diff options
Diffstat (limited to 'src/initramfs/tpm/bin')
-rwxr-xr-x | src/initramfs/tpm/bin/detect-tpm.sh | 60 | ||||
-rwxr-xr-x | src/initramfs/tpm/bin/fetch-sshkeys.sh | 28 | ||||
-rwxr-xr-x | src/initramfs/tpm/bin/mygetty.sh | 10 | ||||
-rwxr-xr-x | src/initramfs/tpm/bin/showmac.sh | 9 |
4 files changed, 107 insertions, 0 deletions
diff --git a/src/initramfs/tpm/bin/detect-tpm.sh b/src/initramfs/tpm/bin/detect-tpm.sh new file mode 100755 index 00000000..48bc92f7 --- /dev/null +++ b/src/initramfs/tpm/bin/detect-tpm.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# + +SYS_PATH="/sys/class/misc/tpm0/device/" +MODULES="atmel tis nsc infineon" +MODULES_FORCE="tis" +FLAGS="" +FLAGS_FORCE="force=1" + +test_tpm() { + if [ ! -d "$SYS_PATH" ] ; then + return 1 + fi + +# tpm_tis creates "active" and "enabled" files +# _atmel and _nsc only create the "caps" + ACTIVE="$(cat $SYS_PATH/active 2>/dev/null)" + ENABLED="$(cat $SYS_PATH/enabled 2>/dev/null)" + CAPS="$(cat $SYS_PATH/caps 2>/dev/null)" + if [ -n "$ACTIVE" -o -n "$ENABLED" -o -n "$CAPS" ] ; then + echo + echo "successfully detected TPM chip!" + echo + echo "$CAPS" + echo + else + return 2 + fi +} + +try_modules() { + if [ "$1" == "force" ] ; then + MODULES=$MODULES_FORCE + FLAGS=$FLAGS_FORCE + echo "using flags '$FLAGS'" + fi + echo -n "trying modules:" + for module in $MODULES ; do + echo -n " $module" + modprobe tpm_${module} $FLAGS 2>/dev/null + if test_tpm ; then + return 0 + fi + # clean up since e.g. infineon always loads w/o error... + modprobe -r tpm_${module} 2>/dev/null + done + echo + return 1 +} + +# create device-node +test -c /dev/tpm0 || mknod /dev/tpm0 c 10 224 + +if try_modules ; then + exit 0 # success +fi +if ! try_modules force ; then + echo "Warning: no TPM chip found!" + exit 1 +fi diff --git a/src/initramfs/tpm/bin/fetch-sshkeys.sh b/src/initramfs/tpm/bin/fetch-sshkeys.sh new file mode 100755 index 00000000..c385fd47 --- /dev/null +++ b/src/initramfs/tpm/bin/fetch-sshkeys.sh @@ -0,0 +1,28 @@ +#!/bin/sh +# + +SHOWMAC="/bin/showmac.sh" +KEYTRG="/root/.ssh" + +# FIXME: remote-host could be determined from kernel-cmdline, should we? +RHOST="132.230.4.180" + +if [ ! -x "$SHOWMAC" ] ; then + echo "Can't find $SHOWMAC, exiting." + exit 1 +fi +MAC_ETH0="$($SHOWMAC eth0)" + +mkdir -p "$KEYTRG" + +PRIVKEY="id_rsa.tpm-${MAC_ETH0}.sealed" + +echo -n "trying to fetch private key (via tftp):" +tftp -r client-config/tpm/$PRIVKEY -l $KEYTRG/id_rsa -g $RHOST +if [ "$?" -gt 0 ] ; then + echo " FAILED!" + echo "ERROR: can't find private key for this MAC-address: $MAC_ETH0." + exit 2 +fi +echo " $PRIVKEY" +chmod 600 $KEYTRG/id_rsa diff --git a/src/initramfs/tpm/bin/mygetty.sh b/src/initramfs/tpm/bin/mygetty.sh new file mode 100755 index 00000000..db344d21 --- /dev/null +++ b/src/initramfs/tpm/bin/mygetty.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# + +if [ -f "/mnt/sbin/agetty" ] ; then + /mnt/sbin/agetty -n -l /bin/bash 9600 /dev/tty1 +else + echo "agetty-binary not found!" +fi + +# /bin/bash diff --git a/src/initramfs/tpm/bin/showmac.sh b/src/initramfs/tpm/bin/showmac.sh new file mode 100755 index 00000000..ef2aaf21 --- /dev/null +++ b/src/initramfs/tpm/bin/showmac.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# + +DEV="$1" +[ -z "$DEV" ] && DEV="eth0" + +ip link show $DEV | \ + sed -n 's,.*\(..:..:..:..:..:..\) br.*,\1,p' | \ + sed 's,:,-,g' |