TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / ci / tf-a-ci-scripts / 0bcf41357dac279fb752ea108badeb840457af5f^! / . / expect / linux-tpm.exp
commit0bcf41357dac279fb752ea108badeb840457af5f[log] [tgz]
authorSandrine Bailleux <sandrine.bailleux@arm.com>Thu Mar 31 11:15:51 2022 +0200
committerSandrine Bailleux <sandrine.bailleux@arm.com>Wed May 11 17:07:49 2022 +0200
tree9463e22ce671ef74052a7d6f406997f722aa9310
parente93ddef585811b34fec269e775306cf67514634b [diff] [blame]
refactor(tpm): narrow down the event log parsing window

To test measured boot on FVP platform, we've got some expect scripts
which parse the TF-A console output and capture the firmware
measurements from the TCG event log dump.

Right now, these expect scripts parse all output generated right from
platform reset up to the start of BL31 execution.

This is quite a large window of time and it unnecessarily increases
the risk of capturing a message which is unrelated to a TCG event log
measurement. In particular, this part of the regexp:

 : (\\w{2}\\s){16}

is quite general and could catch hexadecimal dumps of other types of
information.

To reduce this risk, modify the expect script such that it waits to
see the beginning of the TCG event log dump (identified by the string
"TCG_EfiSpecIDEvent:") before capturing any measurement.

Do similar kinds of modifications to the TPM post-expect scripts. They
too now wait for the starting string to start capturing output. They
now also look for the ending string ("Booting BL31") to stop capturing
output, which was something the expect scripts already supported but
the post-expect scripts did not.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I09b65cce72bfc44b48b6b1eaee583a8896133b53

diff --git a/expect/linux-tpm.exp b/expect/linux-tpm.exp
index de34988..ee8ae8a 100644
--- a/expect/linux-tpm.exp
+++ b/expect/linux-tpm.exp

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -11,15 +11,25 @@
 
 # File to store the event log from the ftpm service.
 set TFA_DIGEST [get_param tfa_digest "tfa_event_log"]
-set digest_log [open $TFA_DIGEST w]
 
 # regexp for non-zero PCR0
 set non_zero_pcr "(?!(\\s00){16})((\\s(\[0-9a-f\]){2}){16}\\s)"
 set zero_pcr "(\\s00){16}\\s+(00\\s){16}"
 
 expect {
+        # Wait for the start of the event log dump.
+        "TCG_EfiSpecIDEvent:" {
+                set digest_log [open $TFA_DIGEST w]
+        }
+
+        timeout {
+                exit_timeout
+        }
+}
+
+expect {
         # Parse the event log from the debug logs and store the digests
-        # so they can be matched later with what the fTPM read.
+        # so they can be matched later with what the fTPM reads.
 
         -re "Digest(\\s|\\w)*:\\s(\\w{2}\\s){16}|\
         : (\\w{2}\\s){16}|\