[PATCH v3 0/4] tpm: Start to tidy up TPM tests

[PATCH v3 0/4] tpm: Start to tidy up TPM tests

[Simon Glass]

This series is a starting point only. It tries to provide some direction
for how the TPM tests should be run on real hardware and on sandbox.

For sandbox, things are relatively easy since the TPM is reset before
each test. Tests should start up the TPM before doing anything. Tests
can be run in parallel, which is fine because tests are independent.

For real hardware, tests cannot be made independent, other than by
resetting the board, which if the hardware is correct, resets the TPM.
So there may be more work to do to figure that out. The approach taken
in this series for real hardware is to have a few tests which do init,
then have the rest of the tests assume that the init is done. Tests
that depend on the TPM already being inited can use 'tpm autostart'
which works OK on sandbox and real hardware.

Changes in v3:
- Use 'check' instead of 'test' when naming test helpers
- Add missing tpm_self_test_full() call
- Add new patch to skip failing tests on coral

Changes in v2:
- Keep test_tpm2_continue_self_test()

Simon Glass (4):
  tpm: sandbox: Support self-test continue in emulator
  tpm: Convert sandbox-focussed tests to C
  tpm: Drop unwanted special cases for sandbox
  test: tpm: Skip failing tests on coral

 drivers/tpm/tpm_tis_sandbox.c |  1 +
 test/dm/tpm.c                 | 77 ++++++++++++++++++++++++++++++-
 test/py/tests/test_tpm2.py    | 86 ++++++-----------------------------
 3 files changed, 89 insertions(+), 75 deletions(-)

-- 
2.43.0

base-commit: e3ced530e543c9f24cbc66430abc6109ce8df015
branch: tpm3

[PATCH v3 1/4] tpm: sandbox: Support self-test continue in emulator

[Simon Glass]

Add support for the self-test continue command in the TPM v1.2 emulator,
to match the functionality in the TPM v2 emulator.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---

(no changes since v1)

 drivers/tpm/tpm_tis_sandbox.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm_tis_sandbox.c
index 2bc7dc87ed3..d7341062b31 100644
--- a/drivers/tpm/tpm_tis_sandbox.c
+++ b/drivers/tpm/tpm_tis_sandbox.c
@@ -221,6 +221,7 @@ static int sandbox_tpm_xfer(struct udevice *dev, const uint8_t *sendbuf,
 	case 0x72: /* physical set deactivated */
 	case 0x99: /* startup */
 	case 0x50: /* self test full */
+	case 0x53: /* self test continue */
 	case 0x4000000a:  /* assert physical presence */
 		*recv_len = 12;
 		memset(recvbuf, '\0', *recv_len);
-- 
2.43.0

[PATCH v3 2/4] tpm: Convert sandbox-focussed tests to C

[Simon Glass]

Some of the Python tests are a pain because they don't reset the TPM
state before each test. Driver model tests do this, so convert the
tests to C.

This means that these tests won't run on real hardware, but we have
tests which do TPM init, so there is still enough coverage.

Rename and update the Python tpm_init test to use 'tpm autostart',
since this deals with starting up ready for the tests below.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v3:
- Use 'check' instead of 'test' when naming test helpers
- Add missing tpm_self_test_full() call

Changes in v2:
- Keep test_tpm2_continue_self_test()

 test/dm/tpm.c              | 77 +++++++++++++++++++++++++++++++++++++-
 test/py/tests/test_tpm2.py | 38 +------------------
 2 files changed, 76 insertions(+), 39 deletions(-)

diff --git a/test/dm/tpm.c b/test/dm/tpm.c
index 962a3fd1943..87c5c416daa 100644
--- a/test/dm/tpm.c
+++ b/test/dm/tpm.c
@@ -49,14 +49,87 @@ static int test_tpm_init(struct unit_test_state *uts, enum tpm_version version)
 	return 0;
 }
 
