-
Notifications
You must be signed in to change notification settings - Fork 0
/
tpm2.hook
executable file
·65 lines (56 loc) · 1.5 KB
/
tpm2.hook
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/sh
PREREQ=""
prereqs() {
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
find_libdir() {
local libdir=""
# find the multiarch lib dir (for example /lib/x86_64-linux-gnu)
# by finding a directory with libc.so.6.
for d in /lib/$(uname -i)* /lib/* /lib; do
for f in "$d"/libnss_files.so.?; do [ -f "$f" ] && break; done
[ -f "$f" ] && libdir="$d" && break
done
echo ${libdir}
}
add_tss2() {
local libdir="$(find_libdir)" lib="" f="" d=""
if [ -z "$libdir" ]; then
echo "WARNING: no libdir found for adding tss2." 1>&2
return
fi
local found=""
for lib in libtss2-tcti-device; do
found=""
for f in "$libdir/$lib.so".?; do
[ -e "$f" ] || continue
[ "$verbose" = "y" ] && echo "dns: $lib: $f"
copy_file library "$f"
found="$f"
done
[ -n "$found" ] || echo "WARNING: no $libdir/$lib.? file" 1>&2
done
return 0
}
# add necessary modules
manual_add_modules tpm_tis tpm_crb
# copy the files to read the NVRAM and to read the secret
copy_exec "/usr/bin/tpm2_unseal"
copy_exec "/usr/bin/tpm2_load"
copy_exec "/usr/bin/tpm2_nvread"
copy_exec "/usr/bin/tpm2_nvreadlock"
# add tss2 library
add_tss2
# copy configuration
copy_file config /etc/default/luks-tpm-tools
# add mountpoint /boot in initramfs
BOOT_DEV_UUID=$(lsblk -pfln -o UUID,MOUNTPOINT | awk '/boot$/ {print $1}')
mkdir -p "$DESTDIR/boot"
echo "/dev/disk/by-uuid/$BOOT_DEV_UUID /boot ext4 defaults,ro 0 2" >>$DESTDIR/etc/fstab