diff options
| author | Freya Murphy <freya@freyacat.org> | 2023-12-09 14:24:58 -0500 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2023-12-09 14:24:58 -0500 |
| commit | c602e69b18f746b714864d906831f5391bf62e42 (patch) | |
| tree | 5a67914d6de77bb30cebbc3465f02af8ab339507 /tpm2_hook | |
| parent | initial (diff) | |
| download | luks-tpm-c602e69b18f746b714864d906831f5391bf62e42.tar.gz luks-tpm-c602e69b18f746b714864d906831f5391bf62e42.tar.bz2 luks-tpm-c602e69b18f746b714864d906831f5391bf62e42.zip | |
verify signature at runtime not gentime
Diffstat (limited to 'tpm2_hook')
| -rwxr-xr-x | tpm2_hook | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -9,14 +9,18 @@ run_hook() { policy="/etc/tpm2/policy" rsaname="/etc/tpm2/rsaname" - verification="/etc/tpm2/verification" + rsapub="/etc/tpm2/rsapub" + rsasig="/etc/tpm2/rsasig" + rsactx="/etc/tpm2/rsactx" pcr=$(cat /etc/tpm2/pcr) keyloc=$(cat /etc/tpm2/keyloc) - tpmdev="/dev/tpmrm0" - session="/session.ctx" + verification="/verification.tkt" + + tpm2_loadexternal -G rsa -C o -u $rsapub -c $rsactx -n $rsaname 1> /dev/null + tpm2_verifysignature -c $rsactx -g sha256 -m $policy -s $rsasig -t $verification -f rsassa 1> /dev/null tpm2_startauthsession --policy-session -S $session 1> /dev/null tpm2_policypcr -l $pcr -S $session 1> /dev/null @@ -30,6 +34,7 @@ run_hook() { tpm2_flushcontext $session 1> /dev/null rm -f $session + rm -f $verification tpmok=0 if [ $unseal -eq 0 ]; then |