# Copyright (C) 2022 Fondries.IO
# SPDX-License-Identifier: MIT

cryptfs_check_tpm2() {
	if [ ! -e /sys/class/tpm ]; then
		fatal "Linux TPM subsystem not found"
	fi
}

cryptfs_pre_tpm2() {
	:
}

cryptfs_post_tpm2() {
	clevis-luks-unlock -d "$1" -n "$2"
}

cryptfs_enroll_tpm2() {
	#cat /run/cryptsetup/passphrase | clevis-luks-bind -y -d "$1" -k - tpm2 '{"pcr_bank":"sha256","pcr_ids":"10"}'
	cat /run/cryptsetup/passphrase | clevis-luks-bind -y -d "$1" -k - tpm2 '{}'
	cat /run/cryptsetup/passphrase | cryptsetup luksRemoveKey -v "$1"
}
