2017-04-12 06:48:38 -04:00
|
|
|
#!/bin/sh
|
|
|
|
|
# Shell functions for most initialization scripts
|
|
|
|
|
|
|
|
|
|
die() {
|
|
|
|
|
echo >&2 "$*";
|
|
|
|
|
exit 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
warn() {
|
|
|
|
|
echo >&2 "$*";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
recovery() {
|
|
|
|
|
echo >&2 "!!!!! $*"
|
|
|
|
|
|
|
|
|
|
# Remove any temporary secret files that might be hanging around
|
|
|
|
|
# but recreate the directory so that new tools can use it.
|
|
|
|
|
rm -rf /tmp/secret
|
|
|
|
|
mkdir -p /tmp/secret
|
|
|
|
|
tpm extend -ix 4 -ic recovery
|
|
|
|
|
|
|
|
|
|
echo >&2 "!!!!! Starting recovery shell"
|
|
|
|
|
sleep 1
|
|
|
|
|
exec /bin/ash
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pcrs() {
|
|
|
|
|
head -7 /sys/class/tpm/tpm0/pcrs
|
|
|
|
|
}
|
2017-04-29 13:40:34 -04:00
|
|
|
|
|
|
|
|
confirm_totp()
|
|
|
|
|
{
|
|
|
|
|
last_half=X
|
|
|
|
|
|
|
|
|
|
while true; do
|
|
|
|
|
|
|
|
|
|
# update the TOTP code every thirty seconds
|
|
|
|
|
date=`date "+%Y-%m-%d %H:%M:%S"`
|
|
|
|
|
seconds=`date "+%s"`
|
|
|
|
|
half=`expr \( $seconds % 60 \) / 30`
|
|
|
|
|
if [ "$half" != "$last_half" ]; then
|
|
|
|
|
last_half=$half;
|
|
|
|
|
TOTP=`unseal-totp` \
|
|
|
|
|
|| recovery "TOTP code generation failed"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo -n "$date $TOTP: "
|
|
|
|
|
|
|
|
|
|
# read the first character, non-blocking
|
|
|
|
|
read \
|
|
|
|
|
-t 1 \
|
|
|
|
|
-n 1 \
|
|
|
|
|
-s \
|
|
|
|
|
-p "Confirm TOTP with a 'y': " \
|
|
|
|
|
totp_confirm \
|
|
|
|
|
&& break
|
|
|
|
|
|
|
|
|
|
# nothing typed, redraw the line
|
|
|
|
|
echo -ne '\r'
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# clean up with a newline
|
|
|
|
|
echo
|
|
|
|
|
}
|
