tpm2: support policies with PIN

Modify TPM2 authentication policy to optionally include an authValue, i.e. a password/PIN. We use the "PIN" terminology since it's used by other systems such as Windows, even though the PIN is not necessarily numeric. The pin is hashed via SHA256 to allow for arbitrary length PINs. v2: fix tpm2_seal in sd-repart v3: applied review feedback
author: Grigori Goronzy <greg@chown.ath.cx> 2022-02-16 22:13:42 +0100
committer: Grigori Goronzy <greg@chown.ath.cx> 2022-03-15 21:17:00 +0100
commit: 2f5a892aa0d70aa4f1f10c8dba495ad52bc02bc3 (patch)
tree: 112247928cb0af5b7f376fc78fe02f99250ed9d0 /src/cryptsetup/cryptsetup-tpm2.c
parent: e560cf4f71bf237019d982603af3d6be86394788 (diff)
download: systemd-2f5a892aa0d70aa4f1f10c8dba495ad52bc02bc3.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cryptsetup/cryptsetup-tpm2.c b/src/cryptsetup/cryptsetup-tpm2.c
index cb139518a7..05d76a684d 100644
--- a/src/cryptsetup/cryptsetup-tpm2.c
+++ b/src/cryptsetup/cryptsetup-tpm2.c
@@ -64,7 +64,7 @@ int acquire_tpm2_key(
                 blob = loaded_blob;
         }
 
-        return tpm2_unseal(device, pcr_mask, pcr_bank, primary_alg, blob, blob_size, policy_hash, policy_hash_size, ret_decrypted_key, ret_decrypted_key_size);
+        return tpm2_unseal(device, pcr_mask, pcr_bank, primary_alg, blob, blob_size, policy_hash, policy_hash_size, NULL, ret_decrypted_key, ret_decrypted_key_size);
 }
 
 int find_tpm2_auto_data(
author	Grigori Goronzy <greg@chown.ath.cx>	2022-02-16 22:13:42 +0100
committer	Grigori Goronzy <greg@chown.ath.cx>	2022-03-15 21:17:00 +0100
commit	2f5a892aa0d70aa4f1f10c8dba495ad52bc02bc3 (patch)
tree	112247928cb0af5b7f376fc78fe02f99250ed9d0 /src/cryptsetup/cryptsetup-tpm2.c
parent	e560cf4f71bf237019d982603af3d6be86394788 (diff)
download	systemd-2f5a892aa0d70aa4f1f10c8dba495ad52bc02bc3.tar.gz