2023-02-08 21:01:48 +00:00
|
|
|
#!/bin/bash
|
2018-03-12 01:27:19 +00:00
|
|
|
set -e -o pipefail
|
|
|
|
|
. /etc/functions
|
|
|
|
|
|
2024-02-01 19:30:31 +00:00
|
|
|
TRACE_FUNC
|
2023-02-18 17:58:43 +00:00
|
|
|
|
2018-03-12 01:27:19 +00:00
|
|
|
# Update initrd with CBFS files
|
2018-04-30 02:58:44 +00:00
|
|
|
if [ -z "$CONFIG_PCR" ]; then
|
|
|
|
|
CONFIG_PCR=7
|
2018-03-12 01:27:19 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Load individual files
|
2018-04-22 00:21:37 +00:00
|
|
|
cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"`
|
2018-03-12 01:27:19 +00:00
|
|
|
|
|
|
|
|
for cbfsname in `echo $cbfsfiles`; do
|
2018-04-20 22:11:12 +00:00
|
|
|
filename=${cbfsname:12}
|
2018-03-12 01:27:19 +00:00
|
|
|
if [ ! -z "$filename" ]; then
|
|
|
|
|
mkdir -p `dirname $filename` \
|
|
|
|
|
|| die "$filename: mkdir failed"
|
2024-08-24 16:49:10 +00:00
|
|
|
echo "Extracting CBFS file $cbfsname into $filename"
|
|
|
|
|
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
|
2018-03-12 01:27:19 +00:00
|
|
|
|| die "$filename: cbfs file read failed"
|
tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1.
Most logic throughout Heads doesn't need to know TPM1 versus TPM2 (and
shouldn't, the differences should be localized). Some checks were
incorrect and are fixed by this change. Most checks are now unchanged
relative to master.
There are not that many places outside of tpmr that need to
differentiate TPM1 and TPM2. Some of those are duplicate code that
should be consolidated (seal-hotpkey, unseal-totp, unseal-hotp), and
some more are probably good candidates for abstracting in tpmr so the
business logic doesn't have to know TPM1 vs. TPM2.
Previously, CONFIG_TPM could be variously 'y', 'n', or empty. Now it
is always 'y' or 'n', and 'y' means "any TPM". Board configs are
unchanged, setting CONFIG_TPM2_TOOLS=y implies CONFIG_TPM=y so this
doesn't have to be duplicated and can't be mistakenly mismatched.
There were a few checks for CONFIG_TPM = n that only coincidentally
worked for TPM2 because CONFIG_TPM was empty (not 'n'). This test is
now OK, but the checks were also cleaned up to '!= "y"' for robustness.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-02-22 21:30:07 +00:00
|
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
TPM extend ops: Augment output of TPM1/TMP22 for filename and file content hash ops
Debug logtrace, screenshots of non-debug will be added in PR #1758
TPM1:
[ 4.815559] [U] hello world
[ 5.099000] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[ 5.122059] TRACE: Under init
[ 5.165917] DEBUG: Applying panic_on_oom setting to sysctl
[ 5.388757] TRACE: /bin/cbfs-init(5): main
[ 5.516637] TRACE: /bin/cbfs-init(24): main
[ 5.662271] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/pubring.kbx
[ 5.732223] TRACE: /bin/tpmr(790): main
[ 5.785372] DEBUG: TPM: Extending PCR[7] with hash 7ccf4f64044946cf4e5b0efe3d959f00562227ae
[ 5.838082] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/pubring.kbx
[ 6.081466] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/pubring.kbx
[ 6.147455] TRACE: /bin/tpmr(790): main
[ 6.196545] DEBUG: TPM: Extending PCR[7] with hash ee79223a3b9724ad1aab290a3785132805c79eae
[ 6.251251] DEBUG: exec tpm extend -ix 7 -if /.gnupg/pubring.kbx
[ 6.445119] TRACE: /bin/cbfs-init(24): main
[ 6.585854] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/trustdb.gpg
[ 6.659172] TRACE: /bin/tpmr(790): main
