Google Git
Sign in
qemu / skiboot / 326a4666bd69ca071c4f7d2eacf868b11099baee / . / libstb / tss2 / ibmtpm20tss / utils / regtests / testnvpin.bat
blob: a113434c47d7d4e8d6b43d714081d184cc505091 [file] [log] [blame]
REM #################################################################################
REM # #
REM # TPM2 regression test #
REM # Written by Ken Goldman #
REM # IBM Thomas J. Watson Research Center #
REM # #
REM # (c) Copyright IBM Corporation 2016 - 2019 #
REM # #
REM # All rights reserved. #
REM # #
REM # Redistribution and use in source and binary forms, with or without #
REM # modification, are permitted provided that the following conditions are #
REM # met: #
REM # #
REM # Redistributions of source code must retain the above copyright notice, #
REM # this list of conditions and the following disclaimer. #
REM # #
REM # Redistributions in binary form must reproduce the above copyright #
REM # notice, this list of conditions and the following disclaimer in the #
REM # documentation and/or other materials provided with the distribution. #
REM # #
REM # Neither the names of the IBM Corporation nor the names of its #
REM # contributors may be used to endorse or promote products derived from #
REM # this software without specific prior written permission. #
REM # #
REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS #
REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT #
REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR #
REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT #
REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, #
REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT #
REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, #
REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY #
REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT #
REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE #
REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #
REM # #
REM #################################################################################
setlocal enableDelayedExpansion
REM # PIN Pass index name is
REM
REM # 00 0b da 1c bd 54 bb 81 54 6c 1c 76 30 dd d4 09
REM # 50 3a 0d 6d 03 05 16 1b 15 88 d6 6b c8 fa 17 da
REM # ad 81
REM
REM # Policy Secret using PIN Pass index is
REM
REM # 56 e4 c7 26 d7 d7 dd 3c bd 4c ae 11 c0 1b 2e 83
REM # 3c 37 33 3c fb c3 b9 c3 5f 05 ab 53 23 0c df 7d
REM
REM # PIN Fail index name is
REM
REM # 00 0b 86 11 40 4a e8 0c 0a 84 e5 b8 97 05 98 f0
REM # b5 60 2d 14 21 19 bf 44 9d e5 f9 61 84 bc 4c 01
REM # c4 be
REM
REM # Policy Secret using PIN Fail index is
REM
REM # 9d 56 8f da 52 27 30 dc be a8 ad 59 bc a5 0c 1c
REM # 16 02 95 03 a0 0b d3 d8 20 a8 b2 d8 5b c5 12 df
REM
REM
REM # 01000000 is PIN pass or PIN fail index
REM # 01000001 is ordinary index with PIN pass policy
REM # 01000002 is ordinary index with PIN fail policy
echo ""
echo "NV PIN Index"
echo ""
echo "NV Define Space, 01000001, ordinary index, with policysecret for pin pass index 01000000"
%TPM_EXE_PATH%nvdefinespace -ha 01000001 -hi o -pwdn ppi -ty o -hia p -sz 1 -pol policies/policysecretnvpp.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write to set written bit"
%TPM_EXE_PATH%nvwrite -ha 01000001 -hia p -ic 0 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "NV Define Space, 01000002, ordinary index, with policysecret for pin fail index 01000000"
%TPM_EXE_PATH%nvdefinespace -ha 01000002 -hi o -pwdn pfi -ty o -hia p -sz 1 -pol policies/policysecretnvpf.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write to set written bit"
%TPM_EXE_PATH%nvwrite -ha 01000002 -hia p -ic 0 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Start a policy session"
%TPM_EXE_PATH%startauthsession -se p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN Pass Index"
echo ""
echo "Set phEnableNV"
%TPM_EXE_PATH%hierarchycontrol -hi p -he n > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "NV Define Space, 01000000, pin pass, read/write stclear, policy secret using platform auth"
%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, not written - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform write, 1 use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform read does not affect count"
%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform read does not affect count, should succeed"
%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, platform auth"
%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy write, 1 use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, platform auth"
%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy read should not increment pin count"
%TPM_EXE_PATH%nvread -ha 01000000 -id 0 1 -se0 03000000 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write, 1 use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Index read should increment pin count"
%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 1 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Index read, no uses - should fail"
%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform read, no uses"
%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 1 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN Pass Index in Policy Secret"
echo ""
echo "Policy Secret with PWAP session, bad password - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform write, 01000000, 1 use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, bad password does not consume pinCount - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, should consume pin couunt"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, pinCount used - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Policy Get Digest, 50 b9 63 d6 ..."
%TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Read ordinary index using PIN pass policy secret"
%TPM_EXE_PATH%nvread -ha 01000001 -sz 1 -se0 03000000 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write, 01000000, 1 use, 1 / 2"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 2 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write, 0 uses, 0 / 0"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 0 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, pinCount used - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform write, 1 use. 1 / 1, already used"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, pinCount used - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform write, 0 uses. 2 / 1, already used"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 2 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, pinCount used - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo ""
echo "NV PIN Pass Index with Write Lock"
echo ""
echo "Platform write, 01000000, 1 use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Write lock, 01000000"
%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, pinCount used - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform write, 01000000, locked - should fail"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Reboot"
%TPM_EXE_PATH%powerup > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Startup"
%TPM_EXE_PATH%startup > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Start a policy session"
%TPM_EXE_PATH%startauthsession -se p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write, 01000000, 1 use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN Pass Index with Read Lock"
echo ""
echo "Platform write, 01000000, 1 use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Read lock, 01000000"
%TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform read, locked - should fail"
%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, read locked"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN Pass Index with phEnableNV clear"
echo ""
echo "Platform write, 01000000, 1 use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Clear phEnableNV"
%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, phEnableNV disabled - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Set phEnableNV"
%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "Cleanup NV PIN Pass"
echo ""
echo "NV Undefine Space, 01000000 "
%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Flush the policy session, 03000000 "
%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN Fail Index"
echo ""
echo "NV Define Space, 01000000, pin fail, read/write stclear, policy secret using platform auth"
%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, not written - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform write, 1 failure, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform read"
%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform read with bad password - should fail"
%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -pwdn xxx > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Start a policy session"
%TPM_EXE_PATH%startauthsession -se p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, platform auth"
%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy write, 01000000, platform auth"
%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, platform auth"
%TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy read, 01000000"
%TPM_EXE_PATH%nvread -ha 01000000 -sz 8 -id 0 1 -se0 03000000 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write, 01000000, 0/ 1 failure"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Index read, 01000000, correct password"
%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Index read, 01000000, bad password - should fail"
%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nn -sz 8 > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Index read, 01000000, correct password - should fail because tries used"
%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform write, 01000000, 0 / 1 failure"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Index read, 01000000"
%TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN Fail Index in Policy Secret"
echo ""
echo "Platform write, 2 failures, 0 / 2"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 2 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, good password"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, good password, resets pinCount"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, bad password uses pinCount - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, good password - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Platform write, 1 failure use, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, good password, resets pinCount"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write, 0 failures, 1 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, good password, resets pinCount"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo ""
echo "NV PIN Fail Index with Write Lock"
echo ""
echo "Platform write, 01000000, 1 fail, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Write lock, 01000000"
%TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write, 01000000, locked - should fail"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Reboot"
%TPM_EXE_PATH%powerup > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Startup"
%TPM_EXE_PATH%startup > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Start a policy session"
%TPM_EXE_PATH%startauthsession -se p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform write, 01000000, unlocked, 1 failure, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN Fail Index with Read Lock"
echo ""
echo "Platform write, 01000000, 1 failure, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Read lock 01000000"
%TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Platform read, locked - should fail"
%TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, read locked"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN Fail Index with phEnableNV clear"
echo ""
echo "Platform write, 01000000, 1 failure, 0 / 1"
%TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Clear phEnableNV"
%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy Secret with PWAP session, phEnableNV disabled - should fail"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Set phEnableNV"
%TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "Cleanup"
echo ""
echo "NV Undefine Space 01000000"
%TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "NV Undefine Space 01000001"
%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000001 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "NV Undefine Space 01000002"
%TPM_EXE_PATH%nvundefinespace -hi o -ha 01000002 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Flush the session"
%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Recreate the primary key"
%TPM_EXE_PATH%createprimary -hi p -pwdk sto -pol policies/zerosha256.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo ""
echo "NV PIN define space"
echo ""
echo "NV Define Space, 01000000, no write auth - should fail"
%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppw > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "NV Define Space, 01000000, no read auth - should fail"
%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppr -at ar> run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "NV Define Space, 01000000, PIN Pass, auth write - should fail"
%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p +at aw > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "NV Define Space, 01000000, PIN Fail, auth write - should fail"
%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p +at aw > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "NV Define Space, 01000000, PIN Fail, noDA clear - should fail"
%TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p -at da > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
rem #
rem # Additional test for pinCount update when NV auth is not used. This
rem # tests for a bug fix
rem #
rem #
rem # policy calculation
rem #
echo "Create the policy digest that will be used for the NvIndex write term"
%TPM_EXE_PATH%startauthsession -se t > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "policycommandcode TPM_CC_NV_Write"
%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Get the policycommandcode write term"
%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppw.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Restart the trial policy session"
%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "policycommandcode TPM_CC_NV_Read"
%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Get the policycommandcode read term"
%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppr.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Restart the trial policy session"
%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Trial Policy OR"
%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Get the policyor result"
%TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmpor.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Flush the trial policy session"
%TPM_EXE_PATH%flushcontext -ha 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
rem #
rem # Test PIN fail
rem #
rem # Write the PIN fail index
echo "Creating the NvIndex as PIN Fail, remove authwrite, authread, add ownerread"
%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -ty f -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Start policy sesion"
%TPM_EXE_PATH%startauthsession -se p > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "policycommandcode TPM_CC_NV_Write"
%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy OR"
%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Writing count 0, limit 2"
%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
rem # test the PIN fail index
echo "Using with PolicySecret, first failure case, increments count"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "policycommandcode TPM_CC_NV_Read"
%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy OR"
%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Read the index, should be 1 2"
%TPM_EXE_PATH%nvread -ha 01000000 -id 1 2 -se0 03000000 01 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Using with PolicySecret, second failure case"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pas > run.out
IF !ERRORLEVEL! EQU 0 (
exit /B 1
)
echo "Read the index, owner auth, should be 2 2"
%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 2 2 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
rem # cleanup
echo "Undefine the PIN fail index"
%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi o > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
rem #
rem # Test PIN pass
rem #
rem # Write the PIN pass index
echo "Creating the NvIndex as PIN Pass, remove authwrite, authread, add ownerread"
%TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -ty p -pwdn pass -pol tmpor.bin -at aw -at ar +at or > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "policycommandcode TPM_CC_NV_Write"
%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 137 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy OR"
%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Writing count 0, limit 2"
%TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
rem # test the PIN pass index
echo "policycommandcode TPM_CC_NV_Read"
%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy OR"
%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Read the index, should be 0 2"
%TPM_EXE_PATH%nvread -ha 01000000 -id 0 2 -se0 03000000 01 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Read the index, owner auth, should be 0 2"
%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 0 2 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Using with PolicySecret, success, increments count"
%TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde pass > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Restart the policy session"
%TPM_EXE_PATH%policyrestart -ha 03000000 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "policycommandcode TPM_CC_NV_Read"
%TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14e > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Policy OR"
%TPM_EXE_PATH%policyor -ha 03000000 -if tmppw.bin -if tmppr.bin > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Read the index, should be 1 2"
%TPM_EXE_PATH%nvread -ha 01000000 -id 1 2 -se0 03000000 00 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
echo "Read the index, owner auth, should be 1 2"
%TPM_EXE_PATH%nvread -ha 01000000 -hia o -id 1 2 > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
rem # cleanup
echo "Undefine the PIN fail index"
%TPM_EXE_PATH%nvundefinespace -ha 01000000 -hi o > run.out
IF !ERRORLEVEL! NEQ 0 (
exit /B 1
)
rm -r tmppw.bin
rm -r tmppr.bin
rm -r tmpor.bin
rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000
rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000
rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 03000000
rem # %TPM_EXE_PATH%getcapability -cap 1 -pr 01000000
exit /B 0