| # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import logging, os, re, shutil, sys, time |
| from autotest_lib.client.bin import test, utils |
| |
| class platform_CryptohomeTPMReOwn(test.test): |
| """ |
| Test of cryptohome functionality to re-create a user's vault directory if |
| the TPM is cleared and re-owned and the vault keyset is TPM-wrapped. |
| """ |
| version = 1 |
| preserve_srcdir = True |
| |
| |
| def __run_cmd(self, cmd): |
| result = utils.system_output(cmd + ' 2>&1', retain_output=True, |
| ignore_status=True) |
| return result |
| |
| |
| def run_once(self, subtest='None'): |
| test_user = 'this_is_a_local_test_account@chromium.org' |
| test_password = 'this_is_a_test_password' |
| |
| logging.info("Running client subtest %s", subtest) |
| if (subtest == 'clear_tpm'): |
| output = self.__run_cmd("/usr/sbin/tpm_clear --force") |
| self.job.set_state("client_status", "Success") |
| elif (subtest == 'enable_tpm'): |
| output = self.__run_cmd("/usr/bin/tpm_init_temp_fix") |
| self.job.set_state("client_status", "Success") |
| elif (subtest == 'mount_cryptohome'): |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=remove " + |
| "--force --user=" + test_user) |
| ready = False |
| for n in range(0, 20): |
| output = self.__run_cmd("/usr/sbin/cryptohome " + |
| "--action=tpm_status") |
| if (output.find("TPM Ready: true") >= 0): |
| ready = True |
| break |
| time.sleep(10) |
| if (ready == False): |
| error_msg = "TPM never became ready" |
| self.job.set_state("client_status", error_msg) |
| return |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=mount" + |
| " --user=" + test_user + |
| " --password=" + test_password) |
| if (output.find("Mount succeeded") < 0): |
| error_msg = "Cryptohome mount failed" |
| self.job.set_state("client_status", error_msg) |
| return |
| output = self.__run_cmd("echo TEST_CONTENT > " + |
| "/home/chronos/user/TESTFILE") |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=unmount") |
| output = self.__run_cmd("/usr/sbin/cryptohome " + |
| "--action=dump_keyset --user=" + test_user) |
| if (output.find("TPM_WRAPPED") < 0): |
| error_msg = 'Cryptohome did not create a TPM-wrapped keyset.' |
| self.job.set_state("client_status", error_msg) |
| return |
| self.job.set_state("client_status", "Success") |
| elif (subtest == 'mount_cryptohome_after_reboot'): |
| ready = False |
| for n in range(0, 20): |
| output = self.__run_cmd("/usr/sbin/cryptohome " + |
| "--action=tpm_status") |
| if (output.find("TPM Ready: true") >= 0): |
| ready = True |
| break |
| time.sleep(10) |
| if (ready == False): |
| error_msg = 'TPM never became ready' |
| self.job.set_state("client_status", error_msg) |
| return |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=mount" + |
| " --user=" + test_user + |
| " --password=" + test_password) |
| if (output.find("Mount succeeded") < 0): |
| error_msg = 'Cryptohome mount failed' |
| self.job.set_state("client_status", error_msg) |
| return |
| output = self.__run_cmd("cat /home/chronos/user/TESTFILE 2>&1") |
| if (output.find("TEST_CONTENT") < 0): |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=unmount") |
| error_msg = ('Cryptohome did not contain original test file') |
| self.job.set_state("client_status", error_msg) |
| return |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=unmount") |
| self.job.set_state("client_status", "Success") |
| elif (subtest == 'mount_cryptohome_check_recreate'): |
| ready = False |
| for n in range(0, 20): |
| output = self.__run_cmd("/usr/sbin/cryptohome " + |
| "--action=tpm_status") |
| if (output.find("TPM Ready: true") >= 0): |
| ready = True |
| break |
| time.sleep(10) |
| if (ready == False): |
| error_msg = 'TPM never became ready' |
| self.job.set_state("client_status", error_msg) |
| return |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=mount" + |
| " --user=" + test_user + |
| " --password=" + test_password) |
| if (output.find("Mount succeeded") < 0): |
| error_msg = 'Cryptohome mount failed' |
| self.job.set_state("client_status", error_msg) |
| return |
| output = self.__run_cmd("cat /home/chronos/user/TESTFILE 2>&1") |
| if (output.find("TEST_CONTENT") >= 0): |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=unmount") |
| error_msg = ('Cryptohome not re-created, ' + |
| 'found original test file') |
| self.job.set_state("client_status", error_msg) |
| return |
| output = self.__run_cmd("/usr/sbin/cryptohome --action=unmount") |
| output = self.__run_cmd("/usr/sbin/cryptohome " + |
| "--action=dump_keyset --user=" + test_user) |
| if (output.find("TPM_WRAPPED") < 0): |
| error_msg = ('Cryptohome did not create a ' + |
| 'TPM-wrapped keyset on reboot.') |
| self.job.set_state("client_status", error_msg) |
| return |
| self.job.set_state("client_status", "Success") |