ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c87c2f4575
heads/initrd/bin/unseal-totp

30 lines
634 B
Plaintext
Raw Normal View History

import the seal/unseal totp scripts since they are very specialized to the heads install, skip owner password if not required (issue #151)
2017-04-12 10:49:39 +00:00
#!/bin/sh
# Retrieve the sealed file from the NVRAM, unseal it and compute the totp
. /etc/functions
TOTP_SEALED="/tmp/secret/totp.sealed"
TOTP_SECRET="/tmp/secret/totp.key"
tpm nv_readvalue \
-in 4d47 \
-sz 312 \
-of "$TOTP_SEALED" \
|| die "Unable to retrieve sealed file from TPM NV"
tpm unsealfile \
-hk 40000000 \
-if "$TOTP_SEALED" \
-of "$TOTP_SECRET" \
|| die "Unable to unseal totp secret"
supress errors on console when files don't exist (equivalent of rm -f)
2019-02-22 01:16:02 +00:00
shred -n 10 -z -u "$TOTP_SEALED" 2> /dev/null
import the seal/unseal totp scripts since they are very specialized to the heads install, skip owner password if not required (issue #151)
2017-04-12 10:49:39 +00:00
print and update the timestamp on the TOTP while waiting for disk unlock code
2017-04-12 12:28:31 +00:00
if ! totp -q < "$TOTP_SECRET"; then
supress errors on console when files don't exist (equivalent of rm -f)
2019-02-22 01:16:02 +00:00
shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
import the seal/unseal totp scripts since they are very specialized to the heads install, skip owner password if not required (issue #151)
2017-04-12 10:49:39 +00:00
die 'Unable to compute TOTP hash?'
fi
supress errors on console when files don't exist (equivalent of rm -f)
2019-02-22 01:16:02 +00:00
shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
import the seal/unseal totp scripts since they are very specialized to the heads install, skip owner password if not required (issue #151)
2017-04-12 10:49:39 +00:00
exit 0
Reference in New Issue Copy Permalink