tpm_verify_ek¶

Verifies the TPM endorsement key.

Description¶

This test (whether it succeeds or fails) always requests a TPM clear on reboot. It works even if run multiple times without rebooting.

If the TPM is somehow owned but no password is available, the test will fail but emit a reasonable error message (and it will pass on the next boot).

This should generally be followed by a reboot step.

Test Procedure¶

This is an automated test without user interaction.

Dependency¶

A workable TPM with endorsement key on it. And hardware security daemons & clients.

Examples¶

Examples of how to use this test:

{
  "label": "TPMVerifyEKGroup",
  "retries": 1,
  "subtests": [
    {
      "pytest_name": "tpm_verify_ek",
      "label": "TPM Verify EK",
      "related_components": [
        "test_tags.TestCategory.SECURE_ELEMENT",
        "test_tags.TestCategory.TPM"
      ]
    },
    {
      "inherit": "ShutdownStep",
      "pytest_name": "shutdown",
      "label": "Reboot",
      "allow_reboot": true,
      "args": {
        "operation": "reboot"
      }
    }
  ]
}

Test Arguments¶

Name	Type	Description
is_cros_core	bool	(optional; default: `False`) Verify with ChromeOS Core endoresement

tpm_verify_ek¶

Description¶

Test Procedure¶

Dependency¶

Examples¶

Test Arguments¶

Table of Contents

Previous topic

Next topic

This Page