1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
package main
import (
"bytes"
"io/ioutil"
"log"
"os"
"os/exec"
"github.com/google/go-tspi/tspi"
"github.com/google/go-tspi/tspiconst"
)
var wellKnown [20]byte
func main() {
enable := []byte("6")
activate := []byte("3")
val, err := ioutil.ReadFile("/sys/class/tpm/tpm0/device/enabled")
if os.IsNotExist(err) {
log.Fatalf("System has no tpm")
}
if bytes.Equal(val, []byte("0\n")) {
ioutil.WriteFile("/sys/class/tpm/tpm0/device/ppi/request", enable, 0664)
exec.Command("reboot", "").Run()
}
val, err = ioutil.ReadFile("/sys/class/tpm/tpm0/device/active")
if bytes.Equal(val, []byte("0\n")) {
ioutil.WriteFile("/sys/class/tpm/tpm0/device/ppi/request", activate, 0664)
exec.Command("reboot", "").Run()
}
val, err = ioutil.ReadFile("/sys/class/tpm/tpm0/device/owned")
if bytes.Equal(val, []byte("0\n")) {
context, err := tspi.NewContext()
if err != nil {
log.Fatalf("Unable to create TSS context")
}
context.Connect()
tpm := context.GetTPM()
tpmpolicy, err := tpm.GetPolicy(tspiconst.TSS_POLICY_USAGE)
if err != nil {
log.Fatalf("Unable to obtain TPM policy")
}
err = tpmpolicy.SetSecret(tspiconst.TSS_SECRET_MODE_SHA1, wellKnown[:])
if err != nil {
log.Fatalf("Unable to set TPM policy")
}
srk, err := context.CreateKey(tspiconst.TSS_KEY_TSP_SRK | tspiconst.TSS_KEY_AUTHORIZATION)
if err != nil {
log.Fatalf("Unable to create SRK")
}
keypolicy, err := srk.GetPolicy(tspiconst.TSS_POLICY_USAGE)
if err != nil {
log.Fatalf("Unable to obtain SRK policy")
}
err = keypolicy.SetSecret(tspiconst.TSS_SECRET_MODE_SHA1, wellKnown[:])
if err != nil {
log.Fatalf("Unable to set SRK policy")
}
err = tpm.TakeOwnership(srk)
if err != nil {
log.Fatalf("Unable to take ownership of TPM: %v", err)
}
}
}
|
