summarylogtreecommitdiffstats
path: root/install_tpm2
diff options
context:
space:
mode:
Diffstat (limited to 'install_tpm2')
-rw-r--r--install_tpm262
1 files changed, 0 insertions, 62 deletions
diff --git a/install_tpm2 b/install_tpm2
deleted file mode 100644
index e084c41d3731..000000000000
--- a/install_tpm2
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/bin/bash
-
-build() {
- add_module "tpm_tis"
- add_module "tpm_crb"
-
- add_binary "/usr/bin/tpm2_unseal"
- add_binary "/usr/bin/tpm2_load"
- add_binary "/usr/bin/tpm2_nvread"
- add_binary "/usr/bin/tpm2_pcrextend"
- add_binary "/usr/bin/sha1sum"
- add_binary "/usr/bin/sha224sum"
- add_binary "/usr/bin/sha256sum"
- add_binary "/usr/bin/sha384sum"
- add_binary "/usr/bin/sha512sum"
-
- add_binary "/usr/lib/libtss2-tcti-device.so.0"
-
- add_runscript
-}
-
-
-help() {
- cat <<HELPEOF
-This hook allows for an encrypted root device to use a key sealed by a
-TPM 2.0. It should be placed immediately before the 'encrypt' hook. After
-generating a TPM-sealed key, both 'tpmkey' and 'tpmpcr' should be
-specified on the kernel command line.
-
-'tpmkey' has several formats:
-
- tpmkey=[device]:[path]:[handle]
- tpmkey=[device]:[publicpath]:[privatepath]:[handle]
- tpmkey=nvram:[index]
- tpmkey=nvram:[index]:[offset]:[size]
-
-Where [device] represents the raw block device on which the key exists,
-[path] is the absolute base path of the keyfiles within the device, and
-[handle] is the TPM handle of the key's parent object. If only [path] is
-specified, '.pub' and '.priv' will be appended to the path to locate the
-public and private files, respectively. The absolute [publicpath] and
-[privatepath] can be specified separately if needed.
-
-Setting [device] to 'nvram' indicates that the key is stored in TPM NVRAM.
-In this case [index] is the NVRAM area index, [offset] is the offset of
-the key in bytes and [size] is the size of the key in bytes.
-
-'tpmpcr' should hold the TPM2 PCR bank specification that will unlock the
-sealed key. Multiple specs can be separated by a '|' and key decryption
-will be attempted with each set of banks.
-
-The first PCR bank spec may be used to indicate a PCR to extend after
-unsealing the key.
-
-If the 'tpmprompt' command line parameter is set, the user will be
-prompted for the parent encryption key password during boot. This password
-will be used while loading the sealed key. This option has no effect when
-the key is stored in NVRAM. Ex: tpmprompt=1
-HELPEOF
-}
-
-# vim: set ft=sh ts=4 sw=4 et: