Documentation ¶
Index ¶
- Constants
- Variables
- func CryptsetupClose(deviceName string) error
- func CryptsetupFormat(keyPath string, devicePath string) error
- func CryptsetupOpen(keyPath string, devicePath string) (string, error)
- func DynamicPCR(pcrIndex int) error
- func ExtendPCR(pcrIndex int, hash []byte, algoID tpm.IAlgHash) error
- func FirmwareLogPCR(pcrIndex int, firmware tpm.FirmwareType) error
- func LuksPCR(pcrIndex int, devicePath string, algoID tpm.IAlgHash) error
- func MeasurePCR(pcrIndex int, filePath string, algoID tpm.IAlgHash) error
- func MountKeystore() (string, error)
- func PreCalculate(tpmInterface tpm.TPM, sealingConfigPath string) (map[int][]byte, error)
- func StaticPCR(pcrIndex int, hash []byte)
- func UnmountKeystore(target string) error
- type BootloaderType
- type CalculateType
- type PreCalculation
- type TPM1SealingConfig
Constants ¶
const ( // CryptsetupBinary name CryptsetupBinary = "cryptsetup" // DefaultFormatParams is a default cryptsetup secure option list DefaultFormatParams = "-c aes-xts-essiv:sha256 -s 512 -y --use-random -q" // DefaultKeyPath is the tmpfs directory for storing keys DefaultKeyPath = "/tmp/tpmtool" // TmpfsFsName is the linux tpmfs fs name TmpfsFsName = "tmpfs" // DefaultDevMapperPath is the standard Linux device mapper path DefaultDevMapperPath = "/dev/mapper/" )
const Luks1HeaderLength = 2048
Luks1HeaderLength is the LUKS1 header length
Variables ¶
var CurrentPCRMap map[int][]byte
CurrentPCRMap is the current used PCR map and a copy of the default map
var TPM1DefaultPCRMap = map[int][]byte{ 0: make([]byte, 20), 1: make([]byte, 20), 2: make([]byte, 20), 3: make([]byte, 20), 4: make([]byte, 20), 5: make([]byte, 20), 6: make([]byte, 20), 7: make([]byte, 20), 8: make([]byte, 20), 9: make([]byte, 20), 10: make([]byte, 20), 11: make([]byte, 20), 12: make([]byte, 20), 13: make([]byte, 20), 14: make([]byte, 20), 15: make([]byte, 20), 16: make([]byte, 20), 17: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 18: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 19: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 20: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 21: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 22: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 23: make([]byte, 20), }
TPM1DefaultPCRMap is the TPM 1.2 default PCR map after a power cycle without any measurements done
var TPMInterface tpm.TPM
TPMInterface is a global TPM interface
var ( // TmpfsFsOptions are secure fs options TmpfsFsOptions string )
Functions ¶
func CryptsetupClose ¶
CryptsetupClose closes a LUKS device
func CryptsetupFormat ¶
CryptsetupFormat formats a device with LUKS
func CryptsetupOpen ¶
CryptsetupOpen opens a LUKS device
func DynamicPCR ¶
DynamicPCR gets the current PCR and populates it into the map
func FirmwareLogPCR ¶
func FirmwareLogPCR(pcrIndex int, firmware tpm.FirmwareType) error
FirmwareLogPCR uses the firmware ACPI log for extending PCRs
func MeasurePCR ¶
MeasurePCR measures a file into a PCR
func PreCalculate ¶
PreCalculate calculates a PCR map by a given sealing configuration doing different types of calculations in the right order
func UnmountKeystore ¶
UnmountKeystore unmounts the tpmfs key store
Types ¶
type BootloaderType ¶
type BootloaderType int
BootloaderType can be any bootloader
const ( // Systemboot is a LinuxBoot application Systemboot BootloaderType = 0 // Grub2 is the Grand Unified Bootloader Grub2 BootloaderType = 1 // SeaBios is an implementation of a legacy BIOS SeaBios BootloaderType = 2 )
type CalculateType ¶
type CalculateType string
CalculateType defines the calculation action for the PCR
const ( // Static is hash of type byte array Static CalculateType = "static" // Dynamic is the current lookup of the PCR value Dynamic CalculateType = "dynamic" // Extend a hash into a PCR Extend CalculateType = "extend" // Measure a file into a PCR Measure CalculateType = "measure" // FirmwareLog is the TCPA ACPI log FirmwareLog CalculateType = "log" // Firmware which is platform specific Firmware CalculateType = "firmware" // Bootloader is the payload of the firmware Bootloader CalculateType = "bootloader" // Luks header of a block device Luks CalculateType = "luks" // Exclude a PCR from calculation Exclude CalculateType = "exclude" )
type PreCalculation ¶
type PreCalculation struct { Method CalculateType Hash string DevicePath string Firmware tpm.FirmwareType Hashes []string FilePaths []string }
PreCalculation structure
type TPM1SealingConfig ¶
type TPM1SealingConfig struct { Pcr0 []PreCalculation Pcr1 []PreCalculation Pcr2 []PreCalculation Pcr3 []PreCalculation Pcr4 []PreCalculation Pcr5 []PreCalculation Pcr6 []PreCalculation Pcr7 []PreCalculation Pcr8 []PreCalculation Pcr9 []PreCalculation Pcr10 []PreCalculation Pcr11 []PreCalculation Pcr12 []PreCalculation Pcr13 []PreCalculation Pcr14 []PreCalculation Pcr15 []PreCalculation Pcr16 []PreCalculation Pcr17 []PreCalculation Pcr18 []PreCalculation Pcr19 []PreCalculation Pcr20 []PreCalculation Pcr21 []PreCalculation Pcr22 []PreCalculation Pcr23 []PreCalculation }
TPM1SealingConfig is a TPM1 sealing configuration