From fb3c135906cab203cfd11b3cb4a502ef8530987a Mon Sep 17 00:00:00 2001

From: Nathaniel McCallum <npmccallum@redhat.com>

Date: Mon, 9 Jul 2018 08:47:14 +0200

Subject: [PATCH] Add support for TPM 2.0

---

 Makefile.am                   |   5 ++

 configure.ac                  |  11 +++

 doc/clevis-encrypt-tpm2.1     | 142 +++++++++++++++++++++++++++++++

 doc/clevis-encrypt-tpm2.1.md  | 108 +++++++++++++++++++++++

 doc/clevis.1                  |  40 ++++++++-

 src/Makefile.am               |   6 ++

 src/clevis-decrypt-tpm2       | 126 +++++++++++++++++++++++++++

 src/clevis-encrypt-tpm2       | 156 ++++++++++++++++++++++++++++++++++

 src/dracut/module-setup.sh.in |  23 +++++

 9 files changed, 615 insertions(+), 2 deletions(-)

 create mode 100644 doc/clevis-encrypt-tpm2.1

 create mode 100644 doc/clevis-encrypt-tpm2.1.md

 create mode 100755 src/clevis-decrypt-tpm2

 create mode 100755 src/clevis-encrypt-tpm2

diff --git a/Makefile.am b/Makefile.am

index 141642a..75f9745 100644

--- a/Makefile.am

+++ b/Makefile.am

@@ -14,3 +14,8 @@ dist_man1_MANS = \

     doc/clevis-luks-bind.1 \

     doc/clevis-decrypt.1 \

     doc/clevis.1

+

+if HAVE_TPM2_TOOLS

+    dist_man1_MANS += \

+    doc/clevis-encrypt-tpm2.1

+endif

diff --git a/configure.ac b/configure.ac

index f9ed01a..313f64e 100644

--- a/configure.ac

+++ b/configure.ac

@@ -54,6 +54,17 @@ fi

 AC_SUBST(SD_ACTIVATE)

+for ac_prog in createprimary pcrlist createpolicy create load unseal; do

+    unset TPM2_TOOLS

+    unset ac_cv_prog_TPM2_TOOLS

+    AC_CHECK_PROG([TPM2_TOOLS], [tpm2_$ac_prog], [yes])

+    test -z "$TPM2_TOOLS" && break

+done

+

+test -n "$TPM2_TOOLS" || AC_MSG_WARN([tpm2_$ac_prog not found, tpm2 pin won't be installed])

+

+AM_CONDITIONAL([HAVE_TPM2_TOOLS], [test -n "$TPM2_TOOLS"])

+

 AC_ARG_ENABLE([user],

               AS_HELP_STRING([--enable-user=USER],

                              [Set unprivileged user (default: root)]),

diff --git a/doc/clevis-encrypt-tpm2.1 b/doc/clevis-encrypt-tpm2.1

new file mode 100644

index 0000000..096ad23

--- /dev/null

+++ b/doc/clevis-encrypt-tpm2.1

@@ -0,0 +1,142 @@

+.\" Automatically generated by Pandoc 1.19.1

+.\"

+.TH "CLEVIS\-ENCRYPT\-TPM2" "1" "November 2017" "" ""

+.hy

+.SH NAME

+.PP

+clevis\-encrypt\-tpm2 \-\- Encrypts using a TPM2.0 chip binding policy

+.SH SYNOPSIS

+.PP

+\f[C]clevis\ encrypt\ tpm2\f[] CONFIG < PT > JWE

+.SH OVERVIEW

+.PP

+The \f[C]clevis\ encrypt\ tpm2\f[] command encrypts using a Trusted

+Platform Module 2.0 (TPM2) chip.

+Its only argument is the JSON configuration object.

+.PP

+When using the tpm2 pin, we create a new, cryptographically\-strong,

+random key.

+This key is encrypted using the TPM2 chip.

+Then at decryption time, the key is decrypted again using the TPM2 chip.

