Compare commits
4 commits
3344160e52
...
d6376c2672
| Author | SHA1 | Date | |
|---|---|---|---|
| d6376c2672 | |||
| 1bb31363c1 | |||
| 0454a9c388 | |||
| 788a251e6b |
4 changed files with 43 additions and 7 deletions
|
|
@ -1,14 +1,17 @@
|
|||
# Find scripts
|
||||
main = find_program('zlevis')
|
||||
encrypt = find_program('zlevis-encrypt')
|
||||
decrypt = find_program('zlevis-decrypt')
|
||||
fetch = find_program('zlevis-fetch')
|
||||
|
||||
# Test the scripts
|
||||
test('zlevis', main, args: '--summary')
|
||||
test('zlevis-encrypt', encrypt, args: '--summary')
|
||||
test('zlevis-decrypt', decrypt, args: '--summary')
|
||||
test('zlevis-fetch', fetch, args: '--summary')
|
||||
|
||||
# Add paths of scripts to bins
|
||||
bins += join_paths(meson.current_source_dir(), 'zlevis')
|
||||
bins += join_paths(meson.current_source_dir(), 'zlevis-encrypt')
|
||||
bins += join_paths(meson.current_source_dir(), 'zlevis-decrypt')
|
||||
bins += join_paths(meson.current_source_dir(), 'zlevis-fetch')
|
||||
39
src/zlevis
Normal file
39
src/zlevis
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Exit immediately if a command exits with a non-zero status
|
||||
set -e
|
||||
|
||||
# Summary of the script's functionality
|
||||
summary="A tool that enables automatic decryption of ZFS rpools with TPM2"
|
||||
|
||||
# Display summary if requested
|
||||
if [ "$1" = "--summary" ]; then
|
||||
echo "$summary"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Display usage information if input is from a terminal
|
||||
if [ -t 0 ]; then
|
||||
exec >&2
|
||||
echo "Usage: zlevis {decrypt|encrypt} {pool|*} [options]"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
case "$1" in
|
||||
decrypt)
|
||||
case "$2" in
|
||||
pool) zfs list -Ho tpm:jwe $3 | zlevis-decrypt;;
|
||||
*) zlevis-decrypt $2;;
|
||||
esac
|
||||
;;
|
||||
encrypt)
|
||||
case "$2" in
|
||||
pool) read -r -d . key || zfs set tpm:jwe=$(printf "%s" "$key" | zlevis-encrypt $4) $3;;
|
||||
*) zlevis-encrypt $2;;
|
||||
esac
|
||||
;;
|
||||
*) exit 1;;
|
||||
esac
|
||||
|
||||
# Exit with the status of the last command
|
||||
exit $?
|
||||
|
|
@ -18,10 +18,7 @@ fi
|
|||
# Display usage information if input is from a terminal
|
||||
if [ -t 0 ]; then
|
||||
exec >&2
|
||||
echo "$summary"
|
||||
echo
|
||||
echo "Usage: \"zlevis-decrypt < file.jwe\""
|
||||
echo "Usage ZFS: \"zfs list -Ho tpm:jwe <pool> | zlevis-decrypt\""
|
||||
exit 2
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ fi
|
|||
# Display usage information if input is from a terminal
|
||||
if [ -t 0 ]; then
|
||||
exec >&2
|
||||
echo "$summary"
|
||||
echo "Usage: \"zlevis-encrypt '{\"property\":\"value\"}' < file.key > file.jwe\""
|
||||
echo
|
||||
echo "This command uses the following configuration properties:"
|
||||
echo " hash: <string> -> Hash algorithm used in the computation of the object name (default: sha256)."
|
||||
|
|
@ -29,9 +29,6 @@ if [ -t 0 ]; then
|
|||
echo " pcr_bank: <string> -> PCR algorithm bank to use for policy (default: first supported by TPM)."
|
||||
echo " pcr_ids: <string> -> PCR list used for policy. If not present, no policy is used."
|
||||
echo " pcr_digest: <string> -> Binary PCR hashes encoded in base64. If not present, the hash values are looked up."
|
||||
echo
|
||||
echo "Usage: \"zlevis-encrypt '{\"property\":\"value\"}' < file.key > file.jwe\""
|
||||
echo "Usage ZFS: \"zfs set tpm:jwe=\$(zlevis-encrypt '{\"property\":\"value\"}' < tank.key) <pool>\""
|
||||
exit 2
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue