diff options
Diffstat (limited to 'app-crypt/swtpm/files')
| -rw-r--r-- | app-crypt/swtpm/files/swtpm-0.10.1-fix-test_tpm2_avoid_da_lockout-test.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/app-crypt/swtpm/files/swtpm-0.10.1-fix-test_tpm2_avoid_da_lockout-test.patch b/app-crypt/swtpm/files/swtpm-0.10.1-fix-test_tpm2_avoid_da_lockout-test.patch new file mode 100644 index 000000000000..9af41fb38a5b --- /dev/null +++ b/app-crypt/swtpm/files/swtpm-0.10.1-fix-test_tpm2_avoid_da_lockout-test.patch @@ -0,0 +1,76 @@ +https://github.com/stefanberger/swtpm/commit/4da66c66f92438443e66b67555673c9cb898b0ae +From: Stefan Berger <stefanb@linux.ibm.com> +Date: Mon, 12 May 2025 18:25:48 -0400 +Subject: [PATCH] tests: Retry NVWrite command after 0x922 return code and inc + lockout counter + +When returncode 0x922 is received from NVWrite then retry the command so +that it gets the expected error code from failing to provide a password. +When checking the lockout counter, increase the numbers now. + +Patched versions of libtpms may not return 0x922 anymore, so write the code +that it can test both cases. + +Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> +--- a/tests/_test_tpm2_avoid_da_lockout ++++ b/tests/_test_tpm2_avoid_da_lockout +@@ -53,6 +53,11 @@ fi + cmd='\x80\x02\x00\x00\x00\x24\x00\x00\x01\x37\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x09\x40\x00\x00\x09\x00\x00\x00\x00\x00\x00\x01\x41\x00\x00' + RES=$(swtpm_cmd_tx "${SWTPM_INTERFACE}" ${cmd}) + exp=' 80 01 00 00 00 0a 00 00 09 22' ++if [ "$RES" == "$exp" ]; then ++ # 0x922 : retry command ++ RES=$(swtpm_cmd_tx "${SWTPM_INTERFACE}" ${cmd}) ++fi ++exp=' 80 01 00 00 00 0a 00 00 09 8e' + if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM2_NV_Write" + echo "expected: $exp" +@@ -63,9 +68,9 @@ fi + # The TPM_PT_LOCKOUT_COUNTER must be 0 now: tssgetcapability -cap 6 -pr 0x20e -pc 1 + cmd='\x80\x01\x00\x00\x00\x16\x00\x00\x01\x7a\x00\x00\x00\x06\x00\x00\x02\x0e\x00\x00\x00\x01' + RES=$(swtpm_cmd_tx "${SWTPM_INTERFACE}" ${cmd}) +-exp=' 80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 00 00 01 00 00 02 0e 00 00 00 00' ++exp=' 80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 00 00 01 00 00 02 0e 00 00 00 01' + if [ "$RES" != "$exp" ]; then +- echo "Error: Did not get expected result from TPM2_GetCapability(TPM_PT_LOCKOUT_COUNTER)" ++ echo "Error: Did not get expected result from 1st TPM2_GetCapability(TPM_PT_LOCKOUT_COUNTER)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +@@ -92,9 +97,9 @@ fi + # Without swtpm sending TPM2_Shutdown, it would be '1' now + cmd='\x80\x01\x00\x00\x00\x16\x00\x00\x01\x7a\x00\x00\x00\x06\x00\x00\x02\x0e\x00\x00\x00\x01' + RES=$(swtpm_cmd_tx "${SWTPM_INTERFACE}" ${cmd}) +-exp=' 80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 00 00 01 00 00 02 0e 00 00 00 00' ++exp=' 80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 00 00 01 00 00 02 0e 00 00 00 01' + if [ "$RES" != "$exp" ]; then +- echo "Error: Did not get expected result from TPM2_GetCapability(TPM_PT_LOCKOUT_COUNTER)" ++ echo "Error: Did not get expected result from 2nd TPM2_GetCapability(TPM_PT_LOCKOUT_COUNTER)" + echo "expected: $exp" + echo "received: $RES" + exit 1 +@@ -104,6 +109,11 @@ fi + cmd='\x80\x02\x00\x00\x00\x24\x00\x00\x01\x37\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x09\x40\x00\x00\x09\x00\x00\x00\x00\x00\x00\x01\x41\x00\x00' + RES=$(swtpm_cmd_tx "${SWTPM_INTERFACE}" ${cmd}) + exp=' 80 01 00 00 00 0a 00 00 09 22' ++if [ "$RES" == "$exp" ]; then ++ # 0x922 : retry command ++ RES=$(swtpm_cmd_tx "${SWTPM_INTERFACE}" ${cmd}) ++fi ++exp=' 80 01 00 00 00 0a 00 00 09 8e' + if [ "$RES" != "$exp" ]; then + echo "Error: Did not get expected result from TPM2_NV_Write" + echo "expected: $exp" +@@ -136,9 +146,9 @@ fi + # Without swtpm sending TPM2_Shutdown, it would be '2' now + cmd='\x80\x01\x00\x00\x00\x16\x00\x00\x01\x7a\x00\x00\x00\x06\x00\x00\x02\x0e\x00\x00\x00\x01' + RES=$(swtpm_cmd_tx "${SWTPM_INTERFACE}" ${cmd}) +-exp=' 80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 00 00 01 00 00 02 0e 00 00 00 00' ++exp=' 80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 00 00 01 00 00 02 0e 00 00 00 02' + if [ "$RES" != "$exp" ]; then +- echo "Error: Did not get expected result from TPM2_GetCapability(TPM_PT_LOCKOUT_COUNTER)" ++ echo "Error: Did not get expected result from 3rd TPM2_GetCapability(TPM_PT_LOCKOUT_COUNTER)" + echo "expected: $exp" + echo "received: $RES" + exit 1 |