forked from wmcelderry/systemd_with_tpm2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
install.sh
executable file
·105 lines (84 loc) · 2.33 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/bin/bash
function install_tss2()
{
apt install libtss2-dev libtss2-fapi1 libtss2-rc0 libtss2-tctildr0
}
function mkcrypttab()
{
if [[ -f /etc/crypttab ]] ; then
echo "WARNING: using existing crypttab" 1>&2
else
echo "WARNING: creating default crypttab" 1>&2
./mkcrypttab.sh >> /etc/crypttab
fi
}
function prereqs_old()
{
#sudo apt install libtss2-dev
#libtss2-dev libtss2-fapi1 libtss2-rc0 libtss2-tctildr0
cat <<-EOF
1) You must have created /etc/crypttab
e.g.: luks /dev/sda2 none tpm2-device=auto
tip: can use blkid to get the UUID of the device too.
2) You must have installed necessary TSS2 libraries
e.g. sudo apt install libtss2-dev
EOF
read -p "Enter to continue"
}
function install_docker()
{
apt install -y docker.io
}
function compile_systemd_with_tpm2()
{
./build_systemd_with_tpm2_support.sh
}
function install_systemd_with_tpm2()
{
dpkg -i systemd_249.11-0ubuntu*_amd64.deb libsystemd0_249.11-0ubuntu*_amd64.deb
}
function install_crypt_setup_mod_scripts()
{
#apply patches:
mkdir -p patched
pushd patched >& /dev/null
cp /usr/lib/cryptsetup/functions cryptsetup_functions
cp /usr/share/initramfs-tools/scripts/local-top/cryptroot cryptroot
patch cryptsetup_functions ../patches/cryptsetup_functions.patch
patch cryptroot ../patches/cryptroot.patch
cp cryptsetup_functions /usr/lib/cryptsetup/functions
cp cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot
popd >& /dev/null
#install the initramfs hook to include the required program and libtss2 in the initramfs
cp scripts/systemd_cryptsetup_hook /etc/initramfs-tools/hooks
}
function update_initramfs()
{
update-initramfs -u -k "$(uname -r)"
}
function tldr_just_work_old()
{
#This compiles System D with TPM2 support. Apparently not needed for a new install anymore, but left 'just in case'.
prereqs_old && \
install_docker && \
compile_systemd_with_tpm2 && \
install_systemd_with_tpm2 && \
install_crypt_setup_mod_scripts && \
update_initramfs && \
echo SystemD with TPM2 installation complete.
}
function tldr_just_work()
{
mkcrypttab && \
install_tss2 && \
install_crypt_setup_mod_scripts && \
update_initramfs && \
echo SystemD with TPM2 installation complete.
}
if [[ "${EUID}" -ne 0 ]] ; then
echo "This script must be run as root. Try:
sudo $0
"
exit 1
fi
tldr_just_work