From ca779a7d11689d1a581b18f5185b3c6c33b1253a Mon Sep 17 00:00:00 2001
From: Michael Preisach <michael.preisach@ins.jku.at>
Date: Sun, 16 Aug 2020 16:21:51 +0000
Subject: [PATCH] added context flushes to minimize used TPM resources

---
 update-luks-tpm.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/update-luks-tpm.sh b/update-luks-tpm.sh
index 87a688a..0451ac5 100755
--- a/update-luks-tpm.sh
+++ b/update-luks-tpm.sh
@@ -2,12 +2,14 @@
 echo "Updating TPM Policy with current available PCRs"
 
 set +e
-tpm2_evictcontrol -C o -c 0x81000000
+tpm2_evictcontrol -c 0x81000000
 
 set -e
+tpm2_flushcontext -t
 tpm2_createprimary -C e -g sha256 -G ecc256 -c /root/keys/e-primary.context
 tpm2_createpolicy --policy-pcr -l sha256:0,1,2,3,4,5,6,7 -L /root/keys/pcr-policy.digest
 tpm2_create -g sha256 -u /root/keys/obj.pub -r /root/keys/obj.priv -C /root/keys/e-primary.context -L /root/keys/pcr-policy.digest -a "noda|adminwithpolicy|fixedparent|fixedtpm" -i /root/keys/fde-secret.bin
+tpm2_flushcontext -t
 tpm2_load -C /root/keys/e-primary.context -u /root/keys/obj.pub -r /root/keys/obj.priv -c /root/keys/load.context
 tpm2_evictcontrol -C o -c /root/keys/load.context 0x81000000
 # tpm2_unseal -c 0x81000000 -p pcr:sha1:0,1,2,3,4,5,6,7 -o /root/test.bin #proof that the persistence worked