[ 6.707564] DEBUG: TPM: Extending PCR[7] with hash 7236ea8e612c1435259a8a0f8e0a8f1f5dba7042
[ 6.757645] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/trustdb.gpg
[ 7.013547] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/trustdb.gpg
[ 7.082863] TRACE: /bin/tpmr(790): main
[ 7.131022] DEBUG: TPM: Extending PCR[7] with hash ca8898407cacd96d6f2de90ae90825351be81c62
[ 7.183344] DEBUG: exec tpm extend -ix 7 -if /.gnupg/trustdb.gpg
[ 7.413787] TRACE: /bin/key-init(6): main
[ 8.718367] TRACE: Under /etc/ash_functions:combine_configs
[ 8.803914] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[ 9.045341] TRACE: /bin/setconsolefont.sh(6): main
[ 9.096853] DEBUG: Board does not ship setfont, not checking console font
[ 9.320494] TRACE: /bin/gui-init(641): main
[ 9.356729] TRACE: Under /etc/ash_functions:enable_usb
[ 9.445981] TRACE: /sbin/insmod(9): main
[ 9.609464] TRACE: /sbin/insmod(53): main
[ 9.660145] DEBUG: No module parameters, extending only with the module's content
[ 9.791896] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-hcd.ko
[ 9.860477] TRACE: /bin/tpmr(790): main
[ 9.914849] DEBUG: TPM: Extending PCR[5] with hash bc9ff28a99e314cda69695ba34b26ed0d8b1e4ed
[ 9.976867] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-hcd.ko
[ 10.146966] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod
[ 10.184086] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 10.276564] TRACE: /sbin/insmod(9): main
[ 10.433503] TRACE: /sbin/insmod(53): main
[ 10.486272] DEBUG: No module parameters, extending only with the module's content
[ 10.620200] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/uhci-hcd.ko
[ 10.698710] TRACE: /bin/tpmr(790): main
[ 10.750637] DEBUG: TPM: Extending PCR[5] with hash bcb2f15c7eb52484072a76fc8a0d7399f6cf2189
[ 10.808379] DEBUG: exec tpm extend -ix 5 -if /lib/modules/uhci-hcd.ko
[ 10.996254] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod
[ 11.026108] uhci_hcd: USB Universal Host Controller Interface driver
[ 11.040703] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[ 11.053129] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[ 11.061568] uhci_hcd 0000:00:1d.0: detected 2 ports
[ 11.070973] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00
[ 11.089004] hub 1-0:1.0: USB hub found
[ 11.097535] hub 1-0:1.0: 2 ports detected
[ 11.114890] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[ 11.123848] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[ 11.134989] uhci_hcd 0000:00:1d.1: detected 2 ports
[ 11.142404] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0
[ 11.153338] hub 2-0:1.0: USB hub found
[ 11.160572] hub 2-0:1.0: 2 ports detected
[ 11.176481] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[ 11.183898] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[ 11.193509] uhci_hcd 0000:00:1d.2: detected 2 ports
[ 11.201574] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0
[ 11.211182] hub 3-0:1.0: USB hub found
[ 11.219256] hub 3-0:1.0: 2 ports detected
[ 11.314467] TRACE: /sbin/insmod(9): main
[ 11.468430] TRACE: /sbin/insmod(53): main
[ 11.521914] DEBUG: No module parameters, extending only with the module's content
[ 11.656647] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-hcd.ko
[ 11.726721] TRACE: /bin/tpmr(790): main
[ 11.778253] DEBUG: TPM: Extending PCR[5] with hash f563e46fbbed46423a1e10219953233d310792f5
[ 11.831718] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-hcd.ko
