mirror of
https://github.com/linuxboot/heads.git
synced 2025-02-01 08:47:58 +00:00
8259d3ca1e
- Add TRACE function tracing output under etc/functions, depending on CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT enabled in board configs - Replace current DEBUG to TRACE calls in code, reserving DEBUG calls for more verbose debugging later on (output of variables etc) - add 'export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y' in qemu-coreboot(fb)whiptail-tpm1(-hotp) boards to see it in action
32 lines
666 B
Bash
Executable File
32 lines
666 B
Bash
Executable File
#!/bin/sh
|
|
# Retrieve the sealed file from the NVRAM, unseal it and compute the totp
|
|
|
|
. /etc/functions
|
|
|
|
TOTP_SEALED="/tmp/secret/totp.sealed"
|
|
TOTP_SECRET="/tmp/secret/totp.key"
|
|
|
|
TRACE "Under /bin/unseal-totp"
|
|
|
|
tpm nv_readvalue \
|
|
-in 4d47 \
|
|
-sz 312 \
|
|
-of "$TOTP_SEALED" \
|
|
|| die "Unable to retrieve sealed file from TPM NV"
|
|
|
|
tpm unsealfile \
|
|
-hk 40000000 \
|
|
-if "$TOTP_SEALED" \
|
|
-of "$TOTP_SECRET" \
|
|
|| die "Unable to unseal totp secret"
|
|
|
|
shred -n 10 -z -u "$TOTP_SEALED" 2> /dev/null
|
|
|
|
if ! totp -q < "$TOTP_SECRET"; then
|
|
shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
|
|
die 'Unable to compute TOTP hash?'
|
|
fi
|
|
|
|
shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
|
|
exit 0
|