-
Notifications
You must be signed in to change notification settings - Fork 0
/
install
executable file
·123 lines (105 loc) · 2.55 KB
/
install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/sh
if [ $(whoami) != "root" ]; then
echo "$0 must be run as root!"
exit 1
fi
get_tpm_version() {
if [ -f /usr/sbin/tpm_nvread ]; then
echo "1"
return 1
elif [ -f /usr/bin/tpm2_nvread ]; then
echo "2"
return 2
else
echo "0"
return 0
fi
}
install_v1() {
# cp luks-tpm/luks-tpm /usr/sbin
# if [ ! -e /etc/default/luks-tpm ]; then cp luks-tpm/default /etc/default/luks-tpm; fi
chmod +x key_* tpm.*
cp key_recovery /usr/sbin
cp key_seal /usr/sbin
cp key_backup /usr/sbin
cp key_read /usr/sbin
cp tpm.hook /usr/share/initramfs-tools/hooks/tpm
cp tpm.init-premount /usr/share/initramfs-tools/scripts/init-premount/tpm
}
uninstall_v1() {
rm /usr/sbin/key_recovery
rm /usr/sbin/key_seal
rm /usr/sbin/key_backup
rm /usr/sbin/key_read
rm /usr/share/initramfs-tools/hooks/tpm
rm /usr/share/initramfs-tools/scripts/init-premount/tpm
}
install_v2() {
chmod +x key_* tpm2.*
cp key_recovery /usr/sbin
cp key_seal /usr/sbin
cp key_backup /usr/sbin
cp key_read /usr/sbin
cp tpm2.hook /usr/share/initramfs-tools/hooks/tpm2
}
uninstall_v2() {
rm /usr/sbin/key_recovery
rm /usr/sbin/key_seal
rm /usr/sbin/key_backup
rm /usr/sbin/key_read
rm /usr/share/initramfs-tools/hooks/tpm2
}
install_common() {
if [ ! -f /etc/default/luks-tpm-tools ]; then
cp default /etc/default/luks-tpm-tools
fi
if [ $PCRS ]; then
sed -i 's|^[#\s]*\(TPM_PCRS=\).*$|\1"'"$PCRS"'"|' /etc/default/luks-tpm-tools
fi
if ! grep keyscript </etc/crypttab >/dev/null 2>&1; then
sed -i 's|none|(keyscript)|;s|$|,keyscript=/usr/sbin/key_read|' /etc/crypttab
else
sed -i 's|none|(keyscript)|;s|keyscript=\([^,]*\)|keyscript=/usr/sbin/key_read|' /etc/crypttab
fi
update-initramfs -u
}
uninstall_common() {
if [ "$MODE" = "purge" ]; then
rm /etc/default/luks-tpm-tools
fi
sed -i 's|(keyscript)|none|;s|,keyscript=/usr/sbin/key_read||' /etc/crypttab
update-initramfs -u
}
global_variables() {
VERSION=$(get_tpm_version)
MODE='install'
case "$1" in
-u|--uninstall)
MODE='uninstall'
;;
-p|--purge)
# will also remove all configurations.
MODE='purge'
;;
--pcrs)
PCRS="$2"
;;
*)
;;
esac
}
main() {
global_variables "$@"
if [ $VERSION = 0 ]; then
echo "You have to install any 'tpm*-tools' coording to your TPM hardware."
exit 1
fi
if [ $MODE = "install" ]; then
(install_v${VERSION})
install_common
elif [ $MODE = 'uninstall' -o $MODE = 'purge' ]; then
(uninstall_v${VERSION})
uninstall_common
fi
}
main "$@"