From 1651a9b3cd5fe6b9538a588fc2c0f52f864c21ee Mon Sep 17 00:00:00 2001
From: chench <chench@hygon.cn>
Date: Thu, 17 Oct 2024 15:09:25 +0800
Subject: [PATCH] add hygon tcm test cases

---
 0001-add-gm-test-case-for-all-commands.patch |   2 +-
 1001-newfeature-tcm-Add-tcm-test-cases.patch | 671 +++++++++++++++++++
 tpm2-tools.spec                              |   6 +-
 3 files changed, 677 insertions(+), 2 deletions(-)
 create mode 100644 1001-newfeature-tcm-Add-tcm-test-cases.patch

diff --git a/0001-add-gm-test-case-for-all-commands.patch b/0001-add-gm-test-case-for-all-commands.patch
index fb0de0d..ad6b574 100644
--- a/0001-add-gm-test-case-for-all-commands.patch
+++ b/0001-add-gm-test-case-for-all-commands.patch
@@ -373,7 +373,7 @@ index 0000000..945e8cd
 +trap cleanup EXIT
 +
 +echo -n "01234567890123456789012345678901" >${input_file}
-+tpm2_createprimary ${quiet} -C o -g sm3_256 -G sm4128cbc -c ${context_file} -p ${password} -a "sign|decrypt|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G sm4128cfb -c ${context_file} -p ${password} -a "sign|decrypt|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
 +tpm2_encryptdecrypt ${quiet} -p ${password} -c ${context_file} -o ${output_file} ${input_file} 2>/dev/null
 +tpm2_encryptdecrypt ${quiet} -p ${password} -c ${context_file} -o ${input_raw} -d ${output_file} 2>/dev/null
 +diff ${input_file} ${input_raw}
diff --git a/1001-newfeature-tcm-Add-tcm-test-cases.patch b/1001-newfeature-tcm-Add-tcm-test-cases.patch
new file mode 100644
index 0000000..35ab1f3
--- /dev/null
+++ b/1001-newfeature-tcm-Add-tcm-test-cases.patch
@@ -0,0 +1,671 @@
+From 783c135f334dc19e94fe8150c1596aae457f1de5 Mon Sep 17 00:00:00 2001
+From: chench <chench@hygon.cn>
+Date: Mon, 12 Aug 2024 19:31:24 +0800
+Subject: [PATCH 1/2] [newfeature][tcm]:Add tcm test cases
+
+Change-Id: I65697be84bc97022faba89879a51f5502ba00ffc
+---
+ test/integration/tests_tcm/test.sh            | 151 ++++++++++++++++++
+ .../tests_tcm/test_tcm2_activatecredential.sh |  33 ++++
+ .../integration/tests_tcm/test_tcm2_attest.sh |  53 ++++++
+ .../tests_tcm/test_tcm2_changeauth.sh         |  33 ++++
+ .../tests_tcm/test_tcm2_encryptdecrypt.sh     |  26 +++
+ test/integration/tests_tcm/test_tcm2_hash.sh  |  24 +++
+ test/integration/tests_tcm/test_tcm2_nv.sh    |  57 +++++++
+ test/integration/tests_tcm/test_tcm2_pcr.sh   |  22 +++
+ .../integration/tests_tcm/test_tcm2_policy.sh | 106 ++++++++++++
+ .../integration/tests_tcm/test_tcm2_random.sh |  21 +++
+ .../tests_tcm/test_tcm2_selftest.sh           |  13 ++
+ test/integration/tests_tcm/test_tcm2_sign.sh  |  24 +++
+ 12 files changed, 563 insertions(+)
+ create mode 100755 test/integration/tests_tcm/test.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_activatecredential.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_attest.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_changeauth.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_encryptdecrypt.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_hash.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_nv.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_pcr.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_policy.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_random.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_selftest.sh
+ create mode 100755 test/integration/tests_tcm/test_tcm2_sign.sh
+
+diff --git a/test/integration/tests_tcm/test.sh b/test/integration/tests_tcm/test.sh
+new file mode 100755
+index 0000000..69950de
+--- /dev/null
++++ b/test/integration/tests_tcm/test.sh
+@@ -0,0 +1,151 @@
++#!/bin/bash
++#;**********************************************************************;
++#
++# Copyright (c) 2016, Intel Corporation
++# All rights reserved.
