Skip to content

Instantly share code, notes, and snippets.

@ToroNZ
Last active January 17, 2023 12:46
Show Gist options
  • Save ToroNZ/2b9f28c7d5e224a1c4f8c96a500a9bc4 to your computer and use it in GitHub Desktop.
Save ToroNZ/2b9f28c7d5e224a1c4f8c96a500a9bc4 to your computer and use it in GitHub Desktop.
TPM2 read the endorsement key, creating one if it does not already exist
#!/bin/sh
if [ "$USER" != "root" ]; then
SUDO="sudo "
fi
$SUDO tpm2_readpublic -Q -c 0x81010001 -o ek.pub 2> /dev/null
if [ $? -gt 0 ]; then
# Create the endorsement key (EK)
$SUDO tpm2_createek -c 0x81010001 -G rsa -u ek.pub
# Create the storage root key (SRK)
$SUDO tpm2_createprimary -Q -C o -c srk.ctx > /dev/null
# make the SRK persistent
$SUDO tpm2_evictcontrol -c srk.ctx 0x81000001 > /dev/null
# open transient handle space for the TPM
$SUDO tpm2_flushcontext -t > /dev/null
fi
printf "Gathering the registration information...\n\nRegistration Id:\n%s\n\nEndorsement Key:\n%s\n" $(sha256sum -b ek.pub | cut -d' ' -f1 | sed -e 's/[^[:alnum:]]//g') $(base64 -w0 ek.pub)
$SUDO rm ek.pub srk.ctx 2> /dev/null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment