diff options
author | Luigi Semenzato <semenzato@google.com> | 2010-09-30 13:35:11 -0700 |
---|---|---|
committer | Luigi Semenzato <semenzato@google.com> | 2010-09-30 13:35:11 -0700 |
commit | 7c6a69f1cb33d6bc3541f4b6c5ee6cc903323322 (patch) | |
tree | 362bbca483e4f5d98d156d571ac6cd2201f06269 /utility | |
parent | 04c00e19c6fd1d9ad09d2bf5e06518c249d62b31 (diff) | |
download | vboot-7c6a69f1cb33d6bc3541f4b6c5ee6cc903323322.tar.gz |
Add a script that measures DAD behavior (Dictionary Attack Defense)
Change-Id: I303bb68c366c382caff20c1ee8dbfb97ed5e1c2d
BUG=none
TEST=ran the script
Review URL: http://codereview.chromium.org/3492011
Diffstat (limited to 'utility')
-rw-r--r-- | utility/tpm-dad-lock | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/utility/tpm-dad-lock b/utility/tpm-dad-lock new file mode 100644 index 00000000..95fa0856 --- /dev/null +++ b/utility/tpm-dad-lock @@ -0,0 +1,47 @@ +#!/bin/bash -e +# +# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Attempt to trigger the TPM Dictionary Attack Defense Lock and measure its +# behavior. + +owned=$(cat /sys/class/misc/tpm0/device/owned) +if [ "$owned" = "" ]; then + echo "TPM is not functional" + exit 1 +fi +if [ "$owned" = "0" ]; then + echo "please use random, non-empty passwords" + tpm_takeownership || exit 1 +fi + +attempts=0 +max=1 +e=/tmp/x$$ + +while true; do + attempts=$(( $attempts + 1 )) + before=$(date +%s) + defending=1 + while [ $defending -eq 1 ]; do + if tpm_getpubek -z 2> $e; then + echo "unexpected success of tpm_getpubek" + exit 1 + fi + if grep -q communication $e; then + echo "communication failure" + exit 1 + fi + if ! grep -q dictionary $e; then + defending=0 + fi + done + after=$(date +%s) + elapsed=$(( $after - $before )) + if [ $elapsed -gt $max ]; then + echo delay of $elapsed seconds after $attempts attempts + max=$elapsed + fi +done |