++#
++# Redistribution and use in source and binary forms, with or without
++# modification, are permitted provided that the following conditions are met:
++#
++# 1. Redistributions of source code must retain the above copyright notice,
++# this list of conditions and the following disclaimer.
++#
++# 2. Redistributions in binary form must reproduce the above copyright notice,
++# this list of conditions and the following disclaimer in the documentation
++# and/or other materials provided with the distribution.
++#
++# 3. Neither the name of Intel Corporation nor the names of its contributors
++# may be used to endorse or promote products derived from this software without
++# specific prior written permission.
++#
++# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
++# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
++# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
++# THE POSSIBILITY OF SUCH DAMAGE.
++#;**********************************************************************;
++
++# We Assume that the tests are run from the test/integration/tests_tcm location.
++
++SRC1_DIR=`realpath ../../../tools/`
++SRC2_DIR=`realpath ../../../tools/misc`
++PATH=$SRC1_DIR:$SRC2_DIR:$PATH
++
++# Some test helpers are in the test directory
++# and might be needed on PATH
++TEST_DIR=`realpath .`
++PATH=$TEST_DIR:$PATH
++
++# Keep track of failures and successes for reporting
++pass=0
++fail=0
++
++# Keep track of failed test scripts.
++fail_summary=""
++
++red=$'\e[1;31m'
++grn=$'\e[1;32m'
++yel=$'\e[1;33m'
++blu=$'\e[1;34m'
++mag=$'\e[1;35m'
++cyn=$'\e[1;36m'
++end=$'\e[0m'
++
++# Set the default to print in a prety output
++PRETTY=true
++
++clear_colors() {
++  red=''
++  grn=''
++  yel=''
++  blu=''
++  mag=''
++  cyn=''
++  end=''
++}
++
++test_wrapper() {
++
++  ./$1 &
++  # Process Id of the previous running command
++  pid=$!
++  spin='-\|/'
++  i=0
++  while kill -0 $pid 2>/dev/null; do
++    if [ "$PRETTY" == true ]; then
++      i=$(( (i+1) %4 ))
++      printf "\r${yel}${spin:$i:1}${end}"
++      sleep .1
++    fi
++  done
++
++  wait $pid
++  rc=$?
++
++  failed_checks=0
++
++  # check for persistent handles
++  leftovers=`tpm2_getcap handles-persistent`
++  if [ "$leftovers" != "" ]; then
++    printf "Test left peristent objects loaded, found: %s\n" "$leftovers"
++    failed_checks=1
++  fi
++
++  if [ $failed_checks -ne 0 ]; then
++    # set the $? variable to not be 0!
++    false
++  fi
++
++  if [ $rc -eq 0 ]; then
++    printf "\r${grn}$1 ... PASSED${end}\n"
++    let "pass++"
++  else
++    printf "\r${red}$1 ... FAILED${end}\n"
++    let "fail++"
++    fail_summary="$fail_summary"$'\n'"$1"
++  fi
++}
++
++# Get a list of test scripts, all tests should begin with test_tcm2_ and
++# be a shell script.
++tests=`ls test_tcm2_*.sh`
++
++while true; do
++  case "$1" in
++    -p | --plain ) PRETTY=false; shift ;;
++    -- ) shift; break ;;
++    * ) break ;;
++  esac
++done
++
++# If command line arguments are provided, assume it is
++# the test suite to execute.
