diff options
author | Corey Hinshaw | 2018-11-30 14:41:06 -0500 |
---|---|---|
committer | Corey Hinshaw | 2018-11-30 14:41:06 -0500 |
commit | 01b446c5cdd5da72a485fff342eaf25527956692 (patch) | |
tree | 78d6290f7eb3df417b68361de352e460b92e95bd | |
parent | 22e847f53080db5c11f8391273e2f28a21c596d4 (diff) | |
download | aur-01b446c5cdd5da72a485fff342eaf25527956692.tar.gz |
Fix TCTI device regression in tpm2-tools
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 4 | ||||
-rw-r--r-- | hook_tpm2 | 13 |
3 files changed, 12 insertions, 9 deletions
@@ -1,6 +1,6 @@ pkgbase = mkinitcpio-tpm2-encrypt pkgdesc = mkinitcpio hook that decrypts a TPM2-sealed LUKS keyfile - pkgver = 1.2.1 + pkgver = 1.2.2 pkgrel = 1 url = https://aur.archlinux.org/packages/mkinitcpio-tpm2-encrypt/ arch = any @@ -11,7 +11,7 @@ pkgbase = mkinitcpio-tpm2-encrypt source = hook_tpm2 source = README.md sha256sums = baf4e8d7a5385bdc5dda1a4b8148da510c35d632f27470951ab84c8c82b2e554 - sha256sums = 389bae75e8e1d4bf63cf4e00a44f879a34416ff64fc0401ada817d1bea182639 + sha256sums = b48b48b923c5d6033992fd2eda510d050bf529accc94e20de666ae7abe9463f8 sha256sums = 153e368c88f6ad45befc6593c7b00995f1656674149d8ec55659ebd6a91a1a51 pkgname = mkinitcpio-tpm2-encrypt @@ -1,7 +1,7 @@ # Maintainer: Corey Hinshaw <coreyhinshaw(at)gmail(dot)com> pkgname=mkinitcpio-tpm2-encrypt -pkgver=1.2.1 +pkgver=1.2.2 pkgrel=1 pkgdesc="mkinitcpio hook that decrypts a TPM2-sealed LUKS keyfile" url="https://aur.archlinux.org/packages/mkinitcpio-tpm2-encrypt/" @@ -12,7 +12,7 @@ source=('install_tpm2' 'hook_tpm2' 'README.md') sha256sums=('baf4e8d7a5385bdc5dda1a4b8148da510c35d632f27470951ab84c8c82b2e554' - '389bae75e8e1d4bf63cf4e00a44f879a34416ff64fc0401ada817d1bea182639' + 'b48b48b923c5d6033992fd2eda510d050bf529accc94e20de666ae7abe9463f8' '153e368c88f6ad45befc6593c7b00995f1656674149d8ec55659ebd6a91a1a51') package() { diff --git a/hook_tpm2 b/hook_tpm2 index 7ec139dceaa8..1488b4137986 100644 --- a/hook_tpm2 +++ b/hook_tpm2 @@ -12,8 +12,11 @@ run_hook() { tpmkeypub="/tpm_keyfile.pub" tpmkeypriv="/tpm_keyfile.priv" - # Default TPM device + # TPM device [ -z $tpmdev ] && tpmdev="/dev/tpmrm0" + export TPM2TOOLS_ENV_TCTI="device:${tpmdev}" + export TPM2TOOLS_TCTI_NAME="device" + export TPM2TOOLS_DEVICE_FILE="$tpmdev" # Parse tpmkey command line argument if [ -n "$tpmkey" ]; then @@ -97,7 +100,7 @@ EOF # Load key object if stored on disk tpmload=0 if [ -z "$tpmkeyindex" ]; then - tpm2_load -Q -H "$tpmkeyparent" -r "$tpmkeypriv" -u "$tpmkeypub" -C /tpmobject.ctx -T "device:${tpmdev}" >/dev/null 2>&1 + tpm2_load -Q -H "$tpmkeyparent" -r "$tpmkeypriv" -u "$tpmkeypub" -C /tpmobject.ctx >/dev/null 2>&1 tpmload=$? fi @@ -111,10 +114,10 @@ EOF IFS="|" for pcrbank in $pcrbanklist; do if [ -n "$tpmkeyindex" ]; then - unsealout=$(tpm2_nvread -Q -x "$tpmkeyindex" -a "$tpmkeyindex" $tpmkeyoffset $tpmkeysize -L "$pcrbank" -f $ckeyfile -T "device:${tpmdev}" 2>&1) + unsealout=$(tpm2_nvread -Q -x "$tpmkeyindex" -a "$tpmkeyindex" $tpmkeyoffset $tpmkeysize -L "$pcrbank" -f $ckeyfile 2>&1) unseal=$? else - unsealout=$(tpm2_unseal -Q -c /tpmobject.ctx -L "$pcrbank" -o "$ckeyfile" -T "device:${tpmdev}" 2>&1) + unsealout=$(tpm2_unseal -Q -c /tpmobject.ctx -L "$pcrbank" -o "$ckeyfile" 2>&1) unseal=$? fi if [ $unseal -eq 0 ]; then break; fi @@ -155,7 +158,7 @@ EOF if [ -n "$pcrextendnum" ] && [ -n "$pcrextendalg" ]; then case "$pcrextendalg" in sha1|sha224|sha256|sha384|sha512) - tpm2_pcrextend -T "device:${tpmdev}" ${pcrextendnum}:${pcrextendalg}=$("${pcrextendalg}sum" /hooks/tpm2 2>/dev/null | cut -f1 -d' ') >/dev/null 2>&1 + tpm2_pcrextend ${pcrextendnum}:${pcrextendalg}=$("${pcrextendalg}sum" /hooks/tpm2 2>/dev/null | cut -f1 -d' ') >/dev/null 2>&1 if [ $? -ne 0 ]; then err "Could not extend TPM PCR" fi |