-static int dm_test_tpm(struct unit_test_state *uts)
+static int dm_test_tpm_init(struct unit_test_state *uts)
 {
 	ut_assertok(test_tpm_init(uts, TPM_V1));
 	ut_assertok(test_tpm_init(uts, TPM_V2));
 
 	return 0;
 }
-DM_TEST(dm_test_tpm, UTF_SCAN_FDT);
+DM_TEST(dm_test_tpm_init, UTF_SCAN_FDT);
+
+/* check TPM startup */
+static int check_tpm_startup(struct unit_test_state *uts,
+			     enum tpm_version version)
+{
+	struct udevice *dev;
+
+	/* check probe success */
+	ut_assertok(get_tpm_version(version, &dev));
+
+	ut_assertok(tpm_init(dev));
+	ut_assertok(tpm_startup(dev, TPM_ST_CLEAR));
+
+	return 0;
+}
+
+/* test TPM startup */
+static int dm_test_tpm_startup(struct unit_test_state *uts)
+{
+	ut_assertok(check_tpm_startup(uts, TPM_V1));
+	ut_assertok(check_tpm_startup(uts, TPM_V2));
+
+	return 0;
+}
+DM_TEST(dm_test_tpm_startup, UTF_SCAN_FDT);
+
+static int check_tpm_self_test_full(struct unit_test_state *uts,
+				    enum tpm_version version)
+{
+	struct udevice *dev;
+
+	ut_assertok(check_tpm_startup(uts, version));
+
+	ut_assertok(get_tpm_version(version, &dev));
+	ut_assertok(tpm_self_test_full(dev));
+
+	return 0;
+}
+
+/* Test TPM self-test full */
+static int dm_test_tpm_self_test_full(struct unit_test_state *uts)
+{
+	ut_assertok(check_tpm_self_test_full(uts, TPM_V1));
+	ut_assertok(check_tpm_self_test_full(uts, TPM_V2));
+
+	return 0;
+}
+DM_TEST(dm_test_tpm_self_test_full, UTF_SCAN_FDT);
+
+/* Test TPM self-test continue */
+static int test_tpm_self_test_cont(struct unit_test_state *uts,
+				   enum tpm_version version)
+{
+	struct udevice *dev;
+
+	/* check probe success */
+	ut_assertok(get_tpm_version(version, &dev));
+
+	ut_assertok(tpm_init(dev));
+	ut_assertok(tpm_startup(dev, TPM_ST_CLEAR));
+	ut_assertok(tpm_continue_self_test(dev));
+
+	return 0;
+}
+
+static int dm_test_tpm_self_test_cont(struct unit_test_state *uts)
+{
+	ut_assertok(test_tpm_self_test_cont(uts, TPM_V1));
+	ut_assertok(test_tpm_self_test_cont(uts, TPM_V2));
+
+	return 0;
+}
+DM_TEST(dm_test_tpm_self_test_cont, UTF_SCAN_FDT);
 
 /* Test report_state */
 static int dm_test_tpm_report_state(struct unit_test_state *uts)
diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
index 064651c3e23..e55adfe784c 100644
--- a/test/py/tests/test_tpm2.py
+++ b/test/py/tests/test_tpm2.py
@@ -56,7 +56,7 @@ def is_sandbox(ubman):
     return sys_arch == 'sandbox'
 
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
-def test_tpm2_init(ubman):
+def test_tpm2_autostart(ubman):
     """Init the software stack to use TPMv2 commands."""
     skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
     if skip_test:
@@ -65,19 +65,6 @@ def test_tpm2_init(ubman):
     output = ubman.run_command('echo $?')
     assert output.endswith('0')
 
-@pytest.mark.buildconfigspec('cmd_tpm_v2')
-def test_tpm2_startup(ubman):
-    """Execute a TPM2_Startup command.
-
-    Initiate the TPM internal state machine.
-    """
-    skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
-    if skip_test:
-        pytest.skip('skip TPM device test')
-    ubman.run_command('tpm2 startup TPM2_SU_CLEAR')
-    output = ubman.run_command('echo $?')
-    assert output.endswith('0')
-
 def tpm2_sandbox_init(ubman):
     """Put sandbox back into a known state so we can run a test
 
@@ -92,29 +79,6 @@ def tpm2_sandbox_init(ubman):
     if skip_test:
         pytest.skip('skip TPM device test')
 
