diff --git a/dasharo-security/measured-boot.robot b/dasharo-security/measured-boot.robot index 462cf9c8c..169677747 100644 --- a/dasharo-security/measured-boot.robot +++ b/dasharo-security/measured-boot.robot @@ -10,8 +10,8 @@ Library RequestsLibrary # stuff in all test cases Resource ../variables.robot Resource ../keywords.robot -Resource ../keys.robot Resource ../lib/tpm.robot +Resource ../keys.robot # TODO: # - document which setup/teardown keywords to use and what are they doing @@ -299,10 +299,12 @@ Restore SB And Tianocore Defaults And Reset Measured Boot Suite Setup Prepare Test Suite + Skip If ${TPM_SUPPORTED_VERSION} == None Measured boot tests require TPM Skip If not ${MEASURED_BOOT_SUPPORT} Measured boot is not supported Skip If not ${TESTS_IN_UBUNTU_SUPPORT} Tests in Ubuntu are not supported Power On Boot Ubuntu And Login To Root + Verify Presence Of TPM Via Sysfs Detect Or Install Package tpm2-tools # Disable service that adds dbx certificates which could interfere with tests Execute Command In Terminal systemctl disable secureboot-db.service diff --git a/dasharo-security/tpm-support.robot b/dasharo-security/tpm-support.robot index 67cb70b75..99a72d16c 100644 --- a/dasharo-security/tpm-support.robot +++ b/dasharo-security/tpm-support.robot @@ -10,6 +10,7 @@ Library RequestsLibrary # stuff in all test cases Resource ../variables.robot Resource ../keywords.robot +Resource ../lib/tpm.robot Resource ../keys.robot # TODO: @@ -19,33 +20,29 @@ Resource ../keys.robot Suite Setup Run Keywords ... Prepare Test Suite ... AND -... Skip If not ${TPM_SUPPORT} TPM tests not supported +... Skip If ${TPM_SUPPORTED_VERSION} == None TPM tests not supported Suite Teardown Run Keyword ... Log Out And Close Connection *** Test Cases *** TPM001.001 TPM Support (firmware) - [Documentation] This test aims to verify that the TPM is initialized - ... correctly and the PCRs can be accessed from the firmware. + [Documentation] This test aims to verify that the TPM is initialized, + ... detected and logged correctly by FW via cbmem, directly in Ubuntu Skip If not ${TESTS_IN_UBUNTU_SUPPORT} TPM001.001 not supported - Power On - Boot System Or From Connected Disk ubuntu - Login To Linux - Switch To Root User - Get Cbmem From Cloud - ${out}= Execute Command In Terminal cbmem -L - Should Contain Any ${out} TPM2 log TCPA log + Prepare TPM Test On Ubuntu + ${result}= Run Keyword And Ignore Error Validate Expected TPM Chip Via Cbmem + IF '${result}[0]' == 'FAIL' + Log To Console \nChip detection failed, attempting cbmem log detection\n + Validate Expected TPM Version Via Cbmem Log + END TPM001.002 TPM Support (Ubuntu) [Documentation] Check whether the TPM is initialized correctly and the ... PCRs can be accessed from the Linux OS. Skip If not ${TESTS_IN_UBUNTU_SUPPORT} TPM001.002 not supported - Power On - Boot System Or From Connected Disk ubuntu - Login To Linux - Switch To Root User - Validate Any TPM + Prepare TPM Test On Ubuntu + Verify Presence Of Any PCRs Via Sysfs TPM001.003 TPM Support (Windows) [Documentation] Check whether the TPM is