1 files changed, 89 insertions, 0 deletions

diff --git a/bin/abrmdcontainer/initialize_tpm.sh b/bin/abrmdcontainer/initialize_tpm.sh
new file mode 100755
index 0000000..6bd2c32
--- /dev/null
+++ b/bin/abrmdcontainer/initialize_tpm.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+# 1.Environmental variables
+
+# 1.a Location of Shared volume and Node's name
+# These varaibles has to be made avaialble to this script
+
+echo "Shared Volume location is $ABRMD_DATA"
+echo "Node name is $TPM_NODE_NAME"
+
+# 2. Create the directory with the host's name to store the output of Init tool
+# This is demarcate the generated files which are specific to this host's TPM
+srkhandle="$(cat ${ABRMD_DATA}/host_${TPM_NODE_NAME}/srkhandle)"
+passphrase="$(cat ${ABRMD_DATA}/host_${TPM_NODE_NAME}/password-passphrase)"
+echo "${passphrase}" | gpg --batch --yes --passphrase-fd 0 password.txt.gpg
+password="$(cat ${ABRMD_DATA}/host_${TPM_NODE_NAME}/password.txt)"
+
+# 3. Create initial Flag values which are reset upon failure
+error="NULL"
+flag="1"
+
+# 4. TPM initialize
+echo "tpm2_startup -clear -T tabrmd -V"
+tpm2_startup -clear -T tabrmd -V
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
+error=$(echo "TPM Startup failed"); flag="0";
+echo "flag:${flag}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+echo "error:${error}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+exit 1;
+fi
+echo ""
+
+# 5. Take ownership
+echo "tpm2_takeownership -o new -e new -l new -T tabrmd -V"
+tpm2_takeownership -o new -e new -l new -T tabrmd -V
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
+error=$(echo "Error:TPM ownership acquire failed");flag="0";
+echo "flag:${flag}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+echo "error:${error}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+echo "$error"; exit 1;
+fi
+echo ""
+
+# 6. Create Primary Key in RH_OWNER hierarchy
+rm -f PrimaryKeyBlob
+echo "tpm2_createprimary -P $password -A o -g 0x000B -G 0x0001 -T tabrmd -V -C PrimaryKeyBlob"
+tpm2_createprimary -P $password -A o -g 0x000B -G 0x0001 -T tabrmd -V -C PrimaryKeyBlob
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
+error=$(echo "Error: TPM create Primary key failed");
+echo "$error"; flag="0";
+echo "flag:${flag}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+echo "error:${error}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+exit 1;
+fi
+echo ""
+
+# 7. Store Primary Key in TPMs NV RAM
+echo "tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S ${srkhandle} -T tabrmd -V -P $password"
+tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S ${srkhandle} -T tabrmd -V -P $password
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
+error=$(echo "Error: Inserting Primary Key failed");
+echo "$error"; flag="0";
+echo "flag:${flag}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+echo "errror:${error}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+exit 1;
+fi
+echo ""
+rm -f PrimaryKeyBlob
+
+# 8. To test, Read public portion of TPM primary key with stored handle
+rm -f $out_primary_public
+echo "tpm2_readpublic -H ${srkhandle} --opu out_primary_public -T tabrmd -V"
+tpm2_readpublic -H ${srkhandle} --opu out_primary_public -T tabrmd -V
+if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
+error=$(echo" Error:Reading Public part of Primary Key failed");
+echo "$error"; flag="0";
+echo "flag:${flag}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+echo "error:${error}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml;
+exit 1;
+fi
+echo ""
+
+# 9. Update the tpm_status.yaml to report the status of this Script
+echo "flag:${flag}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml
+echo "error:${error}" >> ${ABRMD_DATA}/host_${TPM_NODE_NAME}/tpm_status.yaml
+
+# 10. Copy the public portion of the Primary key to the Shared volume
+# Use environment variable TPM_NODE_NAME
+cp out_parent_public ${ABRMD_DATA}/host_${TPM_NODE_NAME}