-@pytest.mark.buildconfigspec('cmd_tpm_v2')
-def test_tpm2_sandbox_self_test_full(ubman):
-    """Execute a TPM2_SelfTest (full) command.
-
-    Ask the TPM to perform all self tests to also enable full capabilities.
-    """
-    if is_sandbox(ubman):
-        ubman.restart_uboot()
-        ubman.run_command('tpm2 autostart')
-        output = ubman.run_command('echo $?')
-        assert output.endswith('0')
-
-        ubman.run_command('tpm2 startup TPM2_SU_CLEAR')
-        output = ubman.run_command('echo $?')
-        assert output.endswith('0')
-
-    skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
-    if skip_test:
-        pytest.skip('skip TPM device test')
-    ubman.run_command('tpm2 self_test full')
-    output = ubman.run_command('echo $?')
-    assert output.endswith('0')
-
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
 def test_tpm2_continue_self_test(ubman):
     """Execute a TPM2_SelfTest (continued) command.
-- 
2.43.0

[PATCH v3 3/4] tpm: Drop unwanted special cases for sandbox

[Simon Glass]

These don't seem to be needed.

Add a few notes about what to do next. Also mention parallel tests in
at the top of thefile.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---

(no changes since v1)

 test/py/tests/test_tpm2.py | 46 +++++++++-----------------------------
 1 file changed, 10 insertions(+), 36 deletions(-)

diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
index e55adfe784c..fecce248fbd 100644
--- a/test/py/tests/test_tpm2.py
+++ b/test/py/tests/test_tpm2.py
@@ -27,6 +27,16 @@ behavior.
 * Setup env__tpm_device_test_skip to True if tests with TPM devices should be
 skipped.
 
+Parallel tests
+--------------
+
+These tests can be run in parallel on sandbox. In that case any action taken
+by one test may be independent of another. For sandbox, care should be taken to
+ensure that tests are independent.
+
+Unfortunately, tests cannot be made independent on real hardware, since there is
+no way to reset the TPM other than restarting the board. Perhaps that would be
+the best approach?
 """
 
 updates = 0
@@ -50,11 +60,6 @@ def force_init(ubman, force=False):
             ubman.run_command('tpm2 clear TPM2_RH_PLATFORM')
         ubman.run_command('echo --- end of init ---')
 
-def is_sandbox(ubman):
-    # Array slice removes leading/trailing quotes.
-    sys_arch = ubman.config.buildconfig.get('config_sys_arch', '"sandbox"')[1:-1]
-    return sys_arch == 'sandbox'
-
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
 def test_tpm2_autostart(ubman):
     """Init the software stack to use TPMv2 commands."""
@@ -65,20 +70,6 @@ def test_tpm2_autostart(ubman):
     output = ubman.run_command('echo $?')
     assert output.endswith('0')
 
-def tpm2_sandbox_init(ubman):
-    """Put sandbox back into a known state so we can run a test
-
-    This allows all tests to run in parallel, since no test depends on another.
-    """
-    ubman.restart_uboot()
-    ubman.run_command('tpm2 autostart')
-    output = ubman.run_command('echo $?')
-    assert output.endswith('0')
-
-    skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
-    if skip_test:
-        pytest.skip('skip TPM device test')
-
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
 def test_tpm2_continue_self_test(ubman):
     """Execute a TPM2_SelfTest (continued) command.
@@ -90,8 +81,6 @@ def test_tpm2_continue_self_test(ubman):
     skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
     if skip_test:
         pytest.skip('skip TPM device test')
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
     ubman.run_command('tpm2 self_test continue')
     output = ubman.run_command('echo $?')
     assert output.endswith('0')
@@ -108,9 +97,6 @@ def test_tpm2_clear(ubman):
     not have a password set, otherwise this test will fail. ENDORSEMENT and
     PLATFORM hierarchies are also available.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
-
     skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
     if skip_test:
         pytest.skip('skip TPM device test')
@@ -131,8 +117,6 @@ def test_tpm2_change_auth(ubman):
     Use the LOCKOUT hierarchy for this. ENDORSEMENT and PLATFORM hierarchies are
     also available.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
     force_init(ubman)
 
     ubman.run_command('tpm2 change_auth TPM2_RH_LOCKOUT unicorn')
@@ -157,9 +141,6 @@ def test_tpm2_get_capability(ubman):
     There is no expected default values because it would depend on the chip
     used. We can still save them in order to check they have changed later.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
-
     force_init(ubman)
     ram = utils.find_ram_base(ubman)
 
@@ -181,8 +162,6 @@ def test_tpm2_dam_parameters(ubman):
     the authentication, otherwise the lockout will be engaged after the first
     failed authentication attempt.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
     force_init(ubman)
     ram = utils.find_ram_base(ubman)
 
