1|2)"
+# Compares event log of TF-A in BL2 against event logs of BL32 and BL33
+# currently not available for all measured boot tests
if {[info exists ::env(measured_boot)]} {
- capture_and_compare_log tftf_event_log "TEST COMPLETE" tfa_event_log
+ capture_and_compare_log tftf_event_log "TEST COMPLETE" $TFA_EVENT_LOG
}
+set uart_return_value ""
expect {
"Tests Failed : 0" {
expect_string "Exiting tests." "all TFTF tests passed"
- exit_uart 0
+ set uart_return_value 0
}
"Tests Passed : 0" {
expect_string "Exiting tests." "no TFTF tests passed"
- exit_uart -1
+ set uart_return_value -1
}
-re "Tests Failed : \[^0]" {
expect_string "Exiting tests." "one or more TFTF tests failed"
- exit_uart -1
+ set uart_return_value -1
}
}
+
+# Verifies the hashes in the TF-A event log for measured boot tests
+if {[info exists ::env(verify_hashes)]} {
+ message "Starting measured boot hash verification"
+ source [file join [file dirname [info script]] compare_hashes.inc]
+}
+
+exit_uart $uart_return_value