2023-02-08 21:01:48 +00:00
|
|
|
#!/bin/bash
|
2018-06-19 19:27:27 +00:00
|
|
|
# Retrieve the sealed file and counter from the NVRAM, unseal it and compute the hotp
|
|
|
|
|
|
|
|
. /etc/functions
|
|
|
|
|
|
|
|
HOTP_SEALED="/tmp/secret/hotp.sealed"
|
|
|
|
HOTP_SECRET="/tmp/secret/hotp.key"
|
|
|
|
HOTP_COUNTER="/boot/kexec_hotp_counter"
|
|
|
|
|
2019-05-17 23:07:07 +00:00
|
|
|
mount_boot_or_die()
|
2018-06-19 19:27:27 +00:00
|
|
|
{
|
2023-02-20 16:01:17 +00:00
|
|
|
TRACE "Under /bin/unseal-hotp:mount_boot_or_die"
|
2018-06-19 19:27:27 +00:00
|
|
|
# Mount local disk if it is not already mounted
|
|
|
|
if ! grep -q /boot /proc/mounts ; then
|
|
|
|
mount -o ro /boot \
|
2019-05-17 23:07:07 +00:00
|
|
|
|| die "Unable to mount /boot"
|
2018-06-19 19:27:27 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2023-02-20 16:01:17 +00:00
|
|
|
TRACE "Under /bin/unseal-hotp"
|
2023-02-18 17:58:43 +00:00
|
|
|
|
2019-05-19 01:22:11 +00:00
|
|
|
# Store counter in file instead of TPM for now, as it conflicts with Heads
|
|
|
|
# config TPM counter as TPM 1.2 can only increment one counter between reboots
|
|
|
|
# get current value of HOTP counter in TPM, create if absent
|
|
|
|
mount_boot_or_die
|
|
|
|
|
2018-06-20 16:20:39 +00:00
|
|
|
#check_tpm_counter $HOTP_COUNTER hotp \
|
|
|
|
#|| die "Unable to find/create TPM counter"
|
|
|
|
#counter="$TPM_COUNTER"
|
|
|
|
#
|
|
|
|
#counter_value=$(read_tpm_counter $counter | cut -f2 -d ' ' | awk 'gsub("^000e","")')
|
|
|
|
#
|
2018-06-19 19:27:27 +00:00
|
|
|
|
2018-06-20 16:20:39 +00:00
|
|
|
counter_value=$(cat $HOTP_COUNTER)
|
2018-06-19 19:27:27 +00:00
|
|
|
|
|
|
|
if [ "$counter_value" == "" ]; then
|
2018-06-20 16:20:39 +00:00
|
|
|
die "Unable to read HOTP counter"
|
2018-06-19 19:27:27 +00:00
|
|
|
fi
|
|
|
|
|
2018-06-20 16:20:39 +00:00
|
|
|
#counter_value=$(printf "%d" 0x${counter_value})
|
tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1.
Most logic throughout Heads doesn't need to know TPM1 versus TPM2 (and
shouldn't, the differences should be localized). Some checks were
incorrect and are fixed by this change. Most checks are now unchanged
relative to master.
There are not that many places outside of tpmr that need to
differentiate TPM1 and TPM2. Some of those are duplicate code that
should be consolidated (seal-hotpkey, unseal-totp, unseal-hotp), and
some more are probably good candidates for abstracting in tpmr so the
business logic doesn't have to know TPM1 vs. TPM2.
Previously, CONFIG_TPM could be variously 'y', 'n', or empty. Now it
is always 'y' or 'n', and 'y' means "any TPM". Board configs are
unchanged, setting CONFIG_TPM2_TOOLS=y implies CONFIG_TPM=y so this
doesn't have to be duplicated and can't be mistakenly mismatched.
There were a few checks for CONFIG_TPM = n that only coincidentally
worked for TPM2 because CONFIG_TPM was empty (not 'n'). This test is
now OK, but the checks were also cleaned up to '!= "y"' for robustness.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-02-22 21:30:07 +00:00
|
|
|
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
2023-02-24 20:52:10 +00:00
|
|
|
tpmr unseal 0x81004d47 sha256:0,1,2,3,4,7 "$HOTP_SECRET"
|
tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1.
Most logic throughout Heads doesn't need to know TPM1 versus TPM2 (and
shouldn't, the differences should be localized). Some checks were
incorrect and are fixed by this change. Most checks are now unchanged
relative to master.
There are not that many places outside of tpmr that need to
differentiate TPM1 and TPM2. Some of those are duplicate code that
should be consolidated (seal-hotpkey, unseal-totp, unseal-hotp), and
some more are probably good candidates for abstracting in tpmr so the
business logic doesn't have to know TPM1 vs. TPM2.
Previously, CONFIG_TPM could be variously 'y', 'n', or empty. Now it
is always 'y' or 'n', and 'y' means "any TPM". Board configs are
unchanged, setting CONFIG_TPM2_TOOLS=y implies CONFIG_TPM=y so this
doesn't have to be duplicated and can't be mistakenly mismatched.
There were a few checks for CONFIG_TPM = n that only coincidentally
worked for TPM2 because CONFIG_TPM was empty (not 'n'). This test is
now OK, but the checks were also cleaned up to '!= "y"' for robustness.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-02-22 21:30:07 +00:00
|
|
|
elif [ "$CONFIG_TPM" = "y" ]; then
|
2022-08-25 18:43:31 +00:00
|
|
|
tpm nv_readvalue \
|
|
|
|
-in 4d47 \
|
|
|
|
-sz 312 \
|
|
|
|
-of "$HOTP_SEALED" \
|
|
|
|
|| die "Unable to retrieve sealed file from TPM NV"
|
|
|
|
|
|
|
|
tpm unsealfile \
|
|
|
|
-hk 40000000 \
|
|
|
|
-if "$HOTP_SEALED" \
|
|
|
|
-of "$HOTP_SECRET" \
|
|
|
|
|| die "Unable to unseal HOTP secret"
|
|
|
|
fi
|
2019-05-19 01:22:11 +00:00
|
|
|
shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null
|
|
|
|
|
2018-06-19 19:27:27 +00:00
|
|
|
if ! hotp $counter_value < "$HOTP_SECRET"; then
|
2019-02-22 01:16:02 +00:00
|
|
|
shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
|
2018-06-19 19:27:27 +00:00
|
|
|
die 'Unable to compute HOTP hash?'
|
|
|
|
fi
|
|
|
|
|
2019-02-22 01:16:02 +00:00
|
|
|
shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
|
2018-06-19 19:27:27 +00:00
|
|
|
|
2018-06-20 16:20:39 +00:00
|
|
|
#increment_tpm_counter $counter > /dev/null \
|
|
|
|
#|| die "Unable to increment tpm counter"
|
2018-06-19 19:27:27 +00:00
|
|
|
|
|
|
|
mount -o remount,rw /boot
|
2018-06-20 16:20:39 +00:00
|
|
|
|
|
|
|
counter_value=`expr $counter_value + 1`
|
|
|
|
echo $counter_value > $HOTP_COUNTER \
|
2018-06-19 19:27:27 +00:00
|
|
|
|| die "Unable to create hotp counter file"
|
2018-06-20 16:20:39 +00:00
|
|
|
|
|
|
|
#sha256sum /tmp/counter-$counter > $HOTP_COUNTER \
|
|
|
|
#|| die "Unable to create hotp counter file"
|
2018-06-19 19:27:27 +00:00
|
|
|
mount -o remount,ro /boot
|
|
|
|
|
|
|
|
exit 0
|