def _ensure_tpm_ready(self):
status = cryptohome.get_tpm_status()
if not status['Enabled']:
raise error.TestNAError('Test NA because there is no TPM.')
if not status['Owned']:
cryptohome.take_tpm_ownership()
status = cryptohome.get_tpm_status()
if not status['Ready']:
raise error.TestError('Failed to initialize TPM.')
def own_tpm(self):
"""Own the TPM"""
cryptohome.take_tpm_ownership()
for i in range(4):
status = cryptohome.get_tpm_status()
if status['Owned']:
return status
time.sleep(2)
raise error.TestFail('Failed to own the TPM %s' % status)
def __take_tpm_ownership(self):
global tpm_owner_password
global tpm_pw_hex
cryptohome.take_tpm_ownership(wait_for_ownership=True)
tpm_owner_password = cryptohome.get_tpm_status()['Password']
if not tpm_owner_password:
raise error.TestError('TPM owner password is empty after '
'taking ownership.')
for ch in tpm_owner_password:
tpm_pw_hex = tpm_pw_hex + format(ord(ch), 'x') + ' '
def run_once(self, subtest='None'):
self.user = '******'
self.password = '******'
logging.info("Running client subtest %s", subtest)
if subtest == 'take_tpm_ownership':
cryptohome.take_tpm_ownership()
elif subtest == 'mount_cryptohome':
self._test_mount_cryptohome()
elif subtest == 'mount_cryptohome_after_reboot':
self._test_mount_cryptohome_after_reboot()
elif subtest == 'mount_cryptohome_check_recreate':
self._test_mount_cryptohome_check_recreate()
def run_pre_login(self):
"""Run pre-login steps.
1) Wait for cryptohome readiness (salt created).
2) Trigger initialization (take ownership), if requested.
3) Perform a pre-login delay, if requested.
@param timeout: Timeout waiting for cryptohome first start.
@raises error.TestFail: Raised in case of timeout.
"""
self.wait_for_cryptohome_readiness()
if self.shall_init():
time.sleep(self.pre_init_delay)
cryptohome.take_tpm_ownership(wait_for_ownership=False)
def run_once(self):
cryptohome.take_tpm_ownership(wait_for_ownership=True)
tpm_owner_password = cryptohome.get_tpm_status()['Password']
if not tpm_owner_password:
raise error.TestError('TPM owner password is empty after taking '
'ownership.')
# Execute the program which runs the actual test cases. When some test
# cases fail, the program will return with a non-zero exit code,
# resulting in raising the CmdError exception and failing the autotest.
utils.system_output('cryptohome-tpm-live-test',
retain_output=True,
args=['--owner_password=' + tpm_owner_password])
def run_once(self):
# Make sure that the tpm is owned.
status = cryptohome.get_tpm_status()
if not status['Owned']:
cryptohome.take_tpm_ownership()
self.user = '******'
password = '******'
cryptohome.ensure_clean_cryptohome_for(self.user, password)
# First we inject 30 tokens into chaps. This forces the cryptohome
# key to get evicted.
for i in range(30):
pkcs11.inject_and_test_key()
# Then we get a user to remount his cryptohome. This process uses
# the cryptohome key, and if the user was able to login, the
# cryptohome key was correctly reloaded.
cryptohome.unmount_vault(self.user)
cryptohome.mount_vault(self.user, password, create=True)