| #!/bin/sh |
| |
| die() |
| { |
| keyctl clear @u |
| if [ -n "$POLICYHANDLE" ]; then |
| ./tpm2-flush $POLICYHANDLE |
| fi |
| if [ -n "$POLICYHANDLE" ]; then |
| ./tpm2-flush $KEYHANDLE |
| fi |
| exit $1 |
| } |
| |
| KEYHANDLE=$(./tpm2-root-key || die 1) |
| POLICYDIGEST=$(./tpm2-pcr-policy --pcr 16 --name-alg=sha256 --bank=sha1 --trial || die 1) |
| POLICYHANDLE=$(./tpm2-pcr-policy --pcr 16 --name-alg=sha256 --bank=sha1 || die 1) |
| KEYID=$(keyctl add trusted kmk "new 32 keyhandle=$KEYHANDLE hash=sha256 policydigest=$POLICYDIGEST" @u || die 1) |
| |
| keyctl pipe $KEYID > blob.hex || die 1 |
| keyctl clear @u || die 1 |
| keyctl add trusted kmk "load `cat blob.hex` keyhandle=$KEYHANDLE policyhandle=$POLICYHANDLE" @u || die 1 |
| |
| die 0 |