diff options
| -rwxr-xr-x | gentpm.sh | 11 | ||||
| -rwxr-xr-x | tpm2_hook | 11 | ||||
| -rwxr-xr-x | tpm2_install | 6 |
3 files changed, 16 insertions, 12 deletions
@@ -105,12 +105,6 @@ keygen() { _RUN openssl dgst -sha256 -sign $rsapriv -out $sig $policy } -verify() { - _STEP "verifying signer key" - _RUN tpm2_loadexternal -G rsa -C o -u $rsapub -c $rsactx -n $rsaname - _RUN tpm2_verifysignature -c $rsactx -g sha256 -m $policy -s $sig -t $verif -f rsassa -} - getkey() { _RUN tpm2_startauthsession --policy-session -S $session _RUN tpm2_policypcr -l $pcr -S $session @@ -126,7 +120,9 @@ load() { _RUN cp $policy /etc/tpm2/policy _RUN cp $rsaname /etc/tpm2/rsaname - _RUN cp $verif /etc/tpm2/verification + _RUN cp $rsapub /etc/tpm2/rsapub + _RUN cp $rsactx /etc/tpm2/rsactx + _RUN cp $sig /etc/tpm2/rsasig _RUN printf "%s" "$pcr" > /etc/tpm2/pcr _RUN printf "%s" "$keyloc" > /etc/tpm2/keyloc @@ -156,7 +152,6 @@ all() { reset loadvars keygen - verify load crypt cleanup @@ -9,14 +9,18 @@ run_hook() { policy="/etc/tpm2/policy" rsaname="/etc/tpm2/rsaname" - verification="/etc/tpm2/verification" + rsapub="/etc/tpm2/rsapub" + rsasig="/etc/tpm2/rsasig" + rsactx="/etc/tpm2/rsactx" pcr=$(cat /etc/tpm2/pcr) keyloc=$(cat /etc/tpm2/keyloc) - tpmdev="/dev/tpmrm0" - session="/session.ctx" + verification="/verification.tkt" + + tpm2_loadexternal -G rsa -C o -u $rsapub -c $rsactx -n $rsaname 1> /dev/null + tpm2_verifysignature -c $rsactx -g sha256 -m $policy -s $rsasig -t $verification -f rsassa 1> /dev/null tpm2_startauthsession --policy-session -S $session 1> /dev/null tpm2_policypcr -l $pcr -S $session 1> /dev/null @@ -30,6 +34,7 @@ run_hook() { tpm2_flushcontext $session 1> /dev/null rm -f $session + rm -f $verification tpmok=0 if [ $unseal -eq 0 ]; then diff --git a/tpm2_install b/tpm2_install index 5657823..6f79207 100755 --- a/tpm2_install +++ b/tpm2_install @@ -10,12 +10,16 @@ build() { add_binary "/usr/bin/tpm2_flushcontext" add_binary "/usr/bin/tpm2_startauthsession" add_binary "/usr/bin/tpm2_load" + add_binary "/usr/bin/tpm2_loadexternal" + add_binary "/usr/bin/tpm2_verifysignature" add_binary "/usr/lib/libtss2-tcti-device.so.0" add_file "/etc/tpm2/policy" add_file "/etc/tpm2/rsaname" - add_file "/etc/tpm2/verification" + add_file "/etc/tpm2/rsactx" + add_file "/etc/tpm2/rsapub" + add_file "/etc/tpm2/rsasig" add_file "/etc/tpm2/pcr" add_file "/etc/tpm2/keyloc" |