Add new files: two tests, one common file, one program to set things up.

Change-Id: I4c9b7a937103f3978cbed6629ee4057018b80eae More cleanup. Also allow some tests to run even when TPM is already started. Change-Id: I23558b96a1de55bbeca42dbf2e44f6802a0ec85b Reorganize and standardize behavior of tests. Change-Id: Id32fd09211a72deaa66a3dd0f973d35506ff96f2 BUG=433 TEST=ran all the tests I could run without TPM-free BIOS Review URL: http://codereview.chromium.org/3389004
2026-01-11 18:35:28 +00:00 · 2010-09-15 17:20:36 -07:00
parent 6eee220fcd
commit a7e19cffbe
20 changed files with 301 additions and 322 deletions
--- a/firmware/lib/tpm_lite/include/tlcl.h
+++ b/firmware/lib/tpm_lite/include/tlcl.h
@@ -134,7 +134,8 @@ uint32_t TlclSetDeactivated(uint8_t flag);
 /* Gets flags of interest.  Pointers for flags you aren't interested in may
 * be NULL.  The TPM error code is returned.
 */
-uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated, uint8_t* nvlocked);
+uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated,
+                      uint8_t* nvlocked);

 /* Sets the bGlobalLock flag, which only a reboot can clear.  The TPM error
 * code is returned.
--- a/firmware/version.c
+++ b/firmware/version.c
@@ -1 +1 @@
-char* VbootVersion = "VBOOv=dcd11496";
+char* VbootVersion = "VBOOv=dffb443e";
--- a/tests/tpm_lite/Makefile
+++ b/tests/tpm_lite/Makefile
@@ -10,21 +10,20 @@ INCLUDES += -I./include \
 	-I$(HOSTDIR)/include
 BUILD_ROOT = ${BUILD}/tests/tpm_lite

-TEST_NAMES = tpmtest_clear \
-             tpmtest_earlyextend \
+TEST_NAMES = tpmtest_earlyextend \
             tpmtest_earlynvram \
             tpmtest_earlynvram2 \
 	     tpmtest_enable \
 	     tpmtest_fastenable \
 	     tpmtest_globallock \
-             tpmtest_lock \
-             tpmtest_readonly \
-             tpmtest_redefine \
+             tpmtest_redefine_unowned \
             tpmtest_spaceperm \
-	     tpmtest_startup \
+	     tpmtest_testsetup \
+	     tpmtest_timing \
             tpmtest_writelimit \

 TEST_BINS = $(addprefix ${BUILD_ROOT}/,$(TEST_NAMES))
+SHARED_TEST_OBJ = $(BUILD_ROOT)/tlcl_tests.o

 ALL_DEPS = $(addsuffix .d,${TEST_BINS})
 CFLAGS +=  -MMD -MF $@.d
@@ -36,7 +35,8 @@ all: $(TEST_BINS)
 ${BUILD_ROOT}/%.o : %.c
 	$(CC) $(CFLAGS) $(INCLUDES) -MMD -MF $@.d -c -o $@ $<

-${BUILD_ROOT}/tpmtest_%: %.c ${LIBS}
-	$(CC) $(CFLAGS) $(INCLUDES) $< ${LIBS} -o $@ -lcrypto -lrt $(LDFLAGS)
+${BUILD_ROOT}/tpmtest_%: %.c ${LIBS} ${SHARED_TEST_OBJ}
+	$(CC) $(CFLAGS) $(INCLUDES) $< ${SHARED_TEST_OBJ} \
+	  ${LIBS} -o $@ -lcrypto -lrt $(LDFLAGS)

 -include ${ALL_DEPS}
--- a/tests/tpm_lite/clear.c
+++ b/tests/tpm_lite/clear.c
@@ -1,29 +0,0 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/* Testing: ownership testing code and ForceClear.
- */
-
-#include <stdio.h>
-
-#include "tlcl.h"
-
-int main(int argc, char** argv) {
-  int owned;
-
-  TlclLibInit();
-  TlclStartup();
-  TlclSelfTestFull();
-  TlclAssertPhysicalPresence();
-
-  owned = TlclIsOwned();
-  printf("tpm is %sowned\n", owned?  "" : "NOT ");
-  if (owned) {
-    TlclForceClear();
-    printf("tpm was cleared\n");
-  }
-
-  return 0;
-}
--- a/tests/tpm_lite/earlyextend.c
+++ b/tests/tpm_lite/earlyextend.c
@@ -11,24 +11,16 @@
 #include <stdlib.h>