++# IE: test_tcm2_getrandom.sh
++if [ "$#" -gt 0 ]; then
++  tests="$@"
++fi
++
++if [ "$PRETTY" != true ]; then
++  clear_colors
++fi
++
++for t in $tests; do
++  test_wrapper $t;
++done;
++
++# Report the status of the tests
++printf "${grn}Tests passed: $pass${end}\n"
++printf "${red}Tests Failed: $fail${end}\n"
++
++if [ $fail -gt 0 ]; then
++  echo "Fail summary:"
++  echo "$fail_summary"
++fi
++
++exit $fail
+diff --git a/test/integration/tests_tcm/test_tcm2_activatecredential.sh b/test/integration/tests_tcm/test_tcm2_activatecredential.sh
+new file mode 100755
+index 0000000..a3f19e0
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_activatecredential.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash
++
++quiet=-Q
++context_file=/tmp/context
++context_load_file=/tmp/context_load
++pub_file=/tmp/pub
++priv_file=/tmp/priv
++input_file=/tmp/input
++name_file=/tmp/name
++password=123456
++mkcred_file=/tmp/mkcred
++actcred_file=/tmp/actcred
++pub_key_file=/tmp/pub_key
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${context_file} ${context_load_file} ${pub_file} ${priv_file} ${input_file} ${name_file} ${mkcred_file} ${actcred_file} ${pub_key_file}
++}
++trap cleanup EXIT
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G eccsm2:null:sm4128cfb -c ${context_file} -p ${password} -k ${pub_key_file}
++tpm2_create ${quiet} -C ${context_file} -g sm3_256 -G "eccsm2:sm2-sm3_256:null" -u ${pub_file} -r ${priv_file} -P ${password} -p ${password} -a "sign|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
++tpm2_load ${quiet} -C ${context_file} -u ${pub_file} -r ${priv_file} -c ${context_load_file} -P ${password} -n ${name_file}
++loaded_key_name=`cat ${name_file} | xxd -p -c $(ls -l ${name_file} | awk {'print $5'})`
++tpm2_makecredential ${quiet} -e ${pub_key_file} -s ${input_file} -n ${loaded_key_name} -o ${mkcred_file}
++tpm2_activatecredential ${quiet} -c ${context_load_file} -C ${context_file} -i ${mkcred_file} -o ${actcred_file} -p ${password} -P ${password}
++
+diff --git a/test/integration/tests_tcm/test_tcm2_attest.sh b/test/integration/tests_tcm/test_tcm2_attest.sh
+new file mode 100755
+index 0000000..cfde946
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_attest.sh
+@@ -0,0 +1,53 @@
++#!/bin/bash
++
++quiet=-Q
++context_file=/tmp/context
++context_load_file=/tmp/context_load
++input_file=/tmp/input
++context_attest_file=/tmp/context.att
++context_sig_file=/tmp/context.sig
++attest_file=/tmp/attest
++ticket_file=/tmp/ticket
++creation_hash_file=/tmp/creation_hash
++sig_file=/tmp/sig
++pcr_file=/tmp/pcr
++
++password=123456
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${context_attest_file} ${context_sig_file} ${attest_file} ${sig_file} ${ticket_file} ${creation_hash_file} ${pem_pri_file} ${pem_pub_file} ${pcr_file}
++}
++trap cleanup EXIT
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G hmac:sm3_256 -c ${context_attest_file} -p ${password} -t ${ticket_file} -d ${creation_hash_file} -a "sign|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G "eccsm2:sm2-sm3_256:null" -c ${context_sig_file} -p ${password} -a "sign|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
++
++tpm2_certify ${quiet} -c ${context_attest_file} -C ${context_sig_file} -p ${password} -P ${password} -g sm3_256 -o ${attest_file} -s ${sig_file} -S sm2
++tpm2_verifysignature ${quiet} -g sm3_256 -s ${sig_file} -m ${attest_file} -c ${context_sig_file}
