| # |
| # Copyright (c) 2020-2025, Arm Limited. All rights reserved. |
| # |
| # SPDX-License-Identifier: BSD-3-Clause |
| # |
| # Expect script for Linux/Buildroot using Measured Boot & fTPM |
| # |
| |
| source [file join [file dirname [info script]] utils.inc] |
| source [file join [file dirname [info script]] handle-arguments.inc] |
| |
| set TFA_EVENT_LOG [get_param tfa_log "tfa_event_log"] |
| |
| # regexp for non-zero PCR0 |
| set non_zero_pcr "(?!(\\s00){16})((\\s(\[0-9a-f\]){2}){16}\\s)" |
| set zero_pcr "(\\s00){16}\\s+(00\\s){16}" |
| |
| capture_log $TFA_EVENT_LOG "Booting BL31|Finished using crypto library" |
| |
| expect { |
| "login" { |
| send "root\n" |
| } |
| } |
| |
| expect { |
| "#" { |
| # Load the fTPM driver and retrieves PCR0 |
| send "ftpm\n" |
| } |
| } |
| |
| expect { |
| # Pass condition: PCR0 must not be all zeros. |
| |
| -re $non_zero_pcr { |
| exp_continue |
| } |
| |
| "#" { |
| # get PCR1 value |
| send "pcrread -ha 1\n" |
| } |
| } |
| |
| expect { |
| # Pass condition: PCR1 must not be all zeros. |
| |
| -re $non_zero_pcr { |
| exp_continue |
| } |
| |
| "#" { } |
| } |
| |
| # Iterate over the rest of PCRs and check that they all are zeros. |
| for {set i 2} {$i < 11} {incr i} { |
| send "pcrread -ha $i\n" |
| |
| expect { |
| -re $zero_pcr { } |
| |
| -re $non_zero_pcr { |
| exit_uart -1 |
| } |
| } |
| } |
| |
| expect_string "#" "finished reading PCRs" |
| |
| if {[info exists ::env(verify_hashes)]} { |
| source [file join [file dirname [info script]] compare_hashes.inc] |
| } |