1REM ############################################################################# 2REM # 3REM TPM2 regression test # 4REM Written by Ken Goldman # 5REM IBM Thomas J. Watson Research Center # 6REM # 7REM (c) Copyright IBM Corporation 2015 - 2019 # 8REM # 9REM All rights reserved. # 10REM # 11REM Redistribution and use in source and binary forms, with or without # 12REM modification, are permitted provided that the following conditions are # 13REM met: # 14REM # 15REM Redistributions of source code must retain the above copyright notice, # 16REM this list of conditions and the following disclaimer. # 17REM # 18REM Redistributions in binary form must reproduce the above copyright # 19REM notice, this list of conditions and the following disclaimer in the # 20REM documentation and/or other materials provided with the distribution. # 21REM # 22REM Neither the names of the IBM Corporation nor the names of its # 23REM contributors may be used to endorse or promote products derived from # 24REM this software without specific prior written permission. # 25REM # 26REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # 27REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # 28REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # 29REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # 30REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # 31REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # 32REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # 33REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # 34REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # 35REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # 36REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # 37REM # 38REM ############################################################################# 39 40setlocal enableDelayedExpansion 41 42REM # 43REM # for pcrextend 44REM # 45REM 46REM # extend of aaa + 0 pad to digest length using pcrextend, use resettable PCR 16 47REM 48REM # sha1extaaa0.bin 49REM # 1d 47 f6 8a ce d5 15 f7 79 73 71 b5 54 e3 2d 47 50REM # 98 1a a0 a0 51REM 52REM # sha256extaaa0.bin 53REM # c2 11 97 64 d1 16 13 bf 07 b7 e2 04 c3 5f 93 73 54REM # 2b 4a e3 36 b4 35 4e bc 16 e8 d0 c3 96 3e be bb 55REM 56REM # sha384extaaa0.bin 57REM # 29 29 63 e3 1c 34 c2 72 bd ea 27 15 40 94 af 92 58REM # 50 ad 97 d9 e7 44 6b 83 6d 3a 73 7c 90 ca 47 df 59REM # 2c 39 90 21 ce dd 00 85 3e f0 84 97 c5 a4 23 84 60REM 61REM # sha512extaaa0.bin 62REM # 7f e1 e4 cf 01 52 93 13 6b f1 30 18 30 39 b6 a6 63REM # 46 ea 00 8b 75 af d0 f8 46 6a 9b fe 53 1a f8 ad 64REM # a8 67 a6 58 28 cf ce 48 60 77 52 9e 54 f1 83 0a 65REM # a4 9a b7 80 56 2b ae a4 9c 67 a8 73 34 ff e7 78 66REM 67REM # 68REM # for pcrevent 69REM # 70REM 71REM # first hash using hash -ic aaa -ns 72REM # then extend using policymaker 73REM 74REM # sha1 of aaa 75REM # 7e240de74fb1ed08fa08d38063f6a6a91462a815 76REM # extend 77REM # ab 53 c7 ec 3f fe fe 21 9e 9d 89 da f1 8e 16 55 78REM # 3e 23 8e a6 79REM 80REM # sha256 of aaa 81REM # 9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0 82REM # extend 83REM # df 81 1e 9d 19 a0 d3 3d e6 7b b1 c7 26 a6 20 5c 84REM # d0 a2 eb 0f 61 b7 c9 ee 91 66 eb cf dc 17 db ab 85REM 86REM # sha384 of aaa 87REM # 8e07e5bdd64aa37536c1f257a6b44963cc327b7d7dcb2cb47a22073d33414462bfa184487cf372ce0a19dfc83f8336d8 88REM # extend