+.IP

+.nf

+\f[C]

+$\ clevis\ encrypt\ tpm2\ \[aq]{}\[aq]\ <\ PT\ >\ JWE

+\f[]

+.fi

+.PP

+The pin has reasonable defaults for its configuration, but a different

+hierarchy, hash, and key algorithms can be chosen if the defaults used

+are not suitable:

+.IP

+.nf

+\f[C]

+$\ clevis\ encrypt\ tpm2\ \[aq]{"hash":"sha1","key":"rsa"}\[aq]\ <\ PT\ >\ JWE

+\f[]

+.fi

+.PP

+To decrypt the data, simply provide the ciphertext (JWE):

+.IP

+.nf

+\f[C]

+$\ clevis\ decrypt\ <\ JWE\ >\ PT

+\f[]

+.fi

+.PP

+Note that like other pins no configuration is used for decryption, this

+is due clevis storing the public and private keys to unseal the TPM2

+encrypted object in the JWE so clevis can fetch that information from

+there.

+.PP

+The pin also supports sealing data to a Platform Configuration Registers

+(PCR) state.

+That way the data can only be unsealed if the PCRs hashes values match

+the policy used when sealing.

+.PP

+For example, to seal the data to the PCR with index 0 and 1 for the SHA1

+bank:

+.IP

+.nf

+\f[C]

+$\ clevis\ encrypt\ tpm2\ \[aq]{"pcr_bank":"sha1","pcr_ids":"0,1"}\[aq]\ <\ PT\ >\ JWE

+\f[]

+.fi

+.PP

+The PCR digest values are looked up from the current hash values for the

+PCRs, but a digest can also be provided if the data needs to be sealed

+with values different to the current ones, by passing the binary hash

+encoded in base64:

+.IP

+.nf

+\f[C]

+$\ clevis\ encrypt\ tpm2\ \[aq]{"pcr_ids":"0","pcr_digest":"xy7J5svCtqlfM03d1lE5gdoA8MI"}\[aq]\ <\ PT\ >\ JWE

+\f[]

+.fi

+.SH Threat model

+.PP

+The Clevis security model relies in the fact that an attacker will not

+be able to access both the encrypted data and the decryption key.

+.PP

+For most Clevis pins, the decryption key is not locally stored, so the

+decryption policy is only satisfied if the decryption key can be

+remotely accessed.

+It could for example be stored in a remote server or in a hardware

+authentication device that has to be plugged into the machine.

+.PP

+The tpm2 pin is different in this regard, since a key is wrapped by a

+TPM2 chip that is always present in the machine.

+This does not mean that there are not use cases for this pin, but it is

+important to understand the fact that an attacker that has access to

+both the encrypted data and the local TPM2 chip will be able to decrypt

+the data.

+.SH CONFIG

+.PP

+This command uses the following configuration properties:

+.IP \[bu] 2

+\f[C]hash\f[] (string) : Hash algorithm used in the computation of the

+object name (default: sha256)

+.PP

+It must be one of the following:

+.IP \[bu] 2

+\f[C]sha1\f[]

+.IP \[bu] 2

+\f[C]sha256\f[]

+.IP \[bu] 2

+\f[C]sha384\f[]

+.IP \[bu] 2

+\f[C]sha512\f[]

+.IP \[bu] 2

+\f[C]sm3_256\f[]

+.IP \[bu] 2

+\f[C]key\f[] (string) : Algorithm type for the generated key (default:

+ecc)

+.PP

+It must be one of the following:

+.IP \[bu] 2

+\f[C]rsa\f[]

+.IP \[bu] 2

+\f[C]keyedhash\f[]

+.IP \[bu] 2

+\f[C]ecc\f[]

+.IP \[bu] 2

+\f[C]symcipher\f[]

+.IP \[bu] 2

+\f[C]pcr_bank\f[] (string) : PCR algorithm bank to use for policy

+(default: sha1)

+.PP

+It must be one of the following:

+.IP \[bu] 2

+\f[C]sha1\f[]

+.IP \[bu] 2

+\f[C]sha256\f[]

+.IP \[bu] 2

+\f[C]pcr_ids\f[] (string) : Comma separated list of PCR used for policy.

+If not present, no policy is used

+.IP \[bu] 2

+\f[C]pcr_digest\f[] (string) : Binary PCR hashes encoded in base64.

