Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1878809

Summary: tpm2 test complains about insufficient number of records + unexpected change in record
Product: Red Hat Enterprise Linux 8 Reporter: Jiri Dluhos <jdluhos>
Component: tpm2-toolsAssignee: Jerry Snitselaar <jsnitsel>
Status: CLOSED CURRENTRELEASE QA Contact: Vilém Maršík <vmarsik>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.3CC: bhu, core-kernel-mgr, jsnitsel, rvr, vmarsik
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-27 14:35:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1898189    

Comment 1 Jerry Snitselaar 2020-09-14 16:13:41 UTC 
Vilem. It looks like perhaps the test has trouble with it reporting multiple banks. I will take a look when I get home.
Comment 2 Jerry Snitselaar 2020-09-14 18:08:38 UTC 
Vilem, looking at the test, I see the following issue:

1. There is a problem in the grep regex (possibly a change in the newer version of tpm2_pcrread) that for pcr registers 10+ there is no space between reg# and the ':'. So it could instead be:

   grep '^ \+[0-9]\+ \?: '

   There are 2 banks in this case, to the grep is returning registers 0-9 for each bank resulting in the count of 20. Doing a quick check on my laptop here I see the same thing. With the above change it returns 48, which is correct
   for 2 pcr banks.


I'm also wondering if instead of checking greater or equal to 24, if it should first check that the value is greater than 0, and then check that the value modulo 24 is 0. Or it could possibly get fancy/complicated and parse the output of tpm2_getcap pcrs to see what banks are there and what registers it reports back:

# sudo tpm2_getcap pcrs
selected-pcrs:
  - sha1: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
  - sha256: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
  - sha384: [ ]
Comment 3 Vilém Maršík 2020-09-15 22:25:19 UTC 
Thanks.
Fixed all three regexps, the code is working now.

[root@lenovo-sr650-02 tpm2]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.3 Beta (Ootpa)
[root@lenovo-sr650-02 tpm2]# make run
(...)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   TEST PROTOCOL
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

    Package       : crypto
    beakerlib RPM : beakerlib-1.18-12.el8bkr.noarch
    Test name     : /kernel/crypto/tpm/tpm2
    Test version  : 0.1-4
    Test built    : 2020-08-18 14:09:05 EDT
    Test started  : 2020-09-15 18:23:51 EDT
    Test finished : 2020-09-15 18:23:55 EDT (still running)
    Test duration : 4 seconds
    Distro        : Red Hat Enterprise Linux release 8.3 Beta (Ootpa)
    Hostname      : lenovo-sr650-02.lab.eng.rdu2.redhat.com
    Architecture  : x86_64
    CPUs          : 48 x Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz
    RAM size      : 63751 MB
    HDD size      : 1450.78 GB

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Test description
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Runs different tpm2-tools tests against a TPM2 HW.


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Setup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 18:23:52 ] :: [   PASS   ] :: Command 'udevadm trigger --action=change' (Expected 0, got 0)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 1s
::   Assertions: 1 good, 0 bad
::   RESULT: PASS (Setup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Presence
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 18:23:53 ] :: [   PASS   ] :: Command 'tpm2_pcrread -T tabrmd' (Expected 0, got 0)
:: [ 18:23:53 ] :: [   PASS   ] :: 24 PCRS (Assert: "48" should be >= "24")
:: [ 18:23:53 ] :: [   PASS   ] :: File /dev/tpm0 should exist
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 3 good, 0 bad
::   RESULT: PASS (Presence)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Functionality
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 18:23:54 ] :: [   PASS   ] :: Command 'tpm2_nvreadpublic -T tabrmd' (Expected 0, got 0)
:: [ 18:23:54 ] :: [   PASS   ] :: random number generator (Expected 0, got 0)
:: [ 18:23:54 ] :: [   PASS   ] :: random number count (Assert: '20' should equal '20')
:: [ 18:23:54 ] :: [   PASS   ] :: hashing (Expected 0, got 0)
:: [ 18:23:54 ] :: [   PASS   ] :: extending PCR (Expected 0, got 0)
:: [ 18:23:54 ] :: [   PASS   ] :: PCR value changed (Assert: "  4 : 0x81AD55AB4B086C57CE5115E7C9F7BC94B4B54A04" should not equal "  4 : 0x673FD2E4A702FBA76EF4DA595D07575C40CE97EF")
:: [ 18:23:54 ] :: [   PASS   ] :: tpm2_rc_decode 0x9a2 -> authorization failure (Assert: '1' should equal '1')
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 1s
::   Assertions: 7 good, 0 bad
::   RESULT: PASS (Functionality)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Data RW
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Data RW)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Cleanup
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 0s
::   Assertions: 0 good, 0 bad
::   RESULT: PASS (Cleanup)


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   /kernel/crypto/tpm/tpm2
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 18:23:55 ] :: [   LOG    ] :: JOURNAL XML: /var/tmp/beakerlib-W4HAnRD/journal.xml
:: [ 18:23:55 ] :: [   LOG    ] :: JOURNAL TXT: /var/tmp/beakerlib-W4HAnRD/journal.txt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::   Duration: 4s
::   Phases: 5 good, 0 bad
::   OVERALL RESULT: PASS (/kernel/crypto/tpm/tpm2)
Comment 5 Vilém Maršík 2020-09-15 22:29:34 UTC 
I would say this is now fixed and verified. Jerry, any objections?
Comment 6 Jerry Snitselaar 2020-09-15 23:31:00 UTC 
Seems fine.
Comment 7 Vilém Maršík 2020-09-16 14:53:36 UTC 
Okay, setting to Verified.
Jiri, remember to run the GIT version when retrying, not the RPM, it is not there for the time. Please let me know if this is a problem for you.