mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-18 20:47:55 +00:00
30 lines
559 B
Bash
Executable File
30 lines
559 B
Bash
Executable File
#!/bin/sh
|
|
# Retrieve the sealed file from the NVRAM, unseal it and compute the totp
|
|
|
|
. /etc/functions
|
|
|
|
TOTP_SEALED="/tmp/secret/totp.sealed"
|
|
TOTP_SECRET="/tmp/secret/totp.key"
|
|
|
|
tpm nv_readvalue \
|
|
-in 4d47 \
|
|
-sz 312 \
|
|
-of "$TOTP_SEALED" \
|
|
|| die "Unable to retrieve sealed file from TPM NV"
|
|
|
|
tpm unsealfile \
|
|
-hk 40000000 \
|
|
-if "$TOTP_SEALED" \
|
|
-of "$TOTP_SECRET" \
|
|
|| die "Unable to unseal totp secret"
|
|
|
|
rm -f "$TOTP_SEALED"
|
|
|
|
if ! totp -q < "$TOTP_SECRET"; then
|
|
rm -f "$TOTP_SECRET"
|
|
die 'Unable to compute TOTP hash?'
|
|
fi
|
|
|
|
rm -f "$TOTP_SECRET"
|
|
exit 0
|