@@ -205,9 +184,6 @@ def test_tpm2_pcr_read(ubman):
 
     Perform a PCR read of the 10th PCR. Must be zero.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
-
     force_init(ubman)
     ram = utils.find_ram_base(ubman)
 
@@ -234,8 +210,6 @@ def test_tpm2_pcr_extend(ubman):
     No authentication mechanism is used here, not protecting against packet
     replay, yet.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
     force_init(ubman)
     ram = utils.find_ram_base(ubman)
 
-- 
2.43.0

[PATCH v3 4/4] test: tpm: Skip failing tests on coral

[Simon Glass]

These tests have been failing for some months. Disable them so that a CI
run can pass on coral. Further work will be needed to see how to make
them pass.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v3:
- Add new patch to skip failing tests on coral

 test/py/tests/test_tpm2.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
index fecce248fbd..9be85999d46 100644
--- a/test/py/tests/test_tpm2.py
+++ b/test/py/tests/test_tpm2.py
@@ -179,6 +179,7 @@ def test_tpm2_dam_parameters(ubman):
     assert 'Property 0x00000211: 0x00000000' in read_cap
 
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
+@pytest.mark.notbuildconfigspec('target_chromebook_coral')
 def test_tpm2_pcr_read(ubman):
     """Execute a TPM2_PCR_Read command.
 
@@ -201,6 +202,7 @@ def test_tpm2_pcr_read(ubman):
     assert '00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00' in read_pcr
 
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
+@pytest.mark.notbuildconfigspec('target_chromebook_coral')
 def test_tpm2_pcr_extend(ubman):
     """Execute a TPM2_PCR_Extend command.
 
-- 
2.43.0

Re: [PATCH v3 0/4] tpm: Start to tidy up TPM tests

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 1808 bytes --]

On Sat, May 24, 2025 at 07:06:33AM -0600, Simon Glass wrote:

> This series is a starting point only. It tries to provide some direction
> for how the TPM tests should be run on real hardware and on sandbox.
> 
> For sandbox, things are relatively easy since the TPM is reset before
> each test. Tests should start up the TPM before doing anything. Tests
> can be run in parallel, which is fine because tests are independent.
> 
> For real hardware, tests cannot be made independent, other than by
> resetting the board, which if the hardware is correct, resets the TPM.
> So there may be more work to do to figure that out. The approach taken
> in this series for real hardware is to have a few tests which do init,
> then have the rest of the tests assume that the init is done. Tests
> that depend on the TPM already being inited can use 'tpm autostart'
> which works OK on sandbox and real hardware.
> 
> Changes in v3:
> - Use 'check' instead of 'test' when naming test helpers
> - Add missing tpm_self_test_full() call
> - Add new patch to skip failing tests on coral
> 
> Changes in v2:
> - Keep test_tpm2_continue_self_test()
> 
> Simon Glass (4):
>   tpm: sandbox: Support self-test continue in emulator
>   tpm: Convert sandbox-focussed tests to C
>   tpm: Drop unwanted special cases for sandbox
>   test: tpm: Skip failing tests on coral
> 
>  drivers/tpm/tpm_tis_sandbox.c |  1 +
>  test/dm/tpm.c                 | 77 ++++++++++++++++++++++++++++++-
>  test/py/tests/test_tpm2.py    | 86 ++++++-----------------------------
>  3 files changed, 89 insertions(+), 75 deletions(-)
> 
> -- 
> 2.43.0
> 
> base-commit: e3ced530e543c9f24cbc66430abc6109ce8df015
> branch: tpm3

This is not based on mainline, please stop posting things like this.

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH v3 0/4] tpm: Start to tidy up TPM tests

[Simon Glass]