[ 12.010752] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod
[ 12.044192] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 12.136462] TRACE: /sbin/insmod(9): main
[ 12.293409] TRACE: /sbin/insmod(53): main
[ 12.345947] DEBUG: No module parameters, extending only with the module's content
[ 12.481562] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-pci.ko
[ 12.547754] TRACE: /bin/tpmr(790): main
[ 12.604827] DEBUG: TPM: Extending PCR[5] with hash a24699fdaac9976cc9447fd0cd444a469299ad2f
[ 12.661256] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-pci.ko
[ 12.847247] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod
[ 12.870986] ohci-pci: OHCI PCI platform driver
[ 12.959387] TRACE: /sbin/insmod(9): main
[ 13.112275] TRACE: /sbin/insmod(53): main
[ 13.163112] DEBUG: No module parameters, extending only with the module's content
[ 13.291360] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-pci.ko
[ 13.364853] TRACE: /bin/tpmr(790): main
[ 13.438536] DEBUG: TPM: Extending PCR[5] with hash b80a90e11a01eba40bb7e566f3374d0aad326acb
[ 13.505500] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-pci.ko
[ 13.679865] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod
[ 13.704539] ehci-pci: EHCI PCI platform driver
[ 13.725570] ehci-pci 0000:00:1d.7: EHCI Host Controller
[ 13.735562] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4
[ 13.745092] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000
[ 13.773286] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[ 13.783544] hub 4-0:1.0: USB hub found
[ 13.791110] hub 4-0:1.0: 6 ports detected
[ 13.800844] hub 1-0:1.0: USB hub found
[ 13.807808] hub 1-0:1.0: 2 ports detected
[ 13.823094] hub 2-0:1.0: USB hub found
[ 13.829910] hub 2-0:1.0: 2 ports detected
[ 13.839182] hub 3-0:1.0: USB hub found
[ 13.846231] hub 3-0:1.0: 2 ports detected
[ 13.946297] TRACE: /sbin/insmod(9): main
[ 14.099143] TRACE: /sbin/insmod(53): main
[ 14.149765] DEBUG: No module parameters, extending only with the module's content
[ 14.291413] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-hcd.ko
[ 14.372815] TRACE: /bin/tpmr(790): main
[ 14.426919] DEBUG: TPM: Extending PCR[5] with hash 1fc55e846b9d5c93e58c6c8b6f867e744fa694bc
[ 14.482815] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-hcd.ko
[ 14.670419] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod
[ 14.783374] TRACE: /sbin/insmod(9): main
[ 14.939364] TRACE: /sbin/insmod(53): main
[ 14.995136] DEBUG: No module parameters, extending only with the module's content
[ 15.135482] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-pci.ko
[ 15.204263] TRACE: /bin/tpmr(790): main
[ 15.255478] DEBUG: TPM: Extending PCR[5] with hash bbdd85242570aa438b908420a43b8d7042db8b4f
[ 15.305598] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-pci.ko
[ 15.480844] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod
[ 15.512476] xhci_hcd 0000:00:04.0: xHCI Host Controller
[ 15.528230] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5
[ 15.540456] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010
[ 15.554225] hub 5-0:1.0: USB hub found
[ 15.562061] hub 5-0:1.0: 4 ports detected
[ 15.572058] xhci_hcd 0000:00:04.0: xHCI Host Controller
[ 15.589966] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6
[ 15.598116] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed
[ 15.606150] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM.
