mirror of
https://github.com/linuxboot/heads.git
synced 2025-02-21 09:31:51 +00:00
d51993b6a9
Use common password prompt logic in tpm-reset rather than duplicating in tpmr reset. Use common logic in config-gui.sh to reset the TPM. Use common logic in oem-factory-reset to reset TPM. Fixes extra prompts for TPM2 owner password even when choosing to use a common password. Fix sense of "NO TPM" check in TOTP generation (which only happened to work because CONFIG_TPM is empty for TPM2). Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
41 lines
854 B
Bash
Executable File
41 lines
854 B
Bash
Executable File
#!/bin/bash
|
|
. /etc/functions
|
|
|
|
echo '*****'
|
|
echo '***** WARNING: This will erase all keys and secrets from the TPM'
|
|
echo '*****'
|
|
|
|
read -s -p "New TPM owner password: " key_password
|
|
echo
|
|
|
|
if [ -z "$key_password" ]; then
|
|
die "Empty owner password is not allowed"
|
|
fi
|
|
|
|
read -s -p "Repeat owner password: " key_password2
|
|
echo
|
|
|
|
|
|
if [ "$key_password" != "$key_password2" ]; then
|
|
die "Key passwords do not match"
|
|
fi
|
|
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
|
# Make sure the TPM is ready to be reset
|
|
tpm physicalpresence -s
|
|
tpm physicalenable
|
|
tpm physicalsetdeactivated -c
|
|
tpm forceclear
|
|
tpm physicalenable
|
|
tpm takeown -pwdo "$key_password"
|
|
|
|
# And now turn it all back on
|
|
tpm physicalpresence -s
|
|
tpm physicalenable
|
|
tpm physicalsetdeactivated -c
|
|
fi
|
|
|
|
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
|
tpmr reset "$key_password"
|
|
fi
|