blob: aa9857de813896e84989271dece7787b124bdc01 [file] [log] [blame]
#!/usr/bin/env python
from argparse import ArgumentParser
from argparse import FileType
import os
import sys
import tpm2
def create_policy(client, session_handle, pcrs, bank_alg, name_alg):
if pcrs:
client.policy_pcr(session_handle, pcrs, bank_alg, name_alg)
client.policy_password(session_handle)
def main():
parser = ArgumentParser(description='Create a storage root key')
parser.add_argument('--debug',
action='store_true',
help='dump TPM commands and replies')
parser.add_argument('--trial',
action='store_true',
help='a trial policy')
parser.add_argument('--pcr', dest='pcr', metavar='PCR', action='append',
type=int, help='PCR index')
parser.add_argument('--name-alg', dest='name_alg', metavar='NAMEALG',
help='Hash algorithm used for the policy session',
type=tpm2.get_algorithm, default='sha1')
parser.add_argument('--bank', dest='bank', metavar='BANK',
help='PCR bank', type=tpm2.get_algorithm,
default='sha1')
args = parser.parse_args()
flags = 0
if args.debug:
flags |= tpm2.Client.FLAG_DEBUG
client = tpm2.Client(flags)
try:
if args.trial:
session_handle = client.start_auth_session(tpm2.TPM2_SE_TRIAL,
args.name_alg)
try:
create_policy(client, session_handle, args.pcr, args.bank,
args.name_alg)
print(client.get_policy_digest(session_handle).encode('hex'))
finally:
client.flush_context(session_handle)
else:
session_handle = client.start_auth_session(tpm2.TPM2_SE_POLICY,
name_alg = args.name_alg)
try:
create_policy(client, session_handle, args.pcr, args.bank,
args.name_alg)
except:
client.flush_context(session_handle)
raise
print(format(session_handle, '#010x'))
except tpm2.ProtocolError, e:
sys.stderr.write(str(e) + os.linesep)
sys.exit(1)
if __name__ == '__main__':
main()