[ 15.616354] hub 6-0:1.0: USB hub found
[ 15.623767] hub 6-0:1.0: 4 ports detected
[ 15.909854] usb 5-1: new high-speed USB device number 2 using xhci_hcd
[ 16.193548] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[ 16.345381] usb 5-3: new full-speed USB device number 3 using xhci_hcd
[ 17.674973] TRACE: /etc/functions(715): detect_boot_device
[ 17.718114] TRACE: /etc/functions(682): mount_possible_boot_device
[ 17.759829] TRACE: /etc/functions(642): is_gpt_bios_grub
[ 17.833271] TRACE: /dev/vda1 is partition 1 of vda
[ 17.925490] TRACE: /etc/functions(619): find_lvm_vg_name
[ 18.068352] TRACE: Try mounting /dev/vda1 as /boot
[ 18.114444] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[ 18.158648] TRACE: /bin/gui-init(319): clean_boot_check
[ 18.247883] TRACE: /bin/gui-init(348): check_gpg_key
[ 18.338052] TRACE: /bin/gui-init(185): update_totp
[ 18.419286] TRACE: /bin/unseal-totp(8): main
[ 18.511352] TRACE: /bin/tpmr(614): tpm1_unseal
[ 18.624811] DEBUG: Running at_exit handlers
[ 18.661992] TRACE: /bin/tpmr(390): cleanup_shred
[ 18.692897] !!! ERROR: Unable to unseal TOTP secret !!!
[ 21.295284] TRACE: /bin/unseal-totp(8): main
[ 21.386377] TRACE: /bin/tpmr(614): tpm1_unseal
[ 21.496183] DEBUG: Running at_exit handlers
[ 21.527060] TRACE: /bin/tpmr(390): cleanup_shred
[ 21.558625] !!! ERROR: Unable to unseal TOTP secret !!!
[ 24.162881] TRACE: /bin/unseal-totp(8): main
[ 24.249549] TRACE: /bin/tpmr(614): tpm1_unseal
[ 24.362331] DEBUG: Running at_exit handlers
[ 24.394154] TRACE: /bin/tpmr(390): cleanup_shred
[ 24.427400] !!! ERROR: Unable to unseal TOTP secret !!!
[ 26.475340] DEBUG: CONFIG_TPM: y
[ 26.521538] DEBUG: CONFIG_TPM2_TOOLS:
[ 26.578490] DEBUG: Show PCRs
[ 26.730805] DEBUG: PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.751488] PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.778571] PCR-02: C0 A9 54 C8 45 5C 78 49 80 EC 1C DB D8 E8 9B CC 65 11 58 BF
[ 26.808771] PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.830508] PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.849538] PCR-05: 2C 3A 40 05 70 DB 21 89 4F CD C2 F8 D6 AE 40 DA 56 E1 B6 74
[ 26.878951] PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.895421] PCR-07: 7A 8A 4C E6 BA B0 AA 26 22 B1 26 A2 F6 36 BD F3 86 23 50 B6
TPM2:
[ 5.305235] [U] hello world
[ 5.591175] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[ 5.615802] TRACE: Under init
[ 5.657823] DEBUG: Applying panic_on_oom setting to sysctl
[ 5.831457] TRACE: /bin/tpmr(349): tpm2_startsession
[ 6.567984] TRACE: /bin/cbfs-init(5): main
[ 6.695758] TRACE: /bin/cbfs-init(24): main
[ 6.811665] TRACE: /bin/tpmr(832): main
[ 6.870411] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx
[ 6.907262] TRACE: /bin/tpmr(234): tpm2_extend
[ 6.983504] TRACE: /bin/tpmr(247): tpm2_extend
[ 7.037543] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/pubring.kbx
[ 7.192665] TRACE: /bin/tpmr(265): tpm2_extend
[ 7.246318] DEBUG: TPM: Extended PCR[7] with hash 96ab5053e4630a040d55549ba73cff2178d401d763147776771f9774597b86a1
[ 7.355327] TRACE: /bin/tpmr(832): main
[ 7.409042] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx
[ 7.446920] TRACE: /bin/tpmr(234): tpm2_extend
[ 7.485782] TRACE: /bin/tpmr(252): tpm2_extend
[ 7.540496] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/pubring.kbx
[ 7.759033] TRACE: /bin/tpmr(265): tpm2_extend
[ 7.811693] DEBUG: TPM: Extended PCR[7] with hash f196f9cae98362568d31638e7522eee5042286b2c18627b06b30a0275207872e
