3 changed files with 38 additions and 0 deletions
@ -0,0 +1,9 @@ |
|||||
|
!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ |
||||
|
!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ |
||||
|
!_TAG_OUTPUT_FILESEP slash /slash or backslash/ |
||||
|
!_TAG_OUTPUT_MODE u-ctags /u-ctags or e-ctags/ |
||||
|
!_TAG_PROGRAM_AUTHOR Universal Ctags Team // |
||||
|
!_TAG_PROGRAM_NAME Universal Ctags /Derived from Exuberant Ctags/ |
||||
|
!_TAG_PROGRAM_URL https://ctags.io/ /official site/ |
||||
|
!_TAG_PROGRAM_VERSION 0.0.0 /a3c87ab5/ |
||||
|
trustedboot README.md /^# trustedboot$/;" c |
||||
@ -0,0 +1,16 @@ |
|||||
|
#!/usr/bin/bash |
||||
|
set -e |
||||
|
PARTITION_ROOT=/dev/mapper/ubuntu--vg-ubuntu--lv |
||||
|
mkdir -p /boot/efi/EFI/Linux |
||||
|
update-initramfs -u -k all |
||||
|
LATEST=`ls -t /boot/vmlinuz* | head -1` |
||||
|
VERSION=`file -bL $LATEST | grep -o 'version [^ ]*' | cut -d ' ' -f 2` |
||||
|
# echo "/vmlinuz-$VERSION root=/dev/mapper/vg-root rw loglevel=3 cryptdevice=PARTUUID=$(blkid -o value $PARTITION_ROOT | tail -n 1):lvm:allow-discards rd.luks.options=discard" > /boot/kernel-command-line.txt #Arch command line |
||||
|
echo "/vmlinuz-$VERSION root=$PARTITION_ROOT ro" > /boot/kernel-command-line.txt #Ubuntu command line |
||||
|
objcopy \ |
||||
|
--add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \ |
||||
|
--add-section .cmdline="/boot/kernel-command-line.txt" --change-section-vma .cmdline=0x30000 \ |
||||
|
--add-section .linux="/boot/vmlinuz-$VERSION" --change-section-vma .linux=0x40000 \ |
||||
|
--add-section .initrd="/boot/initrd.img-$VERSION" --change-section-vma .initrd=0x3000000 \ |
||||
|
"/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "/boot/efi/EFI/Linux/Linux.efi" |
||||
|
cp -v /boot/efi/EFI/Linux/Linux.efi /boot/efi/EFI/BOOT/BOOTX64.EFI |
||||
@ -0,0 +1,13 @@ |
|||||
|
#!/usr/bin/bash |
||||
|
set -e |
||||
|
|
||||
|
echo "Updating TPM Policy with current available PCRs" |
||||
|
tpm2_evictcontrol -C o -c 0x81000000 |
||||
|
tpm2_createpolicy --policy-pcr -l sha256:0,1,4,5,7 -L /root/policy.digest |
||||
|
tpm2_createprimary -C e -g sha256 -G ecc256 -c /root/primary.context |
||||
|
tpm2_create -g sha256 -u /root/obj.pub -r /root/obj.priv -C /root/primary.context -L /root/policy.digest -a "noda|adminwithpolicy|fixedparent|fixedtpm" -i /root/secret.bin |
||||
|
tpm2_load -C /root/primary.context -u /root/obj.pub -r /root/obj.priv -c /root/load.context |
||||
|
tpm2_evictcontrol -C o -c /root/load.context 0x81000000 |
||||
|
# tpm2_unseal -c 0x81000000 -p pcr:sha1:0,1,4,5,7 -o /root/test.bin |
||||
|
rm -f /root/load.context /root/obj.priv /root/obj.pub /root/policy.digest /root/primary.context |
||||
|
chmod 400 /root/secret.bin |
||||
Loading…
Reference in new issue