mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-22 14:22:26 +00:00
15 lines
366 B
Plaintext
15 lines
366 B
Plaintext
|
#!/bin/sh
|
||
|
# Measure all of the luks disk encryption headers into
|
||
|
# a PCR so that we can detect disk swap attacks.
|
||
|
|
||
|
die() { echo >&2 "$@"; exit 1; }
|
||
|
|
||
|
# Measure the luks headers into PCR 6
|
||
|
for dev in "$@"; do
|
||
|
cryptsetup luksDump $dev \
|
||
|
|| die "$dev: Unable to measure"
|
||
|
done > /tmp/luksDump.txt
|
||
|
|
||
|
tpm extend -ix 6 -if /tmp/luksDump.txt \
|
||
|
|| die "Unable to extend PCR"
|