 #include "tlcl.h"
-
-#define INDEX0 0xcafe
+#include "tlcl_tests.h"

 int main(int argc, char** argv) {
  uint8_t value_in[20];
  uint8_t value_out[20];
-  uint32_t result;

  TlclLibInit();
-  TlclStartup();
-  TlclContinueSelfTest();
-
-  do {
-    result = TlclExtend(1, value_in, value_out);
-    printf("result of Extend = %d\n", result);
-  } while (result == TPM_E_DOING_SELFTEST ||
-           result == TPM_E_NEEDS_SELFTEST);
-
-  printf("Test completed successfully\n");
+  TPM_CHECK(TlclStartup());
+  TPM_CHECK(TlclContinueSelfTest());
+  TPM_CHECK(TlclExtend(1, value_in, value_out));
+  printf("TEST SUCCEEDED\n");
  exit(0);
 }
--- a/tests/tpm_lite/earlynvram.c
+++ b/tests/tpm_lite/earlynvram.c
@@ -11,43 +11,19 @@
 #include <stdlib.h>

 #include "tlcl.h"
+#include "tlcl_tests.h"
 #include "utility.h"

 #define INDEX0 0xcafe

 int main(int argc, char** argv) {
-  uint32_t perm;
-  uint32_t result;
  uint32_t x;

  TlclLibInit();
-  TlclStartup();
-  TlclContinueSelfTest();
-
-  do {
-    result = TlclAssertPhysicalPresence();
-    printf("result of AssertPP = %d\n", result);
-  } while (result == TPM_E_DOING_SELFTEST ||
-           result == TPM_E_NEEDS_SELFTEST);
-
-  if (result != TPM_SUCCESS) {
-    error("AssertPP failed with error %d\n", result);
-  }
-
-  do {
-    result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
-    printf("result of ReadValue = %d\n", result);
-  } while (result == TPM_E_DOING_SELFTEST ||
-           result == TPM_E_NEEDS_SELFTEST);
-
-  if (result == TPM_E_BADINDEX) {
-    VBDEBUG(("creating INDEX0\n"));
-    perm = TPM_NV_PER_PPWRITE;
-    TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
-  } else if (result != TPM_SUCCESS) {
-    error("Read failed with result %d\n", result);
-  }
-
-  printf("Test completed successfully\n");
-  exit(0);
+  TPM_CHECK(TlclStartup());
+  TPM_CHECK(TlclContinueSelfTest());
+  TPM_CHECK(TlclAssertPhysicalPresence());
+  TPM_CHECK(TlclRead(INDEX0, (uint8_t*) &x, sizeof(x)));
+  printf("TEST SUCCEEDED\n");
+  return 0;
 }
--- a/tests/tpm_lite/earlynvram2.c
+++ b/tests/tpm_lite/earlynvram2.c
@@ -11,43 +11,17 @@
 #include <stdlib.h>

 #include "tlcl.h"
+#include "tlcl_tests.h"
 #include "utility.h"

-#define INDEX0 0xcafe
-
 int main(int argc, char** argv) {
-  uint32_t perm;
-  uint32_t result;
  uint32_t x;

