ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-01-30 08:03:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

kexec-save-default: Always update TPM2 primary object handle hash

Browse Source 
Resetting the TPM creates a new primary object, and there is no reason
for kexec-save-default to sign an old hash.  Always update the hash
instead of creating it only if it doesn't exist.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
Jonathon Hall 2023-02-22 10:47:01 -05:00
parent ff8ec2fd5b
commit 55a41c3fdb
No known key found for this signature in database
GPG Key ID: 1E9C3CA91AE25114
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
initrd/bin/kexec-save-default
View File

@ -125,10 +125,8 @@ if [ ! -d $paramsdir ]; then
fi fi
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
if [ ! -r "$PRIMHASH_FILE" ]; then sha256sum /tmp/primary.handle > "$PRIMHASH_FILE" \
sha256sum /tmp/primary.handle > "$PRIMHASH_FILE" \ || die "ERROR: Failed to Hash TPM2 primary key handle!"
|| die "ERROR: Failed to Hash TPM2 primary key handle!"
fi
fi fi
rm $paramsdir/kexec_default.*.txt 2>/dev/null || true rm $paramsdir/kexec_default.*.txt 2>/dev/null || true