+If not present, the hash values are looked up

+.SH SEE ALSO

+.PP

+\f[C]clevis\-decrypt\f[](1)

+.SH AUTHORS

+Javier Martinez Canillas <javierm@redhat.com>.

diff --git a/doc/clevis-encrypt-tpm2.1.md b/doc/clevis-encrypt-tpm2.1.md

new file mode 100644

index 0000000..f533d67

--- /dev/null

+++ b/doc/clevis-encrypt-tpm2.1.md

@@ -0,0 +1,108 @@

+% CLEVIS-ENCRYPT-TPM2(1)

+% Javier Martinez Canillas <javierm@redhat.com>

+% November 2017

+

+# NAME

+

+clevis-encrypt-tpm2 -- Encrypts using a TPM2.0 chip binding policy

+

+# SYNOPSIS

+

+`clevis encrypt tpm2` CONFIG < PT > JWE

+

+# OVERVIEW

+

+The `clevis encrypt tpm2` command encrypts using a Trusted Platform Module 2.0

+(TPM2) chip. Its only argument is the JSON configuration object.

+

+When using the tpm2 pin, we create a new, cryptographically-strong, random key.

+This key is encrypted using the TPM2 chip.

+Then at decryption time, the key is decrypted again using the TPM2 chip.

+

+    $ clevis encrypt tpm2 '{}' < PT > JWE

+

+The pin has reasonable defaults for its configuration, but a different hierarchy,

+hash, and key algorithms can be chosen if the defaults used are not suitable:

+

+    $ clevis encrypt tpm2 '{"hash":"sha1","key":"rsa"}' < PT > JWE

+

+To decrypt the data, simply provide the ciphertext (JWE):

+

+    $ clevis decrypt < JWE > PT

+

+Note that like other pins no configuration is used for decryption, this is due

+clevis storing the public and private keys to unseal the TPM2 encrypted object

+in the JWE so clevis can fetch that information from there.

+

+The pin also supports sealing data to a Platform Configuration Registers (PCR)

+state. That way the data can only be unsealed if the PCRs hashes values match

+the policy used when sealing.

+

+For example, to seal the data to the PCR with index 0 and 1 for the SHA1 bank:

+

+    $ clevis encrypt tpm2 '{"pcr_bank":"sha1","pcr_ids":"0,1"}' < PT > JWE

+

+The PCR digest values are looked up from the current hash values for the PCRs,

+but a digest can also be provided if the data needs to be sealed with values

+different to the current ones, by passing the binary hash encoded in base64:

+

+    $ clevis encrypt tpm2 '{"pcr_ids":"0","pcr_digest":"xy7J5svCtqlfM03d1lE5gdoA8MI"}' < PT > JWE

+

+# Threat model

+

+The Clevis security model relies in the fact that an attacker will not be able to

+access both the encrypted data and the decryption key.

+

+For most Clevis pins, the decryption key is not locally stored, so the decryption

+policy is only satisfied if the decryption key can be remotely accessed. It could

+for example be stored in a remote server or in a hardware authentication device

+that has to be plugged into the machine.

+

+The tpm2 pin is different in this regard, since a key is wrapped by a TPM2 chip

+that is always present in the machine. This does not mean that there are not use

+cases for this pin, but it is important to understand the fact that an attacker

+that has access to both the encrypted data and the local TPM2 chip will be able

+to decrypt the data.

+

+# CONFIG

+

+This command uses the following configuration properties:

+

+* `hash`  (string) :

+  Hash algorithm used in the computation of the object name (default: sha256)

+

+  It must be one of the following:

+

+  * `sha1`

+  * `sha256`

+  * `sha384`

+  * `sha512`

+  * `sm3_256`

+

+* `key`  (string) :

+  Algorithm type for the generated key (default: ecc)

+

+  It must be one of the following:

+

+  * `rsa`

+  * `keyedhash`

+  * `ecc`

+  * `symcipher`

+

+* `pcr_bank`  (string) :

+  PCR algorithm bank to use for policy (default: sha1)

+

+  It must be one of the following:

+

+  * `sha1`

+  * `sha256`

+

+* `pcr_ids`  (string) :

+  Comma separated list of PCR used for policy. If not present, no policy is used

+

+* `pcr_digest`  (string) :

+  Binary PCR hashes encoded in base64. If not present, the hash values are looked up

+

+# SEE ALSO

+

+`clevis-decrypt`(1)

diff --git a/doc/clevis.1 b/doc/clevis.1

index 3d4a10d..0937533 100644

--- a/doc/clevis.1

+++ b/doc/clevis.1

@@ -80,6 +80,42 @@ $\ clevis\ decrypt\ <\ JWE\ >\ PT

 .fi

 .PP

 For more information, see \f[C]clevis\-encrypt\-tang\f[](1).

