#!/usr/bin/bash
#
# Copyright (C) 2020  Johannes Kepler University Linz, Institute of Networks and Security
# Copyright (C) 2020  CDL Digidow <https://www.digidow.eu/>
#
# Licensed under the EUPL, Version 1.2 or – as soon they will be approved by
# the European Commission - subsequent versions of the EUPL (the "Licence").
# You may not use this work except in compliance with the Licence.
#
# You should have received a copy of the European Union Public License along
# with this program.  If not, you may obtain a copy of the Licence at:
# <https://joinup.ec.europa.eu/software/page/eupl>
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the Licence is distributed on an "AS IS" basis,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the Licence for the specific language governing permissions and
# limitations under the Licence.
#

echo "Updating TPM Policy with current available PCRs"

set +e
tpm2_evictcontrol -c 0x81000000

set -e
tpm2_flushcontext -t
tpm2_createprimary -C e -g sha256 -G ecc256 -c /root/keys/e-primary.context
tpm2_createpolicy --policy-pcr -l sha256:0,1,2,3,4,5,6,7 -L /root/keys/pcr-policy.digest
tpm2_create -g sha256 -u /root/keys/obj.pub -r /root/keys/obj.priv -C /root/keys/e-primary.context -L /root/keys/pcr-policy.digest -a "noda|adminwithpolicy|fixedparent|fixedtpm" -i /root/keys/fde-secret.bin
tpm2_flushcontext -t
tpm2_load -C /root/keys/e-primary.context -u /root/keys/obj.pub -r /root/keys/obj.priv -c /root/keys/load.context
tpm2_evictcontrol -C o -c /root/keys/load.context 0x81000000
# tpm2_unseal -c 0x81000000 -p pcr:sha1:0,1,2,3,4,5,6,7 -o /root/test.bin #proof that the persistence worked
rm -f /root/keys/load.context /root/keys/obj.priv /root/keys/obj.pub /root/keys/pcr-policy.digest 
tpm2_flushcontext -t