From 7dde5c2aca74c19195a71338324743bf3bf4d952 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Tue, 19 Jun 2018 16:28:37 -0700 Subject: [PATCH] Revert "Use HOTP TPM counter instead of Heads when signing, if present" This reverts commit c42084406d47409ccce5ac6ddd717b576b693eb3. --- initrd/bin/gui-init | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 1f4e3dcf..aaa47da8 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -78,14 +78,7 @@ update_checksums() # sign and auto-roll config counter extparam= if [ "$CONFIG_TPM" = "y" ]; then - if [ -x /bin/libremkey_hotp_verification ]; then - check_tpm_counter /boot/kexec_hotp_counter hotp \ - || die "Unable to find/create TPM counter" - counter="$TPM_COUNTER" - extparam="-c $counter" - else - extparam=-u - fi + extparam=-u fi kexec-sign-config -p /boot $extparam \ || die "Failed to sign default config" @@ -248,6 +241,9 @@ while true; do || die "Unable to find/create tpm counter" counter="$TPM_COUNTER" + increment_tpm_counter $counter \ + || die "Unable to increment tpm counter" + sha256sum /tmp/counter-$counter > /boot/kexec_rollback.txt \ || die "Unable to create rollback file" mount -o ro,remount /boot