+.SH TPM2 BINDING

+.PP

+Clevis provides support to encrypt a key in a Trusted Platform Module

+2.0 (TPM2) chip.

+The cryptographically\-strong, random key used for encryption is

+encrypted using the TPM2 chip, and then at decryption time is decrypted

+using the TPM2 to allow clevis to decrypt the secret stored in the JWE.

+.PP

+Encrypting data using the tpm2 pin works the same than the pins

+mentioned above:

+.IP

+.nf

+\f[C]

+$\ clevis\ encrypt\ tpm2\ \[aq]{}\[aq]\ <\ PT\ >\ JWE

+\f[]

+.fi

+.PP

+The pin has reasonable defaults for its configuration, but a different

+hierarchy, hash, and key algorithms can be chosen if the defaults used

+are not suitable.

+.PP

+Decryption also works similar to other pins, only the JWE needs to be

+provided:

+.IP

+.nf

+\f[C]

+$\ clevis\ decrypt\ <\ JWE\ >\ PT

+\f[]

+.fi

+.PP

+Note that like other pins no configuration is used for decryption, this

+is due clevis storing the public and private keys to unseal the TPM2

+encrypted object in the JWE so clevis can fetch that information from

+there.

+.PP

+For more information see \f[C]clevis\-encrypt\-tpm2\f[](1).

 .SH SHAMIR\[aq]S SECRET SHARING

 .PP

 Clevis provides a way to mix pins together to create sophisticated

@@ -151,7 +187,7 @@ For more information, see \f[C]clevis\-luks\-bind\f[](1).

 .SH SEE ALSO

 .PP

 \f[C]clevis\-encrypt\-http\f[](1), \f[C]clevis\-encrypt\-tang\f[](1),

-\f[C]clevis\-encrypt\-sss\f[](1), \f[C]clevis\-luks\-bind\f[](1),

-\f[C]clevis\-decrypt\f[](1)

+\f[C]clevis\-encrypt\-tpm2\f[](1), \f[C]clevis\-encrypt\-sss\f[](1),

+\f[C]clevis\-luks\-bind\f[](1), \f[C]clevis\-decrypt\f[](1)

 .SH AUTHORS

 Nathaniel McCallum <npmccallum@redhat.com>.

diff --git a/src/Makefile.am b/src/Makefile.am

index 244874b..8562502 100644

--- a/src/Makefile.am

+++ b/src/Makefile.am

@@ -25,6 +25,12 @@ dist_bin_SCRIPTS = \

     clevis-decrypt \

     clevis

+if HAVE_TPM2_TOOLS

+    dist_bin_SCRIPTS += \

+    clevis-encrypt-tpm2 \

+    clevis-decrypt-tpm2

+endif

+

 clevis_encrypt_sss_SOURCES = clevis-encrypt-sss.c sss.c sss.h

 clevis_decrypt_sss_SOURCES = clevis-decrypt-sss.c sss.c sss.h

 clevis_encrypt_sss_LDADD = @jose_LIBS@ @libcrypto_LIBS@

diff --git a/src/clevis-decrypt-tpm2 b/src/clevis-decrypt-tpm2

new file mode 100755

index 0000000..f3871d8

--- /dev/null

+++ b/src/clevis-decrypt-tpm2

@@ -0,0 +1,126 @@

+#!/bin/bash -e

+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:

+#

+# Copyright (c) 2017 Red Hat, Inc.

+# Author: Javier Martinez Canillas <javierm@redhat.com>

+#

+# This program is free software: you can redistribute it and/or modify

+# it under the terms of the GNU General Public License as published by

+# the Free Software Foundation, either version 3 of the License, or

+# (at your option) any later version.

