src/zlevis-decrypt: update

Silenced tpm2_unseal error when TPM is empty.
src/zlevis-encrypt: update
2025-07-31 13:48:59 +02:00 · 2025-07-31 13:45:49 +02:00
2 changed files with 4 additions and 4 deletions
--- a/src/zlevis-decrypt
+++ b/src/zlevis-decrypt
@ -122,7 +122,7 @@ rm -f "$tmp_jwk_pub" "$tmp_jwk_priv" "$tmp_primary_context"

 # Unseal the JWK from the TPM
 case "$tpm2tools_version" in
-    4|5) jwk="$(tpm2_unseal -c "$tmp_load_context" ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
+    4|5) jwk="$(tpm2_unseal -c "$tmp_load_context" ${pcr_spec:+-p pcr:$pcr_spec} 2>/dev/null)" || fail=$?;;
    *) fail=1;;
 esac
 if [ -n "$fail" ]; then
@ -138,4 +138,4 @@ rm -f "$tmp_load_context"
 (echo "$jwk$hdr."; /bin/cat) | jose jwe dec -k- -i-

 # Exit with the status of the last command
-exit $?
+exit $?
--- a/src/zlevis-encrypt
+++ b/src/zlevis-encrypt
@ -186,7 +186,7 @@ trap 'rm -f "$tmp_primary_context" "$tmp_pcr_policy" "$tmp_jwk_pub" "$tmp_jwk_pr

 # Create the TPM2 object for the JWK
 case "$tpm2tools_version" in
-    4|5) printf "%s" "$jwk" | tpm2_create -Q -g "$hash" -C "$tmp_primary_context" -u "$tmp_jwk_pub" -r "$tmp_jwk_priv" -a "$obj_attr" -L "$policy_options" -i- || fail=$?;;
+	4|5) printf "%s" "$jwk" | tpm2_create -Q -g "$hash" -C "$tmp_primary_context" -u "$tmp_jwk_pub" -r "$tmp_jwk_priv" -a "$obj_attr" -L "${policy_options[@]}" -i- || fail=$?;;
    *) fail=1;;
 esac
 if [ -n "$fail" ]; then
@ -230,4 +230,4 @@ jwe="$(jose fmt -j "$jwe" -g protected -g zlevis -g tpm2 -q "$jwk_priv" -s jwk_p
 (echo "$jwe$jwk$(/bin/cat)") | jose jwe enc -i- -k- -I- -c

 # Exit with the status of the last command
-exit $?
+exit $?
Author	SHA1	Message	Date
Luc	4a3b0583c4	src/zlevis-decrypt: update Silenced tpm2_unseal error when TPM is empty.	2025-07-31 13:48:59 +02:00
Luc	8bf01a4a03	src/zlevis-encrypt: update Bug fix in parsing policy_options in tpm2_create.	2025-07-31 13:45:49 +02:00