| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- # SPDX-License-Identifier: BSD-3-Clause
- source helpers.sh
- cleanup() {
- rm -f pcr.bin pcr.policy1 pcr.policy2 pcr.policy3
- tpm2 flushcontext session.ctx 2>/dev/null || true
- if [ "${1}" != "no-shutdown" ]; then
- shut_down
- fi
- }
- trap cleanup EXIT
- start_up
- cleanup "no-shutdown"
- tpm2 clear
- tpm2 pcrread sha1:0,1,2+sha256:0,1,2 -o pcr.bin
- # Policy PCR values calculated by specifying the expected pcr data in a file
- tpm2 startauthsession -S session.ctx
- tpm2 policypcr -Q -l sha1:0,1,2+sha256:0,1,2 -S session.ctx \
- -L pcr.policy1 -f pcr.bin
- tpm2 flushcontext session.ctx
- # Policy PCR values calculated by reading pcr data from the TPM
- tpm2 startauthsession -S session.ctx
- tpm2 policypcr -Q -l sha1:0,1,2+sha256:0,1,2 -S session.ctx \
- -L pcr.policy2
- tpm2 flushcontext session.ctx
- # Policy PCR values calculated by specifying digest of all PCRs directly
- tpm2 startauthsession -S session.ctx
- PCRDIGEST=`openssl dgst -sha256 -binary pcr.bin | xxd -p -c 32`
- tpm2 policypcr -Q -l sha1:0,1,2+sha256:0,1,2 -S session.ctx \
- -L pcr.policy3 $PCRDIGEST
- tpm2 flushcontext session.ctx
- # Check if policy pcr values match for all possible methods to specify PCR
- diff pcr.policy1 pcr.policy2
- diff pcr.policy2 pcr.policy3
- exit 0
|
