Add tpm lite to vboot reference

Review URL: http://codereview.chromium.org/2919010

13 files changed, 700 insertions, 0 deletions

diff --git a/tests/tpm_lite/Makefile b/tests/tpm_lite/Makefile
new file mode 100644
index 00000000..922ce5eb
--- /dev/null
+++ b/tests/tpm_lite/Makefile
@@ -0,0 +1,41 @@
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+INCLUDES += -I./include \
+	-I$(FWDIR)/lib/include \
+	-I$(FWDIR)/lib/cgptlib/include \
+	-I$(FWDIR)/lib/cryptolib/include \
+	-I$(FWDIR)/lib/tpm_lite/include \
+	-I$(HOSTDIR)/include
+BUILD_ROOT = ${BUILD}/tests/tpm_lite
+
+TEST_NAMES = tpmtest_clear \
+             tpmtest_earlyextend \
+             tpmtest_earlynvram \
+             tpmtest_earlynvram2 \
+	     tpmtest_enable \
+	     tpmtest_fastenable \
+	     tpmtest_globallock \
+             tpmtest_lock \
+             tpmtest_readonly \
+             tpmtest_redefine \
+             tpmtest_spaceperm \
+             tpmtest_writelimit \
+
+TEST_BINS = $(addprefix ${BUILD_ROOT}/,$(TEST_NAMES))
+
+ALL_DEPS = $(addsuffix .d,${TEST_BINS})
+CFLAGS +=  -MMD -MF $@.d
+
+LIBS := ${TEST_LIB} $(HOSTLIB) $(FWLIB)
+
+all: $(TEST_BINS)
+
+${BUILD_ROOT}/%.o : %.c
+	$(CC) $(CFLAGS) $(INCLUDES) -MMD -MF $@.d -c -o $@ $<
+
+${BUILD_ROOT}/tpmtest_%: %.c ${LIBS}
+	$(CC) $(CFLAGS) $(INCLUDES) $< ${LIBS} -o $@ -lcrypto -lrt $(LDFLAGS)
+
+-include ${ALL_DEPS}
diff --git a/tests/tpm_lite/clear.c b/tests/tpm_lite/clear.c
new file mode 100644
index 00000000..f9caab5a
--- /dev/null
+++ b/tests/tpm_lite/clear.c
@@ -0,0 +1,29 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Testing: ownership testing code and ForceClear.
+ */
+
+#include <stdio.h>
+
+#include "tlcl.h"
+
+int main(int argc, char** argv) {
+  int owned;
+
+  TlclLibInit();
+  TlclStartup();
+  TlclSelftestfull();
+  TlclAssertPhysicalPresence();
+
+  owned = TlclIsOwned();
+  printf("tpm is %sowned\n", owned?  "" : "NOT ");
+  if (owned) {
+    TlclForceClear();
+    printf("tpm was cleared\n");
+  }
+
+  return 0;
+}
diff --git a/tests/tpm_lite/earlyextend.c b/tests/tpm_lite/earlyextend.c
new file mode 100644
index 00000000..58268091
--- /dev/null
+++ b/tests/tpm_lite/earlyextend.c
@@ -0,0 +1,35 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of early use of TPM_Extend.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+
+#define INDEX0 0xcafe
+
+int main(int argc, char** argv) {
+  uint8_t value_in[20];
+  uint8_t value_out[20];
+  uint32_t result;
+
+  TlclLibInit();
+  TlclStartup();
+  TlclContinueSelfTest();
+
+  do {
+    result = TlclExtend(1, value_in, value_out);
+    printf("result of Extend = %d\n", result);
+  } while (result == TPM_E_DOING_SELFTEST ||
+           result == TPM_E_NEEDS_SELFTEST);
+
+  printf("Test completed successfully\n");
+  exit(0);
+}
diff --git a/tests/tpm_lite/earlynvram.c b/tests/tpm_lite/earlynvram.c
new file mode 100644
index 00000000..24d381cf
--- /dev/null
+++ b/tests/tpm_lite/earlynvram.c
@@ -0,0 +1,54 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of early writing to the NVRAM.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+#include "utility.h"
+
+#define INDEX0 0xcafe
+
+int main(int argc, char** argv) {
+  uint32_t perm;
+  uint32_t result;
+  uint32_t x;
+
+  TlclLibInit();
+  TlclStartup();
+  TlclContinueSelfTest();
+
+  do {
+    result = TlclAssertPhysicalPresence();
