#!/usr/bin/expect -f
#
# C-01 QEMUv8 reproduction: boots the guest, mounts virtfs, runs c01_poc.
# Env vars: QEMU (path to binary), QEMU_ARGS, BINDIR.

set timeout 180
set bindir $::env(BINDIR)

log_user 1
log_file -a -noappend "$bindir/c01_nw.log"

# Open the secure-world log for monitoring
open "$bindir/c01_sw.log" "w+"
spawn -open [open "|tail -f $bindir/c01_sw.log"]
set sw_id $spawn_id

# Start QEMU
spawn sh -c "$::env(QEMU) $::env(QEMU_ARGS)"
set qemu_id $spawn_id

# Wait for Linux login
expect {
    -i $qemu_id "Kernel panic" { puts "\nFATAL: Kernel panic"; exit 1 }
    -i $qemu_id timeout        { puts "\nFATAL: Boot timeout"; exit 1 }
    -i $qemu_id "ogin:"
}
send -i $qemu_id -- "root\r"
expect -i $qemu_id "# "
puts "\n\[+\] Guest booted, logged in as root"

# Mount the virtio-9p share
send -i $qemu_id -- "mkdir -p /mnt/host && mount -t 9p -o trans=virtio host /mnt/host\r"
expect -i $qemu_id "# "
puts "\[+\] /mnt/host mounted (virtio-9p)"

# Run the PoC
puts "\[+\] Running c01_poc...\n"
send -i $qemu_id -- "/mnt/host/c01_poc\r"

set done 0
while {$done == 0} {
    expect {
        -i $sw_id -re {(E/TC:.*Panic[^\r\n]*)} {
            puts "\n\[!!!] TEE PANIC: $expect_out(1,string)"
        }
        -i $sw_id -re {(E/TC:.*assertion[^\r\n]*failed[^\r\n]*)} {
            puts "\n\[!!!] TEE ASSERTION FAILED: $expect_out(1,string)"
        }
        -i $qemu_id "Done." {
        }
        -i $qemu_id "# " {
            set done 1
        }
        timeout {
            puts "\nWARN: timeout waiting for PoC"
            set done 1
        }
    }
}

puts "\n\[+\] PoC finished, collecting secure-world log..."
after 2000

send -i $qemu_id -- "poweroff\r"
expect {
    -i $qemu_id "reboot: Power down" {}
    timeout {}
}
puts "\[+\] QEMU exited"