Merge pull request #1863 from mjg59/master

Add tpm policy generation code
2025-08-24 07:51:03 +02:00 · 2016-04-04 14:41:08 -07:00 · 2016-04-04 14:41:08 -07:00 · 79808cc966
commit 79808cc966
parent 6b31e87504 ef776ffe60
5 changed files with 60 additions and 0 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/files/tpm_hostpolicy
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/files/tpm_hostpolicy
@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -e
+
+if [ ! -c /dev/tpm0 ]; then
+    >&2 echo "System has no TPM"
+    exit 1
+fi
+
+echo -n '{'
+VALUES=();
+while read PCR value type event; do
+    if [ $PCR = 4 ] && [ $type != 0d ]; then
+        VALUES+=("{\"value\": \"$value\", \"description\": \"$event\"}");
+    fi;
+done </sys/kernel/security/tpm0/ascii_bios_measurements
+IFS=, eval 'values="${VALUES[*]}"'
+
+echo '"4": {"binaryvalues": [{"values": ['${values}']}]},'
+
+while read PCR value; do
+    if [ $PCR = PCR-00: ] || [ $PCR = PCR-01: ] || [ $PCR = PCR-02: ] || [ $PCR = PCR-03: ] || [ $PCR = PCR-05: ] || [ $PCR = PCR-06: ] || [ $PCR = PCR-07: ]; then
+        PCR=`echo ${PCR/PCR-0/}`
+        PCR=`echo ${PCR/:/}`
+        value=`echo ${value// /}`
+        echo -n '"'$PCR'": {"rawvalues": [{"value": "'$value'", "description": "Initial boot PCR"}]}'
+        if [ $PCR != 7 ]; then
+            echo ","
+        fi
+fi
+done </sys/class/tpm/tpm0/device/pcrs
+echo '}'
+
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/metadata.xml
@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+ <email>mjg59@srcf.ucam.org</email>
+ <description>Tools for generating TPM policy</description>
+</maintainer>
+</pkgmetadata>
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/tpmpolicy-20160404.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/tpmpolicy/tpmpolicy-20160404.ebuild
@ -0,0 +1,18 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Copyright 2016 CoreOS, Inc
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="4"
+
+DESCRIPTION="Tools for generating TPM policy"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86 arm64"
+IUSE=""
+
+S="${WORKDIR}"
+
+src_install() {
+    dosbin "${FILESDIR}"/tpm_hostpolicy
+}
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r266.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r266.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
@ -107,6 +107,7 @@ RDEPEND="${RDEPEND}
 	app-arch/unzip
 	app-arch/zip
 	app-crypt/gnupg
+	app-crypt/tpmpolicy
 	app-editors/vim
 	app-emulation/docker
 	app-misc/ca-certificates