Hi Ilias,

On Sat, 24 May 2025 at 15:23, Tom Rini <trini@konsulko.com> wrote:
>
> On Sat, May 24, 2025 at 07:06:33AM -0600, Simon Glass wrote:
>
> > This series is a starting point only. It tries to provide some direction
> > for how the TPM tests should be run on real hardware and on sandbox.
> >
> > For sandbox, things are relatively easy since the TPM is reset before
> > each test. Tests should start up the TPM before doing anything. Tests
> > can be run in parallel, which is fine because tests are independent.
> >
> > For real hardware, tests cannot be made independent, other than by
> > resetting the board, which if the hardware is correct, resets the TPM.
> > So there may be more work to do to figure that out. The approach taken
> > in this series for real hardware is to have a few tests which do init,
> > then have the rest of the tests assume that the init is done. Tests
> > that depend on the TPM already being inited can use 'tpm autostart'
> > which works OK on sandbox and real hardware.
> >
> > Changes in v3:
> > - Use 'check' instead of 'test' when naming test helpers
> > - Add missing tpm_self_test_full() call
> > - Add new patch to skip failing tests on coral
> >
> > Changes in v2:
> > - Keep test_tpm2_continue_self_test()
> >
> > Simon Glass (4):
> >   tpm: sandbox: Support self-test continue in emulator
> >   tpm: Convert sandbox-focussed tests to C
> >   tpm: Drop unwanted special cases for sandbox
> >   test: tpm: Skip failing tests on coral
> >
> >  drivers/tpm/tpm_tis_sandbox.c |  1 +
> >  test/dm/tpm.c                 | 77 ++++++++++++++++++++++++++++++-
> >  test/py/tests/test_tpm2.py    | 86 ++++++-----------------------------
> >  3 files changed, 89 insertions(+), 75 deletions(-)
> >
> > --
> > 2.43.0
> >
> > base-commit: e3ced530e543c9f24cbc66430abc6109ce8df015
> > branch: tpm3
>
> This is not based on mainline, please stop posting things like this.

This applies cleanly to Tom's tree.

You've reviewed patches 1 and 3. I updated patch 2 based on your
comments, so let me know if you have any further thoughts.

I'd plan to apply this (or a later version) to my tree as well so that
coral TPM tests pass.

BTW I got the LetsTrust TPM so should be able to add this to my lab in
the next few weeks.

Regards,
Simon

Re: [PATCH v3 4/4] test: tpm: Skip failing tests on coral

[Ilias Apalodimas]

On Sat May 24, 2025 at 4:06 PM EEST, Simon Glass wrote:
> These tests have been failing for some months. Disable them so that a CI
> run can pass on coral. Further work will be needed to see how to make
> them pass.
>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
>
> Changes in v3:
> - Add new patch to skip failing tests on coral
>
>  test/py/tests/test_tpm2.py | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
> index fecce248fbd..9be85999d46 100644
> --- a/test/py/tests/test_tpm2.py
> +++ b/test/py/tests/test_tpm2.py
> @@ -179,6 +179,7 @@ def test_tpm2_dam_parameters(ubman):
>      assert 'Property 0x00000211: 0x00000000' in read_cap
>
>  @pytest.mark.buildconfigspec('cmd_tpm_v2')
> +@pytest.mark.notbuildconfigspec('target_chromebook_coral')
>  def test_tpm2_pcr_read(ubman):
>      """Execute a TPM2_PCR_Read command.
>
> @@ -201,6 +202,7 @@ def test_tpm2_pcr_read(ubman):
>      assert '00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00' in read_pcr
>
>  @pytest.mark.buildconfigspec('cmd_tpm_v2')
> +@pytest.mark.notbuildconfigspec('target_chromebook_coral')
>  def test_tpm2_pcr_extend(ubman):
>      """Execute a TPM2_PCR_Extend command.
>

Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Re: [PATCH v3 2/4] tpm: Convert sandbox-focussed tests to C

[Ilias Apalodimas]

Hi Simon,

On Sat May 24, 2025 at 4:06 PM EEST, Simon Glass wrote:
> Some of the Python tests are a pain because they don't reset the TPM
> state before each test. Driver model tests do this, so convert the
> tests to C.
>
> This means that these tests won't run on real hardware, but we have
> tests which do TPM init, so there is still enough coverage.
>

What's needed to run DM tests on real hardware?

We have full coverage. The auto start command, which is not removed from the
python tests, will run the selftest command so I think overall this is ok.

> Rename and update the Python tpm_init test to use 'tpm autostart',
> since this deals with starting up ready for the tests below.

may 'since this fully initializes the TPM and performs the self tests'?

Other than that it looks good to me.
I can rewrite the commit message on my PR to Tom if you don't want to send a v4.

