analyze: add "srk" verb to extract current srk from TPM2 chip

[thirdparty/systemd.git] / src / analyze / analyze.c

diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index 1b96e8b69a4b6d22a6067196c0c7744888f82b27..d2be144f4f493061f36d79498e5f1fdf2c1ddecc 100644 (file)
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -32,6 +32,7 @@
 #include "analyze-plot.h"
 #include "analyze-security.h"
 #include "analyze-service-watchdogs.h"
+#include "analyze-srk.h"
 #include "analyze-syscall-filter.h"
 #include "analyze-time.h"
 #include "analyze-time-data.h"
@@ -236,6 +237,7 @@ static int help(int argc, char *argv[], void *userdata) {
                "  malloc [D-BUS SERVICE...]  Dump malloc stats of a D-Bus service\n"
                "  fdstore SERVICE...         Show file descriptor store contents of service\n"
                "  pcrs [PCR...]              Show TPM2 PCRs and their names\n"
+               "  srk > FILE                 Write TPM2 SRK to stdout\n"
                "\nOptions:\n"
                "     --recursive-errors=MODE Control which units are verified\n"
                "     --offline=BOOL          Perform a security review on unit file(s)\n"
@@ -646,6 +648,7 @@ static int run(int argc, char *argv[]) {
                 { "fdstore",           2,        VERB_ANY, 0,            verb_fdstore           },
                 { "image-policy",      2,        2,        0,            verb_image_policy      },
                 { "pcrs",              VERB_ANY, VERB_ANY, 0,            verb_pcrs              },
+                { "srk",               VERB_ANY, 1,        0,            verb_srk               },
                 {}
         };