  TlclLibInit();
-  TlclStartup();
-  TlclContinueSelfTest();
-
-  do {
-    result = TlclAssertPhysicalPresence();
-    printf("result of AssertPP = %d\n", result);
-  } while (result == TPM_E_DOING_SELFTEST ||
-           result == TPM_E_NEEDS_SELFTEST);
-
-  if (result != TPM_SUCCESS) {
-    error("AssertPP failed with error %d\n", result);
-  }
-
-  do {
-    result = TlclWrite(INDEX0, (uint8_t*) &x, sizeof(x));
-    printf("result of WriteValue = %d\n", result);
-  } while (result == TPM_E_DOING_SELFTEST ||
-           result == TPM_E_NEEDS_SELFTEST);
-
-  if (result == TPM_E_BADINDEX) {
-    VBDEBUG(("creating INDEX0\n"));
-    perm = TPM_NV_PER_PPWRITE;
-    TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
-  } else if (result != TPM_SUCCESS) {
-    error("Write failed with result %d\n", result);
-  }
-
-  printf("Test completed successfully\n");
-  exit(0);
+  TPM_CHECK(TlclStartup());
+  TPM_CHECK(TlclContinueSelfTest());
+  TPM_CHECK(TlclAssertPhysicalPresence());
+  TPM_CHECK(TlclWrite(INDEX0, (uint8_t*) &x, sizeof(x)));
+  printf("TEST SUCCEEDED\n");
+  return 0;
 }
--- a/tests/tpm_lite/enable.c
+++ b/tests/tpm_lite/enable.c
@@ -9,28 +9,25 @@
 #include <stdio.h>

 #include "tlcl.h"
-
-#define CHECK(command) do {                     \
-    uint32_t r = (command);                     \
-    if (r != 0) {                               \
-      printf(#command "returned 0x%x\n", r);    \
-    }                                           \
-} while(0)
+#include "tlcl_tests.h"
+#include "utility.h"

 int main(int argc, char** argv) {
  uint8_t disable, deactivated;

  TlclLibInit();
-  TlclStartup();
-  CHECK(TlclSelfTestFull());
-
-  CHECK(TlclAssertPhysicalPresence());
-  CHECK(TlclGetFlags(&disable, &deactivated, NULL));
+  TPM_CHECK(TlclStartupIfNeeded());
+  TPM_CHECK(TlclSelfTestFull());
+  TPM_CHECK(TlclAssertPhysicalPresence());
+  TPM_CHECK(TlclGetFlags(&disable, &deactivated, NULL));
  printf("disable is %d, deactivated is %d\n", disable, deactivated);
-  CHECK(TlclSetEnable());
-  CHECK(TlclSetDeactivated(0));
-  CHECK(TlclGetFlags(&disable, &deactivated, NULL));
+  TPM_CHECK(TlclSetEnable());
+  TPM_CHECK(TlclSetDeactivated(0));
+  TPM_CHECK(TlclGetFlags(&disable, &deactivated, NULL));
  printf("disable is %d, deactivated is %d\n", disable, deactivated);
-
+  if (disable == 1 || deactivated == 1) {
+    error("failed to enable or activate");
+  }
+  printf("TEST SUCCEEDED\n");
  return 0;
 }
--- a/tests/tpm_lite/fastenable.c
+++ b/tests/tpm_lite/fastenable.c
@@ -15,46 +15,32 @@
 #include <stdio.h>

 #include "tlcl.h"
+#include "tlcl_tests.h"
 #include "utility.h"

-#define CHECK(command) do { if ((command) != TPM_SUCCESS) \
-      error(#command "\n"); }                             \
-  while(0)
-
 int main(int argc, char** argv) {
  uint8_t disable, deactivated;
  int i;

  TlclLibInit();
-  CHECK(TlclStartup());
-  CHECK(TlclSelfTestFull());
-
-  CHECK(TlclAssertPhysicalPresence());
-  printf("PP asserted\n");
-
-  CHECK(TlclGetFlags(&disable, &deactivated, NULL));
+  TPM_CHECK(TlclStartupIfNeeded());
+  TPM_CHECK(TlclSelfTestFull());
+  TPM_CHECK(TlclAssertPhysicalPresence());
+  TPM_CHECK(TlclGetFlags(&disable, &deactivated, NULL));
  printf("disable is %d, deactivated is %d\n", disable, deactivated);

