From a8ee9b6d2f15d34b189fb9a54aab77e86ec1c16a Mon Sep 17 00:00:00 2001
From: Dirk von Suchodoletz
Date: Sat, 20 Oct 2007 16:32:52 +0000
Subject: tpm stuff subdirectory ...

git-svn-id: http://svn.openslx.org/svn/openslx/trunk@1392 95ad53e4-c205-0410-b2fa-d234c58c8868
---
 initramfs/tpm/bin/detect-tpm.sh       |  60 ++++++++++++++++++++++++++++++++++
 initramfs/tpm/bin/fetch-sshkeys.sh    |  28 ++++++++++++++++
 initramfs/tpm/bin/mygetty.sh          |  10 ++++++
 initramfs/tpm/bin/showmac.sh          |   9 +++++
 initramfs/tpm/etc/bash.bashrc         |   3 ++
 initramfs/tpm/etc/hosts               |   3 ++
 initramfs/tpm/etc/inputrc             |   1 +
 initramfs/tpm/etc/ld.so.preload       |   1 +
 initramfs/tpm/etc/libdeps             |  34 +++++++++++++++++++
 initramfs/tpm/etc/passwd              |   5 +++
 initramfs/tpm/var/lib/tpm/system.data | Bin 0 -> 606 bytes
 11 files changed, 154 insertions(+)
 create mode 100755 initramfs/tpm/bin/detect-tpm.sh
 create mode 100755 initramfs/tpm/bin/fetch-sshkeys.sh
 create mode 100755 initramfs/tpm/bin/mygetty.sh
 create mode 100755 initramfs/tpm/bin/showmac.sh
 create mode 100644 initramfs/tpm/etc/bash.bashrc
 create mode 100644 initramfs/tpm/etc/hosts
 create mode 100644 initramfs/tpm/etc/inputrc
 create mode 100644 initramfs/tpm/etc/ld.so.preload
 create mode 100644 initramfs/tpm/etc/libdeps
 create mode 100644 initramfs/tpm/etc/passwd
 create mode 100644 initramfs/tpm/var/lib/tpm/system.data

(limited to 'initramfs')

