feat(tpm2-tss): introducing the tpm2-tss module

Introducing the tpm2-tss module
dracutdevs · May 3, 2021 · 8743b07 · 8743b07
1 parent 69f4e7c
commit 8743b07
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 0 deletions.
diff --git a/dracut.spec b/dracut.spec
@@ -367,6 +367,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
 %{dracutlibdir}/modules.d/90qemu
 %{dracutlibdir}/modules.d/91crypt-gpg
 %{dracutlibdir}/modules.d/91crypt-loop
+%{dracutlibdir}/modules.d/91tpm2-tss
 %{dracutlibdir}/modules.d/95debug
 %{dracutlibdir}/modules.d/95fstab-sys
 %{dracutlibdir}/modules.d/95lunmask

diff --git a/modules.d/91tpm2-tss/module-setup.sh b/modules.d/91tpm2-tss/module-setup.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+# This file is part of dracut.
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+# Prerequisite check(s) for module.
+check() {
+
+    # Return 255 to only include the module, if another module requires it.
+    return 255
+
+}
+
+# Module dependency requirements.
+depends() {
+
+    # This module has external dependency on other module(s).
+    echo systemd-sysusers systemd-udev
+    # Return 0 to include the dependent module(s) in the initramfs.
+    return 0
+
+}
+
+# Install kernel module(s).
+installkernel() {
+    instmods '=drivers/char/tpm'
+}
+
+# Install the required file(s) and directories for the module in the initramfs.
+install() {
+
+    inst_multiple -o \
+        "$sysusers"/tpm2-tss.conf \
+        "$tmpfilesdir"/tpm2-tss-fapi.conf \
+        "$udevrulesdir"/60-tpm-udev.rules \
+        tpm2_pcrread tpm2_pcrextend tpm2_createprimary tpm2_createpolicy \
+        tpm2_create tpm2_load tpm2_unseal tpm2
+
+    # Install library file(s)
+    _arch=${DRACUT_ARCH:-$(uname -m)}
+    inst_libdir_file \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-esys.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-fapi.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-mu.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-rc.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-sys.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-cmd.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-device.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-mssim.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tcti-swtpm.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libtss2-tctildr.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libcryptsetup.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libcurl.so.*" \
+        {"tls/$_arch/",tls/,"$_arch/",}"libjson-c.so.*"
+
+    # Install the hosts local user configurations if enabled.
+    if [[ $hostonly ]]; then
+        inst_multiple -H -o \
+            "$udevrulesdir"/60-tpm-udev.rules \
+            /etc/tpm2-tss/fapi-config.json \
+            "/etc/tpm2-tss/fapi-profiles/*.json"
+    fi
+
+}