heads/initrd/bin/poweroff
Jonathon Hall 215ff2a397
reboot, poweroff: Prepare TPM2 for shutdown
TPM2 must be prepared for shutdown, or it may track an auth failure for
dictionary attack prevention (per the spec, to prevent an attack by
attempting to authenticate and then powering off the TPM before it can
update the nonvolatile counter).

Add tpmr shutdown to prepare for shutdown (no-op on TPM1).  Invoke it
from poweroff and reboot.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-08 16:20:21 -05:00

19 lines
321 B
Bash
Executable File

#!/bin/bash
. /etc/functions
TRACE "Under /bin/poweroff"
# Shut down TPM
if [ "$CONFIG_TPM" = "y" ]; then
tpmr shutdown
fi
# Sync all mounted filesystems
echo s > /proc/sysrq-trigger
# Remount all mounted filesystems in read-only mode
echo u > /proc/sysrq-trigger
# Shut off the system
echo o > /proc/sysrq-trigger