This repository has been archived by the owner on Sep 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Generate tpm policies use go-tpm2 package.
This commit replaces tpm-tools commands with golang go-tpm2 module to generate tpm ea policies. Signed-off-by: Joy Latten <[email protected]>
- Loading branch information
Joy Latten
committed
Jul 25, 2023
1 parent
f464673
commit 1e37e28
Showing
4 changed files
with
112 additions
and
83 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,54 +1,60 @@ | ||
package main | ||
|
||
import ( | ||
"github.com/project-machine/trust/pkg/trust" | ||
"errors" | ||
|
||
"github.com/urfave/cli" | ||
"github.com/project-machine/trust/pkg/trust" | ||
) | ||
|
||
var tpmPolicyGenCmd = cli.Command{ | ||
Name: "tpm-policy-gen", | ||
Usage: "Generate tpm policy", | ||
Usage: "Generate tpm policy for a keyset", | ||
Action: doTpmPolicygen, | ||
ArgsUsage: "<keyset-name>", | ||
Flags: []cli.Flag{ | ||
cli.StringFlag{ | ||
Name: "pf,passwd-policy-file", | ||
Name: "pf, passwd-policy-file", | ||
Usage: "File to which to write password policy", | ||
Value: "passwd_policy.out", | ||
}, | ||
cli.StringFlag{ | ||
Name: "lf,luks-policy-file", | ||
Name: "lf, luks-policy-file", | ||
Usage: "File to which to write luks policy", | ||
Value: "luks_policy.out", | ||
}, | ||
cli.StringFlag{ | ||
Name: "pp,passwd-pcr7-file", | ||
Usage: "File from which to read password pcr7", | ||
Value: "passwd_pcr7.bin", | ||
Name: "pcr7-tpm", | ||
Usage: "File from which to read uki-tpm pcr7 value", | ||
Value: "sha256 pcr7 value", | ||
}, | ||
cli.StringFlag{ | ||
Name: "lp,production-pcr7-file,luks-pcr7-file", | ||
Usage: "File from which to read production pcr7", | ||
Value: "luks_pcr7.bin", | ||
}, | ||
cli.IntFlag{ | ||
Name: "pv,policy-version", | ||
Usage: "Policy version", | ||
Value: 1, | ||
Name: "pcr7-production", | ||
Usage: "File from which to read uki-production pcr7 value", | ||
Value: "sha256 pcr7 value", | ||
}, | ||
cli.StringFlag{ | ||
Name: "pk,passwd-pubkey-file", | ||
Usage: "File from which to read password policy pubkey", | ||
Value: "passwd_pubkey.pem", | ||
}, | ||
cli.StringFlag{ | ||
Name: "lk,luks-pubkey-file", | ||
Usage: "File from which read write luks policy pubkey", | ||
Value: "luks_pubkey.pem", | ||
Name: "pv, policy-version", | ||
Usage: "A four digit policy version, i.e. 0001", | ||
Value: "0001", | ||
}, | ||
}, | ||
} | ||
|
||
func doTpmPolicygen(ctx *cli.Context) error { | ||
return trust.TpmGenPolicy(ctx) | ||
} | ||
args := ctx.Args() | ||
if len(args) != 1 { | ||
return errors.New("Missing argument: <keyset-name>") | ||
} | ||
keysetName := args[0] | ||
|
||
pData := trust.PolicyData{ | ||
Pcr7Prod: ctx.String("pcr7-production"), | ||
Pcr7Tpm: ctx.String("pcr7-tpm"), | ||
LuksOutFile: ctx.String("luks-policy-file"), | ||
TpmpassOutFile: ctx.String("passwd-policy-file"), | ||
PolicyVersion: ctx.String("policy-version"), | ||
} | ||
|
||
return trust.TpmGenPolicy(keysetName, pData) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters