Commit a5e70952 authored by Mike Hibler's avatar Mike Hibler

Integrate rc.tpmsetup.

This script will only do something in a Linux MFS which has trousers installed.
parent 000ac229
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2004-2011 University of Utah and the Flux Group.
# Copyright (c) 2004-2012 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -86,7 +86,8 @@ my %bootscript_args = ( 'rc.accounts' => $updatemasterpasswdfiles ?
if (MFS()) {
@bootscripts = ("rc.misc", "rc.localize", "rc.mounts", "rc.accounts",
"rc.hostnames", "rc.keys", "rc.tarfiles", "rc.rpms");
"rc.hostnames", "rc.keys", "rc.tarfiles", "rc.rpms",
"rc.tpmsetup");
}
elsif (FAKEJAILED()) {
@bootscripts = ("rc.misc", "rc.keys", "rc.route", "rc.tunnels",
......
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2009 University of Utah and the Flux Group.
# Copyright (c) 2009-2012 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -42,10 +42,33 @@ use librc;
#my $RCDIR = "$BINDIR/rc";
#
# Not all clients support this.
# Make sure we have a TPM.
# For now this means we are running Linux MFS and trousers is installed.
#
#exit(0)
# if (MFS());
sub gottpm()
{
# must be MFS..
if (MFS()) {
my $sysname = `uname -s`;
chomp($sysname);
# ..and Linux
if ($sysname eq "Linux") {
# ..and have trousers
if (-x "/usr/sbin/tcsd") {
return 1;
}
# XXX right now only warn if Linux MFS
print STDERR "WARNING: no TPM support, setup skipped\n";
}
}
return 0;
}
exit(0)
if (!gottpm());
# Protos.
sub doboot();
......@@ -109,24 +132,24 @@ sub doboot()
#if (tmcc(TMCCCMD_TPMBLOB, "hex", \@tpmblob) < 0) {
if (tmcc(TMCCCMD_TPMBLOB, undef, \@tpmblob) < 0) {
#fatal("Could not get tpmblob from server");
print STDOUT "Could not get tpmblob from server";
print STDOUT "Could not get tpmblob from server\n";
return;
}
$str = $tpmblob[0];
if(!$str) {
if (!$str) {
#fatal("no tpmblob in database")
print STDOUT "no tpmblob in database";
print STDOUT "no tpmblob in database\n";
return;
}
# Sanity check and trim BLOB= or BLOBHEX=
if($str =~ /^BLOBHEX=/){
if ($str =~ /^BLOBHEX=/) {
$str = substr($str, 8);
}elsif($str =~ /^BLOB=/){
} elsif ($str =~ /^BLOB=/) {
$str = substr($str, 5);
}else{
} else {
#fatal("corrupt key blob: @tpmblob");
print STDOUT "corrupt key blob: @tpmblob";
print STDOUT "corrupt key blob: @tpmblob\n";
return;
}
......@@ -141,30 +164,30 @@ sub doboot()
if (tmcc(TMCCCMD_TPMPUB, undef, \@tpmpub) < 0) {
#fatal("Could not get tpmpub from server");
print STDOUT "Could not get tpmpub from server";
print STDOUT "Could not get tpmpub from server\n";
return;
}
$str = $tpmpub[0];
if(!$str) {
if (!$str) {
#fatal("no tpm x509 cert in database")
print STDOUT "no tpm x509 cert in database";
print STDOUT "no tpm x509 cert in database\n";
return;
}
# Trim TPMPUB=
if($str =~ /^TPMPUB=/){
if ($str =~ /^TPMPUB=/){
$str = substr($str, 7);
}else{
} else {
#fatal("bogus tpmpub: @tpmpub");
print STDOUT "bogus tpmpub: @tpmpub";
print STDOUT "bogus tpmpub: @tpmpub\n";
return;
}
open(FD, ">$BINDIR/tpm.cert");
print FD $str;
$size = @tpmpub;
for($i = 1;$i < $size;$i++){
for($i = 1; $i < $size; $i++) {
print FD $tpmpub[$i];
}
close(FD);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment