new file mode 100644
@@ -0,0 +1,41 @@
+#
+# SPDX-License-Identifier: MIT
+#
+
+import os
+
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.oetimeout import OETimeout
+
+class FtpmTestSuite(OERuntimeTestCase):
+ """
+ Minimal test for optee-ftpm and ftpm kernel driver interfaces
+ """
+ @OETimeout(200)
+ def test_ftpm(self):
+ # device files, need tee-supplicant fully initialized which takes some time
+ # and tests seem to run before boot is complete
+ cmd = "ls -l /dev/tpm0 /dev/tpmrm0 || ( runlevel; sleep 10; ls -l /dev/tpm0 /dev/tpmrm0 )"
+ status, output = self.target.run(cmd, timeout=60)
+ self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+ # tpm version
+ cmd = "cat /sys/class/tpm/tpm0/tpm_version_major"
+ status, output = self.target.run(cmd, timeout=60)
+ self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+ self.assertEqual(output, "2", msg='\n'.join([cmd, output]))
+
+ # sha384 pcrs
+ cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha384/"${c}"; done'
+ status, output = self.target.run(cmd, timeout=60)
+ self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+ # sha256 pcrs
+ cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha256/"${c}"; done'
+ status, output = self.target.run(cmd, timeout=60)
+ self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+ # sha1 pcrs
+ cmd = 'for c in $(seq 0 23); do cat /sys/class/tpm/tpm0/pcr-sha1/"${c}"; done'
+ status, output = self.target.run(cmd, timeout=60)
+ self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
Test checks that ftpm kernel driver interfaces are available. If fTPM optee TA is missing or crashes, the kernel driver does not show the interfaces. A more functional tests would be to use tpm2-tools from meta-security/meta-tpm but those require additional layer dependencies which are maybe too much for now. tpm2-tools also depend on starting tpm2-abrmd before the tools work. The ftpm kernel driver depends on fully running tee-supplicant in userspace and the optee side ftpm TA which takes some time. When manually running the tests some of them failed since ftpm was not yet initialized. The boot was not complete in those cases so added a workaround for that. Better would be for all of the tests to start only once boot is complete, not when ssh is available. Also, the qemuarm64-secureboot machine includes optee and ftpm TA but does u-boot is not configured to use the TPM device so boot is not measured. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- meta-arm/lib/oeqa/runtime/cases/ftpm.py | 41 +++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 meta-arm/lib/oeqa/runtime/cases/ftpm.py