diff --git a/initramfs/tpm/bin/detect-tpm.sh b/initramfs/tpm/bin/detect-tpm.sh
new file mode 100755
index 00000000..48bc92f7
--- /dev/null
+++ b/initramfs/tpm/bin/detect-tpm.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+#
+
+SYS_PATH="/sys/class/misc/tpm0/device/"
+MODULES="atmel tis nsc infineon"
+MODULES_FORCE="tis"
+FLAGS=""
+FLAGS_FORCE="force=1"
+
+test_tpm() {
+	if [ ! -d "$SYS_PATH" ] ; then
+		return 1
+	fi
+
+# tpm_tis creates "active" and "enabled" files
+# _atmel and _nsc only create the "caps"
+	ACTIVE="$(cat $SYS_PATH/active 2>/dev/null)"
+	ENABLED="$(cat $SYS_PATH/enabled 2>/dev/null)"
+	CAPS="$(cat $SYS_PATH/caps 2>/dev/null)"
+	if [ -n "$ACTIVE" -o -n "$ENABLED" -o -n "$CAPS" ] ; then
+		echo
+		echo "successfully detected TPM chip!"
+		echo
+		echo "$CAPS"
+		echo
+	else
+		return 2
+	fi
+}
+
+try_modules() {
+	if [ "$1" == "force" ] ; then
+		MODULES=$MODULES_FORCE
+		FLAGS=$FLAGS_FORCE
+		echo "using flags '$FLAGS'"
+	fi
+	echo -n "trying modules:"
+	for module in $MODULES ; do
+		echo -n " $module"
+		modprobe tpm_${module} $FLAGS 2>/dev/null
+		if test_tpm ; then
+			return 0
+		fi
+		# clean up since e.g. infineon always loads w/o error...
+		modprobe -r tpm_${module} 2>/dev/null
+	done
+	echo
+	return 1
+}
+
+# create device-node
+test -c /dev/tpm0 || mknod /dev/tpm0 c 10 224
+
+if try_modules ; then
+	exit 0  # success
+fi
+if ! try_modules force ; then
+	echo "Warning: no TPM chip found!"
+	exit 1
+fi
diff --git a/initramfs/tpm/bin/fetch-sshkeys.sh b/initramfs/tpm/bin/fetch-sshkeys.sh
new file mode 100755
index 00000000..1597d410
--- /dev/null
+++ b/initramfs/tpm/bin/fetch-sshkeys.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+
+SHOWMAC="/bin/showmac.sh"
+KEYTRG="/root/.ssh"
+
+# FIXME: remote-host could be determined from kernel-cmdline, should we?
+RHOST="132.230.4.180"
+
+if [ ! -x "$SHOWMAC" ] ; then
+	echo "Can't find $SHOWMAC, exiting."
+	exit 1
+fi
+MAC_ETH0="$($SHOWMAC eth0)"
+
+mkdir -p "$KEYTRG"
+
+PRIVKEY="id_rsa.tpm-${MAC_ETH0}.sealed"
+
+echo -n "trying to fetch private key (via tftp):"
+tftp -r tpm/$PRIVKEY -l $KEYTRG/id_rsa -g $RHOST
+if [ "$?" -gt 0 ] ; then
+	echo "  FAILED!"
+	echo "ERROR: can't find private key for this MAC-address: $MAC_ETH0."
+	exit 2
+fi
+echo " $PRIVKEY"
+chmod 600 $KEYTRG/id_rsa
diff --git a/initramfs/tpm/bin/mygetty.sh b/initramfs/tpm/bin/mygetty.sh
new file mode 100755
index 00000000..db344d21
--- /dev/null
+++ b/initramfs/tpm/bin/mygetty.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+
+if [ -f "/mnt/sbin/agetty" ] ; then
+	/mnt/sbin/agetty -n -l /bin/bash 9600 /dev/tty1
+else
+	echo "agetty-binary not found!"
+fi
+
+# /bin/bash
diff --git a/initramfs/tpm/bin/showmac.sh b/initramfs/tpm/bin/showmac.sh
new file mode 100755
index 00000000..ef2aaf21
--- /dev/null
+++ b/initramfs/tpm/bin/showmac.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+
+DEV="$1"
+[ -z "$DEV" ] && DEV="eth0"
+
+ip link show $DEV | \
+	sed -n 's,.*\(..:..:..:..:..:..\) br.*,\1,p' | \
+	sed 's,:,-,g'
diff --git a/initramfs/tpm/etc/bash.bashrc b/initramfs/tpm/etc/bash.bashrc
new file mode 100644
index 00000000..0c0dc200
--- /dev/null
+++ b/initramfs/tpm/etc/bash.bashrc
@@ -0,0 +1,3 @@
+[ -z "$PS1" ] && return
+
+PS1="(\h):\w# "
diff --git a/initramfs/tpm/etc/hosts b/initramfs/tpm/etc/hosts
new file mode 100644
index 00000000..35337c24
--- /dev/null
+++ b/initramfs/tpm/etc/hosts
@@ -0,0 +1,3 @@
+# needed for tpm stuff ...
+127.0.0.1       localhost
+::1             localhost ipv6-localhost ipv6-loopback
diff --git a/initramfs/tpm/etc/inputrc b/initramfs/tpm/etc/inputrc
new file mode 100644
index 00000000..ac81a394
--- /dev/null
+++ b/initramfs/tpm/etc/inputrc
@@ -0,0 +1 @@
+set bell-style none
diff --git a/initramfs/tpm/etc/ld.so.preload b/initramfs/tpm/etc/ld.so.preload
new file mode 100644
index 00000000..a59b3240
--- /dev/null
+++ b/initramfs/tpm/etc/ld.so.preload
@@ -0,0 +1 @@
+/usr/local/share/tpm/lib/libcrypto.so.0.9.8
diff --git a/initramfs/tpm/etc/libdeps b/initramfs/tpm/etc/libdeps
new file mode 100644
index 00000000..9dae75e3
--- /dev/null
+++ b/initramfs/tpm/etc/libdeps
@@ -0,0 +1,34 @@
+# whitespace-separated list containing libraries
+# that are required for some binaries to work...
+
+# tcsd requires libgcc_s, otherwise it exits after the
+# first connection socket is closed
+lib/libgcc_s.so.1
+
+# nss is required to connect to local and remote services:
+lib/libnss_compat.so.2
+lib/libnss_files.so.2
+
+################ deprecated ################
+# slxldd resolves the dependencies below...
+### lib/libpthread.so.0
+
+# tcsd:
+### lib/libdl.so.2
+### lib/libz.so.1
+
+# ssh/scp:
+### lib/libresolv.so.2
+### lib/libutil.so.1
+### lib/libnsl.so.1
+### lib/libcrypt.so.1
+### usr/lib/libopensc.so.2
+### usr/lib/libgssapi_krb5.so.2
+### usr/lib/libkrb5.so.3
+### usr/lib/libk5crypto.so.3
+### usr/lib/libscconf.so.2
+### usr/lib/libssl.so.0.9.8
+### usr/lib/libopenct.so.1
+### usr/lib/libpcsclite.so.1
+### usr/lib/libltdl.so.3
+### usr/lib/libkrb5support.so.0
diff --git a/initramfs/tpm/etc/passwd b/initramfs/tpm/etc/passwd
new file mode 100644
index 00000000..644c98f1
--- /dev/null
+++ b/initramfs/tpm/etc/passwd
@@ -0,0 +1,5 @@
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/bin/bash
+daemon:x:2:2:Daemon:/sbin:/bin/bash
+tss:x:111:112:Trusted Software Stack:/var/lib/tpm/:/bin/false
+nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
diff --git a/initramfs/tpm/var/lib/tpm/system.data b/initramfs/tpm/var/lib/tpm/system.data
new file mode 100644
index 00000000..ad10a1cd
Binary files /dev/null and b/initramfs/tpm/var/lib/tpm/system.data differ
-- 
cgit v1.2.3-55-g7522