+#

+# This program is distributed in the hope that it will be useful,

+# but WITHOUT ANY WARRANTY; without even the implied warranty of

+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+# GNU General Public License for more details.

+#

+# You should have received a copy of the GNU General Public License

+# along with this program.  If not, see <http://www.gnu.org/licenses/>.

+#

+

+# The owner hierarchy is the one that should be used by the Operating System.

+auth="o"

+

+function on_exit() {

+    if ! rm -r $TMP; then

+        echo "Delete temporary files failed!" >&2

+        exit 1

+    fi

+}

+

+[ $# -eq 1 -a "$1" == "--summary" ] && exit 1

+

+if [ -t 0 ]; then

+    echo >&2

+    echo "Usage: clevis decrypt tpm2 < JWE > PLAINTEXT" >&2

+    echo >&2

+    exit 1

+fi

+

+export TPM2TOOLS_TCTI_NAME=device

+export TPM2TOOLS_DEVICE_FILE=`ls /dev/tpmrm? 2>/dev/null`

+

+if [ -z "${TPM2TOOLS_DEVICE_FILE[0]}" ]; then

+    echo "A TPM2 device with the in-kernel resource manager is needed!" >&2

+    exit 1

+fi

+

+if ! [[ -r "${TPM2TOOLS_DEVICE_FILE[0]}" && -w "${TPM2TOOLS_DEVICE_FILE[0]}" ]]; then

+    echo "The ${TPM2TOOLS_DEVICE_FILE[0]} device must be readable and writable!" >&2

+    exit 1

+fi

+

+read -d . hdr

+

+if ! jhd=`jose b64 dec -i- <<< "$hdr"`; then

+    echo "Error decoding JWE protected header!" >&2

+    exit 1

+fi

+

+if [ `jose fmt -j- -Og clevis -g pin -u- <<< "$jhd"` != "tpm2" ]; then

+    echo "JWE pin mismatch!" >&2

+    exit 1

+fi

+

+if ! hash=`jose fmt -j- -Og clevis -g tpm2 -g hash -Su- <<< "$jhd"`; then

+    echo "JWE missing required 'hash' header parameter!" >&2

+    exit 1

+fi

+

+if ! key=`jose fmt -j- -Og clevis -g tpm2 -g key -Su- <<< "$jhd"`; then

+    echo "JWE missing required 'key' header parameter!" >&2

+    exit 1

+fi

+

+if ! jwk_pub=`jose fmt -j- -Og clevis -g tpm2 -g jwk_pub -Su- <<< "$jhd"`; then

+    echo "JWE missing required 'key' header parameter!" >&2

+    exit 1

+fi

+

+if ! jwk_priv=`jose fmt -j- -Og clevis -g tpm2 -g jwk_priv -Su- <<< "$jhd"`; then

+    echo "JWE missing required 'key' header parameter!" >&2

+    exit 1

+fi

+

+if ! TMP=`mktemp -d`; then

+    echo "Creating a temporary dir for TPM files failed!" >&2

+    exit 1

+fi

+

+trap 'on_exit' EXIT

+

+pcr_ids=`jose fmt -j- -Og clevis -g tpm2 -g pcr_ids -Su- <<< "$jhd"` || true

+

+if [ -n "$pcr_ids" ]; then

+    pcr_bank=`jose fmt -j- -Og clevis -g tpm2 -g pcr_bank -Su- <<< "$jhd"`

+    policy_options="-L $pcr_bank:$pcr_ids"

+fi

+

+if ! `jose b64 dec -i- -O $TMP/jwk.pub <<< "$jwk_pub"`; then

+    echo "Decoding jwk.pub from Base64 failed!" >&2

+    exit 1

+fi

+

+if ! `jose b64 dec -i- -O $TMP/jwk.priv <<< "$jwk_priv"`; then

+    echo "Decoding jwk.priv from Base64 failed!" >&2

+    exit 1

+fi

+

+if ! tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" \

+     -C $TMP/primary.context 2>/dev/null; then

+    echo "Creating TPM2 primary key failed!" >&2

+    exit 1

+fi

+

+if ! tpm2_load -Q -c $TMP/primary.context -u $TMP/jwk.pub -r $TMP/jwk.priv \

+     -C $TMP/load.context 2>/dev/null; then

+    echo "Loading jwk to TPM2 failed!" >&2

+    exit 1

+fi

+

+if ! jwk=`tpm2_unseal -c $TMP/load.context $policy_options 2>/dev/null`; then

+    echo "Unsealing jwk from TPM failed!" >&2

+    exit 1

+fi

+

+jose jwe dec -k- -i- < <(echo -n "$jwk$hdr."; cat)

