cryptenroll: add support for TPM2 pin

Add support for PIN enrollment with TPM2. A new "tpm2-pin" field is introduced into metadata to signal that the policy needs to include a PIN. v2: fix tpm2_make_luks2_json in sd-repart
author: Grigori Goronzy <greg@chown.ath.cx> 2022-02-18 11:51:25 +0100
committer: Grigori Goronzy <greg@chown.ath.cx> 2022-03-15 21:17:00 +0100
commit: 6c7a1681052c37ef354a000355c4c0d676113a1a (patch)
tree: 7aed1aa383eee6f56037b782048d0909638b19c5 /src/shared/tpm2-util.h
parent: 2f5a892aa0d70aa4f1f10c8dba495ad52bc02bc3 (diff)
download: systemd-6c7a1681052c37ef354a000355c4c0d676113a1a.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index 784e9fd11e..5a9bcf8c24 100644
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -6,6 +6,10 @@
 #include "json.h"
 #include "macro.h"
 
+typedef enum TPM2Flags {
+        TPM2_FLAGS_USE_PIN = 1 << 0,
+} TPM2Flags;
+
 #if HAVE_TPM2
 
 #include <tss2/tss2_esys.h>
@@ -49,7 +53,7 @@ int tpm2_find_device_auto(int log_level, char **ret);
 
 int tpm2_parse_pcrs(const char *s, uint32_t *ret);
 
-int tpm2_make_luks2_json(int keyslot, uint32_t pcr_mask, uint16_t pcr_bank, uint16_t primary_alg, const void *blob, size_t blob_size, const void *policy_hash, size_t policy_hash_size, JsonVariant **ret);
+int tpm2_make_luks2_json(int keyslot, uint32_t pcr_mask, uint16_t pcr_bank, uint16_t primary_alg, const void *blob, size_t blob_size, const void *policy_hash, size_t policy_hash_size, TPM2Flags flags, JsonVariant **ret);
 
 #define TPM2_PCRS_MAX 24
author	Grigori Goronzy <greg@chown.ath.cx>	2022-02-18 11:51:25 +0100
committer	Grigori Goronzy <greg@chown.ath.cx>	2022-03-15 21:17:00 +0100
commit	6c7a1681052c37ef354a000355c4c0d676113a1a (patch)
tree	7aed1aa383eee6f56037b782048d0909638b19c5 /src/shared/tpm2-util.h
parent	2f5a892aa0d70aa4f1f10c8dba495ad52bc02bc3 (diff)
download	systemd-6c7a1681052c37ef354a000355c4c0d676113a1a.tar.gz