Skip to content

brandsimon/multi-tpm2-totp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

usr/lib

usr/lib

 
 

LICENSE.txt

LICENSE.txt

 
 

Readme.md

Readme.md

 
 

Repository files navigation

multi-tpm2-totp

Attest the trustworthiness of a device against a human using multiple time-based one-time passwords (OTP) at boot.

Configuration

Currently only mkinitcpio is supported. To enable it, add multi-tpm2-totp to the HOOKS in /etc/mkinitcpio.conf.

Add totp key

To add multiple OTPs, change the nvindex per OTP.

nvindex="0x018094B0"
tpm2-totp --nvindex "${nvindex}" --pcrs 7 init
echo "${nvindex}" > /etc/multi-tpm2-totp/LABEL

You can also group those in folders:

mkdir /etc/multi-tpm2-totp/main
nvindex="0x018094B0"
tpm2-totp --nvindex "${nvindex}" --pcrs 0,2,4,6,7 init
echo "${nvindex}" > /etc/multi-tpm2-totp/main/LABEL

Now rebuild your initramfs.

Delete unneeded totp key

tpm2_nvundefine "$(cat /etc/multi-tpm2-totp/LABEL)"
rm /etc/multi-tpm2-totp/LABEL

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

0.2.2 Latest
Aug 2, 2023
+ 3 releases

Packages

No packages published

Languages