aboutsummaryrefslogtreecommitdiffstats
path: root/bin/abrmdcontainer/create_primary.sh
blob: 3d4f0f93f723daccae8168aa8075cca1d46da5e6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

#!/bin/sh

# Utility Script to create a primary key
# Uses TCTI as device
# It takes three arguments, a STORAGE HANDLE, the RH_OWNER Password and the KEY PASSWORD
SRKHANDLE=$1
O_PASSWORD=$2
KEY_PASSWORD=$3

# TPM Startup
echo "tpm2_startup --clear -T device --verbose"
tpm2_startup --clear -T device --verbose
if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
error=$(echo "TPM Startup failed"); flag="0";
echo "flag:${flag}" >> ${WORKDIR}/tpm_status.yaml;
echo "error:${error}" >> ${WORKDIR}/tpm_status.yaml;
exit 1;
fi
echo ""

#Check if Primary Key already exists
echo "tpm2_readpublic -H ${SRKHANDLE} --opu out_primary_public -T device --verbose"
tpm2_readpublic -H ${SRKHANDLE} --opu out_primary_public -T device -V

if [ $? -ne 0 ]; then echo; echo -e "${YELLOW} Primary Key does not exist, creating...";
    rm -f PrimaryKeyBlob
    echo "tpm2_createprimary -P ${O_PASSWORD} -K ${KEY_PASSWORD} -A o -g 0x000B
        -G 0x0001 -T device -V -C PrimaryKeyBlob"

    tpm2_createprimary -P ${O_PASSWORD} -K ${KEY_PASSWORD} -A o -g 0x000B \
        -G 0x0001 -T device -V -C PrimaryKeyBlob

    if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
        error=$(echo "Error: TPM create Primary key failed");
        echo "$error"; flag="0";
        echo "flag:${flag}" >> ${WORKDIR}/tpm_status.yaml;
        echo "error:${error}" >> ${WORKDIR}/tpm_status.yaml;
        exit 1;
    fi
    echo ""


    #Store Primary Key in TPMs NV RAM
    echo "tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S ${SRKHANDLE}
        -T device -V -P ${O_PASSWORD}"

    tpm2_evictcontrol -A o -c ./PrimaryKeyBlob -S ${SRKHANDLE} \
        -T device -V -P ${O_PASSWORD}

    if [ $? -ne 0 ]; then echo; echo -e "${RED}Error, Exit.";
    error=$(echo "Error: Inserting Primary Key failed");
    echo "$error"; flag="0";
    echo "flag:${flag}" >> ${WORKDIR}/tpm_status.yaml;
    echo "errror:${error}" >> ${WORKDIR}/tpm_status.yaml;
    rm -f PrimaryKeyBlob
    exit 1;
    fi
    echo ""
    rm -f PrimaryKeyBlob
fi

#END