def _ensure_tpm_ready(self):
status = cryptohome.get_tpm_status()
if not status['Enabled']:
raise error.TestNAError('Test NA because there is no TPM.')
if not status['Owned']:
cryptohome.take_tpm_ownership()
status = cryptohome.get_tpm_status()
if not status['Ready']:
raise error.TestError('Failed to initialize TPM.')
def run_once(self, generate_key=False):
user = "******"
password = "******"
if generate_key:
# Make sure that the tpm is owned.
status = cryptohome.get_tpm_status()
if not status['Owned']:
cryptohome.take_tpm_ownership()
# We generate a chaps key tied to |user|.
self._cryptohome_proxy.ensure_clean_cryptohome_for(user, password)
result = pkcs11.generate_user_key()
if not result:
raise error.TestFail('Unable to generate key for ' + user)
else:
# Check if the chaps key previously generated is still present.
# If the key is present, migration was successful, and chaps keys
# weren't destroyed.
result = self._cryptohome_proxy.mount(user, password)
if not result:
raise error.TestFail('Unable to remount users cryptohome')
result = pkcs11.test_and_cleanup_key()
if not result:
raise error.TestFail('No Generated keys present for ' + user)
self._cryptohome_proxy.remove(user)
def wait_for_tpm_ready():
for n in xrange(0, 20):
tpm_status = cryptohome.get_tpm_status()
if tpm_status['Ready'] == True:
return
time.sleep(10)
raise error.TestError("TPM never became ready")
def own_tpm(self):
"""Own the TPM"""
cryptohome.take_tpm_ownership()
for i in range(4):
status = cryptohome.get_tpm_status()
if status['Owned']:
return status
time.sleep(2)
raise error.TestFail('Failed to own the TPM %s' % status)
def __take_tpm_ownership(self):
global tpm_owner_password
global tpm_pw_hex
cryptohome.take_tpm_ownership(wait_for_ownership=True)
tpm_owner_password = cryptohome.get_tpm_status()['Password']
if not tpm_owner_password:
raise error.TestError('TPM owner password is empty after '
'taking ownership.')
for ch in tpm_owner_password:
tpm_pw_hex = tpm_pw_hex + format(ord(ch), 'x') + ' '
def run_once(self):
cryptohome.take_tpm_ownership(wait_for_ownership=True)
tpm_owner_password = cryptohome.get_tpm_status()['Password']
if not tpm_owner_password:
raise error.TestError('TPM owner password is empty after taking '
'ownership.')
# Execute the program which runs the actual test cases. When some test
# cases fail, the program will return with a non-zero exit code,
# resulting in raising the CmdError exception and failing the autotest.
utils.system_output('cryptohome-tpm-live-test',
retain_output=True,
args=['--owner_password=' + tpm_owner_password])
def run_once(self):
# Make sure that the tpm is owned.
status = cryptohome.get_tpm_status()
if not status['Owned']:
cryptohome.take_tpm_ownership()
self.user = '******'
password = '******'
cryptohome.ensure_clean_cryptohome_for(self.user, password)
# First we inject 30 tokens into chaps. This forces the cryptohome
# key to get evicted.
for i in range(30):
pkcs11.inject_and_test_key()
# Then we get a user to remount his cryptohome. This process uses
# the cryptohome key, and if the user was able to login, the
# cryptohome key was correctly reloaded.
cryptohome.unmount_vault(self.user)
cryptohome.mount_vault(self.user, password, create=True)
def run_once(self, fwmp_cleared=True, flags=None, dev_key_hash=None):
# make sure the FMWP is in the expected state
cryptohome.get_fwmp(fwmp_cleared)
status = cryptohome.get_tpm_status()
# Own the TPM
if not status['Owned']:
status = self.own_tpm()
# Verify we have access to the password
if not status['Password']:
logging.warning('No access to the password')
logging.info(status)
# Set the FWMP flags using a dev key hash
cryptohome.set_fwmp(flags, dev_key_hash)
# Check that the flags are set
fwmp = cryptohome.get_fwmp()
if flags and fwmp['flags'] != str(int(flags, 16)):
raise error.TestFail('Unexpected FWMP status: %s', fwmp)