1#!/usr/bin/expect -f 2# 3# This script test Linux trusted keys support using OP-TEE as a trust 4# source. The return code is 0 for success, >0 for error. 5# 6 7set timeout 5 8set tk_id 0 9set ek_id 0 10# Wait for next prompt, dealing with key ID, failure message and timeout 11proc check_keyctl_result arg { 12 expect { 13 -re {(\d+)\r} { 14 set ::$arg $expect_out(1,string) 15 exp_continue 16 } 17 "add_key: No such device" { 18 info [join {"Skipping test due to 'No such device':" 19 "trusted keys are not supported" 20 "(missing driver? CFG_CORE_DYN_SHM=n?)\n"}] 21 exit 0 22 } 23 "FAILED" { 24 info "!!! Error\n" 25 exit 1 26 } 27 timeout { 28 info "!!! Timeout\n" 29 exit 1 30 } 31 "# " 32 } 33} 34proc run_cmd arg { 35 send -- [append arg " || fail\r"] 36} 37info "Running: keyctl tests...\n" 38expect "# " 39send -- "function fail { echo FAILED ; }\r" 40expect "# " 41run_cmd "keyctl add trusted kmk \"new 32\" @u" 42check_keyctl_result tk_id 43run_cmd "keyctl add encrypted evm \"new trusted:kmk 32\" @u" 44check_keyctl_result ek_id 45run_cmd "keyctl pipe $tk_id > kmk.blob" 46check_keyctl_result tk_id 47run_cmd "keyctl pipe $ek_id > evm.blob" 48check_keyctl_result ek_id 49run_cmd "keyctl revoke $ek_id" 50check_keyctl_result ek_id 51run_cmd "keyctl revoke $tk_id" 52check_keyctl_result tk_id 53run_cmd "keyctl add trusted kmk \"load `cat kmk.blob`\" @u" 54check_keyctl_result tk_id 55run_cmd "keyctl add encrypted evm \"load `cat evm.blob`\" @u" 56check_keyctl_result ek_id 57run_cmd "keyctl pipe $tk_id > kmk.blob2" 58check_keyctl_result tk_id 59run_cmd "keyctl pipe $ek_id > evm.blob2" 60check_keyctl_result ek_id 61run_cmd "diff kmk.blob kmk.blob2" 62check_keyctl_result tk_id 63run_cmd "diff evm.blob evm.blob2" 64check_keyctl_result ek_id 65info "Status: keyctl tests successful\n" 66