format

c176c241 · Robotka István Adrián · 2f2a0cb7 · c176c241 · c176c241 · c176c241
Verified Commit c176c241 authored Aug 4, 2020 by Robotka István Adrián
--- a/README.md
+++ b/README.md
@@ -3,29 +3,34 @@
 Source: https://threat.tevora.com/secure-boot-tpm-2/
 ## Install
-```
+DO NOT COPY IN ONE!!!
+```sh
+sudo apt install tpm2-tools
 ./setup-tpm.sh
-cp passphrase-from-tpm /usr/local/bin/passphrase-from-tpm
-cp initramfs-hook /etc/initramfs-tools/hooks/tpm2
-nano /etc/crypttab
-update-initramfs -u
+sudo cp passphrase-from-tpm /usr/local/bin/passphrase-from-tpm
+sudo cp initramfs-hook /etc/initramfs-tools/hooks/tpm2
+sudo nano /etc/crypttab
+sudo update-initramfs -u
+reboot
 ```
 ## PCR values
-0 BIOS
+- 0 BIOS
-1 BIOS configuration
+- 1 BIOS configuration
-2 Option ROMs
+- 2 Option ROMs
-3 Option ROM configuration
+- 3 Option ROM configuration
-4 MBR (master boot record)
+- 4 MBR (master boot record)
-5 MBR configuration
+- 5 MBR configuration
-6 State transitions and wake events
+- 6 State transitions and wake events
-7 Platform manufacturer specific measurements
+- 7 Platform manufacturer specific measurements
-8-10 OS values (8-15 originally)
+- 8-10 OS values (8-15 originally)
 Could easily change:
-1 bios conf
+- 1 BIOS
-4 MBR
+- 4 MBR (master boot record)
-8,9,10 OS
+- 8,9,10 OS values
-I suggest to use these values: 0,7,5
+I use these: `sha256:0,5,7`
--- a/env
+++ b/env
+# IMPORTANT variable, RTFM
+PCR_LIST="sha256:0,5,7"
+####### Files to store data
+BASE="data/"
+PCR_BIN="${BASE}pcrs.bin"
+POLICY="${BASE}policy.digest"
+PRIMARY_CONTEXT="${BASE}primary.ctx"
+LUKS_PASS="${BASE}luks.pass"
+LUKS_PASS_CHECK="${LUKS_PASS}.check"
+LUKS_PASS_PUB="${LUKS_PASS}.pub"
+LUKS_PASS_PRIV="${LUKS_PASS}.priv"
+LOAD_CONTEXT="${BASE}load.ctx"
--- a/setup-tpm.sh
+++ b/setup-tpm.sh
@@ -6,22 +6,8 @@
 # halt on errors
 set -e
-#sudo apt install tpm2-tools
 ##################### CONFIG #####################
-# IMPORTANT variable, RTFM
+source ./env
-PCR_LIST="sha256:0,5,7"
-####### Files to store data
-BASE="data/"
-PCR_BIN="${BASE}pcrs.bin"
-POLICY="${BASE}policy.digest"
-PRIMARY_CONTEXT="${BASE}primary.ctx"
-LUKS_PASS="${BASE}luks.pass"
-LUKS_PASS_CHECK="${LUKS_PASS}.check"
-LUKS_PASS_PUB="${LUKS_PASS}.pub"
-LUKS_PASS_PRIV="${LUKS_PASS}.priv"
-LOAD_CONTEXT="${BASE}load.ctx"
 mkdir -p $BASE