Merge pull request #1863 from mjg59/master

Add tpm policy generation code
2025-08-24 07:51:03 +02:00 · 2016-04-04 14:41:08 -07:00 · 2016-04-04 14:41:08 -07:00 · 79808cc966
commit 79808cc966
parent 6b31e87504 ef776ffe60
5 changed files with 60 additions and 0 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/files/tpm_hostpolicy
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/files/tpm_hostpolicy
@ -0,0 +1,33 @@
 #!/bin/bash
 set -e
 if [ ! -c /dev/tpm0 ]; then
    >&2 echo "System has no TPM"
    exit 1
 fi
 echo -n '{'
 VALUES=();
 while read PCR value type event; do
    if [ $PCR = 4 ] && [ $type != 0d ]; then
        VALUES+=("{\"value\": \"$value\", \"description\": \"$event\"}");
    fi;
 done </sys/kernel/security/tpm0/ascii_bios_measurements
 IFS=, eval 'values="${VALUES[*]}"'
 echo '"4": {"binaryvalues": [{"values": ['${values}']}]},'
 while read PCR value; do
    if [ $PCR = PCR-00: ] || [ $PCR = PCR-01: ] || [ $PCR = PCR-02: ] || [ $PCR = PCR-03: ] || [ $PCR = PCR-05: ] || [ $PCR = PCR-06: ] || [ $PCR = PCR-07: ]; then
        PCR=`echo ${PCR/PCR-0/}`
        PCR=`echo ${PCR/:/}`
        value=`echo ${value// /}`
        echo -n '"'$PCR'": {"rawvalues": [{"value": "'$value'", "description": "Initial boot PCR"}]}'
        if [ $PCR != 7 ]; then
            echo ","
        fi
 fi
 done </sys/class/tpm/tpm0/device/pcrs
 echo '}'
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/metadata.xml
@ -0,0 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 <maintainer>
 <email>mjg59@srcf.ucam.org</email>
 <description>Tools for generating TPM policy</description>
 </maintainer>
 </pkgmetadata>
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/tpmpolicy-20160404.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/tpmpolicy-20160404.ebuild
@ -0,0 +1,18 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Copyright 2016 CoreOS, Inc
 # Distributed under the terms of the GNU General Public License v2
 EAPI="4"
 DESCRIPTION="Tools for generating TPM policy"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="amd64 x86 arm64"
 IUSE=""
 S="${WORKDIR}"
 src_install() {
    dosbin "${FILESDIR}"/tpm_hostpolicy
 }
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r266.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r266.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
@ -107,6 +107,7 @@ RDEPEND="${RDEPEND}
 	app-arch/unzip
 	app-arch/zip
 	app-crypt/gnupg
 	app-crypt/tpmpolicy
 	app-editors/vim
 	app-emulation/docker
 	app-misc/ca-certificates