52 lines
1.2 KiB
Bash
52 lines
1.2 KiB
Bash
#!/bin/bash -e
|
|
#
|
|
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Attempt to trigger the TPM Dictionary Attack Defense Lock and measure its
|
|
# behavior.
|
|
|
|
if [ -f /sys/class/misc/tpm0/device/owned ]; then
|
|
owned=$(cat /sys/class/misc/tpm0/device/owned)
|
|
else
|
|
owned=$(cat /sys/class/tpm/tpm0/device/owned)
|
|
fi
|
|
if [ "$owned" = "" ]; then
|
|
echo "TPM is not functional"
|
|
exit 1
|
|
fi
|
|
if [ "$owned" = "0" ]; then
|
|
echo "please use random, non-empty passwords"
|
|
tpm_takeownership || exit 1
|
|
fi
|
|
|
|
attempts=0
|
|
max=1
|
|
e=/tmp/x$$
|
|
|
|
while true; do
|
|
attempts=$(( $attempts + 1 ))
|
|
before=$(date +%s)
|
|
defending=1
|
|
while [ $defending -eq 1 ]; do
|
|
if tpm_getpubek -z 2> $e; then
|
|
echo "unexpected success of tpm_getpubek"
|
|
exit 1
|
|
fi
|
|
if grep -q communication $e; then
|
|
echo "communication failure"
|
|
exit 1
|
|
fi
|
|
if ! grep -q dictionary $e; then
|
|
defending=0
|
|
fi
|
|
done
|
|
after=$(date +%s)
|
|
elapsed=$(( $after - $before ))
|
|
if [ $elapsed -gt $max ]; then
|
|
echo delay of $elapsed seconds after $attempts attempts
|
|
max=$elapsed
|
|
fi
|
|
done
|