From 2b335cad559c1cbe111858445cd83df374b8bde9 Mon Sep 17 00:00:00 2001 From: Dirk von Suchodoletz Date: Sat, 20 Oct 2007 16:32:38 +0000 Subject: mkdxsinitrd: added functions for tpm-secured booting git-svn-id: http://svn.openslx.org/svn/openslx/trunk@1391 95ad53e4-c205-0410-b2fa-d234c58c8868 --- initramfs/mkdxsinitrd | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 94 insertions(+), 1 deletion(-) (limited to 'initramfs') diff --git a/initramfs/mkdxsinitrd b/initramfs/mkdxsinitrd index 4a269f5b..eb8dcbf6 100755 --- a/initramfs/mkdxsinitrd +++ b/initramfs/mkdxsinitrd @@ -491,6 +491,95 @@ if [ -n "${enable_wlan}" ] ; then cobi iwconfig bin fi +# if tpm should be used within InitRamFS ... +if [ -n "${use_tpm}" ] ; then + MISCMODULES="${MISCMODULES} tpm" + + OLD_PWD=`pwd` + ########## platform-independent stuff ########## + if [ -z "$SLX_TPM_PATH" ] ; then + echo "ERROR: SLX_TPM_PATH is not set." + exit 1 + fi + if [ ! -d "$SLX_TPM_PATH" ] ; then + echo "ERROR: can't find platform-independent tpm-files: $SLX_TPM_PATH" + exit 1 + fi + # cd ${SLX_TPM_PATH} + for TPM_FILE in $(find ${SLX_TPM_PATH} -type f) ; do + # path="$(dirname $TPM_FILE | cut -c 3-)" + path=$(dirname $TPM_FILE | sed "s,$SLX_TPM_PATH,,") + mkdir -p ${INSTDIR}/$path + cp $TPM_FILE ${INSTDIR}/$path + done + ################################################ + + ########### platform-dependent stuff ########### + # TPM_BINPATH contains path to platform-dependent stuff + TPM_BINPATH="${ROOTDIR}/usr/local/share/tpm" + if [ ! -d "$TPM_BINPATH" ] ; then + echo "ERROR: can't find platform-dependent tpm-files: $TPM_BINPATH" + exit 1 + fi + # copy platform-dependent directory structure and files + # cd ${TPM_BINPATH} + for TPM_FILE in $(find ${TPM_BINPATH} -type f) ; do + # path="$(dirname $TPM_FILE | cut -c 3-)" + path=$(dirname $TPM_FILE | sed "s,${ROOTDIR},,") + mkdir -p ${INSTDIR}/$path + cp $TPM_FILE ${INSTDIR}/$path + done + ################################################ + + # include the shared libraries required for various binaries + ### echo "adding shared libs:" + SHLIBS="$(grep -v '^#' ${SLX_TPM_PATH}/etc/libdeps)" + for lib in $SHLIBS ; do + ### cp ${ROOTDIR}/$lib ${INSTDIR}/lib/ && echo $lib + echo ${ROOTDIR}/$lib >>${INSTDIR}/tmp/libraries + done + + # trousers and tpm-tools + cobi tcsd bin + for tool in tpm_sealdata tpm_changeownerauth tpm_clear \ + tpm_restrictpubek tpm_selftest tpm_setactive \ + tpm_setclearable tpm_setenable tpm_setownable \ + tpm_setpresence tpm_takeownership tpm_version \ + tpm_createek tpm_getpubek tpm_unseal ; do + cobi $tool bin + done + # ssh stuff + cobi ssh bin + cobi scp bin + + # cd $OLD_PWD + + # just debugging tools, can be safely removed... + cobi bash bin + cp ${ROOTDIR}/usr/bin/ldd /${INSTDIR}/bin + cobi strace bin +fi + +# if unionfs +cobi unionctl bin &>/dev/null || \ + echo "Program unionctl not found; could be ignored ..." + +# if cowloop +cobi cowdev bin &>/dev/null || \ + echo "Program cowdev not found; could be ignored ..." + +# if iscsi (or just with modules)?? +# cobi iscsiadm iscsid bin &>/dev/null || \ +# echo "Program iscsid not found; could be ignored ..." + +# distro specific additional stuff +case "${DISTRO_NAME}" in + debian*) + cp ${ROOTDIR}/lib/libnss_compat.so.2 ${INSTDIR}/lib;; +esac + +#### end tpm-stuff #### + # now copy all libraries that have been determined to be required: # first we handle all 64-bit libs... for lib in $(fgrep /lib64/ ${INSTDIR}/tmp/libraries 2>/dev/null|sort -u); do @@ -612,7 +701,11 @@ if [ -z "$cdboot" ] ; then #done ;; tpm) - # tpm module stuff + # complete the tpm modules + for mod in tpm_atmel tpm_bios tpm_nsc tpm_infineon tpm_tis ; do + cp ${rdirprefix}/drivers/char/tpm/$mod.ko \ + ${ddirprefix}/drivers/char/tpm/ + done ;; sata_sil|sata_nv|sata_via) # serial ata local disk support -- cgit v1.2.3-55-g7522