initialized correctly and the @@ -65,26 +62,20 @@ TPM002.001 Verify TPM version (firmware) [Documentation] This test aims to verify that the TPM version is ... correctly recognized by the firmware. Skip If not ${TESTS_IN_UBUNTU_SUPPORT} TPM002.001 not supported - Power On - Boot System Or From Connected Disk ubuntu - Login To Linux - Switch To Root User - Get Cbmem From Cloud - ${out}= Execute Command In Terminal cbmem -L - Should Contain Any ${out} TPM2 log TCPA log + Prepare TPM Test On Ubuntu + ${result}= Run Keyword And Ignore Error Validate Expected TPM Chip Via Cbmem + IF '${result}[0]' == 'FAIL' + Log To Console \nChip detection failed, attempting cbmem log detection\n + Validate Expected TPM Version Via Cbmem Log + END TPM002.002 Verify TPM version (Ubuntu) [Documentation] This test aims to verify that the TPM version is ... correctly recognized by the operating system. [Tags] minimal-regression Skip If not ${TESTS_IN_UBUNTU_SUPPORT} TPM002.002 not supported - Power On - Boot System Or From Connected Disk ubuntu - Login To Linux - Switch To Root User - ${out}= Execute Command In Terminal cat /sys/class/tpm/tpm0/tpm_version_major - # TPM 2.0 and 1.2 - Should Contain Any ${out} 1 2 + Prepare TPM Test On Ubuntu + Validate Expected TPM Version Via Sysfs TPM002.003 Verify TPM version (Windows) [Documentation] This test aims to verify that the TPM version is @@ -98,12 +89,10 @@ TPM002.003 Verify TPM version (Windows) TPM003.001 Check TPM Physical Presence Interface (firmware) [Documentation] This test aims to verify that the TPM Physical Presence - ... Interface is supported by the firmware. + ... Interface is supported by the firmware and the log can be detected + ... with cbmem within Ubuntu Skip If not ${TESTS_IN_UBUNTU_SUPPORT} TPM003.001 not supported - Power On - Boot System Or From Connected Disk ubuntu - Login To Linux - Switch To Root User + Prepare TPM Test On Ubuntu Get Cbmem From Cloud ${out}= Execute Command In Terminal cbmem -1 | grep PPI Should Contain ${out} PPI: Pending OS request @@ -113,12 +102,15 @@ TPM003.002 Check TPM Physical Presence Interface (Ubuntu) [Documentation] This test aims to verify that the TPM Physical Presence ... Interface is correctly recognized by the operating system. Skip If not ${TESTS_IN_UBUNTU_SUPPORT} TPM003.002 not supported - Power On - Boot System Or From Connected Disk ubuntu - Login To Linux - Switch To Root User + Prepare TPM Test On Ubuntu ${out}= Execute Command In Terminal cat /sys/class/tpm/tpm0/ppi/version - Should Contain Any ${out} 1.2 1.3 + IF '${TPM_SUPPORTED_VERSION}' == '1' + Should Contain ${out} 1.2 + ELSE IF '${TPM_SUPPORTED_VERSION}' == '2' + Should Contain ${out} 1.3 + ELSE + Fail Invalid expected version, please verify config + END TPM003.003 Check TPM Physical Presence Interface (Windows) [Documentation] This test aims to verify that the TPM Physical Presence @@ -132,24 +124,16 @@ TPM003.003 Check TPM Physical Presence Interface (Windows) # TPM003.004 Change active PCR banks with TPM PPI (firmware) # [Documentation] This test aims to verify that the TPM