You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19 lines
867 B
19 lines
867 B
#!/bin/bash
|
|
set -e
|
|
|
|
CRYPTFS=/dev/nvme0n1p3
|
|
|
|
echo "creating secret key"
|
|
dd if=/dev/random of=/root/secret.bin bs=32 count=1
|
|
cryptsetup luksAddKey $CRYPTFS /root/secret.bin
|
|
|
|
echo "Creating TPM Policy with current available PCRs"
|
|
tpm2_clear
|
|
tpm2_createpolicy --policy-pcr -l sha256:0,1,4,5,7 -L /root/policy.digest
|
|
tpm2_createprimary -C e -g sha256 -G ecc256 -c /root/primary.context
|
|
tpm2_create -g sha256 -u /root/obj.pub -r /root/obj.priv -C /root/primary.context -L /root/policy.digest -a "noda|adminwithpolicy|fixedparent|fixedtpm" -i /root/secret.bin
|
|
tpm2_load -C /root/primary.context -u /root/obj.pub -r /root/obj.priv -c /root/load.context
|
|
tpm2_evictcontrol -C o -c /root/load.context 0x81000000
|
|
# tpm2_unseal -c 0x81000000 -p pcr:sha1:0,1,4,5,7 -o /root/test.bin
|
|
rm -f /root/load.context /root/obj.priv /root/obj.pub /root/policy.digest /root/primary.context
|
|
|
|
|