-
Notifications
You must be signed in to change notification settings - Fork 221
/
trusted-keys.exp
65 lines (64 loc) · 1.68 KB
/
trusted-keys.exp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/expect -f
#
# This script test Linux trusted keys support using OP-TEE as a trust
# source. The return code is 0 for success, >0 for error.
#
set timeout 5
set tk_id 0
set ek_id 0
# Wait for next prompt, dealing with key ID, failure message and timeout
proc check_keyctl_result arg {
expect {
-re {(\d+)\r} {
set ::$arg $expect_out(1,string)
exp_continue
}
"add_key: No such device" {
info [join {"Skipping test due to 'No such device':"
"trusted keys are not supported"
"(missing driver? CFG_CORE_DYN_SHM=n?)\n"}]
exit 0
}
"FAILED" {
info "!!! Error\n"
exit 1
}
timeout {
info "!!! Timeout\n"
exit 1
}
"# "
}
}
proc run_cmd arg {
send -- [append arg " || fail\r"]
}
info "Running: keyctl tests...\n"
expect "# "
send -- "function fail { echo FAILED ; }\r"
expect "# "
run_cmd "keyctl add trusted kmk \"new 32\" @u"
check_keyctl_result tk_id
run_cmd "keyctl add encrypted evm \"new trusted:kmk 32\" @u"
check_keyctl_result ek_id
run_cmd "keyctl pipe $tk_id > kmk.blob"
check_keyctl_result tk_id
run_cmd "keyctl pipe $ek_id > evm.blob"
check_keyctl_result ek_id
run_cmd "keyctl revoke $ek_id"
check_keyctl_result ek_id
run_cmd "keyctl revoke $tk_id"
check_keyctl_result tk_id
run_cmd "keyctl add trusted kmk \"load `cat kmk.blob`\" @u"
check_keyctl_result tk_id
run_cmd "keyctl add encrypted evm \"load `cat evm.blob`\" @u"
check_keyctl_result ek_id
run_cmd "keyctl pipe $tk_id > kmk.blob2"
check_keyctl_result tk_id
run_cmd "keyctl pipe $ek_id > evm.blob2"
check_keyctl_result ek_id
run_cmd "diff kmk.blob kmk.blob2"
check_keyctl_result tk_id
run_cmd "diff evm.blob evm.blob2"
check_keyctl_result ek_id
info "Status: keyctl tests successful\n"