Removed minor bugs and improved usage information in zlevis-encrypt.
This commit is contained in:
parent
f830d0f5ab
commit
03a5bbb821
1 changed files with 8 additions and 10 deletions
|
|
@ -9,12 +9,6 @@ summary="Encrypts using a TPM2.0 chip binding policy."
|
|||
# TPM2.0 owner hierarchy to be used by the Operating System
|
||||
auth="o"
|
||||
|
||||
# Algorithm type for the TPM2 object with user-provided sensitive data
|
||||
alg_create_key="keyedhash"
|
||||
|
||||
# Policy options for the TPM2 object
|
||||
policy_options=""
|
||||
|
||||
# Attributes for the created TPM2 object with the JWK as sensitive data
|
||||
obj_attr="fixedtpm|fixedparent|noda|adminwithpolicy"
|
||||
|
||||
|
|
@ -27,7 +21,11 @@ fi
|
|||
# Display usage information if input is from a terminal
|
||||
if [ -t 0 ]; then
|
||||
exec >&2
|
||||
echo "Usage: zlevis-encrypt '{\"property\":\"value\"}' < tank.key > tank.jwe"
|
||||
echo
|
||||
echo "Usage: \"zlevis-encrypt '{\"property\":\"value\"}' < file.key > file.jwe\""
|
||||
echo
|
||||
echo "Usage ZFS: \"zfs set tpm:jwe=\$(zlevis-encrypt '{\"property\":\"value\"}' < tank.key) <pool>\""
|
||||
echo
|
||||
echo
|
||||
echo "$summary"
|
||||
echo
|
||||
|
|
@ -53,7 +51,7 @@ validate_pcrs() {
|
|||
_pcrs_r=""
|
||||
case "${_tpm2_tools_v}" in
|
||||
4|5) _pcrs_r=$(tpm2_pcrread "${_pcr_bank}":"${_pcrs}" | grep -v " ${_pcr_bank}") || _fail=$?;;
|
||||
*) _fail=1
|
||||
*) _fail=1;;
|
||||
esac
|
||||
|
||||
# Check for errors in PCR validation
|
||||
|
|
@ -76,13 +74,12 @@ on_exit() {
|
|||
tpm2tools_version=$(tpm2_createprimary -v | awk -F'version="' '{print $2}' | awk -F'.' '{print $1}')
|
||||
|
||||
# Check if the tpm2-tools version is supported
|
||||
if [ -z "$tpm2tools_version" ] || [ $tpm2tools_version -lt 4 ] || [ $tpm2tools_version -gt 5 ]; then
|
||||
if [ -z "$tpm2tools_version" ] || [ "$tpm2tools_version" -lt 4 ] || [ "$tpm2tools_version" -gt 5 ]; then
|
||||
echo "The tpm2 pin requires a tpm2-tools version between 4 and 5"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Create a temporary directory for TPM files
|
||||
mkdir -p "${tmpdir:-/tmp}"
|
||||
if ! tmp="$(mktemp -d)"; then
|
||||
echo "Creating a temporary dir for TPM files failed" >&2
|
||||
exit 1
|
||||
|
|
@ -162,6 +159,7 @@ fi
|
|||
tpm2_flushcontext -t
|
||||
|
||||
# Handle PCRs and policy creation if PCR IDs are provided
|
||||
policy_options=""
|
||||
if [ -n "$pcr_ids" ]; then
|
||||
if [ -z "$pcr_digest" ]; then
|
||||
case "$tpm2tools_version" in
|
||||
|
|
|
|||
Loading…
Reference in a new issue