With the changes above
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Thanks
/Ilias
>
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
>
> Changes in v3:
> - Use 'check' instead of 'test' when naming test helpers
> - Add missing tpm_self_test_full() call
>
> Changes in v2:
> - Keep test_tpm2_continue_self_test()
>
>  test/dm/tpm.c              | 77 +++++++++++++++++++++++++++++++++++++-
>  test/py/tests/test_tpm2.py | 38 +------------------
>  2 files changed, 76 insertions(+), 39 deletions(-)
>
> diff --git a/test/dm/tpm.c b/test/dm/tpm.c
> index 962a3fd1943..87c5c416daa 100644
> --- a/test/dm/tpm.c
> +++ b/test/dm/tpm.c
> @@ -49,14 +49,87 @@ static int test_tpm_init(struct unit_test_state *uts, enum tpm_version version)
>  	return 0;
>  }
>
> -static int dm_test_tpm(struct unit_test_state *uts)
> +static int dm_test_tpm_init(struct unit_test_state *uts)
>  {
>  	ut_assertok(test_tpm_init(uts, TPM_V1));
>  	ut_assertok(test_tpm_init(uts, TPM_V2));
>
>  	return 0;
>  }
> -DM_TEST(dm_test_tpm, UTF_SCAN_FDT);
> +DM_TEST(dm_test_tpm_init, UTF_SCAN_FDT);
> +
> +/* check TPM startup */
> +static int check_tpm_startup(struct unit_test_state *uts,
> +			     enum tpm_version version)
> +{
> +	struct udevice *dev;
> +
> +	/* check probe success */
> +	ut_assertok(get_tpm_version(version, &dev));
> +
> +	ut_assertok(tpm_init(dev));
> +	ut_assertok(tpm_startup(dev, TPM_ST_CLEAR));
> +
> +	return 0;
> +}
> +
> +/* test TPM startup */
> +static int dm_test_tpm_startup(struct unit_test_state *uts)
> +{
> +	ut_assertok(check_tpm_startup(uts, TPM_V1));
> +	ut_assertok(check_tpm_startup(uts, TPM_V2));
> +
> +	return 0;
> +}
> +DM_TEST(dm_test_tpm_startup, UTF_SCAN_FDT);
> +
> +static int check_tpm_self_test_full(struct unit_test_state *uts,
> +				    enum tpm_version version)
> +{
> +	struct udevice *dev;
> +
> +	ut_assertok(check_tpm_startup(uts, version));
> +
> +	ut_assertok(get_tpm_version(version, &dev));
> +	ut_assertok(tpm_self_test_full(dev));
> +
> +	return 0;
> +}
> +
> +/* Test TPM self-test full */
> +static int dm_test_tpm_self_test_full(struct unit_test_state *uts)
> +{
> +	ut_assertok(check_tpm_self_test_full(uts, TPM_V1));
> +	ut_assertok(check_tpm_self_test_full(uts, TPM_V2));
> +
> +	return 0;
> +}
> +DM_TEST(dm_test_tpm_self_test_full, UTF_SCAN_FDT);
> +
> +/* Test TPM self-test continue */
> +static int test_tpm_self_test_cont(struct unit_test_state *uts,
> +				   enum tpm_version version)
> +{
> +	struct udevice *dev;
> +
> +	/* check probe success */
> +	ut_assertok(get_tpm_version(version, &dev));
> +
> +	ut_assertok(tpm_init(dev));
> +	ut_assertok(tpm_startup(dev, TPM_ST_CLEAR));
> +	ut_assertok(tpm_continue_self_test(dev));
> +
> +	return 0;
> +}
> +
> +static int dm_test_tpm_self_test_cont(struct unit_test_state *uts)
> +{
> +	ut_assertok(test_tpm_self_test_cont(uts, TPM_V1));
> +	ut_assertok(test_tpm_self_test_cont(uts, TPM_V2));
> +
> +	return 0;
> +}
> +DM_TEST(dm_test_tpm_self_test_cont, UTF_SCAN_FDT);
>
>  /* Test report_state */
>  static int dm_test_tpm_report_state(struct unit_test_state *uts)
> diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
> index 064651c3e23..e55adfe784c 100644
> --- a/test/py/tests/test_tpm2.py
> +++ b/test/py/tests/test_tpm2.py
> @@ -56,7 +56,7 @@ def is_sandbox(ubman):
>      return sys_arch == 'sandbox'
>
>  @pytest.mark.buildconfigspec('cmd_tpm_v2')
> -def test_tpm2_init(ubman):
> +def test_tpm2_autostart(ubman):
>      """Init the software stack to use TPMv2 commands."""
>      skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
>      if skip_test:
> @@ -65,19 +65,6 @@ def test_tpm2_init(ubman):
>      output = ubman.run_command('echo $?')
>      assert output.endswith('0')
>
> -@pytest.mark.buildconfigspec('cmd_tpm_v2')
> -def test_tpm2_startup(ubman):
> -    """Execute a TPM2_Startup command.
> -
> -    Initiate the TPM internal state machine.
> -    """
> -    skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
> -    if skip_test:
> -        pytest.skip('skip TPM device test')
> -    ubman.run_command('tpm2 startup TPM2_SU_CLEAR')
> -    output = ubman.run_command('echo $?')
> -    assert output.endswith('0')
> -
>  def tpm2_sandbox_init(ubman):
>      """Put sandbox back into a known state so we can run a test
>
> @@ -92,29 +79,6 @@ def tpm2_sandbox_init(ubman):
>      if skip_test:
>          pytest.skip('skip TPM device test')
>
> -@pytest.mark.buildconfigspec('cmd_tpm_v2')
> -def test_tpm2_sandbox_self_test_full(ubman):
> -    """Execute a TPM2_SelfTest (full) command.
> -
> -    Ask the TPM to perform all self tests to also enable full capabilities.
> -    """
> -    if is_sandbox(ubman):
> -        ubman.restart_uboot()
> -        ubman.run_command('tpm2 autostart')
> -        output = ubman.run_command('echo $?')
> -        assert output.endswith('0')
> -
> -        ubman.run_command('tpm2 startup TPM2_SU_CLEAR')
> -        output = ubman.run_command('echo $?')
> -        assert output.endswith('0')
> -
> -    skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
> -    if skip_test:
> -        pytest.skip('skip TPM device test')
> -    ubman.run_command('tpm2 self_test full')
> -    output = ubman.run_command('echo $?')
> -    assert output.endswith('0')
> -
>  @pytest.mark.buildconfigspec('cmd_tpm_v2')
>  def test_tpm2_continue_self_test(ubman):
>      """Execute a TPM2_SelfTest (continued) command.