  for (i = 0; i < 2; i++) {
-
-    CHECK(TlclForceClear());
-    printf("tpm is cleared\n");
-
-    CHECK(TlclGetFlags(&disable, &deactivated, NULL));
+    TPM_CHECK(TlclForceClear());
+    TPM_CHECK(TlclGetFlags(&disable, &deactivated, NULL));
    printf("disable is %d, deactivated is %d\n", disable, deactivated);
-
-    CHECK(TlclSetEnable());
-    printf("disable flag is cleared\n");
-
-    CHECK(TlclGetFlags(&disable, &deactivated, NULL));
-    printf("disable is %d, deactivated is %d\n", disable, deactivated);
-
-    CHECK(TlclSetDeactivated(0));
-    printf("deactivated flag is cleared\n");
-
-    CHECK(TlclGetFlags(&disable, &deactivated, NULL));
+    assert(disable == 1 && deactivated == 1);
+    TPM_CHECK(TlclSetEnable());
+    TPM_CHECK(TlclSetDeactivated(0));
+    TPM_CHECK(TlclGetFlags(&disable, &deactivated, NULL));
    printf("disable is %d, deactivated is %d\n", disable, deactivated);
+    assert(disable == 0 && deactivated == 0);
  }

+  printf("TEST SUCCEEDED\n");
  return 0;
 }
--- a/tests/tpm_lite/globallock.c
+++ b/tests/tpm_lite/globallock.c
@@ -11,58 +11,36 @@
 #include <stdlib.h>

 #include "tlcl.h"
+#include "tlcl_tests.h"
 #include "utility.h"

-#define INDEX0 0xcafe
-#define INDEX1 0xcaff
-
 int main(int argc, char** argv) {
  uint32_t zero = 0;
-  uint32_t perm;
  uint32_t result;
  uint32_t x;

  TlclLibInit();
-
-  TlclStartup();
-  TlclSelfTestFull();
-
-  TlclAssertPhysicalPresence();
-
-  result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
-  if (result == TPM_E_BADINDEX) {
-    perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
-    TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
-  }
-  result = TlclWrite(INDEX0, (uint8_t*) &zero, sizeof(uint32_t));
-  assert(result == TPM_SUCCESS);
-
-  result = TlclRead(INDEX1, (uint8_t*) &x, sizeof(x));
-  if (result == TPM_E_BADINDEX) {
-    perm = TPM_NV_PER_PPWRITE;
-    TlclDefineSpace(INDEX1, perm, sizeof(uint32_t));
-  }
-  result = TlclWrite(INDEX1, (uint8_t*) &zero, sizeof(uint32_t));
-  assert(result == TPM_SUCCESS);
-
-  // Sets the global lock.
-  TlclSetGlobalLock();
+  TPM_CHECK(TlclStartupIfNeeded());
+  TPM_CHECK(TlclSelfTestFull());
+  TPM_CHECK(TlclAssertPhysicalPresence());
+  TPM_CHECK(TlclRead(INDEX0, (uint8_t*) &x, sizeof(x)));
+  TPM_CHECK(TlclWrite(INDEX0, (uint8_t*) &zero, sizeof(uint32_t)));
+  TPM_CHECK(TlclRead(INDEX1, (uint8_t*) &x, sizeof(x)));
+  TPM_CHECK(TlclWrite(INDEX1, (uint8_t*) &zero, sizeof(uint32_t)));
+  TPM_CHECK(TlclSetGlobalLock());

  // Verifies that write to index0 fails.
  x = 1;
  result = TlclWrite(INDEX0, (uint8_t*) &x, sizeof(x));
-  if (result != TPM_E_AREA_LOCKED) {
-    error("INDEX0 is not locked\n");
-    exit(1);
-  }
+  assert(result == TPM_E_AREA_LOCKED);
+  TPM_CHECK(TlclRead(INDEX0, (uint8_t*) &x, sizeof(x)));
+  assert(x == 0);

  // Verifies that write to index1 is still possible.
  x = 2;
-  result = TlclWrite(INDEX1, (uint8_t*) &x, sizeof(x));
-  if (result != TPM_SUCCESS) {
-    error("failure to write at INDEX1\n");
-    exit(2);
-  }
+  TPM_CHECK(TlclWrite(INDEX1, (uint8_t*) &x, sizeof(x)));
+  TPM_CHECK(TlclRead(INDEX1, (uint8_t*) &x, sizeof(x)));
+  assert(x == 2);

  // Turns off PP.
  TlclLockPhysicalPresence();
@@ -70,11 +48,9 @@ int main(int argc, char** argv) {
  // Verifies that write to index1 fails.
  x = 3;
  result = TlclWrite(INDEX1, (uint8_t*) &x, sizeof(x));
-  if (result != TPM_E_BAD_PRESENCE) {
-    error("INDEX1 is not locked\n");
-    exit(3);
-  }
-
-  printf("Test completed successfully\n");
+  assert(result == TPM_E_BAD_PRESENCE);
+  TPM_CHECK(TlclRead(INDEX1, (uint8_t*) &x, sizeof(x)));
+  assert(x == 2);
+  printf("TEST SUCCEEDED\n");
  exit(0);
 }
--- a/tests/tpm_lite/readonly.c
+++ b/tests/tpm_lite/readonly.c
@@ -104,6 +104,6 @@ int main(int argc, char** argv) {

  /* Done for now.
   */
-  printf("Test completed successfully\n");
+  printf("TEST SUCCEEDED\n");
  exit(0);
 }
--- a/tests/tpm_lite/redefine.c
+++ b/tests/tpm_lite/redefine.c
@@ -1,78 +0,0 @@
-/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/* Test of protection from space redefinition.
- *
- * This test is actually not that interesting because, if I am right, space
- * redefinition is not allowed with PP only.  It requires
- * TPM_TAG_RQU_AUTH1_COMMAND with owner authentication.
- */
-
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include "tlcl.h"
-#include "utility.h"
-
-#define INDEX0 0xcafe
-#define INDEX1 0xcaff
-
-int main(int argc, char** argv) {
-  uint32_t perm;
-  uint32_t result;
-  uint32_t x;
-
-  TlclLibInit();
-  TlclStartup();
-  TlclSelfTestFull();
-  TlclAssertPhysicalPresence();
-
-  result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
-  if (result == TPM_E_BADINDEX) {
-    VBDEBUG(("creating INDEX0\n"));
-  } else {
-    VBDEBUG(("redefining INDEX0\n"));
-  }
-  perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
-  TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
-
-  result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
-  if (result == TPM_E_BADINDEX) {
-    VBDEBUG(("redefining INDEX1\n"));
-  } else {
-    VBDEBUG(("creating INDEX1\n"));
-  }
-  perm = TPM_NV_PER_PPWRITE;
-  TlclDefineSpace(INDEX1, perm, sizeof(uint32_t));
-
-  // Sets the global lock.
-  TlclSetGlobalLock();
-
-  // Verifies that index0 cannot be redefined.
-  result = TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
-  if (result == TPM_SUCCESS) {
-    error("unexpected success redefining INDEX0\n");
-    exit(1);
-  }
-
-  // Turns off PP.
-  TlclLockPhysicalPresence();
-
-  // Verifies that neither index0 nor index1 cannot be redefined.
-  result = TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
-  if (result == TPM_SUCCESS) {
-    error("unexpected success redefining INDEX0\n");
-    exit(1);
-  }
-  result = TlclDefineSpace(INDEX1, perm, sizeof(uint32_t));
-  if (result == TPM_SUCCESS) {
-    error("unexpected success redefining INDEX1\n");
-    exit(1);
-  }
-
-  printf("Test completed successfully\n");
-  exit(0);
-}
--- a/tests/tpm_lite/redefine_unowned.c
+++ b/tests/tpm_lite/redefine_unowned.c
@@ -0,0 +1,64 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of protection from space redefinition when an owner is NOT present.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "tlcl.h"
+#include "tlcl_tests.h"
+#include "utility.h"
+
+int main(int argc, char** argv) {
+  uint32_t perm;
+  uint32_t result;
+  uint32_t x;
+
+  TlclLibInit();
+  TPM_CHECK(TlclStartupIfNeeded());
+  TPM_CHECK(TlclSelfTestFull());
+  TPM_CHECK(TlclAssertPhysicalPresence());
+
+  assert(!TlclIsOwned());
+
+  /* Ensures spaces exist. */
+  TPM_CHECK(TlclRead(INDEX0, (uint8_t*) &x, sizeof(x)));
+  TPM_CHECK(TlclRead(INDEX1, (uint8_t*) &x, sizeof(x)));
+
+  /* Redefines spaces a couple of times. */
+  perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
+  TPM_CHECK(TlclDefineSpace(INDEX0, perm, 2 * sizeof(uint32_t)));
+  TPM_CHECK(TlclDefineSpace(INDEX0, perm, sizeof(uint32_t)));
+
+  perm = TPM_NV_PER_PPWRITE;
+  TPM_CHECK(TlclDefineSpace(INDEX1, perm, 2 * sizeof(uint32_t)));
+  TPM_CHECK(TlclDefineSpace(INDEX1, perm, sizeof(uint32_t)));
+
+  // Sets the global lock.
+  TlclSetGlobalLock();
+
+  // Verifies that index0 cannot be redefined.
+  result = TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
+  assert(result == TPM_E_AREA_LOCKED);
+
+  // Checks that index1 can.
+  TPM_CHECK(TlclDefineSpace(INDEX1, perm, 2 * sizeof(uint32_t)));
+  TPM_CHECK(TlclDefineSpace(INDEX1, perm, sizeof(uint32_t)));
+
+  // Turns off PP.
+  TlclLockPhysicalPresence();
+
+  // Verifies that neither index0 nor index1 can be redefined.
+  result = TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
+  assert(result == TPM_E_BAD_PRESENCE);
+  result = TlclDefineSpace(INDEX1, perm, sizeof(uint32_t));
+  assert(result == TPM_E_BAD_PRESENCE);
+
+  printf("TEST SUCCEEDED\n");
+  exit(0);
+}
--- a/tests/tpm_lite/spaceperm.c
+++ b/tests/tpm_lite/spaceperm.c
@@ -3,8 +3,7 @@
 * found in the LICENSE file.
 */

