dasharo-security/tpm-support.robot: Refactor TPM version and support … #507
Conversation
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
83272db to
e8086e0
Compare
|
It is not entirely redundant. See: #495 (comment) The test to verify TPM version in firmware should check if it is TPM 1.2 or 2.0 |
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
8534884 to
12b0d62
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
98700f0 to
5b01d14
Compare
|
This branch was rebased onto this #487 |
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
from
5b01d14 to
31bc60d
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
4 times, most recently
from
8bab4c2 to
a5c2700
Compare
|
Updated and rebased as per suggestions. Also, when testing this solution, I found an issue with OptiPlex platform Dasharo/dasharo-issues#1091 |
I gave you 3 options and it looks like you chose maybe the worst one. Of course this is not a good tradeoff from laptops perspective. But, was this test even being run on laptops if it only supports SSH tests over OS? Looks like option 1 is the best, but again it would be limited to UEFI payload only. Option 2 is the best since it uses coreboot log alone to determine the TPM chip. Based on the TPM chip we may derive what TPM version it is. But this requires the most work. |
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
0e885b2 to
39fc118
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
40a9e27 to
4550b3a
Compare
|
Made a change to use TPM chip as a base for validation. I also kept old log based detection, as a fallback mechanism in case chip detection fails (it happens on Optiplex due to log truncation). Should there be a warning that this mechanism was used? At the moment it only logs to console. Some TPM variables for various platforms are not set, but I tested it on few laptops and it seems to work correctly. |
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
from
128948a to
010bdab
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
f611b87 to
f1138d7
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
816be6f to
2a074ad
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
from
d35e121 to
083f57b
Compare
|
@SebastianCzapla it just needs a rebase before it can be merged fast-forward |
…tests This commit introduces two new variables, EXPECTED_TPM_CHIP and EXPECTED_TPM_VERSION. Additionally, refactor few keywords and tests within tpm-support.robot Signed-off-by: Sebastian Czapla <[email protected]>
Signed-off-by: Sebastian Czapla <[email protected]>
Signed-off-by: Sebastian Czapla <[email protected]>
Signed-off-by: Sebastian Czapla <[email protected]>
Signed-off-by: Sebastian Czapla <[email protected]>
Signed-off-by: Sebastian Czapla <[email protected]>
Signed-off-by: Sebastian Czapla <[email protected]>
Signed-off-by: Sebastian Czapla <[email protected]>
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
from
083f57b to
7cd6900
Compare
|
@miczyg1 Done |
…tests
Currently, TPM Support and TPM Version test are split into different tests groups. Merging of version and support checks into one allows us to skip few extra reboot cycles during testing. Additionally, it provides opportunity to add coverage for TPM 1.2