From 4d7c1cb3887787b3f7c8a9ebbe38a7f2d677be60 Mon Sep 17 00:00:00 2001
From: Jonathon Hall <jonathon.hall@puri.sm>
Date: Thu, 31 Aug 2023 17:15:24 -0400
Subject: [PATCH] initrd/bin/unseal-hotp: Prevent script errors if unseal fails

If the secret can't be unsealed, die immediately rather than continuing
on to generate errors.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
---
 initrd/bin/unseal-hotp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initrd/bin/unseal-hotp b/initrd/bin/unseal-hotp
index 9cdc263d..d9f2ad08 100755
--- a/initrd/bin/unseal-hotp
+++ b/initrd/bin/unseal-hotp
@@ -39,7 +39,7 @@ fi
 #counter_value=$(printf "%d" 0x${counter_value})
 if [ "$CONFIG_TPM" = "y" ]; then
 	DEBUG "Unsealing HOTP secret reuses TOTP sealed secret..."
-	tpmr unseal 4d47 0,1,2,3,4,7 312 "$HOTP_SECRET"
+	tpmr unseal 4d47 0,1,2,3,4,7 312 "$HOTP_SECRET" || die "Unable to unseal HOTP secret"
 else
 	# without a TPM, generate a secret based on the SHA-256 of the ROM
 	secret_from_rom_hash > "$HOTP_SECRET" || die "Reading ROM failed"