++
++tpm2_gettime ${quiet} -p ${password} -g sm3_256 -s sm2 -o ${sig_file} -c ${context_sig_file} --attestation ${input_file}
++tpm2_verifysignature ${quiet} -g sm3_256 -m ${input_file} -s ${sig_file} -c ${context_sig_file}
++
++tpm2_certifycreation ${quiet} -C ${context_sig_file} -c ${context_attest_file} -P ${password} -g sm3_256 -s sm2 -d ${creation_hash_file} -t ${ticket_file} -o ${sig_file} --attestation ${attest_file}
++tpm2_verifysignature ${quiet} -g sm3_256 -s ${sig_file} -m ${attest_file} -c ${context_sig_file}
++
++tpm2_quote ${quiet} -c ${context_sig_file} -p ${password} -l sm3_256:1,2,3,4,5 -s ${sig_file} -m ${attest_file} -o ${pcr_file} -g sm3_256 -S sm2
++tpm2_verifysignature ${quiet} -g sm3_256 -s ${sig_file} -m ${attest_file} -c ${context_sig_file}
++
++pem_pri_file=/tmp/private.ecc.pem
++pem_pub_file=/tmp/public.ecc.pem
++pcr_file=/tmp/pcr
++echo -n "01234567890123456789012345678901" >${input_file}
++openssl ecparam -name SM2 -genkey -out ${pem_pri_file} 2>/dev/null
++openssl ec -in ${pem_pri_file} -pubout -out ${pem_pub_file} 2>/dev/null
++tpm2_loadexternal ${quiet} -G ecc -g sm3_256 -r ${pem_pri_file} -c ${context_load_file}
++tpm2_quote ${quiet} -c ${context_load_file} -l sm3_256:1,2,3,4,5 -s ${sig_file} -m ${attest_file} -o ${pcr_file} -q ${input_file} -g sm3_256 -S sm2
++tpm2_checkquote ${quiet} -G ecc -g sm3_256 -m ${attest_file} -s ${sig_file} -u ${pem_pub_file} -q ${input_file} -f ${pcr_file}
++
+diff --git a/test/integration/tests_tcm/test_tcm2_changeauth.sh b/test/integration/tests_tcm/test_tcm2_changeauth.sh
+new file mode 100755
+index 0000000..dd36acc
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_changeauth.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash
++
++quiet=-Q
++context_file=/tmp/context
++context_load_file=/tmp/context_load
++pub_file=/tmp/pub
++priv_file=/tmp/priv
++input_file=/tmp/input
++
++password=123456
++pass_change1=123
++pass_change2=789
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${context_file} ${context_load_file} ${pub_file} ${priv_file} ${input_file}
++}
++trap cleanup EXIT
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G eccsm2:null:sm4128cfb -c ${context_file} -p ${password}
++tpm2_create ${quiet} -g sm3_256 -u ${pub_file} -r ${priv_file} -C ${context_file} -i ${input_file} -P ${password} -p ${pass_change1}
++tpm2_load ${quiet} -C ${context_file} -u ${pub_file} -r ${priv_file} -c ${context_load_file} -P ${password} 
++
++tpm2_changeauth ${quiet} -p ${pass_change1} -c ${context_load_file} -C ${context_file} -r ${priv_file} ${pass_change2}
++tpm2_load ${quiet} -C ${context_file} -u ${pub_file} -r ${priv_file} -c ${context_load_file} -P ${password}
++tpm2_changeauth ${quiet} -p ${pass_change2} -c ${context_load_file} -C ${context_file} -r ${priv_file} ${pass_change1}
++
+diff --git a/test/integration/tests_tcm/test_tcm2_encryptdecrypt.sh b/test/integration/tests_tcm/test_tcm2_encryptdecrypt.sh
+new file mode 100755
+index 0000000..b3d7072
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_encryptdecrypt.sh
+@@ -0,0 +1,26 @@
++#!/bin/bash
++
++quiet=-Q
++context_file=/tmp/context
++input_file=/tmp/input
++input_raw=/tmp/input_raw
++output_file=/tmp/output
++password=123456
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${context_file} ${input_file} ${input_raw} ${output_file}
++}
++trap cleanup EXIT