+    printf("result of AssertPP = %d\n", result);
+  } while (result == TPM_E_DOING_SELFTEST ||
+           result == TPM_E_NEEDS_SELFTEST);
+
+  if (result != TPM_SUCCESS) {
+    error("AssertPP failed with error %d\n", result);
+  }
+
+  do {
+    result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
+    printf("result of ReadValue = %d\n", result);
+  } while (result == TPM_E_DOING_SELFTEST ||
+           result == TPM_E_NEEDS_SELFTEST);
+
+  if (result == TPM_E_BADINDEX) {
+    VBDEBUG(("creating INDEX0\n"));
+    perm = TPM_NV_PER_PPWRITE;
+    TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
+  } else if (result != TPM_SUCCESS) {
+    error("Read failed with result %d\n", result);
+  }
+
+  printf("Test completed successfully\n");
+  exit(0);
+}
diff --git a/tests/tpm_lite/earlynvram2.c b/tests/tpm_lite/earlynvram2.c
new file mode 100644
index 00000000..23725510
--- /dev/null
+++ b/tests/tpm_lite/earlynvram2.c
@@ -0,0 +1,54 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of early writing to the NVRAM.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+#include "utility.h"
+
+#define INDEX0 0xcafe
+
+int main(int argc, char** argv) {
+  uint32_t perm;
+  uint32_t result;
+  uint32_t x;
+
+  TlclLibInit();
+  TlclStartup();
+  TlclContinueSelfTest();
+
+  do {
+    result = TlclAssertPhysicalPresence();
+    printf("result of AssertPP = %d\n", result);
+  } while (result == TPM_E_DOING_SELFTEST ||
+           result == TPM_E_NEEDS_SELFTEST);
+
+  if (result != TPM_SUCCESS) {
+    error("AssertPP failed with error %d\n", result);
+  }
+
+  do {
+    result = TlclWrite(INDEX0, (uint8_t*) &x, sizeof(x));
+    printf("result of WriteValue = %d\n", result);
+  } while (result == TPM_E_DOING_SELFTEST ||
+           result == TPM_E_NEEDS_SELFTEST);
+
+  if (result == TPM_E_BADINDEX) {
+    VBDEBUG(("creating INDEX0\n"));
+    perm = TPM_NV_PER_PPWRITE;
+    TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
+  } else if (result != TPM_SUCCESS) {
+    error("Write failed with result %d\n", result);
+  }
+
+  printf("Test completed successfully\n");
+  exit(0);
+}
diff --git a/tests/tpm_lite/enable.c b/tests/tpm_lite/enable.c
new file mode 100644
index 00000000..15099849
--- /dev/null
+++ b/tests/tpm_lite/enable.c
@@ -0,0 +1,22 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Testing: ownership testing code, ForceClear, and nvram write limit.
+ */
+
+#include "tlcl.h"
+
+int main(int argc, char** argv) {
+
+  TlclLibInit();
+  TlclStartup();
+  TlclSelftestfull();
+
+  TlclAssertPhysicalPresence();
+  TlclSetEnable();
+  (void) TlclSetDeactivated(0);  // activates the TPM at the next boot
+
+  return 0;
+}
diff --git a/tests/tpm_lite/fastenable.c b/tests/tpm_lite/fastenable.c
new file mode 100644
index 00000000..e9f58938
--- /dev/null
+++ b/tests/tpm_lite/fastenable.c
@@ -0,0 +1,61 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Testing: ForceClear and behavior of disable and permanent deactivated flags.
+ *
+ * ForceClear sets the permanent disable and deactivated flags to their default
+ * value of TRUE.  The specs say nothing about STCLEAR flags, so they should be
+ * left alone.  This test checks that both flags may be reset without a reboot,
+ * resulting in a fully enabled and activated TPM.  (We know that because
+ * ForceClear requires that the TPM be enabled and activated to run.)