of that 89REM # 61 bc 70 39 e2 94 87 c2 17 b0 b1 46 10 5d 64 e6 90REM # ad 32 a6 d5 c2 5b 45 01 a7 4b bc a7 7f cc 24 25 91REM # 36 ca 1a 40 f9 36 44 f0 d8 b0 98 ea a6 50 97 4d 92REM 93REM # sha512 of aaa 94REM # d6f644b19812e97b5d871658d6d3400ecd4787faeb9b8990c1e7608288664be77257104a58d033bcf1a0e0945ff06468ebe53e2dff36e248424c7273117dac09 95REM # extend of that (using policymaker) 96REM # cb 7f be b3 1c 29 61 24 4c 9c 47 80 84 0d b4 3a 97REM # 76 3f ba 96 ef c1 d9 52 f4 e3 e0 2c 06 8a 31 8a 98REM # e5 3f a0 a7 a1 74 e8 23 e3 07 1a cd c6 52 6f b6 99REM # 77 6d 07 0f 36 47 27 4d a6 29 db c9 10 a7 6c 2a 100REM 101REM # all these variables are related 102REM 103REM # bank algorithm test pattern is 104 105set BANKS=^ 106 "sha1" ^ 107 "sha256" ^ 108 "sha384" ^ 109 "sha512" ^ 110 "sha1 sha256" ^ 111 "sha1 sha384" ^ 112 "sha1 sha512" ^ 113 "sha256 sha384" ^ 114 "sha256 sha512" ^ 115 "sha384 sha512" ^ 116 "sha1 sha256 sha384" ^ 117 "sha1 sha256 sha512" ^ 118 "sha1 sha384 sha512" ^ 119 "sha256 sha384 sha512" ^ 120 "sha1 sha256 sha384 sha512" 121 122REM # bank extend algorithm test pattern is 123 124set EXTEND=^ 125 "-halg sha1" ^ 126 "-halg sha256" ^ 127 "-halg sha384" ^ 128 "-halg sha512" ^ 129 "-halg sha1 -halg sha256" ^ 130 "-halg sha1 -halg sha384" ^ 131 "-halg sha1 -halg sha512" ^ 132 "-halg sha256 -halg sha384" ^ 133 "-halg sha256 -halg sha512" ^ 134 "-halg sha384 -halg sha512" ^ 135 "-halg sha1 -halg sha256 -halg sha384" ^ 136 "-halg sha1 -halg sha256 -halg sha512" ^ 137 "-halg sha1 -halg sha384 -halg sha512" ^ 138 "-halg sha256 -halg sha384 -halg sha512" ^ 139 "-halg sha1 -halg sha256 -halg sha384 -halg sha512" 140 141REM # bank event file test pattern is 142 143set EVENT=^ 144 "-of1 tmpsha1.bin" ^ 145 "-of2 tmpsha256.bin" ^ 146 "-of3 tmpsha384.bin" ^ 147 "-of5 tmpsha512.bin" ^ 148 "-of1 tmpsha1.bin -of2 tmpsha256.bin" ^ 149 "-of1 tmpsha1.bin -of3 tmpsha384.bin" ^ 150 "-of1 tmpsha1.bin -of5 tmpsha512.bin" ^ 151 "-of2 tmpsha256.bin -of3 tmpsha384.bin" ^ 152 "-of2 tmpsha256.bin -of5 tmpsha512.bin" ^ 153 "-of3 tmpsha384.bin -of5 tmpsha512.bin" ^ 154 "-of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin" ^ 155 "-of1 tmpsha1.bin -of2 tmpsha256.bin -of5 tmpsha512.bin" ^ 156 "-of1 tmpsha1.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" ^ 157 "-of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" ^ 158 "-of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin -of5 tmpsha512.bin" 159) 160 161REM # assuming starts with starts with sha1 sha256 sha384 sha512 162 163set ALLOC=^ 164 "-sha256 -sha384 -sha512" ^ 165 "-sha1 +sha256" ^ 166 "-sha256 +sha384" ^ 167 "-sha384 +sha512" ^ 168 "+sha1 +sha256 -sha512" ^ 169 "-sha256 +sha384" ^ 170 "-sha384 +sha512" ^ 171 "-sha1 +sha256 +sha384 -sha512" ^ 172 "-sha384 +sha512" ^ 173 "-sha256 +sha384" ^ 174 "+sha1 +sha256 -sha512" ^ 175 "-sha384 +sha512" ^ 176 "-sha256 +sha384" ^ 177 "-sha1 +sha256" ^ 178 "+sha1" 179) 180 181REM i is iterator over PCR bank allocation patterns 182set i=0 183for %%a in (!BANKS!) do set /A i+=1 & set BANKS[!i!]=%%~a 184set i=0 185for %%a in (!EXTEND!) do set /A i+=1 & set EXTEND[!i!]=%%~a 186set i=0 187for %%a in (!EVENT!) do set /A i+=1 & set EVENT[!i!]=%%~a 188set i=0 189for %%a in (!ALLOC!) do set /A i+=1 & set ALLOC[!i!]=%%~a 190set L=!i! 191 192for /L %%i in (1,1,!L!) do ( 193 194 echo "" 195 echo "pcrallocate !BANKS[%%i]!" 