Physical Presence # ... Interface is working properly in the firmware by changing active TPM PCR banks. -# Skip If not ${tpm_support} TPM003.004 not supported -# Skip If not ${tests_in_ubuntu_support} TPM003.004 not supported +# Skip If not ${TPM_SUPPORTED_VERSION} == None TPM003.004 not supported +# Skip If not ${TESTS_IN_UBUNTU_SUPPORT} TPM003.004 not supported # TODO: https://docs.dasharo.com/unified-test-documentation/dasharo-security/200-tpm-support/#tpm003004-change-active-pcr-banks-with-tpm-ppi-firmware *** Keywords *** -Validate Any TPM - [Documentation] Checks for TPM major version, and validates it. - ${tpm_ver}= Execute Command In Terminal cat /sys/class/tpm/tpm0/tpm_version_major - IF '${tpm_ver}' == '2' - Detect Or Install Package tpm2-tools - ${out}= Execute Command In Terminal tpm2_pcrread - Should Contain ${out} sha1: - Should Contain ${out} sha256: - ELSE IF '${tpm_ver}' == '1' - Detect Or Install Package tpm-tools - ${out}= Execute Command In Terminal tpm_selftest - Should Contain ${out} TPM Test Results: - ELSE - Fail No valid TPM version available. - END +Prepare TPM Test On Ubuntu + [Documentation] Run common actions required for TPM tests in Ubuntu + Power On + Boot System Or From Connected Disk ubuntu + Login To Linux + Switch To Root User + Verify Presence Of TPM Via Sysfs diff --git a/dasharo-security/tpm2-commands.robot b/dasharo-security/tpm2-commands.robot index e7a57260a..b0adee180 100644 --- a/dasharo-security/tpm2-commands.robot +++ b/dasharo-security/tpm2-commands.robot @@ -10,6 +10,7 @@ Library RequestsLibrary # stuff in all test cases Resource ../variables.robot Resource ../keywords.robot +Resource ../lib/tpm.robot Resource ../keys.robot # TODO: @@ -262,12 +263,13 @@ Check If SHA1 And SHA256 Banks Are Enabled TPM2 Suite Setup Prepare Test Suite - Skip If not ${TPM_SUPPORT} TPM tests not supported + Skip If ${TPM_SUPPORTED_VERSION} != '2' TPM commands tests supported only TPM2 Skip If not ${TESTS_IN_UBUNTU_SUPPORT} TPM commands tests supported only on Ubuntu Power On Boot System Or From Connected Disk ubuntu Login To Linux Switch To Root User + Verify Presence Of TPM Via Sysfs Detect Or Install Package tpm2-tools ${passed}= Run Keyword And Return Status ... Check If SHA1 And SHA256 Banks Are Enabled diff --git a/lib/tpm.robot b/lib/tpm.robot index 610231da2..8f99d14e4 100644 --- a/lib/tpm.robot +++ b/lib/tpm.robot @@ -67,3 +67,40 @@ Validate PCRs Against Event Log Should Contain ${hash} ${sha_hash} ignore_case=${TRUE} END END + +Validate Expected TPM Version Via Sysfs + [Documentation] Checks if detected major TPM version matches the expected + ... value. + ${tpm_ver}= Execute Command In Terminal cat /sys/class/tpm/tpm0/tpm_version_major + IF '${TPM_SUPPORTED_VERSION}' != '${tpm_ver}' + Fail Platform TPM version mismatch + END + +Validate Expected TPM Chip Via Cbmem + [Documentation] Check that correct TPM chip is found while FW boots + Get Cbmem From Cloud + ${tpm_chip_found}= Execute Command In Terminal cbmem -1 | grep -i "Found TPM" + Should Contain ${tpm_chip_found} ${TPM_EXPECTED_CHIP} + +Validate