+ */
+
+#include <stdio.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+#include "utility.h"
+
+#define CHECK(command) do { if ((command) != TPM_SUCCESS) \
+      error(#command "\n"); }                             \
+  while(0)
+
+int main(int argc, char** argv) {
+  uint8_t disable, deactivated;
+  int i;
+
+  TlclLibInit();
+  CHECK(TlclStartup());
+  CHECK(TlclSelftestfull());
+
+  CHECK(TlclAssertPhysicalPresence());
+  printf("PP asserted\n");
+
+  CHECK(TlclGetFlags(&disable, &deactivated));
+  printf("disable is %d, deactivated is %d\n", disable, deactivated);
+
+  for (i = 0; i < 2; i++) {
+
+    CHECK(TlclForceClear());
+    printf("tpm is cleared\n");
+
+    CHECK(TlclGetFlags(&disable, &deactivated));
+    printf("disable is %d, deactivated is %d\n", disable, deactivated);
+
+    CHECK(TlclSetEnable());
+    printf("disable flag is cleared\n");
+
+    CHECK(TlclGetFlags(&disable, &deactivated));
+    printf("disable is %d, deactivated is %d\n", disable, deactivated);
+
+    CHECK(TlclSetDeactivated(0));
+    printf("deactivated flag is cleared\n");
+
+    CHECK(TlclGetFlags(&disable, &deactivated));
+    printf("disable is %d, deactivated is %d\n", disable, deactivated);
+  }
+
+  return 0;
+}
diff --git a/tests/tpm_lite/globallock.c b/tests/tpm_lite/globallock.c
new file mode 100644
index 00000000..ab287a44
--- /dev/null
+++ b/tests/tpm_lite/globallock.c
@@ -0,0 +1,81 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of two-stage locking using bGlobalLock and PP.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+#include "utility.h"
+
+#define INDEX0 0xcafe
+#define INDEX1 0xcaff
+
+int main(int argc, char** argv) {
+  uint32_t zero = 0;
+  uint32_t perm;
+  uint32_t result;
+  uint32_t x;
+
+  TlclLibInit();
+
+  TlclStartup();
+  TlclSelftestfull();
+
+  TlclAssertPhysicalPresence();
+
+  result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
+  if (result == TPM_E_BADINDEX) {
+    perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
+    TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
+  }
+  result = TlclWrite(INDEX0, (uint8_t*) &zero, sizeof(uint32_t));
+  assert(result == TPM_SUCCESS);
+
+  result = TlclRead(INDEX1, (uint8_t*) &x, sizeof(x));
+  if (result == TPM_E_BADINDEX) {
+    perm = TPM_NV_PER_PPWRITE;
+    TlclDefineSpace(INDEX1, perm, sizeof(uint32_t));
+  }
+  result = TlclWrite(INDEX1, (uint8_t*) &zero, sizeof(uint32_t));
+  assert(result == TPM_SUCCESS);
+
+  // Sets the global lock.
+  TlclSetGlobalLock();
+
+  // Verifies that write to index0 fails.
+  x = 1;
+  result = TlclWrite(INDEX0, (uint8_t*) &x, sizeof(x));
+  if (result != TPM_E_AREA_LOCKED) {
+    error("INDEX0 is not locked\n");
+    exit(1);
+  }
+
+  // Verifies that write to index1 is still possible.
+  x = 2;
+  result = TlclWrite(INDEX1, (uint8_t*) &x, sizeof(x));
+  if (result != TPM_SUCCESS) {
+    error("failure to write at INDEX1\n");
+    exit(2);
+  }
+
+  // Turns off PP.
+  TlclLockPhysicalPresence();
+
+  // Verifies that write to index1 fails.
+  x = 3;
+  result = TlclWrite(INDEX1, (uint8_t*) &x, sizeof(x));
+  if (result != TPM_E_BAD_PRESENCE) {
+    error("INDEX1 is not locked\n");
+    exit(3);
+  }
+
+  printf("Test completed successfully\n");
+  exit(0);
+}
diff --git a/tests/tpm_lite/lock.c b/tests/tpm_lite/lock.c
new file mode 100644
index 00000000..c3ed0af1
--- /dev/null
+++ b/tests/tpm_lite/lock.c
@@ -0,0 +1,29 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of locking, to see if locks count as writes.  (They should.)
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "tlcl.h"
+
+#define INDEX0 0xda70
+
+
+int main(int argc, char** argv) {
+  TlclLibInit();
+
+  TlclStartup();
+  TlclSelftestfull();
+
+  TlclAssertPhysicalPresence();
+
+  TlclWriteLock(INDEX0);
+
+  printf("Locked 0x%x\n", INDEX0);
+  exit(0);
+}
diff --git a/tests/tpm_lite/readonly.c b/tests/tpm_lite/readonly.c
new file mode 100644
index 00000000..9c49ec1d
--- /dev/null
+++ b/tests/tpm_lite/readonly.c
@@ -0,0 +1,110 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* This program mimicks the TPM usage from read-only firmware.  It exercises
+ * the TPM functionality needed in the read-only firmware.  It is meant to be
+ * integrated with the rest of the read-only firmware.  It is also provided as
+ * a test.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+#include "utility.h"
+
+/* These index values are used to create NVRAM spaces.  They only need to be
+ * unique.
+ */
+#define INDEX0 0xda70
+#define INDEX1 0xda71
+#define INDEX2 0xda72
+#define INDEX3 0xda73
+
+#define INDEX_INITIALIZED 0xda80
+
+/* This is called once at initialization time.  It may be called again from
+ * recovery mode to rebuild the spaces if something incomprehensible happened
+ * and the spaces are gone or messed up.  This is called after TPM_Startup and
+ * before the spaces are write-locked, so there is a chance that they can be
+ * recreated (but who knows---if anything can happen, there are plenty of ways
+ * of making this FUBAR).
