mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-21 13:57:52 +00:00
7b8824adf1
Provide tpmr commands pcrread, pcrsize, calcfuturepcr, and seal for both TPM1 and TPM2. Combine seal logic for TPM1/TPM2 in seal-totp, kexec-seal-key. This is essentially the TPM2 logic now that tpmr provides the same wrapped commands for both TPM1 and TPM2. Remove algorithm prefix from PCR list in tpmr unseal for consistency with tpmr seal. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
22 lines
477 B
Bash
Executable File
22 lines
477 B
Bash
Executable File
#!/bin/bash
|
|
# Retrieve the sealed file from the NVRAM, unseal it and compute the totp
|
|
|
|
. /etc/functions
|
|
|
|
TOTP_SECRET="/tmp/secret/totp.key"
|
|
|
|
TRACE "Under /bin/unseal-totp"
|
|
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
|
tpmr unseal 4d47 0,1,2,3,4,7 312 "$TOTP_SECRET" \
|
|
|| die "Unable to unseal totp secret"
|
|
fi
|
|
|
|
if ! totp -q < "$TOTP_SECRET"; then
|
|
shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
|
|
die 'Unable to compute TOTP hash?'
|
|
fi
|
|
|
|
shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
|
|
exit 0
|