[ 7.903033] TRACE: /bin/cbfs-init(24): main
[ 8.026099] TRACE: /bin/tpmr(832): main
[ 8.077074] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg
[ 8.108061] TRACE: /bin/tpmr(234): tpm2_extend
[ 8.180580] TRACE: /bin/tpmr(247): tpm2_extend
[ 8.234748] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/trustdb.gpg
[ 8.412522] TRACE: /bin/tpmr(265): tpm2_extend
[ 8.469868] DEBUG: TPM: Extended PCR[7] with hash 53b843fe9bb52894d3a7d00197c776d56f3059f6a285124c7916724cd5013b0b
[ 8.596316] TRACE: /bin/tpmr(832): main
[ 8.655651] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg
[ 8.690508] TRACE: /bin/tpmr(234): tpm2_extend
[ 8.723206] TRACE: /bin/tpmr(252): tpm2_extend
[ 8.782554] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/trustdb.gpg
[ 8.999969] TRACE: /bin/tpmr(265): tpm2_extend
[ 9.066744] DEBUG: TPM: Extended PCR[7] with hash abf745ef9f960af5d8b19a1acd4bc0a19da056f607b06cce6b920eab83cbbdec
[ 9.215143] TRACE: /bin/key-init(6): main
[ 10.661503] TRACE: Under /etc/ash_functions:combine_configs
[ 10.749050] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[ 10.998267] TRACE: /bin/setconsolefont.sh(6): main
[ 11.059640] DEBUG: Board does not ship setfont, not checking console font
[ 11.303012] TRACE: /bin/gui-init(641): main
[ 11.334099] TRACE: Under /etc/ash_functions:enable_usb
[ 11.421487] TRACE: /sbin/insmod(9): main
[ 11.578754] TRACE: /sbin/insmod(53): main
[ 11.630500] DEBUG: No module parameters, extending only with the module's content
[ 11.741780] TRACE: /bin/tpmr(832): main
[ 11.789365] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-hcd.ko
[ 11.823496] TRACE: /bin/tpmr(234): tpm2_extend
[ 11.862739] TRACE: /bin/tpmr(252): tpm2_extend
[ 11.920404] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-hcd.ko
[ 12.123507] TRACE: /bin/tpmr(265): tpm2_extend
[ 12.175292] DEBUG: TPM: Extended PCR[5] with hash 40c5206f06702e45d8e6632632255258af433be0641c96f514ea75ac14523a30
[ 12.234130] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod
[ 12.278479] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 12.371875] TRACE: /sbin/insmod(9): main
[ 12.523874] TRACE: /sbin/insmod(53): main
[ 12.578418] DEBUG: No module parameters, extending only with the module's content
[ 12.697785] TRACE: /bin/tpmr(832): main
[ 12.753607] DEBUG: TPM: Extending PCR[5] with /lib/modules/uhci-hcd.ko
[ 12.786940] TRACE: /bin/tpmr(234): tpm2_extend
[ 12.819199] TRACE: /bin/tpmr(252): tpm2_extend
[ 12.879805] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/uhci-hcd.ko
[ 13.088925] TRACE: /bin/tpmr(265): tpm2_extend
[ 13.158660] DEBUG: TPM: Extended PCR[5] with hash 1877332107fb8737a5636da26d4db2c10ffe4d1db2bcbde30b47774cdf05e02f
[ 13.223888] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod
[ 13.253700] uhci_hcd: USB Universal Host Controller Interface driver
[ 13.269580] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[ 13.278675] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[ 13.287280] uhci_hcd 0000:00:1d.0: detected 2 ports
[ 13.296481] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00
[ 13.314557] hub 1-0:1.0: USB hub found
[ 13.332614] hub 1-0:1.0: 2 ports detected
[ 13.352400] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[ 13.361016] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[ 13.368653] uhci_hcd 0000:00:1d.1: detected 2 ports
[ 13.376700] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0