Re: [PATCH v3 2/4] tpm: Convert sandbox-focussed tests to C

[Simon Glass]

Hi Ilias,

On Mon, 26 May 2025 at 10:40, Ilias Apalodimas
<ilias.apalodimas@linaro.org> wrote:
>
> Hi Simon,
>
> On Sat May 24, 2025 at 4:06 PM EEST, Simon Glass wrote:
> > Some of the Python tests are a pain because they don't reset the TPM
> > state before each test. Driver model tests do this, so convert the
> > tests to C.
> >
> > This means that these tests won't run on real hardware, but we have
> > tests which do TPM init, so there is still enough coverage.
> >
>
> What's needed to run DM tests on real hardware?
>
> We have full coverage. The auto start command, which is not removed from the
> python tests, will run the selftest command so I think overall this is ok.

Yes, auto-start is good enough for most cases, so long as we are not
testing 'tpm init' or requiring a clean tpm state.  The
test_tpm2_pcr_read() test expects that the TPM has been reset. We
handle this at present by resetting the board after (before?) the
tests run.

For sandbox, I would like (with future work) the test system to do
that reset, in state_reset_for_test() so that we don't need to reset
U-Boot. That is how other sandbox tests work.

Of course, there are various things that are not reset in that
function, nor in test_pre/post_run(). But that's the direction I'd
like to head.

>
> > Rename and update the Python tpm_init test to use 'tpm autostart',
> > since this deals with starting up ready for the tests below.
>
> may 'since this fully initializes the TPM and performs the self tests'?
>
> Other than that it looks good to me.
> I can rewrite the commit message on my PR to Tom if you don't want to send a v4.

Yes please.

>
> With the changes above
> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
>
> Thanks
> /Ilias
> >
> > Signed-off-by: Simon Glass <sjg@chromium.org>
> > ---
> >
> > Changes in v3:
> > - Use 'check' instead of 'test' when naming test helpers
> > - Add missing tpm_self_test_full() call
> >
> > Changes in v2:
> > - Keep test_tpm2_continue_self_test()
> >
> >  test/dm/tpm.c              | 77 +++++++++++++++++++++++++++++++++++++-
> >  test/py/tests/test_tpm2.py | 38 +------------------
> >  2 files changed, 76 insertions(+), 39 deletions(-)
> >

Regards,
Simon