diff --git a/pkg/pillar/cmd/tpmmgr/tpmmgr_test.go b/pkg/pillar/cmd/tpmmgr/tpmmgr_test.go index 738dbf8c92..0e1bb046cf 100644 --- a/pkg/pillar/cmd/tpmmgr/tpmmgr_test.go +++ b/pkg/pillar/cmd/tpmmgr/tpmmgr_test.go @@ -11,6 +11,7 @@ import ( "fmt" "io/ioutil" "os" + "reflect" "testing" "time" @@ -201,3 +202,24 @@ func TestVerifyEdgeNodeCerts(t *testing.T) { return } } + +func TestSealUnseal(t *testing.T) { + _, err := os.Stat(etpm.TpmDevicePath) + if err != nil { + t.Skip("TPM is not available, skipping the test.") + } + + dataToSeal := []byte("secret") + if err := etpm.SealDiskKey(dataToSeal, etpm.DiskKeySealingPCRs); err != nil { + t.Errorf("Seal operation failed with err: %v", err) + return + } + unsealedData, err := etpm.UnsealDiskKey(etpm.DiskKeySealingPCRs) + if err != nil { + t.Errorf("Unseal operation failed with err: %v", err) + return + } + if !reflect.DeepEqual(dataToSeal, unsealedData) { + t.Errorf("Seal/Unseal operation failed, want %v, but got %v", dataToSeal, unsealedData) + } +} diff --git a/pkg/pillar/evetpm/tpm.go b/pkg/pillar/evetpm/tpm.go index df01393b41..ded6f57777 100644 --- a/pkg/pillar/evetpm/tpm.go +++ b/pkg/pillar/evetpm/tpm.go @@ -15,7 +15,6 @@ import ( "io/ioutil" "math/big" "os" - "reflect" "unsafe" "github.com/google/go-tpm/tpm2" @@ -704,22 +703,6 @@ func PolicyPCRSession(rw io.ReadWriteCloser, pcrSel tpm2.PCRSelection) (tpmutil. return session, policy, nil } -// TestSealUnseal tests TPM2.0 Seal and Unseal commands -func TestSealUnseal() error { - dataToSeal := []byte("secret") - if err := SealDiskKey(dataToSeal, DiskKeySealingPCRs); err != nil { - return err - } - unsealedData, err := UnsealDiskKey(DiskKeySealingPCRs) - if err != nil { - return err - } - if !reflect.DeepEqual(dataToSeal, unsealedData) { - return fmt.Errorf("want %v, but got %v", dataToSeal, unsealedData) - } - return nil -} - // CompareLegacyandSealedKey compares legacy and sealed keys // to record if we are using a new key for sealed vault func CompareLegacyandSealedKey() SealedKeyType {