Merge tag 'tpm-next-10062025' of https://source.denx.de/u-boot/custodians/u-boot-tpm into next

CI: https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/26601

Updates from Simon cleaning up some tests, with the intention of being used
in sandbox and actual hardware.

3 files changed, 89 insertions, 75 deletions

diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm_tis_sandbox.c
index 2bc7dc87ed3..d7341062b31 100644
--- a/drivers/tpm/tpm_tis_sandbox.c
+++ b/drivers/tpm/tpm_tis_sandbox.c
@@ -221,6 +221,7 @@ static int sandbox_tpm_xfer(struct udevice *dev, const uint8_t *sendbuf,
 	case 0x72: /* physical set deactivated */
 	case 0x99: /* startup */
 	case 0x50: /* self test full */
+	case 0x53: /* self test continue */
 	case 0x4000000a:  /* assert physical presence */
 		*recv_len = 12;
 		memset(recvbuf, '\0', *recv_len);
diff --git a/test/dm/tpm.c b/test/dm/tpm.c
index 962a3fd1943..87c5c416daa 100644
--- a/test/dm/tpm.c
+++ b/test/dm/tpm.c
@@ -49,14 +49,87 @@ static int test_tpm_init(struct unit_test_state *uts, enum tpm_version version)
 	return 0;
 }
 
-static int dm_test_tpm(struct unit_test_state *uts)
+static int dm_test_tpm_init(struct unit_test_state *uts)
 {
 	ut_assertok(test_tpm_init(uts, TPM_V1));
 	ut_assertok(test_tpm_init(uts, TPM_V2));
 
 	return 0;
 }
-DM_TEST(dm_test_tpm, UTF_SCAN_FDT);
+DM_TEST(dm_test_tpm_init, UTF_SCAN_FDT);
+
+/* check TPM startup */
+static int check_tpm_startup(struct unit_test_state *uts,
+			     enum tpm_version version)
+{
+	struct udevice *dev;
+
+	/* check probe success */
+	ut_assertok(get_tpm_version(version, &dev));
+
+	ut_assertok(tpm_init(dev));
+	ut_assertok(tpm_startup(dev, TPM_ST_CLEAR));
+
+	return 0;
+}
+
+/* test TPM startup */
+static int dm_test_tpm_startup(struct unit_test_state *uts)
+{
+	ut_assertok(check_tpm_startup(uts, TPM_V1));
+	ut_assertok(check_tpm_startup(uts, TPM_V2));
+
+	return 0;
+}
+DM_TEST(dm_test_tpm_startup, UTF_SCAN_FDT);
+
+static int check_tpm_self_test_full(struct unit_test_state *uts,
+				    enum tpm_version version)
+{
+	struct udevice *dev;
+
+	ut_assertok(check_tpm_startup(uts, version));
+
+	ut_assertok(get_tpm_version(version, &dev));
+	ut_assertok(tpm_self_test_full(dev));
+
+	return 0;
+}
+
+/* Test TPM self-test full */
+static int dm_test_tpm_self_test_full(struct unit_test_state *uts)
+{
+	ut_assertok(check_tpm_self_test_full(uts, TPM_V1));
+	ut_assertok(check_tpm_self_test_full(uts, TPM_V2));
+
+	return 0;
+}
+DM_TEST(dm_test_tpm_self_test_full, UTF_SCAN_FDT);
+
+/* Test TPM self-test continue */
+static int test_tpm_self_test_cont(struct unit_test_state *uts,
+				   enum tpm_version version)
+{
+	struct udevice *dev;
+
+	/* check probe success */
+	ut_assertok(get_tpm_version(version, &dev));
+
+	ut_assertok(tpm_init(dev));
+	ut_assertok(tpm_startup(dev, TPM_ST_CLEAR));
+	ut_assertok(tpm_continue_self_test(dev));
+
+	return 0;
+}
+
+static int dm_test_tpm_self_test_cont(struct unit_test_state *uts)
+{
+	ut_assertok(test_tpm_self_test_cont(uts, TPM_V1));
+	ut_assertok(test_tpm_self_test_cont(uts, TPM_V2));
+
+	return 0;
+}
+DM_TEST(dm_test_tpm_self_test_cont, UTF_SCAN_FDT);
 
 /* Test report_state */
 static int dm_test_tpm_report_state(struct unit_test_state *uts)
diff --git a/test/py/tests/test_tpm2.py b/test/py/tests/test_tpm2.py
index 064651c3e23..9be85999d46 100644
--- a/test/py/tests/test_tpm2.py
+++ b/test/py/tests/test_tpm2.py
@@ -27,6 +27,16 @@ behavior.
 * Setup env__tpm_device_test_skip to True if tests with TPM devices should be
 skipped.
 