+ */
+void InitializeSpaces(void) {
+  uint32_t zero = 0;
+  uint32_t perm = TPM_NV_PER_WRITE_STCLEAR | TPM_NV_PER_PPWRITE;
+
+  printf("Initializing spaces\n");
+  TlclSetNvLocked();  /* useful only the first time */
+
+  TlclDefineSpace(INDEX0, perm, 4);
+  TlclWrite(INDEX0, (uint8_t *) &zero, 4);
+  TlclDefineSpace(INDEX1, perm, 4);
+  TlclWrite(INDEX1, (uint8_t *) &zero, 4);
+  TlclDefineSpace(INDEX2, perm, 4);
+  TlclWrite(INDEX2, (uint8_t *) &zero, 4);
+  TlclDefineSpace(INDEX3, perm, 4);
+  TlclWrite(INDEX3, (uint8_t *) &zero, 4);
+
+  perm = TPM_NV_PER_READ_STCLEAR | TPM_NV_PER_WRITE_STCLEAR |
+    TPM_NV_PER_PPWRITE;
+  TlclDefineSpace(INDEX_INITIALIZED, perm, 1);
+}
+
+
+void EnterRecoveryMode(void) {
+  printf("entering recovery mode");
+  exit(0);
+}
+
+
+int main(int argc, char** argv) {
+  uint8_t c;
+  uint32_t index_0, index_1, index_2, index_3;
+
+  TlclLibInit();
+
+  TlclStartup();
+  TlclSelftestfull();
+
+  TlclAssertPhysicalPresence();
+
+  /* Checks if initialization has completed by trying to read-lock a space
+   * that's created at the end of initialization.
+   */
+  if (TlclRead(INDEX_INITIALIZED, &c, 0) == TPM_E_BADINDEX) {
+    /* The initialization did not complete.
+     */
+    InitializeSpaces();
+  }
+
+  /* Checks if spaces are OK or messed up.
+   */
+  if (TlclRead(INDEX0, (uint8_t*) &index_0, sizeof(index_0)) != TPM_SUCCESS ||
+      TlclRead(INDEX1, (uint8_t*) &index_1, sizeof(index_1)) != TPM_SUCCESS ||
+      TlclRead(INDEX2, (uint8_t*) &index_2, sizeof(index_2)) != TPM_SUCCESS ||
+      TlclRead(INDEX3, (uint8_t*) &index_3, sizeof(index_3)) != TPM_SUCCESS) {
+    EnterRecoveryMode();
+  }
+
+  /* Writes space, and locks it.  Then attempts to write again.  I really wish
+   * I could use the imperative.
+   */
+  index_0 += 1;
+  if (TlclWrite(INDEX0, (uint8_t*) &index_0, sizeof(index_0) != TPM_SUCCESS)) {
+    error("could not write index 0\n");
+  }
+  TlclWriteLock(INDEX0);
+  if (TlclWrite(INDEX0, (uint8_t*) &index_0, sizeof(index_0)) == TPM_SUCCESS) {
+    error("index 0 is not locked\n");
+  }
+
+  /* Done for now.
+   */
+  printf("Test completed successfully\n");
+  exit(0);
+}
diff --git a/tests/tpm_lite/redefine.c b/tests/tpm_lite/redefine.c
new file mode 100644
index 00000000..030abb67
--- /dev/null
+++ b/tests/tpm_lite/redefine.c
@@ -0,0 +1,79 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of protection from space redefinition.
+ *
+ * This test is actually not that interesting because, if I am right, space
+ * redefinition is not allowed with PP only.  It requires
+ * TPM_TAG_RQU_AUTH1_COMMAND with owner authentication.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+#include "utility.h"
+
+#define INDEX0 0xcafe
+#define INDEX1 0xcaff
+
+int main(int argc, char** argv) {
+  uint32_t perm;
+  uint32_t result;
+  uint32_t x;
+
+  TlclLibInit();
+  TlclStartup();
+  TlclSelftestfull();
+  TlclAssertPhysicalPresence();
+
+  result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
+  if (result == TPM_E_BADINDEX) {
+    VBDEBUG(("creating INDEX0\n"));
+  } else {
+    VBDEBUG(("redefining INDEX0\n"));
+  }
+  perm = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
+  TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
+
+  result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));
+  if (result == TPM_E_BADINDEX) {
+    VBDEBUG(("redefining INDEX1\n"));
+  } else {
+    VBDEBUG(("creating INDEX1\n"));
+  }
+  perm = TPM_NV_PER_PPWRITE;
+  TlclDefineSpace(INDEX1, perm, sizeof(uint32_t));
+
+  // Sets the global lock.
