luc/zlevis
1
1
Fork 0
Code Issues Pull requests Releases 5 Wiki Activity

Removed minor bugs and improved usage information in zlevis-encrypt.

Browse source
This commit is contained in:
Luc Bijl 2024-11-17 19:03:13 +01:00
parent f830d0f5ab
commit 03a5bbb821
1 changed files with 8 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/zlevis-encrypt
View file

@ -9,12 +9,6 @@ summary="Encrypts using a TPM2.0 chip binding policy."
# TPM2.0 owner hierarchy to be used by the Operating System # TPM2.0 owner hierarchy to be used by the Operating System
auth="o" auth="o"
# Algorithm type for the TPM2 object with user-provided sensitive data
alg_create_key="keyedhash"
# Policy options for the TPM2 object
policy_options=""
# Attributes for the created TPM2 object with the JWK as sensitive data # Attributes for the created TPM2 object with the JWK as sensitive data
obj_attr="fixedtpm|fixedparent|noda|adminwithpolicy" obj_attr="fixedtpm|fixedparent|noda|adminwithpolicy"
@ -27,7 +21,11 @@ fi
# Display usage information if input is from a terminal # Display usage information if input is from a terminal
if [ -t 0 ]; then if [ -t 0 ]; then
exec >&2 exec >&2
echo "Usage: zlevis-encrypt '{\"property\":\"value\"}' < tank.key > tank.jwe" echo
echo "Usage: \"zlevis-encrypt '{\"property\":\"value\"}' < file.key > file.jwe\""
echo
echo "Usage ZFS: \"zfs set tpm:jwe=\$(zlevis-encrypt '{\"property\":\"value\"}' < tank.key) <pool>\""
echo
echo echo
echo "$summary" echo "$summary"
echo echo
@ -53,7 +51,7 @@ validate_pcrs() {
_pcrs_r="" _pcrs_r=""
case "${_tpm2_tools_v}" in case "${_tpm2_tools_v}" in
4|5) _pcrs_r=$(tpm2_pcrread "${_pcr_bank}":"${_pcrs}" | grep -v " ${_pcr_bank}") || _fail=$?;; 4|5) _pcrs_r=$(tpm2_pcrread "${_pcr_bank}":"${_pcrs}" | grep -v " ${_pcr_bank}") || _fail=$?;;
*) _fail=1 *) _fail=1;;
esac esac
# Check for errors in PCR validation # Check for errors in PCR validation
@ -76,13 +74,12 @@ on_exit() {
tpm2tools_version=$(tpm2_createprimary -v | awk -F'version="' '{print $2}' | awk -F'.' '{print $1}') tpm2tools_version=$(tpm2_createprimary -v | awk -F'version="' '{print $2}' | awk -F'.' '{print $1}')
# Check if the tpm2-tools version is supported # Check if the tpm2-tools version is supported
if [ -z "$tpm2tools_version" ] || [ $tpm2tools_version -lt 4 ] || [ $tpm2tools_version -gt 5 ]; then if [ -z "$tpm2tools_version" ] || [ "$tpm2tools_version" -lt 4 ] || [ "$tpm2tools_version" -gt 5 ]; then
echo "The tpm2 pin requires a tpm2-tools version between 4 and 5" echo "The tpm2 pin requires a tpm2-tools version between 4 and 5"
exit 1 exit 1
fi fi
# Create a temporary directory for TPM files # Create a temporary directory for TPM files
mkdir -p "${tmpdir:-/tmp}"
if ! tmp="$(mktemp -d)"; then if ! tmp="$(mktemp -d)"; then
echo "Creating a temporary dir for TPM files failed" >&2 echo "Creating a temporary dir for TPM files failed" >&2
exit 1 exit 1
@ -162,6 +159,7 @@ fi
tpm2_flushcontext -t tpm2_flushcontext -t
# Handle PCRs and policy creation if PCR IDs are provided # Handle PCRs and policy creation if PCR IDs are provided
policy_options=""
if [ -n "$pcr_ids" ]; then if [ -n "$pcr_ids" ]; then
if [ -z "$pcr_digest" ]; then if [ -z "$pcr_digest" ]; then
case "$tpm2tools_version" in case "$tpm2tools_version" in