kexec-seal-key/seal-totp/tpmr/functions: move wiping of tpm_owner_password to tpmr calls directly

Signed-off-by: Thierry Laurion <insurgo@riseup.net>

initrd/bin/kexec-seal-key

@@ -137,11 +137,11 @@ tpmr pcrread -a 7 "$pcrf"
 
 DO_WITH_DEBUG --mask-position 7 \
 	tpmr seal "$KEY_FILE" "$TPM_INDEX" 0,1,2,3,4,5,6,7 "$pcrf" \
-	"$TPM_SIZE" "$key_password" || {
-	shred -n 10 -z -u /tmp/secret/tpm_owner_password 2>/dev/null
-	:
-	die "Unable to write TPM Disk Unlock Key to NVRAM"
-}
+	"$TPM_SIZE" "$key_password" || /
+	{
+		DEBUG "Sealing of TPM Disk Unlock Key failed with current TPM owner password."
+		die "Unable to write TPM Disk Unlock Key to NVRAM"
+	}
 
 # should be okay if this fails
 shred -n 10 -z -u "$pcrf" 2>/dev/null ||

initrd/bin/seal-totp

@@ -49,11 +49,7 @@ DEBUG "Sealing TOTP without PCR6 involvement (LUKS header consistency is not fir
 tpmr pcrread -a 7 "$pcrf"
 #Make sure we clear the TPM Owner Password from memory in case it failed to be used to seal TOTP
 tpmr seal "$TOTP_SECRET" "$TPM_NVRAM_SPACE" 0,1,2,3,4,7 "$pcrf" 312 "" "$TPM_PASSWORD" ||
-	{
-		shred -n 10 -z -u /tmp/secret/tpm_owner_password 2>/dev/null
-		:
-		die "Unable to write sealed secret to NVRAM from seal-totp"
-	}
+	die "Unable to write sealed secret to NVRAM from seal-totp"
 #Make sure we clear TPM TOTP sealed if we succeed to seal TOTP
 shred -n 10 -z -u "$TOTP_SEALED" 2>/dev/null
 

initrd/bin/tpmr

@@ -317,7 +317,13 @@ tpm2_counter_cre() {
 	done
 	rand_index="1$(dd if=/dev/urandom bs=1 count=3 | xxd -pc3)"
 	tpm2 nvdefine -C o -s 8 -a "ownerread|authread|authwrite|nt=1" \
-		-P "$(tpm2_password_hex "$pwdo")" "0x$rand_index" >/dev/console
+		-P "$(tpm2_password_hex "$pwdo")" "0x$rand_index" >/dev/console ||
+		{
+			DEBUG "Failed to create counter from tpm2_counter_cre with current tpm owner password. Wiping tpm_owner_password"
+			shred -n 10 -z -u /tmp/secret/tpm_owner_password
+			:
+			die "Unable to create counter from tpm2_counter_cre"
+		}
 	echo "$rand_index: (valid after an increment)"
 }
 
@@ -463,7 +469,12 @@ tpm2_seal() {
 	DO_WITH_DEBUG --mask-position 6 \
 		tpm2 evictcontrol -Q -C o -P "$(tpm2_password_hex "$tpm_owner_password")" \
 		-c "$SECRET_DIR/$bname.seal.ctx" "$handle" ||
-		die "Unable to write sealed secret to NVRAM from tpm2_seal"
+		{
+			DEBUG "Failed to write sealed secret to NVRAM from tpm2_seal with current tpm owner password. Wiping tpm_owner_password"
+			shred -n 10 -z -u /tmp/secret/tpm_owner_password
+			:
+			die "Unable to write sealed secret to NVRAM from tpm2_seal"
+		}
 }
 tpm1_seal() {
 	TRACE "Under /bin/tpmr:tpm1_seal"
@@ -519,7 +530,12 @@ tpm1_seal() {
 			warn "Unable to define NVRAM space; trying anyway"
 
 		tpm nv_writevalue -in "$index" -if "$sealed_file" ||
-			die "Unable to write sealed secret to NVRAM from tpm1_seal"
+			{
+				DEBUG "Failed to write sealed secret to NVRAM from tpm1_seal with current tpm owner password. Wiping tpm_owner_password"
+				shred -n 10 -z -u /tmp/secret/tpm_owner_password
+				:
+				die "Unable to write sealed secret to NVRAM from tpm1_seal"
+			}
 	fi
 }
 

initrd/etc/functions

@@ -239,6 +239,7 @@ prompt_new_owner_password() {
 
 check_tpm_counter() {
 	TRACE "Under /etc/functions:check_tpm_counter"
+	
 	LABEL=${2:-3135106223}
 	tpm_password="$3"
 	# if the /boot.hashes file already exists, read the TPM counter ID
@@ -252,16 +253,8 @@ check_tpm_counter() {
 			-pwdo "$tpm_password" \
 			-pwdc '' \
 			-la $LABEL |
-			tee /tmp/counter ||
-			{
-				DEBUG "Failed to create TPM counter. Shredding TPM owner password"
-				#TODO: refactor tpmr to wipe tpm_owner_password when invalid
-				# As of today, the callers are responsible to wipe it
-				# prompt_tpm_owner_password caches the password until externally invalidated
-				shred -n 10 -z -u /tmp/secret/tpm_owner_password
-				:
-				die "Unable to create TPM counter" 2>/dev/null
-			}
+			tee /tmp/counter || die "Unable to create TPM counter under check_tpm_counter"
+
 		TPM_COUNTER=$(cut -d: -f1 </tmp/counter)
 	fi