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G sm4128cfb -c ${context_file} -p ${password} -a "sign|decrypt|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
++tpm2_encryptdecrypt ${quiet} -p ${password} -c ${context_file} -o ${output_file} ${input_file} 2>/dev/null
++tpm2_encryptdecrypt ${quiet} -p ${password} -c ${context_file} -o ${input_raw} -d ${output_file} 2>/dev/null
++diff ${input_file} ${input_raw}
++
+diff --git a/test/integration/tests_tcm/test_tcm2_hash.sh b/test/integration/tests_tcm/test_tcm2_hash.sh
+new file mode 100755
+index 0000000..298a01a
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_hash.sh
+@@ -0,0 +1,24 @@
++#!/bin/bash
++
++quiet=-Q
++context_file=/tmp/context
++input_file=/tmp/input
++output_file=/tmp/output
++password=123456
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${context_file} ${input_file} ${output_file}
++}
++trap cleanup EXIT
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G hmac:sm3_256 -c ${context_file} -p ${password} -a "sign|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
++tpm2_hmac ${quiet} -p ${password} -g sm3_256 -c ${context_file} -o ${output_file} ${input_file}
++tpm2_hash ${quiet} -g sm3_256 -o ${output_file} ${input_file}
++
+diff --git a/test/integration/tests_tcm/test_tcm2_nv.sh b/test/integration/tests_tcm/test_tcm2_nv.sh
+new file mode 100755
+index 0000000..260e9bc
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_nv.sh
+@@ -0,0 +1,57 @@
++#!/bin/bash
++
++quiet=-Q
++input_file=/tmp/input
++output_file=/tmp/output
++context_sig_file=/tmp/context.sig
++attest_file=/tmp/attest
++sig_file=/tmp/sig
++password=123456
++nv_index=0x01500001
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${input_file} ${output_file} ${context_sig_file} ${attest_file} ${sig_file}
++	tpm2_nvundefine ${quiet} -C o ${nv_index} 2>/dev/null || true
++	
++}
++trap cleanup EXIT
++
++cleanup
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_nvdefine ${quiet} -C o -p ${password} -a "authread|authwrite" -s 32 -g sm3_256 ${nv_index}
++tpm2_nvundefine ${quiet} -C o ${nv_index}
++tpm2_nvdefine ${quiet} ${nv_index} -C o -s 32 -a "policyread|policywrite|authread|authwrite|ownerwrite|ownerread|read_stclear|writedefine" -p ${password} -g sm3_256
++tpm2_nvreadpublic ${quiet} ${nv_index} > ${output_file}
++tpm2_nvwrite ${quiet} ${nv_index} -P ${password} -i ${input_file}
++tpm2_nvread ${quiet} -P ${password} ${nv_index} -o ${output_file}
++tpm2_nvreadlock ${quiet} -C o ${nv_index}
++tpm2_nvwritelock ${quiet} -C o ${nv_index}
++tpm2_nvwrite ${quiet} ${nv_index} -P ${password} -i ${input_file} 2>/dev/null || true
++tpm2_nvread ${quiet} -P ${password} ${nv_index} 2>/dev/null || true 
++tpm2_nvundefine ${quiet} -C o ${nv_index}
++
++tpm2_nvdefine ${quiet} -C o -a "nt=extend|ownerread|policywrite|ownerwrite" ${nv_index} -g sm3_256
++echo -n "01234567890123456789012345678901" | tpm2_nvextend ${quiet} -C o -i- ${nv_index}
++tpm2_nvundefine ${quiet} -C o ${nv_index}
++
++tpm2_nvdefine ${quiet} -C o -P "" -a "nt=counter|authread|authwrite|ownerread|ownerwrite|writedefine" ${nv_index} -g sm3_256
++tpm2_nvincrement ${quiet} -C o -P "" ${nv_index}
++tpm2_nvundefine ${quiet} -C o ${nv_index}
++
++bits=0xbadc0de
++tpm2_nvdefine ${quiet} -C o -P "" -a "nt=bits|ownerread|policywrite|ownerwrite|writedefine" ${nv_index} -g sm3_256
++tpm2_nvsetbits ${quiet} -C o -P "" -i ${bits} ${nv_index}
