mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-20 21:43:11 +00:00
Make TPM counter label a variable
Currently the TPM counter label is hard-coded. By changing it to a variable in this function we can reuse all of the TPM counter functions to create other monotonic counters in the TPM (if the hardware supports it) with custom labels.
This commit is contained in:
parent
9c95b4ed58
commit
ec2d7dfc2c
@ -143,13 +143,19 @@ check_tpm_counter()
|
|||||||
if [ -r "$1" ]; then
|
if [ -r "$1" ]; then
|
||||||
TPM_COUNTER=`grep counter- "$1" | cut -d- -f2`
|
TPM_COUNTER=`grep counter- "$1" | cut -d- -f2`
|
||||||
else
|
else
|
||||||
|
# Initialize label to default if not set
|
||||||
|
if [ "$2" != "" ]; then
|
||||||
|
LABEL=$2
|
||||||
|
else
|
||||||
|
LABEL=3135106223
|
||||||
|
fi
|
||||||
warn "$BOOT_HASHES does not exist; creating new TPM counter"
|
warn "$BOOT_HASHES does not exist; creating new TPM counter"
|
||||||
read -s -p "TPM Owner password: " tpm_password
|
read -s -p "TPM Owner password: " tpm_password
|
||||||
echo
|
echo
|
||||||
tpm counter_create \
|
tpm counter_create \
|
||||||
-pwdo "$tpm_password" \
|
-pwdo "$tpm_password" \
|
||||||
-pwdc '' \
|
-pwdc '' \
|
||||||
-la 3135106223 \
|
-la $LABEL \
|
||||||
| tee /tmp/counter \
|
| tee /tmp/counter \
|
||||||
|| die "Unable to create TPM counter"
|
|| die "Unable to create TPM counter"
|
||||||
TPM_COUNTER=`cut -d: -f1 < /tmp/counter`
|
TPM_COUNTER=`cut -d: -f1 < /tmp/counter`
|
||||||
|
Loading…
Reference in New Issue
Block a user