Make TPM counter label a variable

Currently the TPM counter label is hard-coded. By changing it to a
variable in this function we can reuse all of the TPM counter functions
to create other monotonic counters in the TPM (if the hardware supports
it) with custom labels.
This commit is contained in:
Kyle Rankin 2018-05-09 14:25:43 -07:00
parent 9c95b4ed58
commit ec2d7dfc2c
No known key found for this signature in database
GPG Key ID: 555577116BFA74B9

View File

@ -143,13 +143,19 @@ check_tpm_counter()
if [ -r "$1" ]; then if [ -r "$1" ]; then
TPM_COUNTER=`grep counter- "$1" | cut -d- -f2` TPM_COUNTER=`grep counter- "$1" | cut -d- -f2`
else else
# Initialize label to default if not set
if [ "$2" != "" ]; then
LABEL=$2
else
LABEL=3135106223
fi
warn "$BOOT_HASHES does not exist; creating new TPM counter" warn "$BOOT_HASHES does not exist; creating new TPM counter"
read -s -p "TPM Owner password: " tpm_password read -s -p "TPM Owner password: " tpm_password
echo echo
tpm counter_create \ tpm counter_create \
-pwdo "$tpm_password" \ -pwdo "$tpm_password" \
-pwdc '' \ -pwdc '' \
-la 3135106223 \ -la $LABEL \
| tee /tmp/counter \ | tee /tmp/counter \
|| die "Unable to create TPM counter" || die "Unable to create TPM counter"
TPM_COUNTER=`cut -d: -f1 < /tmp/counter` TPM_COUNTER=`cut -d: -f1 < /tmp/counter`