ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-01-29 15:44:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tpmr: Apply owner password to endorsement hierarchy

Browse Source 
Heads doesn't use the endorsement hierarchy, but we shouldn't leave it
with an empty password following a tpm2 clear.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
Jonathon Hall 2023-03-10 15:09:09 -05:00
parent 67f3ac5103
commit 9d34dd6687
No known key found for this signature in database
GPG Key ID: 1E9C3CA91AE25114
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
initrd/bin/tpmr
View File

@ -469,6 +469,7 @@ tpm2_reset() {
mkdir -p "$SECRET_DIR"
tpm2 clear -c platform || warn "Unable to clear TPM on platform hierarchy!"
tpm2 changeauth -c owner "$(tpm2_password_hex "$key_password")"
tpm2 changeauth -c endorsement "$(tpm2_password_hex "$key_password")"
tpm2 createprimary -C owner -g sha256 -G "${CONFIG_PRIMARY_KEY_TYPE:-rsa}" \
-c "$SECRET_DIR/primary.ctx" -P "$(tpm2_password_hex "$key_password")"
tpm2 evictcontrol -C owner -c "$SECRET_DIR/primary.ctx" "$PRIMARY_HANDLE" \