ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-04-06 19:06:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tpmr: fix TPM Disk Unlock Key which was not using proper cached passphrase.

Browse Source 
Add debugging that was needed to spot the issue

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2023-12-29 14:38:21 -05:00
parent 25d7b06063
commit b4068e61fa
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
initrd/bin/tpmr
View File

@ -488,13 +488,16 @@ tpm1_seal() {
pcrf="$4"
sealed_size="$5"
pass="$6" # May be empty to seal with no password
tpm_password="$7" # Owner password - will prompt if needed and not empty
tpm_owner_password="$7" # Owner password - will prompt if needed and not empty
sealed_file="$SECRET_DIR/tpm1_seal_sealed.bin"
at_exit cleanup_shred "$sealed_file"
POLICY_ARGS=()
DEBUG "tpm1_seal arguments: file=$file index=$index pcrl=$pcrl pcrf=$pcrf sealed_size=$sealed_size pass=$(mask_param "$pass") tpm_password=$(mask_param "$tpm_password")"
# If a password was given, add it to the policy arguments
if [ "$pass" ]; then
POLICY_ARGS+=(-pwdd "$pass")
@ -516,7 +519,7 @@ tpm1_seal() {
-of "$sealed_file" \
-hk 40000000 \
"${POLICY_ARGS[@]}"
# try it without the TPM Owner Password first
if ! tpm nv_writevalue -in "$index" -if "$sealed_file"; then
# to create an nvram space we need the TPM Owner Password
@ -530,7 +533,7 @@ tpm1_seal() {
prompt_tpm_owner_password
tpm nv_definespace -in "$index" -sz "$sealed_size" \
-pwdo "$tpm_password" -per 0 ||
-pwdo "$tpm_owner_password" -per 0 ||
warn "Unable to define TPM NVRAM space; trying anyway"
tpm nv_writevalue -in "$index" -if "$sealed_file" ||