diff --git a/src/clevis-encrypt-tpm2 b/src/clevis-encrypt-tpm2

new file mode 100755

index 0000000..b99aa97

--- /dev/null

+++ b/src/clevis-encrypt-tpm2

@@ -0,0 +1,156 @@

+#!/bin/bash -e

+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:

+#

+# Copyright (c) 2017 Red Hat, Inc.

+# Author: Javier Martinez Canillas <javierm@redhat.com>

+#

+# This program is free software: you can redistribute it and/or modify

+# it under the terms of the GNU General Public License as published by

+# the Free Software Foundation, either version 3 of the License, or

+# (at your option) any later version.

+#

+# This program is distributed in the hope that it will be useful,

+# but WITHOUT ANY WARRANTY; without even the implied warranty of

+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+# GNU General Public License for more details.

+#

+# You should have received a copy of the GNU General Public License

+# along with this program.  If not, see <http://www.gnu.org/licenses/>.

+#

+

+SUMMARY="Encrypts using a TPM2.0 chip binding policy"

+# The owner hierarchy is the one that should be used by the Operating System.

+auth="o"

+# Algorithm type must be keyedhash for object with user provided sensitive data.

+alg_create_key="keyedhash"

+# Attributes for the created TPM2 object with the JWK as sensitive data.

+obj_attr="fixedtpm|fixedparent|sensitivedataorigin|noda|adminwithpolicy"

+

+function on_exit() {

+    if ! rm -rf $TMP; then

+        echo "Delete temporary files failed!" >&2

+        exit 1

+    fi

+}

+

+if [ "$1" == "--summary" ]; then

+    echo "$SUMMARY"

+    exit 0

+fi

+

+if [ -t 0 ]; then

+    echo >&2

+    echo "Usage: clevis encrypt tpm2 CONFIG < PLAINTEXT > JWE" >&2

+    echo >&2

+    echo $SUMMARY >&2

+    echo >&2

+    echo "This command uses the following configuration properties:" >&2

+    echo >&2

+    echo "  hash: <string>  Hash algorithm used in the computation of the object name (default: sha256)" >&2

+    echo >&2

+    echo "  key: <string>   Algorithm type for the generated key (default: ecc)" >&2

+    echo >&2

+    echo "  pcr_bank: <string>   PCR algorithm bank to use for policy (default: sha1)" >&2

+    echo >&2

+    echo "  pcr_ids: <string>   PCR list used for policy. If not present, no policy is used" >&2

+    echo >&2

+    echo "  pcr_digest: <string>   Binary PCR hashes encoded in base64. If not present, the hash values are looked up" >&2

+    echo >&2

+    exit 1

+fi

+

+export TPM2TOOLS_TCTI_NAME=device

+export TPM2TOOLS_DEVICE_FILE=`ls /dev/tpmrm? 2>/dev/null`

+

+if [ -z "${TPM2TOOLS_DEVICE_FILE[0]}" ]; then

+    echo "A TPM2 device with the in-kernel resource manager is needed!" >&2

+    exit 1

+fi

+

+if ! [[ -r "${TPM2TOOLS_DEVICE_FILE[0]}" && -w "${TPM2TOOLS_DEVICE_FILE[0]}" ]]; then

+    echo "The ${TPM2TOOLS_DEVICE_FILE[0]} device must be readable and writable!" >&2

+    exit 1

+fi

+

+if ! cfg=`jose fmt -j "$1" -Oo- 2>/dev/null`; then

+    echo "Configuration is malformed!" >&2

+    exit 1

+fi

+

+hash=`jose fmt -j- -Og hash -u- <<< "$cfg"` || hash="sha256"