[ 13.395046] hub 2-0:1.0: USB hub found
[ 13.403107] hub 2-0:1.0: 2 ports detected
[ 13.418573] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[ 13.426975] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[ 13.434733] uhci_hcd 0000:00:1d.2: detected 2 ports
[ 13.442497] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0
[ 13.460237] hub 3-0:1.0: USB hub found
[ 13.467466] hub 3-0:1.0: 2 ports detected
[ 13.579102] TRACE: /sbin/insmod(9): main
[ 13.730892] TRACE: /sbin/insmod(53): main
[ 13.781345] DEBUG: No module parameters, extending only with the module's content
[ 13.891152] TRACE: /bin/tpmr(832): main
[ 13.954015] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-hcd.ko
[ 13.995207] TRACE: /bin/tpmr(234): tpm2_extend
[ 14.031074] TRACE: /bin/tpmr(252): tpm2_extend
[ 14.095694] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-hcd.ko
[ 14.315253] TRACE: /bin/tpmr(265): tpm2_extend
[ 14.369608] DEBUG: TPM: Extended PCR[5] with hash 8a12ce4abfc87f11a023d4f1c26c225f5cffae248f9dad1fd30e78022996df02
[ 14.425800] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod
[ 14.455207] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 14.548050] TRACE: /sbin/insmod(9): main
[ 14.693175] TRACE: /sbin/insmod(53): main
[ 14.742761] DEBUG: No module parameters, extending only with the module's content
[ 14.855233] TRACE: /bin/tpmr(832): main
[ 14.908035] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-pci.ko
[ 14.940321] TRACE: /bin/tpmr(234): tpm2_extend
[ 14.970307] TRACE: /bin/tpmr(252): tpm2_extend
[ 15.018421] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-pci.ko
[ 15.226408] TRACE: /bin/tpmr(265): tpm2_extend
[ 15.279951] DEBUG: TPM: Extended PCR[5] with hash 2065ee6544d78a5d31e67983166a9b8cf60dbe61bf0ee99c39e92816cc3a98db
[ 15.335930] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod
[ 15.360537] ohci-pci: OHCI PCI platform driver
[ 15.446600] TRACE: /sbin/insmod(9): main
[ 15.597149] TRACE: /sbin/insmod(53): main
[ 15.649850] DEBUG: No module parameters, extending only with the module's content
[ 15.753738] TRACE: /bin/tpmr(832): main
[ 15.809086] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-pci.ko
[ 15.847559] TRACE: /bin/tpmr(234): tpm2_extend
[ 15.878030] TRACE: /bin/tpmr(252): tpm2_extend
[ 15.930320] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-pci.ko
[ 16.131948] TRACE: /bin/tpmr(265): tpm2_extend
[ 16.190395] DEBUG: TPM: Extended PCR[5] with hash 116145df2c495dfd58354025799fe5bb9b4d8e078960e8d0d7ceda746e4f2d06
[ 16.247675] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod
[ 16.275465] ehci-pci: EHCI PCI platform driver
[ 16.296704] ehci-pci 0000:00:1d.7: EHCI Host Controller
[ 16.306151] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4
[ 16.316293] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000
[ 16.340527] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[ 16.357688] hub 4-0:1.0: USB hub found
[ 16.365707] hub 4-0:1.0: 6 ports detected
[ 16.376687] hub 1-0:1.0: USB hub found
[ 16.384573] hub 1-0:1.0: 2 ports detected
[ 16.393986] hub 2-0:1.0: USB hub found
[ 16.401424] hub 2-0:1.0: 2 ports detected
[ 16.410387] hub 3-0:1.0: USB hub found
[ 16.418087] hub 3-0:1.0: 2 ports detected
[ 16.513839] TRACE: /sbin/insmod(9): main
[ 16.670778] TRACE: /sbin/insmod(53): main
[ 16.721953] DEBUG: No module parameters, extending only with the module's content