Expected TPM Version Via Cbmem Log + [Documentation] Check if appropriate log is created by FW + Get Cbmem From Cloud + ${out}= Execute Command In Terminal cbmem -L + IF '${TPM_SUPPORTED_VERSION}' == '1' + Should Contain ${out} TCPA log + ELSE IF '${TPM_SUPPORTED_VERSION}' == '2' + Should Contain ${out} TPM2 log + ELSE + Fail Invalid expected version, please verify config + END + +Verify Presence Of TPM Via Sysfs + [Documentation] Use sysfs interface to detect presence of TPM + ... in the system. + ${tpm_presence}= Execute Command In Terminal test -d /sys/class/tpm/tpm0 && echo "Found TPM" + Should Contain ${tpm_presence} Found TPM + +Verify Presence Of Any PCRs Via Sysfs + [Documentation] Check sysfs interface for presence of any PCR + ${pcr_state}= Execute Command In Terminal ls /sys/class/tpm/tpm0/pcr-sha* &>/dev/null && echo "Found PCRs" + Should Contain ${pcr_state} Found PCRs diff --git a/platform-configs/include/default.robot b/platform-configs/include/default.robot index f5f7bbc0c..d42a04732 100644 --- a/platform-configs/include/default.robot +++ b/platform-configs/include/default.robot @@ -177,7 +177,8 @@ ${DCU_SERIAL_SUPPORT}= ${FALSE} ${ROMHOLE_SUPPORT}= ${FALSE} # Test module: dasharo-security -${TPM_SUPPORT}= ${FALSE} +${TPM_SUPPORTED_VERSION}= ${None} +${TPM_EXPECTED_CHIP}= FILL_WITH_CORRECT_VALUE_BEFORE_TESTING ${VERIFIED_BOOT_SUPPORT}= ${FALSE} ${VERIFIED_BOOT_POPUP_SUPPORT}= ${FALSE} ${MEASURED_BOOT_SUPPORT}= ${FALSE} diff --git a/platform-configs/include/msi-z690-common.robot b/platform-configs/include/msi-z690-common.robot index b08506be4..8bb3083bf 100644 --- a/platform-configs/include/msi-z690-common.robot +++ b/platform-configs/include/msi-z690-common.robot @@ -90,7 +90,7 @@ ${SATA_SUPPORT}= ${TRUE} ${RESET_TO_DEFAULTS_SUPPORT}= ${TRUE} # Test module: dasharo-security -${TPM_SUPPORT}= ${TRUE} +${TPM_SUPPORTED_VERSION}= 2 ${VERIFIED_BOOT_SUPPORT}= ${TRUE} ${VERIFIED_BOOT_POPUP_SUPPORT}= ${TRUE} ${MEASURED_BOOT_SUPPORT}= ${TRUE} diff --git a/platform-configs/include/novacustom-common.robot b/platform-configs/include/novacustom-common.robot index c73e28ba8..245b3bb50 100644 --- a/platform-configs/include/novacustom-common.robot +++ b/platform-configs/include/novacustom-common.robot @@ -99,7 +99,7 @@ ${DTS_FIRMWARE_FLASHING_SUPPORT}= ${TRUE} ${DTS_EC_FLASHING_SUPPORT}= ${TRUE} # Test module: dasharo-security -${TPM_SUPPORT}= ${TRUE} +${TPM_SUPPORTED_VERSION}= 2 ${VERIFIED_BOOT_SUPPORT}= ${TRUE} ${VERIFIED_BOOT_POPUP_SUPPORT}= ${TRUE} ${MEASURED_BOOT_SUPPORT}= ${TRUE} diff --git a/platform-configs/include/optiplex-common.robot b/platform-configs/include/optiplex-common.robot index 0f77045ff..6b6304178 100644 --- a/platform-configs/include/optiplex-common.robot +++ b/platform-configs/include/optiplex-common.robot @@ -66,7 +66,9 @@ ${DCU_UUID_SUPPORT}= ${TRUE} ${DCU_SERIAL_SUPPORT}= ${TRUE} # Test module: dasharo-security -${TPM_SUPPORT}= ${TRUE} +${TPM_SUPPORTED_VERSION}= 1 +# Cannot acquire tpm chip with cbmem on Optiplex platforms +${TPM_EXPECTED_CHIP}= N/A ${MEASURED_BOOT_SUPPORT}= ${TRUE} ${SECURE_BOOT_SUPPORT}= ${TRUE} ${USB_MASS_STORAGE_SUPPORT}= ${TRUE} diff --git a/platform-configs/include/pcengines.robot b/platform-configs/include/pcengines.robot index 29c9b9991..5a066ab16 100644 --- a/platform-configs/include/pcengines.robot +++ b/platform-configs/include/pcengines.robot @@ -83,7 +83,7 @@ ${MINI_PC_IE_SLOT_SUPPORT}= ${TRUE} ${APU_CONFIGURATION_MENU_SUPPORT}= ${TRUE} # Test module: dasharo-security -${TPM_SUPPORT}= ${TRUE} +${TPM_SUPPORTED_VERSION}= 2 ${VERIFIED_BOOT_SUPPORT}= ${TRUE} ${VERIFIED_BOOT_POPUP_SUPPORT}= ${TRUE} ${MEASURED_BOOT_SUPPORT}= ${TRUE} diff --git a/platform-configs/include/protectli-common.robot b/platform-configs/include/protectli-common.robot index 03ef61150..1904ff75e 100644 --- a/platform-configs/include/protectli-common.robot +++ b/platform-configs/include/protectli-common.robot @@ -77,7 +77,7 @@ ${DCU_UUID_SUPPORT}= ${TRUE} ${DCU_SERIAL_SUPPORT}= ${TRUE} # Test module: dasharo-security -${TPM_SUPPORT}= ${TRUE} +${TPM_SUPPORTED_VERSION}= 2 ${SECURE_BOOT_SUPPORT}= ${TRUE} ${SECURE_BOOT_DEFAULT_STATE}= Disabled ${USB_STACK_SUPPORT}= ${TRUE} diff --git a/platform-configs/novacustom-nv41pz.robot b/platform-configs/novacustom-nv41pz.robot index 5e167891f..f8f4f00e9 100644 --- a/platform-configs/novacustom-nv41pz.robot +++ b/platform-configs/novacustom-nv41pz.robot @@ -27,3 +27,6 @@ ${POWER_CTRL}= none ${USB_STACK_SUPPORT}= ${TRUE} ${TESTS_IN_WINDOWS_SUPPORT}= ${FALSE} + +${TPM_SUPPORTED_VERSION}= 2 +${TPM_EXPECTED_CHIP}= SLB9670 diff --git a/platform-configs/novacustom-v540tnd.robot b/platform-configs/novacustom-v540tnd.robot index f0616cedb..3c563abb1 100644 --- a/platform-configs/novacustom-v540tnd.robot +++ b/platform-configs/novacustom-v540tnd.robot @@ -35,3 +35,6 @@ ${CLEVO_USB_C_HUB}= Thunderbolt 4 Dock ${DOCKING_STATION_USB_C_CHARGING_SUPPORT}= ${TRUE} ${DOCKING_STATION_AUDIO_SUPPORT}= ${TRUE} ${VERIFIED_BOOT_SUPPORT}= ${TRUE} + +${TPM_SUPPORTED_VERSION}= 2 +${TPM_EXPECTED_CHIP}= SLB9672 diff --git a/platform-configs/odroid-h4-plus.robot b/platform-configs/odroid-h4-plus.robot index 10599ab14..6eb3a5bab 100644 --- a/platform-configs/odroid-h4-plus.robot +++ b/platform-configs/odroid-h4-plus.robot @@ -89,7 +89,7 @@ ${CPU_TEMPERATURE_MEASURE}= ${TRUE} ${PLATFORM_STABILITY_CHECKING}= ${TRUE} # Dasharo security -${TPM_SUPPORT}= ${TRUE} +${TPM_SUPPORTED_VERSION}= 2 ${TPM_DETECT_SUPPORT}= ${TRUE} ${VERIFIED_BOOT_SUPPORT}= ${TRUE} ${BIOS_LOCK_SUPPORT}= ${TRUE} diff --git a/platform-configs/protectli-vp2420.robot b/platform-configs/protectli-vp2420.robot index a95dacace..d1a855be7 100644 --- a/platform-configs/protectli-vp2420.robot +++ b/platform-configs/protectli-vp2420.robot @@ -29,6 +29,9 @@ ${WATCHDOG_SUPPORT}= ${TRUE} ${ETHERNET_ID}= 8086:15f3 +${TPM_SUPPORTED_VERSION}= 2 +${TPM_EXPECTED_CHIP}= SLB9670 + *** Keywords *** Flash Protectli VP2420 Internal diff --git a/platform-configs/protectli-vp2430.robot b/platform-configs/protectli-vp2430.robot index 1b884d369..7b3c6a90a 100644 --- a/platform-configs/protectli-vp2430.robot +++ b/platform-configs/protectli-vp2430.robot @@ -49,3 +49,6 @@ ${BLUETOOTH_CARD_UBUNTU}= Intel Corp. AX200 Bluetooth ... 