Puppet Class: tpm::tboot::policy
- Defined in:
- manifests/tboot/policy.pp
Overview
Generate and install policy This class is controlled by ‘tpm::tboot`
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'manifests/tboot/policy.pp', line 4
class tpm::tboot::policy {
assert_private()
$owner_password = $tpm::tboot::owner_password
$policy_script = $tpm::tboot::policy_script
$policy_script_source = $tpm::tboot::policy_script_source
$update_script = $tpm::tboot::update_script
$update_script_source = $tpm::tboot::update_script_source
file { $policy_script:
ensure => file,
source => $policy_script_source
}
file { $update_script:
ensure => file,
source => $update_script_source
}
# if the last boot wasn't measured, but we did boot with the tboot kernel
if $facts['tboot'] {
if ! $facts['tboot']['measured_launch'] and $facts['tboot']['tboot_session'] {
exec { 'Generate and install tboot policy':
command => "/usr/bin/sh ${policy_script} ${owner_password}",
tries => 1,
notify => Exec['Update grub config']
}
}
}
}
|