Fix TCTI device regression in tpm2-tools

3 files changed, 12 insertions, 9 deletions

diff --git a/.SRCINFO b/.SRCINFO
index a5e238d76f3c..25068b5ea65d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = mkinitcpio-tpm2-encrypt
 	pkgdesc = mkinitcpio hook that decrypts a TPM2-sealed LUKS keyfile
-	pkgver = 1.2.1
+	pkgver = 1.2.2
 	pkgrel = 1
 	url = https://aur.archlinux.org/packages/mkinitcpio-tpm2-encrypt/
 	arch = any
@@ -11,7 +11,7 @@ pkgbase = mkinitcpio-tpm2-encrypt
 	source = hook_tpm2
 	source = README.md
 	sha256sums = baf4e8d7a5385bdc5dda1a4b8148da510c35d632f27470951ab84c8c82b2e554
-	sha256sums = 389bae75e8e1d4bf63cf4e00a44f879a34416ff64fc0401ada817d1bea182639
+	sha256sums = b48b48b923c5d6033992fd2eda510d050bf529accc94e20de666ae7abe9463f8
 	sha256sums = 153e368c88f6ad45befc6593c7b00995f1656674149d8ec55659ebd6a91a1a51
 
 pkgname = mkinitcpio-tpm2-encrypt
diff --git a/PKGBUILD b/PKGBUILD
index be26b4150a8e..5a461525f3db 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Corey Hinshaw <coreyhinshaw(at)gmail(dot)com>
 
 pkgname=mkinitcpio-tpm2-encrypt
-pkgver=1.2.1
+pkgver=1.2.2
 pkgrel=1
 pkgdesc="mkinitcpio hook that decrypts a TPM2-sealed LUKS keyfile"
 url="https://aur.archlinux.org/packages/mkinitcpio-tpm2-encrypt/"
@@ -12,7 +12,7 @@ source=('install_tpm2'
         'hook_tpm2'
         'README.md')
 sha256sums=('baf4e8d7a5385bdc5dda1a4b8148da510c35d632f27470951ab84c8c82b2e554'
-            '389bae75e8e1d4bf63cf4e00a44f879a34416ff64fc0401ada817d1bea182639'
+            'b48b48b923c5d6033992fd2eda510d050bf529accc94e20de666ae7abe9463f8'
             '153e368c88f6ad45befc6593c7b00995f1656674149d8ec55659ebd6a91a1a51')
 
 package() {
diff --git a/hook_tpm2 b/hook_tpm2
index 7ec139dceaa8..1488b4137986 100644
--- a/hook_tpm2
+++ b/hook_tpm2
@@ -12,8 +12,11 @@ run_hook() {
     tpmkeypub="/tpm_keyfile.pub"
     tpmkeypriv="/tpm_keyfile.priv"
 
-    # Default TPM device
+    # TPM device
     [ -z $tpmdev ] && tpmdev="/dev/tpmrm0"
+    export TPM2TOOLS_ENV_TCTI="device:${tpmdev}"
+    export TPM2TOOLS_TCTI_NAME="device"
+    export TPM2TOOLS_DEVICE_FILE="$tpmdev"
 
     # Parse tpmkey command line argument
     if [ -n "$tpmkey" ]; then
@@ -97,7 +100,7 @@ EOF
         # Load key object if stored on disk
         tpmload=0
         if [ -z "$tpmkeyindex" ]; then
-            tpm2_load -Q -H "$tpmkeyparent" -r "$tpmkeypriv" -u "$tpmkeypub" -C /tpmobject.ctx -T "device:${tpmdev}" >/dev/null 2>&1
+            tpm2_load -Q -H "$tpmkeyparent" -r "$tpmkeypriv" -u "$tpmkeypub" -C /tpmobject.ctx >/dev/null 2>&1
             tpmload=$?
         fi
 
@@ -111,10 +114,10 @@ EOF
             IFS="|"
             for pcrbank in $pcrbanklist; do
                 if [ -n "$tpmkeyindex" ]; then
-                    unsealout=$(tpm2_nvread -Q -x "$tpmkeyindex" -a "$tpmkeyindex" $tpmkeyoffset $tpmkeysize -L "$pcrbank" -f $ckeyfile -T "device:${tpmdev}" 2>&1)
+                    unsealout=$(tpm2_nvread -Q -x "$tpmkeyindex" -a "$tpmkeyindex" $tpmkeyoffset $tpmkeysize -L "$pcrbank" -f $ckeyfile 2>&1)
                     unseal=$?
                 else
-                    unsealout=$(tpm2_unseal -Q -c /tpmobject.ctx -L "$pcrbank" -o "$ckeyfile" -T "device:${tpmdev}" 2>&1)
+                    unsealout=$(tpm2_unseal -Q -c /tpmobject.ctx -L "$pcrbank" -o "$ckeyfile" 2>&1)
                     unseal=$?
                 fi
                 if [ $unseal -eq 0 ]; then break; fi
@@ -155,7 +158,7 @@ EOF
     if [ -n "$pcrextendnum" ] && [ -n "$pcrextendalg" ]; then
         case "$pcrextendalg" in
         sha1|sha224|sha256|sha384|sha512)
-            tpm2_pcrextend -T "device:${tpmdev}" ${pcrextendnum}:${pcrextendalg}=$("${pcrextendalg}sum" /hooks/tpm2 2>/dev/null | cut -f1 -d' ') >/dev/null 2>&1
+            tpm2_pcrextend ${pcrextendnum}:${pcrextendalg}=$("${pcrextendalg}sum" /hooks/tpm2 2>/dev/null | cut -f1 -d' ') >/dev/null 2>&1
             if [ $? -ne 0 ]; then
                 err "Could not extend TPM PCR"
             fi