diff options
| author | Freya Murphy <freya@freyacat.org> | 2023-12-09 14:24:58 -0500 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2023-12-09 14:24:58 -0500 |
| commit | c602e69b18f746b714864d906831f5391bf62e42 (patch) | |
| tree | 5a67914d6de77bb30cebbc3465f02af8ab339507 /gentpm.sh | |
| parent | initial (diff) | |
| download | luks-tpm-c602e69b18f746b714864d906831f5391bf62e42.tar.gz luks-tpm-c602e69b18f746b714864d906831f5391bf62e42.tar.bz2 luks-tpm-c602e69b18f746b714864d906831f5391bf62e42.zip | |
verify signature at runtime not gentime
Diffstat (limited to 'gentpm.sh')
| -rwxr-xr-x | gentpm.sh | 11 |
1 files changed, 3 insertions, 8 deletions
@@ -105,12 +105,6 @@ keygen() { _RUN openssl dgst -sha256 -sign $rsapriv -out $sig $policy } -verify() { - _STEP "verifying signer key" - _RUN tpm2_loadexternal -G rsa -C o -u $rsapub -c $rsactx -n $rsaname - _RUN tpm2_verifysignature -c $rsactx -g sha256 -m $policy -s $sig -t $verif -f rsassa -} - getkey() { _RUN tpm2_startauthsession --policy-session -S $session _RUN tpm2_policypcr -l $pcr -S $session @@ -126,7 +120,9 @@ load() { _RUN cp $policy /etc/tpm2/policy _RUN cp $rsaname /etc/tpm2/rsaname - _RUN cp $verif /etc/tpm2/verification + _RUN cp $rsapub /etc/tpm2/rsapub + _RUN cp $rsactx /etc/tpm2/rsactx + _RUN cp $sig /etc/tpm2/rsasig _RUN printf "%s" "$pcr" > /etc/tpm2/pcr _RUN printf "%s" "$keyloc" > /etc/tpm2/keyloc @@ -156,7 +152,6 @@ all() { reset loadvars keygen - verify load crypt cleanup |