+  TlclSetGlobalLock();
+
+  // Verifies that index0 cannot be redefined.
+  result = TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
+  if (result == TPM_SUCCESS) {
+    error("unexpected success redefining INDEX0\n");
+    exit(1);
+  }
+
+  // Turns off PP.
+  TlclLockPhysicalPresence();
+
+  // Verifies that neither index0 nor index1 cannot be redefined.
+  result = TlclDefineSpace(INDEX0, perm, sizeof(uint32_t));
+  if (result == TPM_SUCCESS) {
+    error("unexpected success redefining INDEX0\n");
+    exit(1);
+  }
+  result = TlclDefineSpace(INDEX1, perm, sizeof(uint32_t));
+  if (result == TPM_SUCCESS) {
+    error("unexpected success redefining INDEX1\n");
+    exit(1);
+  }
+
+  printf("Test completed successfully\n");
+  exit(0);
+}
diff --git a/tests/tpm_lite/spaceperm.c b/tests/tpm_lite/spaceperm.c
new file mode 100644
index 00000000..f211ca43
--- /dev/null
+++ b/tests/tpm_lite/spaceperm.c
@@ -0,0 +1,44 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of space permissions retrieval.  The spaces 0xcafe and 0xcaff must have
+ * already been defined (by running, for instance, the "redefine" test).
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+#include "utility.h"
+
+#define INDEX0 0xcafe
+#define INDEX1 0xcaff
+
+int main(int argc, char** argv) {
+  uint32_t perm;
+  uint32_t perm_pp_gl = TPM_NV_PER_PPWRITE | TPM_NV_PER_GLOBALLOCK;
+  uint32_t perm_pp = TPM_NV_PER_PPWRITE;
+  uint32_t result;
+
+  TlclLibInit();
+  TlclStartup();
+  TlclContinueSelfTest();
+  TlclAssertPhysicalPresence();
+
+  result = TlclGetPermissions(INDEX0, &perm);
+  assert(result == TPM_SUCCESS);
+  printf("permissions for INDEX0 = 0x%x\n", perm);
+  assert((perm & perm_pp_gl) == perm_pp_gl);
+
+  result = TlclGetPermissions(INDEX1, &perm);
+  assert(result == TPM_SUCCESS);
+  printf("permissions for INDEX1 = 0x%x\n", perm);
+  assert((perm & perm_pp) == perm_pp);
+
+  printf("Test completed successfully\n");
+  exit(0);
+}
diff --git a/tests/tpm_lite/writelimit.c b/tests/tpm_lite/writelimit.c
new file mode 100644
index 00000000..5daef76b
--- /dev/null
+++ b/tests/tpm_lite/writelimit.c
@@ -0,0 +1,61 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Test of recovery when we hit the NVRAM write limit for an unowned TPM.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <tss/tcs.h>
+
+#include "tlcl.h"
+#include "utility.h"
+
+#define INDEX0 0xda70
+#define TPM_MAX_NV_WRITES_NOOWNER 64
+
+int main(int argc, char** argv) {
+  int i;
+  uint32_t result;
+  uint8_t disable, deactivated;  /* the TPM specs use these exact names */
+
+  TlclLibInit();
+
+  TlclStartup();
+  TlclSelftestfull();
+
+  TlclAssertPhysicalPresence();
+
+  result = TlclGetFlags(&disable, &deactivated);
+  printf("disable is %d, deactivated is %d\n", disable, deactivated);
+
+  if (disable || deactivated) {
+    TlclSetEnable();
+    (void) TlclSetDeactivated(0);
+    printf("TPM will be active after next reboot\n");
+    exit(0);
+  }
+
+  for (i = 0; i < TPM_MAX_NV_WRITES_NOOWNER + 2; i++) {
+    printf("writing %d\n", i);
+    if ((result = TlclWrite(INDEX0, (uint8_t*)&i, sizeof(i))) != TPM_SUCCESS) {
+      switch (result) {
+      case TPM_E_MAXNVWRITES:
+        printf("Max NV writes exceeded - forcing clear\n");
+        TlclForceClear();
+        printf("Please reboot and run this program again\n");
+        exit(0);
+      default:
+        error("unexpected error code %d (0x%x)\n");
+      }
+    }
+  }
+
+  /* Done for now.
+   */
+  printf("Test completed successfully\n");
+  exit(0);
+}