1 /* 2 * QTest testcase for TPM CRB 3 * 4 * Copyright (c) 2018 Red Hat, Inc. 5 * 6 * Authors: 7 * Marc-André Lureau <marcandre.lureau@redhat.com> 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or later. 10 * See the COPYING file in the top-level directory. 11 */ 12 13 #include "qemu/osdep.h" 14 #include <glib/gstdio.h> 15 16 #include "hw/acpi/tpm.h" 17 #include "hw/tpm/tpm_ioctl.h" 18 #include "io/channel-socket.h" 19 #include "libqtest.h" 20 #include "qapi/error.h" 21 22 #define TPM_RC_FAILURE 0x101 23 #define TPM2_ST_NO_SESSIONS 0x8001 24 25 struct tpm_hdr { 26 uint16_t tag; 27 uint32_t len; 28 uint32_t code; /*ordinal/error */ 29 char buffer[]; 30 } QEMU_PACKED; 31 32 typedef struct TestState { 33 CompatGMutex data_mutex; 34 CompatGCond data_cond; 35 SocketAddress *addr; 36 QIOChannel *tpm_ioc; 37 GThread *emu_tpm_thread; 38 struct tpm_hdr *tpm_msg; 39 } TestState; 40 41 static void test_wait_cond(TestState *s) 42 { 43 gint64 end_time = g_get_monotonic_time() + 5 * G_TIME_SPAN_SECOND; 44 45 g_mutex_lock(&s->data_mutex); 46 if (!g_cond_wait_until(&s->data_cond, &s->data_mutex, end_time)) { 47 g_assert_not_reached(); 48 } 49 g_mutex_unlock(&s->data_mutex); 50 } 51 52 static void *emu_tpm_thread(void *data) 53 { 54 TestState *s = data; 55 QIOChannel *ioc = s->tpm_ioc; 56 57 s->tpm_msg = g_new(struct tpm_hdr, 1); 58 while (true) { 59 int minhlen = sizeof(s->tpm_msg->tag) + sizeof(s->tpm_msg->len); 60 61 if (!qio_channel_read(ioc, (char *)s->tpm_msg, minhlen, &error_abort)) { 62 break; 63 } 64 s->tpm_msg->tag = be16_to_cpu(s->tpm_msg->tag); 65 s->tpm_msg->len = be32_to_cpu(s->tpm_msg->len); 66 g_assert_cmpint(s->tpm_msg->len, >=, minhlen); 67 g_assert_cmpint(s->tpm_msg->tag, ==, TPM2_ST_NO_SESSIONS); 68 69 s->tpm_msg = g_realloc(s->tpm_msg, s->tpm_msg->len); 70 qio_channel_read(ioc, (char *)&s->tpm_msg->code, 71 s->tpm_msg->len - minhlen, &error_abort); 72 s->tpm_msg->code = be32_to_cpu(s->tpm_msg->code); 73 74 /* reply error */ 75 s->tpm_msg->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); 76 s->tpm_msg->len = cpu_to_be32(sizeof(struct tpm_hdr)); 77 s->tpm_msg->code = cpu_to_be32(TPM_RC_FAILURE); 78 qio_channel_write(ioc, (char *)s->tpm_msg, be32_to_cpu(s->tpm_msg->len), 79 &error_abort); 80 } 81 82 g_free(s->tpm_msg); 83 s->tpm_msg = NULL; 84 object_unref(OBJECT(s->tpm_ioc)); 85 return NULL; 86 } 87 88 static void *emu_ctrl_thread(void *data) 89 { 90 TestState *s = data; 91 QIOChannelSocket *lioc = qio_channel_socket_new(); 92 QIOChannel *ioc; 93 94 qio_channel_socket_listen_sync(lioc, s->addr, &error_abort); 95 g_cond_signal(&s->data_cond); 96 97 qio_channel_wait(QIO_CHANNEL(lioc), G_IO_IN); 98 ioc = QIO_CHANNEL(qio_channel_socket_accept(lioc, &error_abort)); 99 g_assert(ioc); 100 101 { 102 uint32_t cmd = 0; 103 struct iovec iov = { .iov_base = &cmd, .iov_len = sizeof(cmd) }; 104 int *pfd = NULL; 105 size_t nfd = 0; 106 107 qio_channel_readv_full(ioc, &iov, 1, &pfd, &nfd, &error_abort); 108 cmd = be32_to_cpu(cmd); 109 g_assert_cmpint(cmd, ==, CMD_SET_DATAFD); 110 g_assert_cmpint(nfd, ==, 1); 111 s->tpm_ioc = QIO_CHANNEL(qio_channel_socket_new_fd(*pfd, &error_abort)); 112 g_free(pfd); 113 114 cmd = 0; 115 qio_channel_write(ioc, (char *)&cmd, sizeof(cmd), &error_abort); 116 117 s->emu_tpm_thread = g_thread_new(NULL, emu_tpm_thread, s); 118 } 119 120 while (true) { 121 uint32_t cmd; 122 ssize_t ret; 123 124 ret = qio_channel_read(ioc, (char *)&cmd, sizeof(cmd), NULL); 125 if (ret <= 0) { 126 break; 127 } 128 129 cmd = be32_to_cpu(cmd); 130 switch (cmd) { 131 case CMD_GET_CAPABILITY: { 132 ptm_cap cap = cpu_to_be64(0x3fff); 133 qio_channel_write(ioc, (char *)&cap, sizeof(cap), &error_abort); 134 break; 135 } 136 case CMD_INIT: { 137 ptm_init init; 138 qio_channel_read(ioc, (char *)&init.u.req, sizeof(init.u.req), 139 &error_abort); 140 init.u.resp.tpm_result = 0; 141 qio_channel_write(ioc, (char *)&init.u.resp, sizeof(init.u.resp), 142 &error_abort); 143 break; 144 } 145 case CMD_SHUTDOWN: { 146 ptm_res res = 0; 147 qio_channel_write(ioc, (char *)&res, sizeof(res), &error_abort); 148 qio_channel_close(s->tpm_ioc, &error_abort); 149 g_thread_join(s->emu_tpm_thread); 150 break; 151 } 152 case CMD_STOP: { 153 ptm_res res = 0; 154 qio_channel_write(ioc, (char *)&res, sizeof(res), &error_abort); 155 break; 156 } 157 case CMD_SET_BUFFERSIZE: { 158 ptm_setbuffersize sbs; 159 qio_channel_read(ioc, (char *)&sbs.u.req, sizeof(sbs.u.req), 160 &error_abort); 161 sbs.u.resp.buffersize = sbs.u.req.buffersize ?: cpu_to_be32(4096); 162 sbs.u.resp.tpm_result = 0; 163 sbs.u.resp.minsize = cpu_to_be32(128); 164 sbs.u.resp.maxsize = cpu_to_be32(4096); 165 qio_channel_write(ioc, (char *)&sbs.u.resp, sizeof(sbs.u.resp), 166 &error_abort); 167 break; 168 } 169 case CMD_SET_LOCALITY: { 170 ptm_loc loc; 171 /* Note: this time it's not u.req / u.resp... */ 172 qio_channel_read(ioc, (char *)&loc, sizeof(loc), &error_abort); 173 g_assert_cmpint(loc.u.req.loc, ==, 0); 174 loc.u.resp.tpm_result = 0; 175 qio_channel_write(ioc, (char *)&loc, sizeof(loc), &error_abort); 176 break; 177 } 178 default: 179 g_debug("unimplemented %u", cmd); 180 g_assert_not_reached(); 181 } 182 } 183 184 object_unref(OBJECT(ioc)); 185 object_unref(OBJECT(lioc)); 186 return NULL; 187 } 188 189 #define TPM_CMD "\x80\x01\x00\x00\x00\x0c\x00\x00\x01\x44\x00\x00" 190 191 static void tpm_crb_test(const void *data) 192 { 193 const TestState *s = data; 194 uint32_t intfid = readl(TPM_CRB_ADDR_BASE + A_CRB_INTF_ID); 195 uint32_t csize = readl(TPM_CRB_ADDR_BASE + A_CRB_CTRL_CMD_SIZE); 196 uint64_t caddr = readq(TPM_CRB_ADDR_BASE + A_CRB_CTRL_CMD_LADDR); 197 uint32_t rsize = readl(TPM_CRB_ADDR_BASE + A_CRB_CTRL_RSP_SIZE); 198 uint64_t raddr = readq(TPM_CRB_ADDR_BASE + A_CRB_CTRL_RSP_ADDR); 199 200 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, InterfaceType), ==, 1); 201 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, InterfaceVersion), ==, 1); 202 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, CapLocality), ==, 0); 203 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, CapCRBIdleBypass), ==, 0); 204 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, CapDataXferSizeSupport), 205 ==, 3); 206 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, CapFIFO), ==, 0); 207 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, CapCRB), ==, 1); 208 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, InterfaceSelector), ==, 1); 209 g_assert_cmpint(FIELD_EX32(intfid, CRB_INTF_ID, RID), ==, 0); 210 211 g_assert_cmpint(csize, >=, 128); 212 g_assert_cmpint(rsize, >=, 128); 213 g_assert_cmpint(caddr, >, TPM_CRB_ADDR_BASE); 214 g_assert_cmpint(raddr, >, TPM_CRB_ADDR_BASE); 215 216 memwrite(caddr, TPM_CMD, sizeof(TPM_CMD)); 217 218 uint32_t sts, start = 1; 219 uint64_t end_time = g_get_monotonic_time() + 5 * G_TIME_SPAN_SECOND; 220 writel(TPM_CRB_ADDR_BASE + A_CRB_CTRL_START, start); 221 do { 222 start = readl(TPM_CRB_ADDR_BASE + A_CRB_CTRL_START); 223 if ((start & 1) == 0) { 224 break; 225 } 226 } while (g_get_monotonic_time() < end_time); 227 start = readl(TPM_CRB_ADDR_BASE + A_CRB_CTRL_START); 228 g_assert_cmpint(start & 1, ==, 0); 229 sts = readl(TPM_CRB_ADDR_BASE + A_CRB_CTRL_STS); 230 g_assert_cmpint(sts & 1, ==, 0); 231 232 struct tpm_hdr tpm_msg; 233 memread(raddr, &tpm_msg, sizeof(tpm_msg)); 234 g_assert_cmpmem(&tpm_msg, sizeof(tpm_msg), s->tpm_msg, sizeof(*s->tpm_msg)); 235 } 236 237 int main(int argc, char **argv) 238 { 239 int ret; 240 char *args, *tmp_path = g_dir_make_tmp("qemu-tpm-crb-test.XXXXXX", NULL); 241 GThread *thread; 242 TestState test; 243 244 module_call_init(MODULE_INIT_QOM); 245 g_test_init(&argc, &argv, NULL); 246 247 test.addr = g_new0(SocketAddress, 1); 248 test.addr->type = SOCKET_ADDRESS_TYPE_UNIX; 249 test.addr->u.q_unix.path = g_build_filename(tmp_path, "sock", NULL); 250 g_mutex_init(&test.data_mutex); 251 g_cond_init(&test.data_cond); 252 253 thread = g_thread_new(NULL, emu_ctrl_thread, &test); 254 test_wait_cond(&test); 255 256 args = g_strdup_printf( 257 "-chardev socket,id=chr,path=%s " 258 "-tpmdev emulator,id=dev,chardev=chr " 259 "-device tpm-crb,tpmdev=dev", 260 test.addr->u.q_unix.path); 261 qtest_start(args); 262 263 qtest_add_data_func("/tpm-crb/test", &test, tpm_crb_test); 264 ret = g_test_run(); 265 266 qtest_end(); 267 268 g_thread_join(thread); 269 g_unlink(test.addr->u.q_unix.path); 270 qapi_free_SocketAddress(test.addr); 271 g_rmdir(tmp_path); 272 g_free(tmp_path); 273 g_free(args); 274 return ret; 275 } 276