1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# SPDX-License-Identifier: BSD-3-Clause
source helpers.sh
cleanup() {
tpm2 flushcontext session.ctx 2>/dev/null || true
rm -f session.ctx policy.pcr primary.ctx
if [ "${1}" != "no-shutdown" ]; then
shut_down
fi
}
trap cleanup EXIT
start_up
cleanup "no-shutdown"
tpm2 clear
tpm2 changeauth -c e endorsementpassword
tpm2 startauthsession -S session.ctx
tpm2 policypcr -l sha256:0 -L policy.pcr -S session.ctx
tpm2 flushcontext session.ctx
tpm2 setprimarypolicy -C e -L policy.pcr -g sha256 -P endorsementpassword
#
# Try changing the endorsement hierarchy password with the policy
#
tpm2 startauthsession -S session.ctx --policy-session
tpm2 policypcr -l sha256:0 -S session.ctx
tpm2 changeauth -c e -p session:session.ctx newendorsementpassword
tpm2 flushcontext session.ctx
#
# Use the new password to create a primary key
#
tpm2 createprimary -C e -c primary.ctx -P newendorsementpassword
exit 0
|
