Update encryption key retrieval

shjala · shjala · commit 79ace008ef07 · 2026-02-04T12:38:25.000+01:00
Update encryption key retrieval to use PCR selection from policy.

Signed-off-by: Shahriyar Jalayeri &lt;shahriyar@posteo.de&gt;
diff --git a/pkg/vtpm/swtpm-vtpm/src/main.go b/pkg/vtpm/swtpm-vtpm/src/main.go
@@ -51,8 +51,8 @@ var (
 		return err == nil
 	}
 	getEncryptionKey = func() ([]byte, error) {
-		// FIX-ME : update this after pillar changes is merged!!!
-		return etpm.UnsealDiskKey(etpm.DiskKeySealingPCRs)
+		pcrSelection := etpm.GetDiskKeyPolicyPcrOrDefault(types.PolicyPcrFile)
+		return etpm.UnsealDiskKeyWithRecovery(pcrSelection)
 	}
 )
 

Original file line number	Diff line number	Diff line change
`@@ -51,8 +51,8 @@ var (`
`51`	`51`	`return err == nil`
`52`	`52`	`}`
`53`	`53`	`getEncryptionKey = func() ([]byte, error) {`
`54`		`- // FIX-ME : update this after pillar changes is merged!!!`
`55`		`- return etpm.UnsealDiskKey(etpm.DiskKeySealingPCRs)`
	`54`	`+ pcrSelection := etpm.GetDiskKeyPolicyPcrOrDefault(types.PolicyPcrFile)`
	`55`	`+ return etpm.UnsealDiskKeyWithRecovery(pcrSelection)`
`56`	`56`	`}`
`57`	`57`	`)`
`58`	`58`