dasharo-security/tpm-support.robot: Refactor TPM version and support …

…tests This commit introduces a new variable TPM_EXPECTED_VERSION to various platform configs. Then, Verify TPM Version tests are changed to refer to this new variable. Additionally, replace cbmem -L with cbmem -1 with grep, to first ensure only last boot is taken into consideration, and then, to reduce to amount of data sent via RTE, which can cause 30s timeout to trigger. Signed-off-by: Sebastian Czapla <[email protected]>
Dasharo · Sep 25, 2024 · 12b0d62 · 12b0d62
1 parent d13cd29
commit 12b0d62
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 8 deletions.
diff --git a/dasharo-security/tpm-support.robot b/dasharo-security/tpm-support.robot
@@ -34,8 +34,8 @@ TPM001.001 TPM Support (firmware)
     Login To Linux
     Switch To Root User
     Get Cbmem From Cloud
-    ${out}=    Execute Command In Terminal    cbmem -L
-    Should Contain Any    ${out}    TPM2 log    TCPA log
+    ${out}=    Execute Command In Terminal    cbmem -1 | grep -E 'TPM2 detected| TCPA log'
+    Should Contain Any    ${out}    TPM2 detected    TCPA log
 
 TPM001.002 TPM Support (Ubuntu)
     [Documentation]    Check whether the TPM is initialized correctly and the
@@ -69,9 +69,7 @@ TPM002.001 Verify TPM version (firmware)
     Boot System Or From Connected Disk    ubuntu
     Login To Linux
     Switch To Root User
-    Get Cbmem From Cloud
-    ${out}=    Execute Command In Terminal    cbmem -L
-    Should Contain Any    ${out}    TPM2 log    TCPA log
+    Validate Expected TPM In Firmware
 
 TPM002.002 Verify TPM version (Ubuntu)
     [Documentation]    This test aims to verify that the TPM version is
@@ -82,9 +80,7 @@ TPM002.002 Verify TPM version (Ubuntu)
     Boot System Or From Connected Disk    ubuntu
     Login To Linux
     Switch To Root User
-    ${out}=    Execute Command In Terminal    cat /sys/class/tpm/tpm0/tpm_version_major
-    # TPM 2.0 and 1.2
-    Should Contain Any    ${out}    1    2
+    Validate Expected TPM In Linux
 
 TPM002.003 Verify TPM version (Windows)
     [Documentation]    This test aims to verify that the TPM version is
@@ -153,3 +149,21 @@ Validate Any TPM
     ELSE
         Fail    No valid TPM version available.
     END
+
+Validate Expected TPM In Linux
+    [Documentation]    Checks if major TPM version matches the expected
+    ...    value.
+    ${tpm_ver}=    Execute Command In Terminal    cat /sys/class/tpm/tpm0/tpm_version_major
+    IF    '${TPM_EXPECTED_VERSION}' != '${tpm_ver}'    Fail
+    ...    Platform TPM version mismatch
+
+Validate Expected TPM In Firmware
+    Get Cbmem From Cloud
+    ${out}=    Execute Command In Terminal    cbmem -1 | grep -E 'TPM2 detected| TCPA log'
+    IF    '${TPM_EXPECTED_VERSION}' == '1'
+        Should Contain    ${out}    TCPA log
+    ELSE IF    '${TPM_EXPECTED_VERSION}' == '2'
+        Should Contain    ${out}    TPM2 log
+    ELSE
+        Fail
+    END
diff --git a/platform-configs/include/msi-z690-common.robot b/platform-configs/include/msi-z690-common.robot
@@ -25,6 +25,7 @@ ${POWER_CTRL}=                                  sonoff
 ${FLASH_VERIFY_METHOD}=                         none
 ${WIFI_CARD}=                                   ${TBD}
 ${MAX_CPU_TEMP}=                                80
+${TPM_EXPECTED_VERSION}=                        2
 
 ${DMIDECODE_MANUFACTURER}=                      Micro-Star International Co., Ltd.
 ${DMIDECODE_VENDOR}=                            3mdeb

diff --git a/platform-configs/include/optiplex-common.robot b/platform-configs/include/optiplex-common.robot
@@ -16,6 +16,7 @@ ${SETUP_MENU_KEY}=                              ${F2}
 ${IPXE_BOOT_ENTRY}=                             Network Boot and Utilities
 ${POWER_CTRL}=                                  sonoff
 ${MAX_CPU_TEMP}=                                80
+${TPM_EXPECTED_VERSION}=                        1
 
 ${DMIDECODE_VENDOR}=                            3mdeb
 ${DMIDECODE_FAMILY}=                            N/A

diff --git a/platform-configs/include/protectli-vp66xx.robot b/platform-configs/include/protectli-vp66xx.robot
@@ -10,6 +10,7 @@ ${DEVICE_AUDIO1}=                   Alderlake-P HDMI
 ${DEVICE_AUDIO1_WIN}=               High Definition Audio Device
 ${INITIAL_CPU_FREQUENCY}=           2600
 ${MAX_CPU_TEMP}=                    82
+${TPM_EXPECTED_VERSION}=            1
 
 ${CPU_P_CORES_MAX}=                 2
 ${CPU_E_CORES_MAX}=                 8

diff --git a/platform-configs/protectli-v1410.robot b/platform-configs/protectli-v1410.robot
@@ -10,5 +10,6 @@ ${CPU_MIN_FREQUENCY}=           800
 ${PLATFORM_CPU_SPEED}=          2.00
 ${PLATFORM_RAM_SPEED}=          2933
 ${PLATFORM_RAM_SIZE}=           8192
+${TPM_EXPECTED_VERSION}=        2
 
 @{ETH_PERF_PAIR_2_G}=           enp2s0    enp5s0
diff --git a/platform-configs/protectli-vp2410.robot b/platform-configs/protectli-vp2410.robot
@@ -13,6 +13,7 @@ ${INITIAL_CPU_FREQUENCY}=               2000
 ${MAX_CPU_TEMP}=                        77
 ${CPU_MAX_FREQUENCY}=                   2800
 ${CPU_MIN_FREQUENCY}=                   300
+${TPM_EXPECTED_VERSION}=                2
 
 # eMMC driver support
 ${E_MMC_NAME}=                          8GTF4R