diff options
Diffstat (limited to 'hook_tpm2')
| -rw-r--r-- | hook_tpm2 | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/hook_tpm2 b/hook_tpm2 index 7ec139dceaa8..1488b4137986 100644 --- a/hook_tpm2 +++ b/hook_tpm2 @@ -12,8 +12,11 @@ run_hook() { tpmkeypub="/tpm_keyfile.pub" tpmkeypriv="/tpm_keyfile.priv" - # Default TPM device + # TPM device [ -z $tpmdev ] && tpmdev="/dev/tpmrm0" + export TPM2TOOLS_ENV_TCTI="device:${tpmdev}" + export TPM2TOOLS_TCTI_NAME="device" + export TPM2TOOLS_DEVICE_FILE="$tpmdev" # Parse tpmkey command line argument if [ -n "$tpmkey" ]; then @@ -97,7 +100,7 @@ EOF # Load key object if stored on disk tpmload=0 if [ -z "$tpmkeyindex" ]; then - tpm2_load -Q -H "$tpmkeyparent" -r "$tpmkeypriv" -u "$tpmkeypub" -C /tpmobject.ctx -T "device:${tpmdev}" >/dev/null 2>&1 + tpm2_load -Q -H "$tpmkeyparent" -r "$tpmkeypriv" -u "$tpmkeypub" -C /tpmobject.ctx >/dev/null 2>&1 tpmload=$? fi @@ -111,10 +114,10 @@ EOF IFS="|" for pcrbank in $pcrbanklist; do if [ -n "$tpmkeyindex" ]; then - unsealout=$(tpm2_nvread -Q -x "$tpmkeyindex" -a "$tpmkeyindex" $tpmkeyoffset $tpmkeysize -L "$pcrbank" -f $ckeyfile -T "device:${tpmdev}" 2>&1) + unsealout=$(tpm2_nvread -Q -x "$tpmkeyindex" -a "$tpmkeyindex" $tpmkeyoffset $tpmkeysize -L "$pcrbank" -f $ckeyfile 2>&1) unseal=$? else - unsealout=$(tpm2_unseal -Q -c /tpmobject.ctx -L "$pcrbank" -o "$ckeyfile" -T "device:${tpmdev}" 2>&1) + unsealout=$(tpm2_unseal -Q -c /tpmobject.ctx -L "$pcrbank" -o "$ckeyfile" 2>&1) unseal=$? fi if [ $unseal -eq 0 ]; then break; fi @@ -155,7 +158,7 @@ EOF if [ -n "$pcrextendnum" ] && [ -n "$pcrextendalg" ]; then case "$pcrextendalg" in sha1|sha224|sha256|sha384|sha512) - tpm2_pcrextend -T "device:${tpmdev}" ${pcrextendnum}:${pcrextendalg}=$("${pcrextendalg}sum" /hooks/tpm2 2>/dev/null | cut -f1 -d' ') >/dev/null 2>&1 + tpm2_pcrextend ${pcrextendnum}:${pcrextendalg}=$("${pcrextendalg}sum" /hooks/tpm2 2>/dev/null | cut -f1 -d' ') >/dev/null 2>&1 if [ $? -ne 0 ]; then err "Could not extend TPM PCR" fi |