++check=$(tpm2_nvread -C o -P "" ${nv_index} | xxd -p | sed s/'^0*'/0x/)
++tpm2_nvundefine ${quiet} -C o ${nv_index}
++if [ "${check}" != "${bits}" ];then
++		echo "tpm2_nvsetbits fail"
++		exit 1
++fi
++
+diff --git a/test/integration/tests_tcm/test_tcm2_pcr.sh b/test/integration/tests_tcm/test_tcm2_pcr.sh
+new file mode 100755
+index 0000000..f2759cf
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_pcr.sh
+@@ -0,0 +1,22 @@
++#!/bin/bash
++
++quiet=-Q
++input_file=/tmp/input
++pcrs_file=/tmp/pcrs
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${input_file} ${pcrs_file}
++}
++trap cleanup EXIT
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_pcrreset ${quiet} 16 23
++tpm2_pcrread ${quiet} sm3_256:0,1,8,9 -o ${pcrs_file}
++tpm2_pcrextend ${quiet} 16:sm3_256="2b14a1fc49869413b0beb707069cffc0c6b0a51f3fedb9ce072c80709652b3ae"
++
+diff --git a/test/integration/tests_tcm/test_tcm2_policy.sh b/test/integration/tests_tcm/test_tcm2_policy.sh
+new file mode 100755
+index 0000000..2281b43
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_policy.sh
+@@ -0,0 +1,106 @@
++#!/bin/bash
++
++quiet=-Q
++context_file=/tmp/context
++context_load_file=/tmp/context_load
++pub_file=/tmp/pub
++priv_file=/tmp/priv
++input_file=/tmp/input
++policy_digest_file=/tmp/policy_digest
++digest_file=/tmp/digest
++session_file=/tmp/session
++sig_file=/tmp/sig
++name_file=/tmp/name
++timeout_file=/tmp/timeout
++ticket_file=/tmp/ticket
++new_parent_file=/tmp/new_parent
++source_parent_file=/tmp/source_parent
++new_parent_name_file=/tmp/new_parent_name
++duplicable_file=/tmp/duplicable
++duplicable_name_file=/tmp/duplicable_name
++duplicated_seed_file=/tmp/duplicated_seed
++nv_index=0x01500001
++password=123456
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${context_file} ${context_load_file} ${pub_file} ${priv_file} ${input_file} ${policy_digest_file} ${digest_file} ${session_file} ${sig_file} ${name_file} ${timeout_file} ${ticket_file} ${new_parent_file} ${source_parent_file} ${new_parent_name_file} ${duplicable_file} ${duplicable_name_file} ${duplicated_seed_file}
++	tpm2_nvundefine ${quiet} -C o ${nv_index} 2>/dev/null || true
++}
++trap cleanup EXIT
++
++cleanup
++
++tpm2_createpolicy ${quiet} --policy-pcr -g sm3_256 -l sm3_256:0,1,8,9 -L ${policy_digest_file}
++tpm2_setprimarypolicy ${quiet} -C o -P "" -L ${policy_digest_file} -g sm3_256
++tpm2_setprimarypolicy ${quiet} -C o -P pcr:sm3_256:0,1,8,9 -L ${policy_digest_file} -g sm3_256
++
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G eccsm2:null:sm4128cfb -c ${context_file}
++tpm2_startauthsession ${quiet} --policy-session -c ${context_file} -g sm3_256 -s sm4128cfb -S ${session_file}
++tpm2_policypcr ${quiet} -l sm3_256:0,1,8,9 -S ${session_file} -L ${policy_digest_file}
++tpm2_setprimarypolicy ${quiet} -C o -P "" -L ${policy_digest_file} -g sm3_256
++tpm2_setprimarypolicy ${quiet} -C o -P session:${session_file} -L ${policy_digest_file} -g sm3_256
++tpm2_flushcontext ${session_file}
++
++tpm2_startauthsession ${quiet} --policy-session -g sm3_256 -S ${session_file}
++tpm2_policypcr ${quiet} -l sm3_256:0,1,8,9 -S ${session_file} -L ${policy_digest_file}
++tpm2_policyor ${quiet} -L ${digest_file} -S ${session_file} -l sm3_256:${policy_digest_file},${policy_digest_file}
++tpm2_policypassword ${quiet} -S ${session_file} -L ${policy_digest_file}
