Documentation
¶
Index ¶
- Constants
- Variables
- func CryptsetupClose(deviceName string) error
- func CryptsetupFormat(keyPath string, devicePath string) error
- func CryptsetupOpen(keyPath string, devicePath string) (string, error)
- func DynamicPCR(pcrIndex int) error
- func ExtendPCR(pcrIndex int, hash []byte, algoID tpm.IAlgHash) error
- func FirmwareLogPCR(pcrIndex int, firmware tpm.FirmwareType) error
- func LuksPCR(pcrIndex int, devicePath string, algoID tpm.IAlgHash) error
- func MeasurePCR(pcrIndex int, filePath string, algoID tpm.IAlgHash) error
- func MountKeystore() (string, error)
- func PreCalculate(tpmInterface tpm.TPM, sealingConfigPath string) (map[int][]byte, error)
- func StaticPCR(pcrIndex int, hash []byte)
- func UnmountKeystore(target string) error
- type BootloaderType
- type CalculateType
- type PreCalculation
- type TPM1SealingConfig
Constants ¶
View Source
const ( // CryptsetupBinary name CryptsetupBinary = "cryptsetup" // DefaultFormatParams is a default cryptsetup secure option list DefaultFormatParams = "-c aes-xts-essiv:sha256 -s 512 -y --use-random -q" // DefaultKeyPath is the tmpfs directory for storing keys DefaultKeyPath = "/tmp/tpmtool" // TmpfsFsName is the linux tpmfs fs name TmpfsFsName = "tmpfs" // DefaultDevMapperPath is the standard Linux device mapper path DefaultDevMapperPath = "/dev/mapper/" )
View Source
const Luks1HeaderLength = 2048
Luks1HeaderLength is the LUKS1 header length
Variables ¶
View Source
var CurrentPCRMap map[int][]byte
CurrentPCRMap is the current used PCR map and a copy of the default map
View Source
var TPM1DefaultPCRMap = map[int][]byte{ 0: make([]byte, 20), 1: make([]byte, 20), 2: make([]byte, 20), 3: make([]byte, 20), 4: make([]byte, 20), 5: make([]byte, 20), 6: make([]byte, 20), 7: make([]byte, 20), 8: make([]byte, 20), 9: make([]byte, 20), 10: make([]byte, 20), 11: make([]byte, 20), 12: make([]byte, 20), 13: make([]byte, 20), 14: make([]byte, 20), 15: make([]byte, 20), 16: make([]byte, 20), 17: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 18: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 19: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 20: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 21: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 22: []byte{'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f', 'f'}, 23: make([]byte, 20), }
TPM1DefaultPCRMap is the TPM 1.2 default PCR map after a power cycle without any measurements done
View Source
var TPMInterface tpm.TPM
TPMInterface is a global TPM interface
View Source
var ( // TmpfsFsOptions are secure fs options TmpfsFsOptions string )
Functions ¶
func CryptsetupClose ¶
CryptsetupClose closes a LUKS device
func CryptsetupFormat ¶
CryptsetupFormat formats a device with LUKS
func CryptsetupOpen ¶
CryptsetupOpen opens a LUKS device
func DynamicPCR ¶
DynamicPCR gets the current PCR and populates it into the map
func FirmwareLogPCR ¶
func FirmwareLogPCR(pcrIndex int, firmware tpm.FirmwareType) error
FirmwareLogPCR uses the firmware ACPI log for extending PCRs
func MeasurePCR ¶
MeasurePCR measures a file into a PCR
func PreCalculate ¶
PreCalculate calculates a PCR map by a given sealing configuration doing different types of calculations in the right order
func UnmountKeystore ¶
UnmountKeystore unmounts the tpmfs key store
Types ¶
type BootloaderType ¶
type BootloaderType int
BootloaderType can be any bootloader
const ( // Systemboot is a LinuxBoot application Systemboot BootloaderType = 0 // Grub2 is the Grand Unified Bootloader Grub2 BootloaderType = 1 // SeaBios is an implementation of a legacy BIOS SeaBios BootloaderType = 2 )
type CalculateType ¶
type CalculateType string
CalculateType defines the calculation action for the PCR
const ( // Static is hash of type byte array Static CalculateType = "static" // Dynamic is the current lookup of the PCR value Dynamic CalculateType = "dynamic" // Extend a hash into a PCR Extend CalculateType = "extend" // Measure a file into a PCR Measure CalculateType = "measure" // FirmwareLog is the TCPA ACPI log FirmwareLog CalculateType = "log" // Firmware which is platform specific Firmware CalculateType = "firmware" // Bootloader is the payload of the firmware Bootloader CalculateType = "bootloader" // Luks header of a block device Luks CalculateType = "luks" // Exclude a PCR from calculation Exclude CalculateType = "exclude" )
type PreCalculation ¶
type PreCalculation struct {
Method CalculateType
Hash string
DevicePath string
Firmware tpm.FirmwareType
Hashes []string
FilePaths []string
}
PreCalculation structure
type TPM1SealingConfig ¶
type TPM1SealingConfig struct {
Pcr0 []PreCalculation
Pcr1 []PreCalculation
Pcr2 []PreCalculation
Pcr3 []PreCalculation
Pcr4 []PreCalculation
Pcr5 []PreCalculation
Pcr6 []PreCalculation
Pcr7 []PreCalculation
Pcr8 []PreCalculation
Pcr9 []PreCalculation
Pcr10 []PreCalculation
Pcr11 []PreCalculation
Pcr12 []PreCalculation
Pcr13 []PreCalculation
Pcr14 []PreCalculation
Pcr15 []PreCalculation
Pcr16 []PreCalculation
Pcr17 []PreCalculation
Pcr18 []PreCalculation
Pcr19 []PreCalculation
Pcr20 []PreCalculation
Pcr21 []PreCalculation
Pcr22 []PreCalculation
Pcr23 []PreCalculation
}
TPM1SealingConfig is a TPM1 sealing configuration
Source Files
Click to show internal directories.
Click to hide internal directories.