# Copyright 2017 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. import logging from autotest_lib.client.common_lib import error from autotest_lib.server import autotest, test from autotest_lib.client.common_lib.cros import tpm_utils class firmware_Cr50InvalidateRW(test.test): """ Verify the inactive Cr50 header on the first login after cryptohome restarts. There are two special cases this test covers: logging in after the TPM owner is cleared and logging in as guest. After the tpm owner is cleared, corrupting the header will be done on the second login. During guest login the owner wont be cleared. """ version = 1 GET_CRYPTOHOME_MESSAGE ='grep cryptohomed /var/log/messages' SUCCESS = 'Successfully invalidated inactive Cr50 RW' FAIL = 'Invalidating inactive Cr50 RW failed' NO_ATTEMPT = 'Did not try to invalidate header' LOGIN_ATTEMPTS = 5 def initialize(self, host): """Initialize servo and cr50""" super(firmware_Cr50InvalidateRW, self).initialize() self.host = host self.client_at = autotest.Autotest(self.host) self.last_message = None # get the messages already in /var/log/messages so we don't use them # later. self.check_for_invalidated_rw() def check_for_invalidated_rw(self): """Use /var/log/messages to see if the rw header was invalidated. Returns a string NO_ATTEMPT if cryptohome did not try to invalidate the header or the cryptohome message if the attempt failed or succeeded. """ # Get the relevant messages from /var/log/messages message_str = self.host.run(self.GET_CRYPTOHOME_MESSAGE, verbose=False).stdout.strip() # Remove the messages we have seen in the past if self.last_message: message_str = message_str.rsplit(self.last_message, 1)[-1] messages = message_str.split('\n') # Save the last message so we can identify new messages later self.last_message = messages[-1] rv = self.NO_ATTEMPT # print all cryptohome messages. for message in messages: logging.debug(message) # Return the message that is related to the RW invalidate attempt if self.FAIL in message or self.SUCCESS in message: rv = message return rv def login(self, use_guest): """Run the test to login.""" if use_guest: self.client_at.run_test('login_CryptohomeIncognito') else: self.client_at.run_test('login_LoginSuccess') def login_and_verify(self, use_guest=False, corrupt_login=None): """Verify the header is only invalidated on the specified login. login LOGIN_ATTEMPTS times. Verify that cryptohome only tries to corrupt the inactive cr50 header on the specified login. If it tries on a different login or fails to corrupt the header, raise an error. Args: use_guest: True to login as guest corrupt_login: The login attempt that we expect the header to be corrupted on Raises: TestError if the system attempts to corrupt the header on any login that isn't corrupt_login or if an attepmt to corrupt the header fails. """ for i in xrange(self.LOGIN_ATTEMPTS): attempt = i + 1 self.login(use_guest) result = self.check_for_invalidated_rw() message = '%slogin %d: %s' % ('guest ' if use_guest else '', attempt, result) logging.info(message) # Anytime the invalidate attempt fails raise an error if self.FAIL in result: raise error.TestError(message) # The header should be invalidated only on corrupt_login. Raise # an error if it was invalidated on some other login or if # cryptohome did not try on the first one. if (attempt == corrupt_login) != (self.SUCCESS in result): raise error.TestError('Unexpected result %s' % message) def restart_cryptohome(self): """Restart cryptohome Cryptohome only sends the command to corrupt the header once. Once it has been sent it wont be sent again until cryptohome is restarted. """ self.host.run('restart cryptohomed') def clear_tpm_owner(self): """Clear the tpm owner.""" logging.info('Clearing the TPM owner') tpm_utils.ClearTPMOwnerRequest(self.host, wait_for_ready=True) def after_run_once(self): """Print the run information after each successful run""" logging.info('finished run %d', self.iteration) def run_once(self, host): """Login to validate ChromeOS corrupts the inactive header""" # After clearing the tpm owner the header will be corrupted on the # second login self.clear_tpm_owner() self.login_and_verify(corrupt_login=2) # The header is corrupted on the first login after cryptohome is reset self.restart_cryptohome() self.login_and_verify(corrupt_login=1) # Cryptohome is reset after reboot self.host.reboot() self.login_and_verify(corrupt_login=1) # The header is not corrupted after guest login, but will be corrupted # on the first login after that. self.restart_cryptohome() self.login_and_verify(use_guest=True) self.login_and_verify(corrupt_login=1)