196 echo "" 197 %TPM_EXE_PATH%pcrallocate !ALLOC[%%i]! > run.out 198 IF !ERRORLEVEL! NEQ 0 ( 199 exit /B 1 200 ) 201 202 echo "powerup" 203 %TPM_EXE_PATH%powerup > run.out 204 IF !ERRORLEVEL! NEQ 0 ( 205 exit /B 1 206 ) 207 208 echo "startup" 209 %TPM_EXE_PATH%startup > run.out 210 IF !ERRORLEVEL! NEQ 0 ( 211 exit /B 1 212 ) 213 214 echo "display PCR banks" 215 %TPM_EXE_PATH%getcapability -cap 5 > run.out 216 IF !ERRORLEVEL! NEQ 0 ( 217 exit /B 1 218 ) 219 220 echo "" 221 echo "PCR Extend" 222 echo "" 223 224 echo "PCR Reset" 225 %TPM_EXE_PATH%pcrreset -ha 16 > run.out 226 IF !ERRORLEVEL! NEQ 0 ( 227 exit /B 1 228 ) 229 230 echo "PCR Extend !EXTEND[%%i]!" 231 %TPM_EXE_PATH%pcrextend -ha 16 !EXTEND[%%i]! -if policies/aaa > run.out 232 IF !ERRORLEVEL! NEQ 0 ( 233 exit /B 1 234 ) 235 236 for %%H in (!BANKS[%%i]!) do ( 237 238 echo "PCR Read %%H" 239 %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp.bin > run.out 240 IF !ERRORLEVEL! NEQ 0 ( 241 exit /B 1 242 ) 243 244 echo "Verify the read data %%H" 245 diff policies/%%Hextaaa0.bin tmp.bin > run.out 246 IF !ERRORLEVEL! NEQ 0 ( 247 exit /B 1 248 ) 249 ) 250 251 echo "" 252 echo "PCR Event" 253 echo "" 254 255 echo "PCR Reset" 256 %TPM_EXE_PATH%pcrreset -ha 16 > run.out 257 IF !ERRORLEVEL! NEQ 0 ( 258 exit /B 1 259 ) 260 261 echo "PCR Event !EVENT[%%i]!" 262 %TPM_EXE_PATH%pcrevent -ha 16 -if policies/aaa !EVENT[%%i]! > run.out 263 IF !ERRORLEVEL! NEQ 0 ( 264 exit /B 1 265 ) 266 267 for %%H in (!BANKS[%%i]!) do ( 268 269 echo "Verify Digest %%H" 270 diff policies/%%Haaa.bin tmp%%H.bin > run.out > run.out 271 IF !ERRORLEVEL! NEQ 0 ( 272 exit /B 1 273 ) 274 275 echo "PCR Read %%H" 276 %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp%%H.bin > run.out 277 IF !ERRORLEVEL! NEQ 0 ( 278 exit /B 1 279 ) 280 281 echo "Verify Digest %%H" 282 diff policies/%%Hexthaaa.bin tmp%%H.bin > run.out 283 IF !ERRORLEVEL! NEQ 0 ( 284 exit /B 1 285 ) 286 ) 287 288 echo "" 289 echo "Event Sequence Complete" 290 echo "" 291 292 echo "PCR Reset" 293 %TPM_EXE_PATH%pcrreset -ha 16 > run.out 294 IF !ERRORLEVEL! NEQ 0 ( 295 exit /B 1 296 ) 297 298 echo "Event sequence start, alg null" 299 %TPM_EXE_PATH%hashsequencestart -halg null -pwda aaa > run.out 300 IF !ERRORLEVEL! NEQ 0 ( 301 exit /B 1 302 ) 303 304 echo "Event Sequence Complete" 305 %TPM_EXE_PATH%eventsequencecomplete -hs 80000000 -pwds aaa -ha 16 -if policies/aaa !EVENT[%%i]! > run.out 306 IF !ERRORLEVEL! NEQ 0 ( 307 exit /B 1 308 ) 309 310 for %%H in (!BANKS[%%i]!) do ( 311 312 echo "Verify Digest %%H" 313 diff policies/%%Haaa.bin tmp%%H.bin > run.out 314 IF !ERRORLEVEL! NEQ 0 ( 315 exit /B 1 316 ) 317 318 echo "PCR Read %%H" 319 %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp%%H.bin > run.out 320 IF !ERRORLEVEL! NEQ 0 ( 321 exit /B 1 322 ) 323 324 echo "Verify Digest %%H" 325 diff policies/%%Hexthaaa.bin tmp%%H.bin > run.out 326 IF !ERRORLEVEL! NEQ 0 ( 327 exit /B 1 328 ) 329 330 ) 331 332) 333 334echo "PCR Reset" 335%TPM_EXE_PATH%pcrreset -ha 16 > run.out 336IF !ERRORLEVEL! NEQ 0 ( 337 exit /B 1 338) 339 340REM # recreate the primary key that was flushed on the powerup 341 342echo "Create a platform primary storage key" 343%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin -tk pritk.bin -ch prich.bin > run.out 344IF !ERRORLEVEL! NEQ 0 ( 345 exit /B 1 346) 347 348exit /B 0 349