2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-25 11:01:09 +00:00

Explicitly check for TPM 2.0 before trying to use TPM 2.0

This commit is contained in:
Jarrod Johnson 2021-12-03 11:05:11 -05:00
parent d2435d315b
commit 0e1da6ebd6
2 changed files with 6 additions and 6 deletions

View File

@ -9,7 +9,7 @@ get_remote_apikey() {
if [ -z "$confluent_apikey" ]; then
echo "Unable to acquire node api key, set deployment.apiarmed=once on node '$nodename', retrying..."
sleep 10
elif [ -c /dev/tpm0 ]; then
elif [ -c /dev/tpmrm0 ]; then
tmpdir=$(mktemp -d)
cd $tmpdir
tpm2_startauthsession --session=session.ctx
@ -72,7 +72,7 @@ umask 0077
tpmdir=$(mktemp -d)
cd $tpmdir
lasthdl=""
if [ -c /dev/tpm0 ]; then
if [ -c /dev/tpmrm0 ]; then
for hdl in $(tpm2_getcap handles-persistent|awk '{print $2}'); do
tpm2_startauthsession --policy-session --session=session.ctx
tpm2_policypcr -Q --session=session.ctx --pcr-list="sha256:15" --policy=pcr15.sha256.policy
@ -134,7 +134,7 @@ while [ $ready = "0" ]; do
fi
rm $tmperr
done
if [ -c /dev/tpm0 ]; then
if [ -c /dev/tpmrm0 ]; then
tpm2_pcrextend 15:sha256=2fbe96c50dde38ce9cd2764ddb79c216cfbcd3499568b1125450e60c45dd19f2
fi
umask $oldumask

View File

@ -1,7 +1,7 @@
#!/bin/sh
get_tpm_apikey() {
lasthdl=""
if [ -c /dev/tpm0 ]; then
if [ -c /dev/tpmrm0 ]; then
for hdl in $(tpm2_getcap handles-persistent|awk '{print $2}'); do
tpm2_startauthsession --policy-session --session=session.ctx
tpm2_policypcr -Q --session=session.ctx --pcr-list="sha256:15" --policy=pcr15.sha256.policy
@ -36,7 +36,7 @@ get_remote_apikey() {
if [ -z "$confluent_apikey" ]; then
echo "Unable to acquire node api key, set deployment.apiarmed=once on node '$confluent_nodename', retrying..."
sleep 10
elif [ -c /dev/tpm0 ]; then
elif [ -c /dev/tpmrm0 ]; then
tmpdir=$(mktemp -d)
cd $tmpdir
tpm2_startauthsession --session=session.ctx
@ -136,7 +136,7 @@ done
/usr/sbin/sshd
mkdir -p /root/.ssh
cat /ssh/*pubkey > /root/.ssh/authorized_keys
if [ -c /dev/tpm0 ]; then
if [ -c /dev/tpmrm0 ]; then
tpm2_pcrextend 15:sha256=2fbe96c50dde38ce9cd2764ddb79c216cfbcd3499568b1125450e60c45dd19f2
fi
confluent_profile=$(grep ^profile: /etc/confluent/confluent.deploycfg| awk '{print $2}')