首页 发现 帮助
登录
SoftwareDesign
/
csu3_am335x
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: master
分支列表 标签列表
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
test
/
integration
/
tests
/
abrmd_policyauthorize.sh

abrmd_policyauthorize.sh 2.3 KB
永久链接 文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. # SPDX-License-Identifier: BSD-3-Clause
    2. 

  2. 

  3. source helpers.sh
    4. 

  4. 

  5. pcr_ids=0
    6. 

  6. alg_pcr_policy=sha256
    7. 

  7. file_pcr_value=pcr.bin
    8. 

  8. file_policy=policy.data
    9. 

  9. file_authorized_policy_1=auth_policy_1.data
    10. 

  10. file_authorized_policy_2=auth_policy_2.data
    11. 

  11. file_session_file=session.dat
    12. 

  12. file_private_key=private.pem
    13. 

  13. file_public_key=public.pem
    14. 

  14. file_verifying_key_public=verifying_key_public
    15. 

  15. file_verifying_key_name=verifying_key_name
    16. 

  16. file_verifying_key_ctx=verifying_key_ctx
    17. 

  17. file_policyref=policyref
    18. 

  18. 

  19. cleanup() {
    20. 

  20.     rm -f $file_pcr_value $file_policy $file_session_file $file_private_key \
    21. 

  21.     $file_public_key $file_verifying_key_public $file_verifying_key_name \
    22. 

  22.     $file_verifying_key_ctx $file_policyref $file_authorized_policy_1 \
    23. 

  23.     $file_authorized_policy_2
    24. 

  24. 

  25.     tpm2 flushcontext $file_session_file 2>/dev/null || true
    26. 

  26. 

  27.     if [ "${1}" != "no-shutdown" ]; then
    28. 

  28.         shut_down
    29. 

  29.     fi
    30. 

  30. }
    31. 

  31. trap cleanup EXIT
    32. 

  32. 

  33. start_up
    34. 

  34. 

  35. cleanup "no-shutdown"
    36. 

  36. 

  37. generate_policy_authorize () {
    38. 

  38.     tpm2 startauthsession -Q -S $file_session_file
    39. 

  39.     tpm2 policyauthorize -Q -S $file_session_file -L $3 -i $1 -q $2 -n $4
    40. 

  40.     tpm2 flushcontext $file_session_file
    41. 

  41.     rm $file_session_file
    42. 

  42. }
    43. 

  43. 

  44. openssl genrsa -out $file_private_key 2048 2>/dev/null
    45. 

  45. openssl rsa -in $file_private_key -out $file_public_key -pubout 2>/dev/null
    46. 

  46. tpm2 loadexternal -G rsa -C n -u $file_public_key -c $file_verifying_key_ctx \
    47. 

  47. -n $file_verifying_key_name
    48. 

  48. 

  49. dd if=/dev/urandom of=$file_policyref bs=1 count=32 2>/dev/null
    50. 

  50. 

  51. tpm2 pcrread -Q -o $file_pcr_value ${alg_pcr_policy}:${pcr_ids}
    52. 

  52. tpm2 startauthsession -Q -S $file_session_file
    53. 

  53. tpm2 policypcr -Q -S $file_session_file -l ${alg_pcr_policy}:${pcr_ids} \
    54. 

  54. -f $file_pcr_value -L $file_policy
    55. 

  55. tpm2 flushcontext $file_session_file
    56. 

  56. rm $file_session_file
    57. 

  57. 

  58. generate_policy_authorize $file_policy $file_policyref \
    59. 

  59. $file_authorized_policy_1 $file_verifying_key_name
    60. 

  60. 

  61. tpm2 pcrextend \
    62. 

  62. 0:sha256=e7011b851ee967e2d24e035ae41b0ada2decb182e4f7ad8411f2bf564c56fd6f
    63. 

  63. 

  64. tpm2 pcrread -Q -o $file_pcr_value ${alg_pcr_policy}:${pcr_ids}
    65. 

  65. tpm2 startauthsession -Q -S $file_session_file
    66. 

  66. tpm2 policypcr -Q -S $file_session_file -l ${alg_pcr_policy}:${pcr_ids} \
    67. 

  67. -f $file_pcr_value -L $file_policy
    68. 

  68. tpm2 flushcontext $file_session_file
    69. 

  69. rm $file_session_file
    70. 

  70. 

  71. generate_policy_authorize $file_policy $file_policyref \
    72. 

  72. $file_authorized_policy_2 $file_verifying_key_name
    73. 

  73. 

  74. diff $file_authorized_policy_1 $file_authorized_policy_2
    75. 

  75. 

  76. exit 0
    77.