++tpm2_policycommandcode ${quiet} -S ${session_file} -L ${policy_digest_file} TPM2_CC_PCR_Reset
++tpm2_policyrestart ${quiet} -S ${session_file}
++tpm2_flushcontext ${session_file}
++
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G "eccsm2:sm2-sm3_256:null" -c ${context_file} -p ${password} -a "sign|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
++tpm2_startauthsession ${quiet} --policy-session -g sm3_256 -S ${session_file}
++tpm2_policysigned ${quiet} -S ${session_file} -c ${context_file} --raw-data ${input_file}
++tpm2_sign ${quiet} -p ${password} -g sm3_256 -c ${context_file} -o ${sig_file} -s sm2 ${input_file}
++tpm2_policysigned ${quiet} -S ${session_file} -g sm3_256 -c ${context_file} -s ${sig_file} -L ${policy_digest_file}
++tpm2_flushcontext ${session_file}
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G eccsm2:null:sm4128cfb -c ${context_file} -p ${password}
++tpm2_create ${quiet} -g sm3_256 -u ${pub_file} -r ${priv_file} -C ${context_file} -i ${input_file} -P ${password}
++tpm2_load ${quiet} -C ${context_file} -u ${pub_file} -r ${priv_file} -c ${context_load_file} -P ${password} -n ${name_file}
++tpm2_startauthsession ${quiet} --policy-session -g sm3_256 -S ${session_file}
++tpm2_policysecret ${quiet} -L ${policy_digest_file} -S ${session_file} -c ${context_load_file} --ticket ${ticket_file} --timeout ${timeout_file} -t -1000000
++tpm2_policyticket ${quiet} -L ${policy_digest_file} -S ${session_file} -n ${name_file} --ticket ${ticket_file} --timeout ${timeout_file}
++tpm2_policyrestart ${quiet} -S ${session_file}
++tpm2_flushcontext ${session_file}
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_nvdefine ${quiet} -C o -p ${password} ${nv_index} -a "authread|authwrite" -s 34 -g sm3_256
++tpm2_startauthsession ${quiet} -S ${session_file} -g sm3_256
++tpm2_policypcr ${quiet} -S ${session_file} -l sm3_256:0,1,8,9 -L ${policy_digest_file}
++tpm2_flushcontext ${session_file}
++echo "0012" | xxd -p -r | cat - ${policy_digest_file} | tpm2_nvwrite ${quiet} -C ${nv_index} -P ${password} ${nv_index} -i- #0012 is sm3_256
++tpm2_startauthsession ${quiet} -S ${session_file} --policy-session -g sm3_256
++tpm2_policypcr ${quiet} -S ${session_file} -l sm3_256:0,1,8,9 -L ${policy_digest_file}
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G eccsm2:null:sm4128cfb -c ${context_file} -p ${password}
++tpm2_create ${quiet} -g sm3_256 -u ${pub_file} -r ${priv_file} -C ${context_file} -i ${input_file} -P ${password} -L ${policy_digest_file}
++tpm2_load ${quiet} -C ${context_file} -u ${pub_file} -r ${priv_file} -c ${context_load_file} -P ${password} -n ${name_file}
++tpm2_unseal ${quiet} -c ${context_load_file} -p session:${session_file} >/dev/null
++tpm2_evictcontrol ${quiet} -c ${context_load_file} 0x81010003
++tpm2_evictcontrol ${quiet} -c 0x81010003 0x81010003
++tpm2_flushcontext ${session_file}
++tpm2_nvundefine ${quiet} -C o ${nv_index}
++
++
++tpm2_startauthsession ${quiet} -g sm3_256 -S ${session_file}
++tpm2_policycommandcode ${quiet} -S $session_file -L ${policy_digest_file} TPM2_CC_Duplicate
++tpm2_flushcontext ${session_file}
++
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G eccsm2:null:sm4128cfb -c ${source_parent_file}
++tpm2_create ${quiet} -C ${source_parent_file} -g sm3_256 -G eccsm2:sm2-sm3_256:null -u ${pub_file} -r ${priv_file} -L ${policy_digest_file} -a "sensitivedataorigin|sign"
