diff options
Diffstat (limited to 'roms/skiboot/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat')
| -rw-r--r-- | roms/skiboot/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat | 1029 |
1 files changed, 1029 insertions, 0 deletions
diff --git a/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat new file mode 100644 index 000000000..a113434c4 --- /dev/null +++ b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/regtests/testnvpin.bat @@ -0,0 +1,1029 @@ +REM ################################################################################# +REM # # +REM # TPM2 regression test # +REM # Written by Ken Goldman # +REM # IBM Thomas J. Watson Research Center # +REM # # +REM # (c) Copyright IBM Corporation 2016 - 2019 # +REM # # +REM # All rights reserved. # +REM # # +REM # Redistribution and use in source and binary forms, with or without # +REM # modification, are permitted provided that the following conditions are # +REM # met: # +REM # # +REM # Redistributions of source code must retain the above copyright notice, # +REM # this list of conditions and the following disclaimer. # +REM # # +REM # Redistributions in binary form must reproduce the above copyright # +REM # notice, this list of conditions and the following disclaimer in the # +REM # documentation and/or other materials provided with the distribution. # +REM # # +REM # Neither the names of the IBM Corporation nor the names of its # +REM # contributors may be used to endorse or promote products derived from # +REM # this software without specific prior written permission. # +REM # # +REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # +REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # +REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # +REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # +REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # +REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # +REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # +REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # +REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # +REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # +REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +REM # # +REM ################################################################################# + +setlocal enableDelayedExpansion + +REM # PIN Pass index name is +REM +REM # 00 0b da 1c bd 54 bb 81 54 6c 1c 76 30 dd d4 09 +REM # 50 3a 0d 6d 03 05 16 1b 15 88 d6 6b c8 fa 17 da +REM # ad 81 +REM +REM # Policy Secret using PIN Pass index is +REM +REM # 56 e4 c7 26 d7 d7 dd 3c bd 4c ae 11 c0 1b 2e 83 +REM # 3c 37 33 3c fb c3 b9 c3 5f 05 ab 53 23 0c df 7d +REM +REM # PIN Fail index name is +REM +REM # 00 0b 86 11 40 4a e8 0c 0a 84 e5 b8 97 05 98 f0 +REM # b5 60 2d 14 21 19 bf 44 9d e5 f9 61 84 bc 4c 01 +REM # c4 be +REM +REM # Policy Secret using PIN Fail index is +REM +REM # 9d 56 8f da 52 27 30 dc be a8 ad 59 bc a5 0c 1c +REM # 16 02 95 03 a0 0b d3 d8 20 a8 b2 d8 5b c5 12 df +REM +REM +REM # 01000000 is PIN pass or PIN fail index +REM # 01000001 is ordinary index with PIN pass policy +REM # 01000002 is ordinary index with PIN fail policy + + +echo "" +echo "NV PIN Index" +echo "" + +echo "NV Define Space, 01000001, ordinary index, with policysecret for pin pass index 01000000" +%TPM_EXE_PATH%nvdefinespace -ha 01000001 -hi o -pwdn ppi -ty o -hia p -sz 1 -pol policies/policysecretnvpp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write to set written bit" +%TPM_EXE_PATH%nvwrite -ha 01000001 -hia p -ic 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000002, ordinary index, with policysecret for pin fail index 01000000" +%TPM_EXE_PATH%nvdefinespace -ha 01000002 -hi o -pwdn pfi -ty o -hia p -sz 1 -pol policies/policysecretnvpf.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write to set written bit" +%TPM_EXE_PATH%nvwrite -ha 01000002 -hia p -ic 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index" +echo "" + +echo "Set phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, pin pass, read/write stclear, policy secret using platform auth" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, not written - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read does not affect count" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read does not affect count, should succeed" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy write, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy read should not increment pin count" +%TPM_EXE_PATH%nvread -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read should increment pin count" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 1 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read, no uses - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform read, no uses" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 1 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index in Policy Secret" +echo "" + +echo "Policy Secret with PWAP session, bad password - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, bad password does not consume pinCount - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, should consume pin couunt" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Get Digest, 50 b9 63 d6 ..." +%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read ordinary index using PIN pass policy secret" +%TPM_EXE_PATH%nvread -ha 01000001 -sz 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 1 use, 1 / 2" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 0 uses, 0 / 0" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 1 use. 1 / 1, already used" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 0 uses. 2 / 1, already used" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 2 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index with Write Lock" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write lock, 01000000" +%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, pinCount used - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, locked - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Reboot" +%TPM_EXE_PATH%powerup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup" +%TPM_EXE_PATH%startup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index with Read Lock" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read lock, 01000000" +%TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read, locked - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, read locked" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Pass Index with phEnableNV clear" +echo "" + +echo "Platform write, 01000000, 1 use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Set phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Cleanup NV PIN Pass" +echo "" + +echo "NV Undefine Space, 01000000 " +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the policy session, 03000000 " +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index" +echo "" + +echo "NV Define Space, 01000000, pin fail, read/write stclear, policy secret using platform auth" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, not written - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 1 failure, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read with bad password - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -pwdn xxx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy write, 01000000, platform auth" +%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, platform auth" +%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy read, 01000000" +%TPM_EXE_PATH%nvread -ha 01000000 -sz 8 -id 0 1 -se0 03000000 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 0/ 1 failure" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read, 01000000, correct password" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read, 01000000, bad password - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nn -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Index read, 01000000, correct password - should fail because tries used" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, 0 / 1 failure" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Index read, 01000000" +%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index in Policy Secret" +echo "" + +echo "Platform write, 2 failures, 0 / 2" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password, resets pinCount" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Platform write, 1 failure use, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password, resets pinCount" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 0 failures, 1 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, good password, resets pinCount" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index with Write Lock" +echo "" + +echo "Platform write, 01000000, 1 fail, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Write lock, 01000000" +%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, locked - should fail" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Reboot" +%TPM_EXE_PATH%powerup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Startup" +%TPM_EXE_PATH%startup > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start a policy session" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform write, 01000000, unlocked, 1 failure, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index with Read Lock" +echo "" + +echo "Platform write, 01000000, 1 failure, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read lock 01000000" +%TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Platform read, locked - should fail" +%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, read locked" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN Fail Index with phEnableNV clear" +echo "" + +echo "Platform write, 01000000, 1 failure, 0 / 1" +%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Clear phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Set phEnableNV" +%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "Cleanup" +echo "" + +echo "NV Undefine Space 01000000" +%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space 01000001" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000001 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "NV Undefine Space 01000002" +%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000002 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Recreate the primary key" +%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "" +echo "NV PIN define space" +echo "" + +echo "NV Define Space, 01000000, no write auth - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppw > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, no read auth - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppr -at ar> run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, PIN Pass, auth write - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p +at aw > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, PIN Fail, auth write - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p +at aw > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "NV Define Space, 01000000, PIN Fail, noDA clear - should fail" +%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p -at da > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +rem # +rem # Additional test for pinCount update when NV auth is not used. This +rem # tests for a bug fix +rem # + +rem # +rem # policy calculation +rem # + +echo "Create the policy digest that will be used for the NvIndex write term" +%TPM_EXE_PATH%startauthsession -se t > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Write" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get the policycommandcode write term" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppw.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Restart the trial policy session" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Read" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get the policycommandcode read term" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Restart the trial policy session" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Trial Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Get the policyor result" +%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmpor.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Flush the trial policy session" +%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # +rem # Test PIN fail +rem # + +rem # Write the PIN fail index + +echo "Creating the NvIndex as PIN Fail, remove authwrite, authread, add ownerread" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -ty f -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Start policy sesion" +%TPM_EXE_PATH%startauthsession -se p > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Write" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Writing count 0, limit 2" +%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # test the PIN fail index + +echo "Using with PolicySecret, first failure case, increments count" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Read" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, should be 1 2" +%TPM_EXE_PATH%nvread -ha 01000000 -id 1 2 -se0 03000000 01 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Using with PolicySecret, second failure case" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out +IF !ERRORLEVEL! EQU 0 ( + exit /B 1 +) + +echo "Read the index, owner auth, should be 2 2" +%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 2 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # cleanup + +echo "Undefine the PIN fail index" +%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi o > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # +rem # Test PIN pass +rem # + +rem # Write the PIN pass index + +echo "Creating the NvIndex as PIN Pass, remove authwrite, authread, add ownerread" +%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -ty p -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Write" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Writing count 0, limit 2" +%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # test the PIN pass index + +echo "policycommandcode TPM_CC_NV_Read" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, should be 0 2" +%TPM_EXE_PATH%nvread -ha 01000000 -id 0 2 -se0 03000000 01 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, owner auth, should be 0 2" +%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 0 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Using with PolicySecret, success, increments count" +%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pass > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Restart the policy session" +%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "policycommandcode TPM_CC_NV_Read" +%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Policy OR" +%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, should be 1 2" +%TPM_EXE_PATH%nvread -ha 01000000 -id 1 2 -se0 03000000 00 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +echo "Read the index, owner auth, should be 1 2" +%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 1 2 > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rem # cleanup + +echo "Undefine the PIN fail index" +%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi o > run.out +IF !ERRORLEVEL! NEQ 0 ( + exit /B 1 +) + +rm -r tmppw.bin +rm -r tmppr.bin +rm -r tmpor.bin + +rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 +rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 +rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 03000000 +rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 01000000 + +exit /B 0 + |