-
Notifications
You must be signed in to change notification settings - Fork 96
Testing of libtpms Functionality
Stefan Berger edited this page Feb 22, 2021
·
29 revisions
Libtpms is regularly tested with swtpm's test suite on the following platforms:
- Ubuntu 16.04 and 18.04 (Travis)
- CentOS 6.10
- Cygwin
- BSDs: DragonflyBSD, OpenBSD, NetBSD, FreeBSD
- testing in latest containers: Alpine, Centos, Debian, Fedora (x86_64, ppc64le, s390x), OpenSuSE, Ubuntu
The following matrix shows the test results using Windows HLK:
| HLK version | Win Version | QEMU Version | TPM Interface | swtpm Version | libtpms Version | Failed Tests |
|---|---|---|---|---|---|---|
| HLK for Win 10 | Win 10 1909 | 4.2/5.0 | TIS | 0.4 (dev) | 0.7.3 (rev. 150) | 1,2,3,4,5 |
| HLK for Win 10 | Win 10 1909 | 4.2/5.0 | TIS | 0.4 (dev) | 0.8.0 (rev. 162) | 1,2,3,4,5 |
| HLK for Win 10 | Win 10 2004 | 4.2/5.0 | TIS | 0.4 (dev) | 0.7.3 (rev. 150) | 1,2,4,6,7 |
| HLK for Win 10 | Win 10 2004 | 4.2/5.0 | TIS | 0.4 (dev) | 0.8.0 (rev. 162) | 1,2,4,6,7 |
Tested by: Marek Kedzierski
Interpretation of test results:
| # | Failed Test | Interpretation |
|---|---|---|
| 1 | TPM Auxiliary Test: VerifySpecVersion | TPM 2.0 revisions do not match the one expected by HLK; this is not a TPM 2.0 functionality issue |
| 2 | EKCertificate Tests: VerifyEkCertisKnownAuthority | Software TPMs do not/cannot have a known CA like vendors of hardware TPMs use for TPM 2 certificates; this is not a TPM 2.0 functionality issue |
| 3 | Supplemental Tests: VerifyInterruptPresentAndUsed (not in 2004) | Neither TIS nor CRB in QEMU use interrupts but polling instead; this is not a TPM 2.0 functionality issue; see footnote 1 below |
| 4 | Verify Existence And Device Requirements: VerifyTpm20Exists | libtpms identifier is not known to HLK test suite; this is not a TPM 2.0 functionality issue |
| 5 | TPM Based Virtual Smart Card Interface: NegativeTests (not in 2004) | Reason for failure unknown |
Footnotes:
- When QEMU's interrupt support is enabled (with a few patches) the Linux TIS driver works on IRQ 5 (level triggered) but does not work on IRQ 13. Windows seems to require an edge-triggered interrupt and only accepts IRQ 13. So, if we enable IRQs for the TIS, we can either only make it work for Linux or Windows but not both. Since the other kernel does not fall back to polling, we cannot make it work for both, thus keeping polling for the TIS is the only way to make it work for both.