diff --git a/HIRS_Provisioner/scripts/install/tpm_aca_provision b/HIRS_Provisioner/scripts/install/tpm_aca_provision index 4c83f2b4..2c904d25 100755 --- a/HIRS_Provisioner/scripts/install/tpm_aca_provision +++ b/HIRS_Provisioner/scripts/install/tpm_aca_provision @@ -1,81 +1,3 @@ #!/bin/bash -# This script checks for signs of a TPM on the host, and then executes the appropriate -# HIRS TPM ACA provisining process according to the version of TPM found. - -# check dmesg for TPM -dmesg | grep -iq "1\.2 TPM" -DMESG_1_2=$((1-$?)) - -dmesg | grep -iq "2\.0 TPM" -DMESG_2_0=$((1-$?)) - -# check /sys/class/tpm for TPM -DEV_1_2=0 -if [[ -f "/sys/class/tpm/tpm0/device/firmware_node/description" ]]; then - grep -q "TPM 1.2 Device" /sys/class/tpm/tpm0/device/firmware_node/description - DEV_1_2=$((1-$?)) -fi - -DEV_2_0=0 -if [[ -f "/sys/class/tpm/tpm0/device/description" ]]; then - grep -q "TPM 2.0 Device" /sys/class/tpm/tpm0/device/description - DEV_2_0=$((1-$?)) -fi - -# check to see whether emulators are present -EMU_1_2=0 -if hash tpm_version 2> /dev/null ; then - tpm_version > /dev/null 2>&1 - if [[ $? -eq 0 ]]; then - EMU_1_2=1 - fi -fi - -EMU_2_0=0 -if hash tpm2_nvlist 2> /dev/null ; then - tpm2_nvlist > /dev/null 2>&1 - if [[ $? -eq 0 ]]; then - EMU_2_0=1 - fi -fi - -rpm -q HIRS_Provisioner_TPM_1_2 > /dev/null -PROVISIONER_1_2_INSTALLED=$? -rpm -q HIRS_Provisioner_TPM_2_0 > /dev/null -PROVISIONER_2_0_INSTALLED=$? - -TPM_1_2_PRESENT=$(($DMESG_1_2 + $DEV_1_2 + $EMU_1_2)) -TPM_2_0_PRESENT=$(($DMESG_2_0 + $DEV_2_0 + $EMU_2_0)) - -if [ "$TPM_1_2_PRESENT" -gt 0 ] ; then - echo "TPM 1.2 detected." - if [ $PROVISIONER_1_2_INSTALLED -eq 0 ]; then - hirs-provisioner -p - RC=$? - else - echo "The package 'HIRS_Provisioner_TPM_1_2' must be installed to provision a TPM 1.2." - exit 1 - fi -elif [ "$TPM_2_0_PRESENT" -gt 0 ] ; then - echo "TPM 2.0 detected." - if [ $PROVISIONER_2_0_INSTALLED -eq 0 ]; then - /usr/local/bin/hirs-provisioner-tpm2 provision - RC=$? - else - echo "The package 'HIRS_Provisioner_TPM_2_0' must be installed to provision a TPM 2.0." - exit 1 - fi -else - echo "No evidence of a TPM was found in dmesg, /sys/class/tpm, or via an installed emulator. If this machine has a TPM, please ensure it is enabled in UEFI/BIOS, or that your emulator is installed and functioning with tpm-tools or tpm2-tools." - if [ $PROVISIONER_1_2_INSTALLED -eq 0 ]; then - echo "Running TPM 1.2 provisioner to support normal HIRS usage." - hirs-provisioner --provision - RC=$? - else - echo "TPM 1.2 provisioner is not installed; not running normal HIRS provisioning." - exit 1 - fi -fi - -exit $RC \ No newline at end of file +hirs-provisioner provision