++tpm2_load ${quiet} -C ${source_parent_file} -u ${pub_file} -r ${priv_file} -c ${duplicable_file}
++
++tpm2_createprimary ${quiet} -C n -g sm3_256 -G eccsm2:null:sm4128cfb -c ${new_parent_file}
++tpm2_startauthsession ${quiet} -S ${session_file} --policy-session -g sm3_256
++tpm2_policycommandcode ${quiet} -S $session_file -L ${policy_digest_file} TPM2_CC_Duplicate
++tpm2_duplicate ${quiet} -C ${new_parent_file} -c ${duplicable_file} -G null -p session:${session_file} -r ${priv_file} -s ${duplicated_seed_file}
++tpm2_flushcontext ${session_file}
++
+diff --git a/test/integration/tests_tcm/test_tcm2_random.sh b/test/integration/tests_tcm/test_tcm2_random.sh
+new file mode 100755
+index 0000000..b35d918
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_random.sh
+@@ -0,0 +1,21 @@
++#!/bin/bash
++
++quiet=-Q
++input_file=/tmp/input
++output_file=/tmp/output
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${input_file} ${output_file}
++}
++trap cleanup EXIT
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_stirrandom ${quiet} ${input_file}
++tpm2_getrandom ${quiet} -f 32 -o ${output_file}
++
+diff --git a/test/integration/tests_tcm/test_tcm2_selftest.sh b/test/integration/tests_tcm/test_tcm2_selftest.sh
+new file mode 100755
+index 0000000..6c0f130
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_selftest.sh
+@@ -0,0 +1,13 @@
++#!/bin/bash
++
++quiet=-Q
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++tpm2_selftest ${quiet} -f 
++tpm2_incrementalselftest ${quiet} sm2 sm3_256 sm4
++tpm2_gettestresult ${quiet}
+diff --git a/test/integration/tests_tcm/test_tcm2_sign.sh b/test/integration/tests_tcm/test_tcm2_sign.sh
+new file mode 100755
+index 0000000..6f9cb81
+--- /dev/null
++++ b/test/integration/tests_tcm/test_tcm2_sign.sh
+@@ -0,0 +1,24 @@
++#!/bin/bash
++
++quiet=-Q
++context_file=/tmp/context
++input_file=/tmp/input
++sig_file=/tmp/sig
++password=123456
++
++onerror() {
++    echo "$BASH_COMMAND on line ${BASH_LINENO[0]} failed: $?"
++    exit 1
++}
++trap onerror ERR
++
++cleanup() {
++	rm -f ${context_file} ${input_file} ${sig_file}
++}
++trap cleanup EXIT
++
++echo -n "01234567890123456789012345678901" >${input_file}
++tpm2_createprimary ${quiet} -C o -g sm3_256 -G "eccsm2:sm2-sm3_256:null" -c ${context_file} -p ${password} -a "sign|noda|sensitivedataorigin|userwithauth|fixedtpm|fixedparent"
++tpm2_sign ${quiet} -p ${password} -g sm3_256 -c ${context_file} -o ${sig_file} -s sm2 ${input_file}
++tpm2_verifysignature ${quiet} -g sm3_256 -s ${sig_file} -c ${context_file} -m ${input_file}
++
+-- 
+2.17.1
+
diff --git a/tpm2-tools.spec b/tpm2-tools.spec
index 2129c88..df6cd59 100644
--- a/tpm2-tools.spec
+++ b/tpm2-tools.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.4
+%define anolis_release .0.5
 Name: tpm2-tools
 Version: 4.1.1
 Release: 5%{anolis_release}%{?dist}
@@ -26,6 +26,7 @@ patch15: 0001-add-gm-support-for-all-commands.patch
 patch16: 0001-add-gm-test-case-for-all-commands.patch
 
 Patch1000: 1000-disable-pandoc.patch
+Patch1001: 1001-newfeature-tcm-Add-tcm-test-cases.patch
 
 BuildRequires: gcc-c++
 BuildRequires: libtool
@@ -84,6 +85,9 @@ Doc pages for %{name}.
 %doc README.md CHANGELOG.md
 
 %changelog
+* Thu Oct 17 2024 chench <chench@hygon.cn> - 4.1.1-5.0.5
+- add tcm test cases
+
 * Tue Nov  8 2022 Liwei Ge <geliwei@openanolis.org> - 4.1.1-5.0.4
 - Disable doc on loongarch64
 
-- 
Gitee