+

+key=`jose fmt -j- -Og key -u- <<< "$cfg"` || key="ecc"

+

+pcr_bank=`jose fmt -j- -Og pcr_hash -u- <<< "$cfg"` || pcr_bank="sha1"

+

+pcr_ids=`jose fmt -j- -Og pcr_ids -u- <<< "$cfg"` || true

+

+pcr_digest=`jose fmt -j- -Og pcr_digest -u- <<< "$cfg"` || true

+

+if ! jwk=`jose jwk gen -i '{"alg":"A256GCM"}'`; then

+    echo "Generating a jwk failed!" >&2

+    exit 1

+fi

+

+if ! TMP=`mktemp -d`; then

+    echo "Creating a temporary dir for TPM files failed!" >&2

+    exit 1

+fi

+

+trap 'on_exit' EXIT

+

+if ! tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C $TMP/primary.context; then

+    echo "Creating TPM2 primary key failed!" >&2

+    exit 1

+fi

+

+if [ -n "$pcr_ids" ]; then

+    if [ -z "$pcr_digest" ]; then

+        if ! tpm2_pcrlist -Q -L "$pcr_bank":"$pcr_ids" -o $TMP/pcr.digest; then

+            echo "Creating PCR hashes file failed!" >&2

+            exit 1

+        fi

+    else

+        if ! jose b64 dec -i- -O "$TMP"/pcr.digest <<< "$pcr_digest"; then

+            echo "Error decoding PCR digest!" >&2

+            exit 1

+        fi

+    fi

+

+    if ! tpm2_createpolicy -Q -P -L "$pcr_bank":"$pcr_ids" -F $TMP/pcr.digest -f $TMP/pcr.policy; then

+        echo "create policy fail, please check the environment or parameters!"

+        exit 1

+    fi

+

+    policy_options="-L $TMP/pcr.policy"

+fi

+

+if ! tpm2_create -Q -g "$hash" -G "$alg_create_key" -c $TMP/primary.context -u $TMP/jwk.pub \

+     -r $TMP/jwk.priv -A "$obj_attr" $policy_options -I- <<< "$jwk"; then

+    echo "Creating TPM2 object for jwk failed!" >&2

+    exit 1

+fi

+

+if ! jwk_pub=`jose b64 enc -I $TMP/jwk.pub`; then

+    echo "Encoding jwk.pub in Base64 failed!" >&2

+    exit 1

+fi

+

+if ! jwk_priv=`jose b64 enc -I $TMP/jwk.priv`; then

+    echo "Encoding jwk.priv in Base64 failed!" >&2

+    exit 1

+fi

+

+jwe='{"protected":{"clevis":{"pin":"tpm2","tpm2":{}}}}'

+jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$hash" -s hash -UUUUo-`

+jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$key" -s key -UUUUo-`

+

+if [ -n "$pcr_ids" ]; then

+    jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$pcr_bank" -s pcr_bank -UUUUo-`

+    jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$pcr_ids" -s pcr_ids -UUUUo-`

+fi

+

+jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$jwk_pub" -s jwk_pub -UUUUo-`

+jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$jwk_priv" -s jwk_priv -UUUUo-`

+

+jose jwe enc -i- -k- -I- -c < <(echo -n "$jwe$jwk"; cat)

diff --git a/src/dracut/module-setup.sh.in b/src/dracut/module-setup.sh.in

index 5087d56..119762e 100755

--- a/src/dracut/module-setup.sh.in

+++ b/src/dracut/module-setup.sh.in

@@ -28,6 +28,8 @@ cmdline() {

 }

 install() {

+    local ret=0

+

     cmdline > "${initdir}/etc/cmdline.d/99clevis.conf"

     inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"

@@ -41,10 +43,31 @@ install() {

         clevis-decrypt \

         luksmeta \

         clevis \

+        mktemp \

         curl \

         jose \

         nc

+    for cmd in clevis-decrypt-tpm2 \

+	tpm2_createprimary \

+	tpm2_unseal \

+	tpm2_load; do

+

+	if ! find_binary "$cmd" &>/dev/null; then

+	    ((ret++))

+	fi

+    done

+

+    if (($ret == 0)); then