mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-19 21:17:55 +00:00
tpmr: Clean up TODOs about size parameter to tpm2_unseal
The size parameter is actually the size of the sealed secret to TPM1, not the unsealed data size. TPM2 does not observe the sealed secret, so just ignore that parameter. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
parent
0a38717e20
commit
7ab5e5c3e3
@ -217,14 +217,17 @@ tpm2_unseal() {
|
||||
TRACE "Under /bin/tpmr:tpm2_unseal"
|
||||
index="$1"
|
||||
pcrl="$2"
|
||||
size="$3"
|
||||
sealed_size="$3"
|
||||
file="$4"
|
||||
pass="$5"
|
||||
|
||||
# TPM2 doesn't care about sealed_size, only TPM1 needs that. We don't
|
||||
# have to separately read the sealed file on TPM2.
|
||||
|
||||
# Pad with up to 6 zeros, i.e. '0x81000001', '0x81001234', etc.
|
||||
handle="$(printf "0x81%6s" "$index" | tr ' ' 0)"
|
||||
|
||||
DEBUG "tpm2_unseal: handle=$handle pcrl=$pcrl size=$size file=$file pass=$([ "$pass" ] && echo "<yes>" || echo "<no>")"
|
||||
DEBUG "tpm2_unseal: handle=$handle pcrl=$pcrl file=$file pass=$([ "$pass" ] && echo "<yes>" || echo "<no>")"
|
||||
|
||||
POLICY_SESSION=/tmp/unsealfile_policy.session
|
||||
rm -f "$POLICY_SESSION"
|
||||
@ -249,14 +252,6 @@ tpm2_unseal() {
|
||||
fi
|
||||
|
||||
tpm2 unseal -Q -c "$handle" -p "session:$POLICY_SESSION$UNSEAL_PASS_SUFFIX" > "$file"
|
||||
|
||||
# We don't need to know the size to unseal in TPM2, but TPM1 does.
|
||||
# Ensure the correct size is provided so both will work.
|
||||
# TODO - This isn't actually what -sz means to tpm nv_readvalue
|
||||
#actual_size="$(stat -c "%s" "$file")"
|
||||
#if [ "$actual_size" -ne "$size" ]; then
|
||||
# die "Expected size $size for $file but got $actual_size"
|
||||
#fi
|
||||
}
|
||||
|
||||
tpm2_reset() {
|
||||
@ -294,7 +289,7 @@ tpm1_unseal() {
|
||||
TRACE "Under /bin/tpmr:tpm1_unseal"
|
||||
index="$1"
|
||||
pcrl="$2"
|
||||
size="$3"
|
||||
sealed_size="$3"
|
||||
file="$4"
|
||||
pass="$5"
|
||||
|
||||
@ -309,7 +304,7 @@ tpm1_unseal() {
|
||||
|
||||
tpm nv_readvalue \
|
||||
-in "$index" \
|
||||
-sz "$size" \
|
||||
-sz "$sealed_size" \
|
||||
-of "$sealed_file" \
|
||||
|| die "Unable to read sealed file from TPM NVRAM"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user