-/* Test of space permissions retrieval.  The spaces 0xcafe and 0xcaff must have
- * already been defined (by running, for instance, the "redefine" test).
+/* Test of space permissions retrieval.
 */

 #include <stdint.h>
@@ -12,32 +11,25 @@
 #include <stdlib.h>

 #include "tlcl.h"
+#include "tlcl_tests.h"
 #include "utility.h"

-#define INDEX0 0xcafe
-#define INDEX1 0xcaff
-
 int main(int argc, char** argv) {
  uint32_t perm;
  uint32_t perm_pp_gl = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
  uint32_t perm_pp = TPM_NV_PER_PPWRITE;
-  uint32_t result;

  TlclLibInit();
-  TlclStartup();
-  TlclContinueSelfTest();
-  TlclAssertPhysicalPresence();
+  TPM_CHECK(TlclStartupIfNeeded());
+  TPM_CHECK(TlclContinueSelfTest());
+  TPM_CHECK(TlclAssertPhysicalPresence());

-  result = TlclGetPermissions(INDEX0, &perm);
-  assert(result == TPM_SUCCESS);
-  printf("permissions for INDEX0 = 0x%x\n", perm);
+  TPM_CHECK(TlclGetPermissions(INDEX0, &perm));
  assert((perm & perm_pp_gl) == perm_pp_gl);

-  result = TlclGetPermissions(INDEX1, &perm);
-  assert(result == TPM_SUCCESS);
-  printf("permissions for INDEX1 = 0x%x\n", perm);
+  TPM_CHECK(TlclGetPermissions(INDEX1, &perm));
  assert((perm & perm_pp) == perm_pp);

