aboutsummaryrefslogtreecommitdiffstats
path: root/bin/abrmdcontainer/create_primary.sh
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-08-28 16:24:42 -0700
committerKiran Kamineni <kiran.k.kamineni@intel.com>2018-08-31 11:07:54 -0700
commit72d45a672a5ea45439f9d4f630063e70872ed8cb (patch)
tree16a6e3b8f21d8b2309e89191d31eee3e6e61e06f /bin/abrmdcontainer/create_primary.sh
parentb4133b73e86c4f8cbd4284dde9970c2e8216baa4 (diff)
Modify initialization to remove ownership step
TPM ownership and primary key creation is assumed to be a step that is executed by the system administrator who will provide the credentials to pods during startup [Srini]. Now, init only reads the public portion of the primary key and puts it the host folder. P9: Remove init.sh. Not needed as initialize will directly talk to device now. Initialize is called during Step 1 and run_abrmd is called during Step 2 Issue-ID: AAF-409 Change-Id: Id0d1860f257c98045613e90b6b88e37858a9aceb Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'bin/abrmdcontainer/create_primary.sh')
-rwxr-xr-xbin/abrmdcontainer/create_primary.sh62
1 files changed, 62 insertions, 0 deletions
diff --git a/bin/abrmdcontainer/create_primary.sh b/bin/abrmdcontainer/create_primary.sh
new file mode 100755
index 0000000..3d4f0f9
--- /dev/null
+++ b/bin/abrmdcontainer/create_primary.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# Utility Script to create a primary key
+# Uses TCTI as device
+# It takes three arguments, a STORAGE HANDLE, the RH_OWNER Password and the KEY PASSWORD
+SRKHANDLE=$1
+O_PASSWORD=$2
+KEY_PASSWORD=$3
+
+# TPM Startup
+echo "tpm2_startup --clear -T device --verbose"
+tpm2_startup --clear -T device --verbose
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
+error=$(echo "TPM Startup failed"); flag="0";
+echo "flag:${flag}" >> ${WORKDIR}/tpm_status.yaml;
+echo "error:${error}" >> ${WORKDIR}/tpm_status.yaml;
+exit 1;
+fi
+echo ""
+
+#Check if Primary Key already exists
+echo "tpm2_readpublic -H ${SRKHANDLE} --opu out_primary_public -T device --verbose"
+tpm2_readpublic -H ${SRKHANDLE} --opu out_primary_public -T device -V
+
+if [ $? -ne 0 ]; then echo; echo -e "${YELLOW} Primary Key does not exist, creating...";
+ rm -f PrimaryKeyBlob
+ echo "tpm2_createprimary -P ${O_PASSWORD} -K ${KEY_PASSWORD} -A o -g 0x000B
+ -G 0x0001 -T device -V -C PrimaryKeyBlob"
+
+ tpm2_createprimary -P ${O_PASSWORD} -K ${KEY_PASSWORD} -A o -g 0x000B \
+ -G 0x0001 -T device -V -C PrimaryKeyBlob
+
+ if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
+ error=$(echo "Error: TPM create Primary key failed");
+ echo "$error"; flag="0";
+ echo "flag:${flag}" >> ${WORKDIR}/tpm_status.yaml;
+ echo "error:${error}" >> ${WORKDIR}/tpm_status.yaml;
+ exit 1;
+ fi
+ echo ""
+
+
+ #Store Primary Key in TPMs NV RAM
+ echo "tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S ${SRKHANDLE}
+ -T device -V -P ${O_PASSWORD}"
+
+ tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S ${SRKHANDLE} \
+ -T device -V -P ${O_PASSWORD}
+
+ if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
+ error=$(echo "Error: Inserting Primary Key failed");
+ echo "$error"; flag="0";
+ echo "flag:${flag}" >> ${WORKDIR}/tpm_status.yaml;
+ echo "errror:${error}" >> ${WORKDIR}/tpm_status.yaml;
+ rm -f PrimaryKeyBlob
+ exit 1;
+ fi
+ echo ""
+ rm -f PrimaryKeyBlob
+fi
+
+#END \ No newline at end of file