+Parallel tests
+--------------
+
+These tests can be run in parallel on sandbox. In that case any action taken
+by one test may be independent of another. For sandbox, care should be taken to
+ensure that tests are independent.
+
+Unfortunately, tests cannot be made independent on real hardware, since there is
+no way to reset the TPM other than restarting the board. Perhaps that would be
+the best approach?
 """
 
 updates = 0
@@ -50,13 +60,8 @@ def force_init(ubman, force=False):
             ubman.run_command('tpm2 clear TPM2_RH_PLATFORM')
         ubman.run_command('echo --- end of init ---')
 
-def is_sandbox(ubman):
-    # Array slice removes leading/trailing quotes.
-    sys_arch = ubman.config.buildconfig.get('config_sys_arch', '"sandbox"')[1:-1]
-    return sys_arch == 'sandbox'
-
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
-def test_tpm2_init(ubman):
+def test_tpm2_autostart(ubman):
     """Init the software stack to use TPMv2 commands."""
     skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
     if skip_test:
@@ -66,56 +71,6 @@ def test_tpm2_init(ubman):
     assert output.endswith('0')
 
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
-def test_tpm2_startup(ubman):
-    """Execute a TPM2_Startup command.
-
-    Initiate the TPM internal state machine.
-    """
-    skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
-    if skip_test:
-        pytest.skip('skip TPM device test')
-    ubman.run_command('tpm2 startup TPM2_SU_CLEAR')
-    output = ubman.run_command('echo $?')
-    assert output.endswith('0')
-
-def tpm2_sandbox_init(ubman):
-    """Put sandbox back into a known state so we can run a test
-
-    This allows all tests to run in parallel, since no test depends on another.
-    """
-    ubman.restart_uboot()
-    ubman.run_command('tpm2 autostart')
-    output = ubman.run_command('echo $?')
-    assert output.endswith('0')
-
-    skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
-    if skip_test:
-        pytest.skip('skip TPM device test')
-
-@pytest.mark.buildconfigspec('cmd_tpm_v2')
-def test_tpm2_sandbox_self_test_full(ubman):
-    """Execute a TPM2_SelfTest (full) command.
-
-    Ask the TPM to perform all self tests to also enable full capabilities.
-    """
-    if is_sandbox(ubman):
-        ubman.restart_uboot()
-        ubman.run_command('tpm2 autostart')
-        output = ubman.run_command('echo $?')
-        assert output.endswith('0')
-
-        ubman.run_command('tpm2 startup TPM2_SU_CLEAR')
-        output = ubman.run_command('echo $?')
-        assert output.endswith('0')
-
-    skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
-    if skip_test:
-        pytest.skip('skip TPM device test')
-    ubman.run_command('tpm2 self_test full')
-    output = ubman.run_command('echo $?')
-    assert output.endswith('0')
-
-@pytest.mark.buildconfigspec('cmd_tpm_v2')
 def test_tpm2_continue_self_test(ubman):
     """Execute a TPM2_SelfTest (continued) command.
 
@@ -126,8 +81,6 @@ def test_tpm2_continue_self_test(ubman):
     skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
     if skip_test:
         pytest.skip('skip TPM device test')
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
     ubman.run_command('tpm2 self_test continue')
     output = ubman.run_command('echo $?')
     assert output.endswith('0')
@@ -144,9 +97,6 @@ def test_tpm2_clear(ubman):
     not have a password set, otherwise this test will fail. ENDORSEMENT and
     PLATFORM hierarchies are also available.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
-
     skip_test = ubman.config.env.get('env__tpm_device_test_skip', False)
     if skip_test:
         pytest.skip('skip TPM device test')
@@ -167,8 +117,6 @@ def test_tpm2_change_auth(ubman):
     Use the LOCKOUT hierarchy for this. ENDORSEMENT and PLATFORM hierarchies are
     also available.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
     force_init(ubman)
 
     ubman.run_command('tpm2 change_auth TPM2_RH_LOCKOUT unicorn')
@@ -193,9 +141,6 @@ def test_tpm2_get_capability(ubman):
     There is no expected default values because it would depend on the chip
     used. We can still save them in order to check they have changed later.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
-
     force_init(ubman)
     ram = utils.find_ram_base(ubman)
 
@@ -217,8 +162,6 @@ def test_tpm2_dam_parameters(ubman):
     the authentication, otherwise the lockout will be engaged after the first
     failed authentication attempt.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
     force_init(ubman)
     ram = utils.find_ram_base(ubman)
 
@@ -236,14 +179,12 @@ def test_tpm2_dam_parameters(ubman):
     assert 'Property 0x00000211: 0x00000000' in read_cap
 
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
+@pytest.mark.notbuildconfigspec('target_chromebook_coral')
 def test_tpm2_pcr_read(ubman):
     """Execute a TPM2_PCR_Read command.
 
     Perform a PCR read of the 10th PCR. Must be zero.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
-
     force_init(ubman)
     ram = utils.find_ram_base(ubman)
 
@@ -261,6 +202,7 @@ def test_tpm2_pcr_read(ubman):
     assert '00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00' in read_pcr
 
 @pytest.mark.buildconfigspec('cmd_tpm_v2')
+@pytest.mark.notbuildconfigspec('target_chromebook_coral')
 def test_tpm2_pcr_extend(ubman):
     """Execute a TPM2_PCR_Extend command.
 
@@ -270,8 +212,6 @@ def test_tpm2_pcr_extend(ubman):
     No authentication mechanism is used here, not protecting against packet
     replay, yet.
     """
-    if is_sandbox(ubman):
-        tpm2_sandbox_init(ubman)
     force_init(ubman)
     ram = utils.find_ram_base(ubman)