-  printf("Test completed successfully\n");
+  printf("TEST SUCCEEDED\n");
  exit(0);
 }
--- a/tests/tpm_lite/startup.c
+++ b/tests/tpm_lite/startup.c
@@ -27,5 +27,6 @@ int main(int argc, char** argv) {
  if (result != 0) {
    printf("tpm getflags failed with 0x%x\n", result);
  }
+  printf("TEST SUCCEEDED\n");
  return 0;
 }
--- a/tests/tpm_lite/testsetup.c
+++ b/tests/tpm_lite/testsetup.c
@@ -0,0 +1,42 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Create two spaces for uses in tests.  OK if they already exist.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "tlcl.h"
+#include "tlcl_tests.h"
+#include "utility.h"
+
+int main(int argc, char** argv) {
+  uint32_t perm;
+  uint32_t result;
+  uint32_t x;
+
+  TlclLibInit();
+
+  TPM_CHECK(TlclStartupIfNeeded());
+  TPM_CHECK(TlclSelfTestFull());
+  TPM_CHECK(TlclAssertPhysicalPresence());
+
+  result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
+  if (result == TPM_E_BADINDEX) {
+    perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
+    TPM_CHECK(TlclDefineSpace(INDEX0, perm, sizeof(uint32_t)));
+  }
+
+  result = TlclRead(INDEX1, (uint8_t*) &x, sizeof(x));
+  if (result == TPM_E_BADINDEX) {
+    perm = TPM_NV_PER_PPWRITE;
+    TlclDefineSpace(INDEX1, perm, sizeof(uint32_t));
+  }
+
+  printf("TEST SUCCEEDED\n");
+  exit(0);
+}
--- a/tests/tpm_lite/timing.c
+++ b/tests/tpm_lite/timing.c
@@ -0,0 +1,60 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Timing test for various TPM operations.  This is mostly a sanity check to
+ * make sure the part doesn't have ridicolously bad timing on simple
+ * operations.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <time.h>
+
+#include "tlcl.h"
+#include "tlcl_tests.h"
+#include "utility.h"
+
+/* Runs [op] and ensures it returns success and doesn't run longer than
+ * [time_limit] in milliseconds.
+ */
+#define TTPM_CHECK(op, time_limit) do {                                     \
+    struct timeval before, after;                                       \
+    int time;                                                           \
+    uint32_t __result;                                                  \
+    gettimeofday(&before, NULL);                                        \
+    __result = op;                                                      \
+    if (__result != TPM_SUCCESS) {                                      \
+      printf(#op ": error 0x%x\n", __result);                           \
+      exit(1);                                                          \
+    }                                                                   \
+    gettimeofday(&after, NULL);                                         \
+    time = (int) ((after.tv_sec - before.tv_sec) * 1000 +               \
+                  (after.tv_usec - before.tv_usec) / 1000);             \
+    printf(#op ": %d ms\n", time);                                      \
+    if (time > time_limit) {                                            \
+      printf(#op " exceeded " #time_limit " ms\n");                     \
+      exit(1);                                                          \
+    }                                                                   \
+  } while (0)
+
+int main(int argc, char** argv) {
+  uint32_t x;
+  uint8_t in[20], out[20];
+
+  TlclLibInit();
+  TTPM_CHECK(TlclStartupIfNeeded(), 50);
+  TTPM_CHECK(TlclContinueSelfTest(), 100);
+  TTPM_CHECK(TlclSelfTestFull(), 1000);
+  TTPM_CHECK(TlclAssertPhysicalPresence(), 100);
+  TTPM_CHECK(TlclWrite(INDEX0, (uint8_t*) &x, sizeof(x)), 100);
+  TTPM_CHECK(TlclRead(INDEX0, (uint8_t*) &x, sizeof(x)), 100);
+  TTPM_CHECK(TlclExtend(0, in, out), 200);
+  TTPM_CHECK(TlclSetGlobalLock(), 50);
+  TTPM_CHECK(TlclLockPhysicalPresence(), 100);
+  printf("TEST SUCCEEDED\n");
+  return 0;
+}
--- a/tests/tpm_lite/tlcl_tests.c
+++ b/tests/tpm_lite/tlcl_tests.c
@@ -0,0 +1,27 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Shared code for tests.
+ */
+
+#include "tlcl.h"
+#include "tlcl_tests.h"
+
+const char* resilient_startup = NULL;
+
+uint32_t TlclStartupIfNeeded(void) {
+  static char* null_getenv = "some string";   /* just a unique address */
+  uint32_t result = TlclStartup();
+  if (resilient_startup == NULL) {
+    resilient_startup = getenv("TLCL_RESILIENT_STARTUP");
+    if (resilient_startup == NULL) {
+      resilient_startup = null_getenv;
+    }
+  }
+  if (resilient_startup == null_getenv) {
+    return result;
+  }
+  return result == TPM_E_INVALID_POSTINIT ? TPM_SUCCESS : result;
+}
--- a/tests/tpm_lite/writelimit.c
+++ b/tests/tpm_lite/writelimit.c
@@ -11,50 +11,45 @@
 #include <stdlib.h>

