diff options
author | Grigori Goronzy <greg@chown.ath.cx> | 2022-02-16 22:13:42 +0100 |
---|---|---|
committer | Grigori Goronzy <greg@chown.ath.cx> | 2022-03-15 21:17:00 +0100 |
commit | 2f5a892aa0d70aa4f1f10c8dba495ad52bc02bc3 (patch) | |
tree | 112247928cb0af5b7f376fc78fe02f99250ed9d0 /src/cryptsetup/cryptsetup-tpm2.c | |
parent | e560cf4f71bf237019d982603af3d6be86394788 (diff) | |
download | systemd-2f5a892aa0d70aa4f1f10c8dba495ad52bc02bc3.tar.gz |
tpm2: support policies with PIN
Modify TPM2 authentication policy to optionally include an authValue, i.e.
a password/PIN. We use the "PIN" terminology since it's used by other
systems such as Windows, even though the PIN is not necessarily numeric.
The pin is hashed via SHA256 to allow for arbitrary length PINs.
v2: fix tpm2_seal in sd-repart
v3: applied review feedback
Diffstat (limited to 'src/cryptsetup/cryptsetup-tpm2.c')
-rw-r--r-- | src/cryptsetup/cryptsetup-tpm2.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cryptsetup/cryptsetup-tpm2.c b/src/cryptsetup/cryptsetup-tpm2.c index cb139518a7..05d76a684d 100644 --- a/src/cryptsetup/cryptsetup-tpm2.c +++ b/src/cryptsetup/cryptsetup-tpm2.c @@ -64,7 +64,7 @@ int acquire_tpm2_key( blob = loaded_blob; } - return tpm2_unseal(device, pcr_mask, pcr_bank, primary_alg, blob, blob_size, policy_hash, policy_hash_size, ret_decrypted_key, ret_decrypted_key_size); + return tpm2_unseal(device, pcr_mask, pcr_bank, primary_alg, blob, blob_size, policy_hash, policy_hash_size, NULL, ret_decrypted_key, ret_decrypted_key_size); } int find_tpm2_auto_data( |