00-e0-97-1b-00-4a ${ETHERNET_ID}= 8086:125c + +${TPM_SUPPORTED_VERSION}= 2 +${TPM_EXPECTED_CHIP}= SLB9670 diff --git a/platform-configs/protectli-vp3230.robot b/platform-configs/protectli-vp3230.robot index db39a7e47..6197ebc0b 100644 --- a/platform-configs/protectli-vp3230.robot +++ b/platform-configs/protectli-vp3230.robot @@ -43,3 +43,6 @@ ${CLEVO_DISK}= N/A @{ETH_PORTS}= 64-62-66-23-8f-19 ... 64-62-66-23-8f-1a + +${TPM_SUPPORTED_VERSION}= 2 +${TPM_EXPECTED_CHIP}= SLB9670 diff --git a/platform-configs/protectli-vp4650.robot b/platform-configs/protectli-vp4650.robot index e2b7fe9df..3224df534 100644 --- a/platform-configs/protectli-vp4650.robot +++ b/platform-configs/protectli-vp4650.robot @@ -27,3 +27,6 @@ ${CPU_MIN_FREQUENCY}= 300 ... 64-62-66-21-42-8e ... 64-62-66-21-42-8d ... 64-62-66-21-42-8c + +${TPM_SUPPORTED_VERSION}= 2 +${TPM_EXPECTED_CHIP}= SLB9665 diff --git a/platform-configs/qemu.robot b/platform-configs/qemu.robot index dd5bdf001..90265e262 100644 --- a/platform-configs/qemu.robot +++ b/platform-configs/qemu.robot @@ -61,7 +61,7 @@ ${RESET_TO_DEFAULTS_SUPPORT}= ${TRUE} ${ESP_SCANNING_SUPPORT}= ${TRUE} # Test module: dasharo-security -${TPM_SUPPORT}= ${TRUE} +${TPM_SUPPORTED_VERSION}= 2 ${VERIFIED_BOOT_SUPPORT}= ${TRUE} ${VERIFIED_BOOT_POPUP_SUPPORT}= ${TRUE} ${MEASURED_BOOT_SUPPORT}= ${TRUE} diff --git a/platform-configs/raptor-cs_talos2.robot b/platform-configs/raptor-cs_talos2.robot index adeeca0ef..cc1c7b4dd 100644 --- a/platform-configs/raptor-cs_talos2.robot +++ b/platform-configs/raptor-cs_talos2.robot @@ -108,7 +108,7 @@ ${ESP_SCANNING_SUPPORT}= ${FALSE} ${L3_CACHE_SUPPORT}= ${TRUE} # Test module: dasharo-security -${TPM_SUPPORT}= ${TRUE} +${TPM_SUPPORTED_VERSION}= 2 ${VERIFIED_BOOT_SUPPORT}= ${FALSE} ${VERIFIED_BOOT_POPUP_SUPPORT}= ${FALSE} ${MEASURED_BOOT_SUPPORT}= ${FALSE} diff --git a/platform-configs/rpi-3b.robot b/platform-configs/rpi-3b.robot index 223fcec65..e2a3c5632 100644 --- a/platform-configs/rpi-3b.robot +++ b/platform-configs/rpi-3b.robot @@ -118,7 +118,7 @@ ${DEFAULT_POWER_STATE_AFTER_FAIL}= Powered Off ${ESP_SCANNING_SUPPORT}= ${FALSE} # Test module: dasharo-security -${TPM_SUPPORT}= ${FALSE} +${TPM_SUPPORTED_VERSION}= ${None} ${VERIFIED_BOOT_SUPPORT}= ${FALSE} ${VERIFIED_BOOT_POPUP_SUPPORT}= ${FALSE} ${MEASURED_BOOT_SUPPORT}= ${FALSE} diff --git a/scripts/get-robot-variables.sh b/scripts/get-robot-variables.sh index e151ea047..942000f6c 100755 --- a/scripts/get-robot-variables.sh +++ b/scripts/get-robot-variables.sh @@ -159,6 +159,49 @@ while IFS= read -r audio_device_name; do eval "DEVICE_AUDIO$counter='$audio_device_name'" done <<< "$audio_device_names" +# cbmem and TPM detection variables +CBMEM_BINARY_PATH="/usr/local/bin/cbmem" +CBMEM_EXPECTED_HASH="169c5a5a63699cb37cf08d1eff83e59f146ffa98cf283145f27adecc081ac3f6" +CBMEM_URL="https://cloud.3mdeb.com/index.php/s/C6LJMi4bWz3wzR9/download" +TPM_VER_PATH="/sys/class/tpm/tpm0/tpm_version_major" + +ensure_valid_cbmem() { + if [[ -f "$CBMEM_BINARY_PATH" ]]; then + local current_hash + current_hash=$(sha256sum "$CBMEM_BINARY_PATH" | awk '{print $1}') + + if [[ "$current_hash" == "$CBMEM_EXPECTED_HASH" ]]; then + sudo chmod 777 "$CBMEM_BINARY_PATH" + return 0 + fi + else + echo "Fetching cbmem from cloud..." + sudo curl -o "$CBMEM_BINARY_PATH" "$CBMEM_URL" + + if [[ $? -eq 0 ]]; then + echo "Success!" + sudo chmod 777 "$CBMEM_BINARY_PATH" + else + echo "Failed..." + return 1 + fi + fi +} + +ensure_valid_cbmem + +if [ -f ${TPM_VER_PATH} ]; then + TPM_SUPPORTED_VERSION=$(cat ${TPM_VER_PATH}) +else + TPM_SUPPORTED_VERSION=\$\{None\} +fi + +if [ -f /usr/local/bin/cbmem ]; then + TPM_EXPECTED_CHIP=$(sudo /usr/local/bin/cbmem -1 | grep "Found TPM" | awk 'NR==1{print $6}'); +else + TPM_EXPECTED_CHIP="Unknown" +fi + # Print collected information if -p is provided if [ "$PRINT" = true ]; then echo "-----------------------WiFi-------------------------" @@ -271,6 +314,8 @@ fi [[ -n "$DEF_CORES_PER_SOCKET" ]] && echo "\${DEF_CORES_PER_SOCKET}= $DEF_CORES_PER_SOCKET" [[ -n "$DEF_SOCKETS" ]] && echo "\${DEF_SOCKETS}= $DEF_SOCKETS" [[ -n "$DEF_ONLINE_CPU" ]] && echo "\${DEF_ONLINE_CPU}= $DEF_ONLINE_CPU" + [[ -n "$TPM_SUPPORTED_VERSION" ]] && echo "\${TPM_SUPPORTED_VERSION}= $TPM_SUPPORTED_VERSION" + [[ -n "$TPM_EXPECTED_CHIP" ]] && echo "\${TPM_EXPECTED_CHIP}= $TPM_EXPECTED_CHIP" for i in $(seq 1 $counter); do eval "audio_device_name=\$DEVICE_AUDIO$i" diff --git a/scripts/lib/mappings.json b/scripts/lib/mappings.json index b2bb01a76..0c4f7aec0 100644 --- a/scripts/lib/mappings.json +++ b/scripts/lib/mappings.json @@ -2,7 +2,7 @@ "options": { "CONFIG_MAINBOARD_POWER_FAILURE_STATE": "DEFAULT_POWER_STATE_AFTER_FAIL", "CONFIG_VBOOT": "VERIFIED_BOOT_SUPPORT", - "CONFIG_TPM": "TPM_SUPPORT", + "CONFIG_TPM": "TPM_SUPPORTED_VERSION", "CONFIG_EDK2_SECURE_BOOT_SUPPORT": "SECURE_BOOT_SUPPORT", "CONFIG_EDK2_IPXE_OPTION_NAME": "IPXE_BOOT_ENTRY", "CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME": "DMIDECODE_PRODUCT_NAME", diff --git a/trenchboot/01-without-drtm.robot b/trenchboot/01-without-drtm.robot index 9fdbf6e27..37dca3c84 100644 --- a/trenchboot/01-without-drtm.robot +++ b/trenchboot/01-without-drtm.robot @@ -57,7 +57,7 @@ WOD004.001 DRTM event log doesn't exist TrenchBoot Suite Setup Prepare Test Suite - Skip If not ${TPM_SUPPORT} TPM tests not supported + Skip If ${TPM_SUPPORTED_VERSION} == None TPM tests not supported Skip If not ${TRENCHBOOT_SUPPORT} TrenchBoot tests aren't supported Skip If not ${TESTS_IN_METATB_SUPPORT} Tests in meta-trenchboot aren't supported diff --git a/trenchboot/02-with-drtm.robot b/trenchboot/02-with-drtm.robot index c5627893a..7655b95ab 100644 --- a/trenchboot/02-with-drtm.robot +++ b/trenchboot/02-with-drtm.robot @@ -159,7 +159,7 @@ WTD007.001 SRTM log aligns with PCR values TrenchBoot Suite Setup Prepare Test Suite - Skip If not ${TPM_SUPPORT} TPM tests not supported + Skip If ${TPM_SUPPORTED_VERSION} == None TPM tests not supported Skip If not ${TRENCHBOOT_SUPPORT} TrenchBoot tests aren't supported Skip If not ${TESTS_IN_METATB_SUPPORT} Tests in meta-trenchboot aren't supported