 #include "tlcl.h"
+#include "tlcl_tests.h"
 #include "utility.h"

-#define INDEX0 0xda70
 #define TPM_MAX_NV_WRITES_NOOWNER 64

 int main(int argc, char** argv) {
  int i;
+
  uint32_t result;
-  uint8_t disable, deactivated;  /* the TPM specs use these exact names */

  TlclLibInit();

-  TlclStartup();
-  TlclSelfTestFull();
-
-  TlclAssertPhysicalPresence();
-
-  result = TlclGetFlags(&disable, &deactivated, NULL);
-  printf("disable is %d, deactivated is %d\n", disable, deactivated);
-
-  if (disable || deactivated) {
-    TlclSetEnable();
-    (void) TlclSetDeactivated(0);
-    printf("TPM will be active after next reboot\n");
-    exit(0);
-  }
+  TPM_CHECK(TlclStartupIfNeeded());
+  TPM_CHECK(TlclSelfTestFull());
+  TPM_CHECK(TlclAssertPhysicalPresence());
+  TPM_CHECK(TlclForceClear());
+  TPM_CHECK(TlclSetEnable());
+  TPM_CHECK(TlclSetDeactivated(0));

  for (i = 0; i < TPM_MAX_NV_WRITES_NOOWNER + 2; i++) {
    printf("writing %d\n", i);
    if ((result = TlclWrite(INDEX0, (uint8_t*)&i, sizeof(i))) != TPM_SUCCESS) {
      switch (result) {
      case TPM_E_MAXNVWRITES:
-        printf("Max NV writes exceeded - forcing clear\n");
-        TlclForceClear();
-        printf("Please reboot and run this program again\n");
-        exit(0);
+        assert(i >= TPM_MAX_NV_WRITES_NOOWNER);
      default:
-        error("unexpected error code %d (0x%x)\n");
+        error("unexpected error code %d (0x%x)\n", result, result);
      }
    }
  }

-  /* Done for now.
-   */
-  printf("Test completed successfully\n");
+  /* Reset write count */
+  TPM_CHECK(TlclForceClear());
+  TPM_CHECK(TlclSetEnable());
+  TPM_CHECK(TlclSetDeactivated(0));
+
+  /* Try writing again. */
+  TPM_CHECK(TlclWrite(INDEX0, (uint8_t*)&i, sizeof(i)));
+
+  printf("TEST SUCCEEDED\n");
  exit(0);
 }
--- a/utility/Makefile
+++ b/utility/Makefile
@@ -33,7 +33,7 @@ TARGET_NAMES = dumpRSAPublicKey \
 		dev_make_keypair \
 		dev_sign_file \
 		dump_fmap \
-		dev_debug_vboot
+		dev_debug_vboot \

 TARGET_BINS = $(addprefix ${BUILD_ROOT}/,$(TARGET_NAMES))
 ALL_DEPS = $(addsuffix .d,${TARGET_BINS})
@@ -79,6 +79,9 @@ ${BUILD_ROOT}/sign_image: sign_image.c $(LIBS)
 ${BUILD_ROOT}/tpm_init_temp_fix: tpm_init_temp_fix.c $(LIBS)
 	$(CC) $(CFLAGS) $(INCLUDES) $< -o $@ $(LIBS)

+${BUILD_ROOT}/tpm_set_readsrkpub: tpm_set_readsrkpub.c
+	$(CC) $(CFLAGS) $< -o $@ -ltspi
+
 ${BUILD_ROOT}/dev_make_keypair: dev_make_keypair
 	cp -f $< $@
 	chmod +x $@