From ea9b2c0da088bec47a26d0fcb096e718adc11123 Mon Sep 17 00:00:00 2001
From: Trammell Hudson <hudson@trmm.net>
Date: Wed, 12 Apr 2017 06:45:15 -0400
Subject: [PATCH] helper to do a forcible TPM reset (issue #27)

---
 initrd/bin/tpm-reset | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100755 initrd/bin/tpm-reset

diff --git a/initrd/bin/tpm-reset b/initrd/bin/tpm-reset
new file mode 100755
index 00000000..8a8b9d1c
--- /dev/null
+++ b/initrd/bin/tpm-reset
@@ -0,0 +1,34 @@
+#!/bin/sh
+. /etc/functions
+
+echo '*****'
+echo '***** WARNING: This will erase all keys and secrets from the TPM'
+echo '*****'
+
+read -s -p "New TPM owner password: " key_password
+echo
+
+if [ -z "$key_password" ]; then
+	die "Empty owner password is not allowed"
+fi
+
+read -s -p "Repeat owner password: " key_password2
+echo
+
+
+if [ "$key_password" != "$key_password2" ]; then
+	die "Key passwords do not match"
+fi
+
+# Make sure the TPM is ready to be reset
+tpm physicalpresence -s
+tpm physicalenable
+tpm physicalsetdeactivated -c
+tpm forceclear
+tpm physicalenable
+tpm takeown -pwdo "$key_password"
+
+# And now turn it all back on
+tpm physicalpresence -s
+tpm physicalenable
+tpm physicalsetdeactivated -c