TPM2 commands test fails on V560TU

[filipleple]

Component

Dasharo firmware

Device

NovaCustom V54 14th Gen

Dasharo version

v0.9.0-rc2

Dasharo Tools Suite version

No response

Brief summary

Some TPM2 commands test cases fail on V560TU

How reproducible

No response

How to reproduce

Run dasharo-security/tpm2-commands.robot test from the osfv repo

Expected behavior

All cases should pass

Actual behavior

==============================================================================
Tpm2-Commands
==============================================================================

Checking if tpm2-tools is installed...

Package tpm2-tools is installed
TPMCMD001.001 Check if both SHA1 and SHA256 PCRs are enabled (Ubun... | FAIL |
'selected-pcrs:
  - sha1: [ ]
  - sha256: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
  - sha384: [ ]' does not contain 'sha1: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
 18, 19, 20, 21, 22, 23 ]'
------------------------------------------------------------------------------
TPMCMD002.001 PCRREAD Function Verification (Ubuntu 22.04) :: This... | PASS |
------------------------------------------------------------------------------
TPMCMD003.001 PCREXTEND And PCRRESET Functions (Ubuntu 22.04) :: T... | FAIL |
'  sha1:
  sha256:
    0 : 0x558CD8B7C7896EDACBBCC9F105F6F5908C2DF71ADD0D7D3B3A81FC14207092AC
    1 : 0x56A59CD1E218EE7F324CA5E08BA9C5AED108E76003A42027786BD47B0C874C2C
    2 : 0x6A40AC305F9E5592DD290961728DA985F6DF573A80F44CDBE96751FB34D07038
    3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    4 : 0x6DCBB78B214DFDBA6647F1B6F5888C825487B640E2AAAC64ED4440393B0E09EE
    5 : 0xC9FAC5163C5BF7F81C47550BCE1362438C36DBAF9BF5E16576178A0B09403AEC
    6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    7 : 0xF550489E1E344C3BA21B71D4683A2A08DA95E9898B8D651456312460A5B8DC79
    8 : 0xE8E69CCF5D9CCB9A505F4E15D7CC9E5386768DC04F033F79EF8B6617BBA15F0D
    9 : 0x38F62E0C1F336147450F553792D27FAE8CF921837DDFF31D15B31442068810FE
    10: 0x5843D1C4537AECCB460E915B1378BE965823842A47749E940A2E02601CCA1B4D
    11: 0x0000000000000000000000000000000000000000000000000000000000000000
    12: 0x0000000000000000000000000000000000000000000000000000000000000000
    13: 0x0000000000000000000000000000000000000000000000000000000000000000
    14: 0x306F9D8B94F17D93DC6E7CF8F5C79D652EB4C6C4D13DE2DDDC24AF416E13ECAF
    15: 0x0000000000000000000000000000000000000000000000000000000000000000
    16: 0x0000000000000000000000000000000000000000000000000000000000000000
    17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    23: 0x44F12027AB81DFB6E096018F5A9F19645F988D45529CDED3427159DC0032D921
  sha384:' does not contain '23: 0x3D96EFE6E4A9ECB1270DF4D80DEDD5062B831B5A'
------------------------------------------------------------------------------
TPMCMD003.002 PCREXTEND And PCRRESET Functions - locality protecti... | PASS |
------------------------------------------------------------------------------
TPMCMD004.001 PCREVENT Function (Ubuntu 22.04) :: This test aims t... | FAIL |
'  sha1:
  sha256:
    0 : 0x558CD8B7C7896EDACBBCC9F105F6F5908C2DF71ADD0D7D3B3A81FC14207092AC
    1 : 0x56A59CD1E218EE7F324CA5E08BA9C5AED108E76003A42027786BD47B0C874C2C
    2 : 0x6A40AC305F9E5592DD290961728DA985F6DF573A80F44CDBE96751FB34D07038
    3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    4 : 0x6DCBB78B214DFDBA6647F1B6F5888C825487B640E2AAAC64ED4440393B0E09EE
    5 : 0xC9FAC5163C5BF7F81C47550BCE1362438C36DBAF9BF5E16576178A0B09403AEC
    6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    7 : 0xF550489E1E344C3BA21B71D4683A2A08DA95E9898B8D651456312460A5B8DC79
    8 : 0xE8E69CCF5D9CCB9A505F4E15D7CC9E5386768DC04F033F79EF8B6617BBA15F0D
    9 : 0x38F62E0C1F336147450F553792D27FAE8CF921837DDFF31D15B31442068810FE
    10: 0x5843D1C4537AECCB460E915B1378BE965823842A47749E940A2E02601CCA1B4D
    11: 0x0000000000000000000000000000000000000000000000000000000000000000
    12: 0x0000000000000000000000000000000000000000000000000000000000000000
    13: 0x0000000000000000000000000000000000000000000000000000000000000000
    14: 0x306F9D8B94F17D93DC6E7CF8F5C79D652EB4C6C4D13DE2DDDC24AF416E13ECAF
    15: 0x0000000000000000000000000000000000000000000000000000000000000000
    16: 0x0000000000000000000000000000000000000000000000000000000000000000
    17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    23: 0x44F12027AB81DFB6E096018F5A9F19645F988D45529CDED3427159DC0032D921
  sha384:' does not contain '23: 0x3D96EFE6E4A9ECB1270DF4D80DEDD5062B831B5A'
------------------------------------------------------------------------------
TPMCMD005.001 CREATEPRIMARY Function Verification (Ubuntu 22.04) :... | PASS |
------------------------------------------------------------------------------
TPMCMD006.001 NVDEFINE and NVUNDEFINE Functions Verification (Ubun... | PASS |
------------------------------------------------------------------------------
TPMCMD007.001 CREATE Function (Ubuntu 22.04) :: This test aims to ... | PASS |
------------------------------------------------------------------------------
TPMCMD007.002 CREATELOADED Function (Ubuntu 22.04) :: This test ai... | PASS |
------------------------------------------------------------------------------
TPMCMD008.001 Signing the file (Ubuntu 22.04) :: Check whether the... | PASS |
------------------------------------------------------------------------------
TPMCMD009.001 Encryption and Decryption of the file (Ubuntu 22.04)... | SKIP |
TPM doesn't supports TPM2_EncryptDecrypt nor TPM2_EncryptDecrypt2
------------------------------------------------------------------------------
TPMCMD010.001 Hashing the file (Ubuntu 22.04) :: Check whether the... | PASS |
------------------------------------------------------------------------------
TPMCMD011.001 Performing HMAC operation on the file (Ubuntu 22.04)... | PASS |
------------------------------------------------------------------------------
Tpm2-Commands                                                         | FAIL |
13 tests, 9 passed, 3 failed, 1 skipped
==============================================================================

Screenshots

Full log available here

Additional context

No response

Solutions you've tried

No response

[macpijan]

sha1: [ ]

It's been discussed elsewhere, that we should not expect the sha1 to be available at all times. So this one can be changed in tests.

The others may need a closer look.

[mkopec]

The other fails also look like they're caused by missing SHA1 bank, judging by the shorter hash in:

does not contain '23: 0x3D96EFE6E4A9ECB1270DF4D80DEDD5062B831B5A'

[mkopec]

yeah, same exact failures in https://github.com/Dasharo/open-source-firmware-validation/issues/156

[m-iwanicki]

@filipleple Should be fixed by https://github.com/Dasharo/open-source-firmware-validation/pull/322, tested on V1210

[macpijan]

@mkopec @BeataZdunczyk Let's remove the needs review label as soon as we analyze and classify the problem (perhaps by adding some new labels as well).