| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- # SPDX-License-Identifier: BSD-3-Clause
- source helpers.sh
- cleanup() {
- rm -f ek.pub ak.pub ak.name ak.name ak.log
- # Evict persistent handles, we want them to always succeed and never trip
- # the onerror trap.
- tpm2 evictcontrol -Q -C o -c 0x8101000b 2>/dev/null || true
- tpm2 evictcontrol -Q -C o -c 0x8101000c 2>/dev/null || true
- # clear tpm state
- tpm2 clear
- if [ "$1" != "no-shut-down" ]; then
- shut_down
- fi
- }
- trap cleanup EXIT
- start_up
- cleanup "no-shut-down"
- tpm2 createek -Q -c 0x8101000b -G rsa -u ek.pub
- tpm2 createak -Q -C 0x8101000b -c ak.ctx -G rsa -g sha256 -s rsassa -u ak.pub \
- -n ak.name -q ak.qname
- # Validate the qname
- tpm2 readpublic -c ak.ctx -q ak.qname2
- diff ak.qname ak.qname2
- # Find a vacant persistent handle
- tpm2 createak -C 0x8101000b -c ak.ctx -G rsa -g sha256 -s rsassa -u ak.pub \
- -n ak.name
- tpm2 evictcontrol -c ak.ctx > ak.log
- phandle=`yaml_get_kv ak.log "persistent-handle"`
- tpm2 evictcontrol -Q -C o -c $phandle
- # Test tpm2 createak with endorsement password
- cleanup "no-shut-down"
- tpm2 changeauth -c e endauth
- tpm2 createek -Q -P endauth -c 0x8101000b -G rsa -u ek.pub
- tpm2 createak -Q -P endauth -C 0x8101000b -c ak.ctx -G rsa -u ak.pub -n ak.name
- exit 0
|