[ 16.835964] TRACE: /bin/tpmr(832): main
[ 16.888003] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-hcd.ko
[ 16.919798] TRACE: /bin/tpmr(234): tpm2_extend
[ 16.957470] TRACE: /bin/tpmr(252): tpm2_extend
[ 17.013535] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-hcd.ko
[ 17.225097] TRACE: /bin/tpmr(265): tpm2_extend
[ 17.281099] DEBUG: TPM: Extended PCR[5] with hash 7f5a6bd0f7de6104e49374e1e5ce421e11795fcc4f53014ef9259d630d7876bc
[ 17.337551] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod
[ 17.448660] TRACE: /sbin/insmod(9): main
[ 17.595458] TRACE: /sbin/insmod(53): main
[ 17.653305] DEBUG: No module parameters, extending only with the module's content
[ 17.763612] TRACE: /bin/tpmr(832): main
[ 17.817350] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-pci.ko
[ 17.849196] TRACE: /bin/tpmr(234): tpm2_extend
[ 17.879069] TRACE: /bin/tpmr(252): tpm2_extend
[ 17.927859] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-pci.ko
[ 18.126778] TRACE: /bin/tpmr(265): tpm2_extend
[ 18.188056] DEBUG: TPM: Extended PCR[5] with hash 5502fa8c101f7e509145b9826094f06dd0e225c2311a14edc9ae9c812518a250
[ 18.247945] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod
[ 18.286509] xhci_hcd 0000:00:04.0: xHCI Host Controller
[ 18.294553] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5
[ 18.308276] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010
[ 18.320288] hub 5-0:1.0: USB hub found
[ 18.328425] hub 5-0:1.0: 4 ports detected
[ 18.337635] xhci_hcd 0000:00:04.0: xHCI Host Controller
[ 18.344430] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6
[ 18.351769] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed
[ 18.360900] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM.
[ 18.371095] hub 6-0:1.0: USB hub found
[ 18.378046] hub 6-0:1.0: 4 ports detected
[ 18.673695] usb 5-1: new high-speed USB device number 2 using xhci_hcd
[ 18.960744] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[ 19.112485] usb 5-3: new full-speed USB device number 3 using xhci_hcd
[ 20.433294] TRACE: /etc/functions(715): detect_boot_device
[ 20.489580] TRACE: /etc/functions(682): mount_possible_boot_device
[ 20.546126] TRACE: /etc/functions(642): is_gpt_bios_grub
[ 20.653417] TRACE: /dev/vda1 is partition 1 of vda
[ 20.777737] TRACE: /etc/functions(619): find_lvm_vg_name
[ 20.946450] TRACE: Try mounting /dev/vda1 as /boot
[ 20.997145] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[ 21.053058] TRACE: /bin/gui-init(319): clean_boot_check
[ 21.157752] TRACE: /bin/gui-init(348): check_gpg_key
[ 21.260339] TRACE: /bin/gui-init(185): update_totp
[ 21.376906] TRACE: /bin/unseal-totp(8): main
[ 21.497372] TRACE: /bin/tpmr(569): tpm2_unseal
[ 21.574501] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[ 22.212056] DEBUG: Running at_exit handlers
[ 22.247818] TRACE: /bin/tpmr(374): cleanup_session
[ 22.301292] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[ 22.423005] !!! ERROR: Unable to unseal TOTP secret !!!
[ 25.058227] TRACE: /bin/unseal-totp(8): main
[ 25.205031] TRACE: /bin/tpmr(569): tpm2_unseal
[ 25.284388] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[ 25.914243] DEBUG: Running at_exit handlers
[ 25.947988] TRACE: /bin/tpmr(374): cleanup_session
[ 26.001694] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[ 26.126464] !!! ERROR: Unable to unseal TOTP secret !!!
[ 28.766165] TRACE: /bin/unseal-totp(8): main
[ 28.898452] TRACE: /bin/tpmr(569): tpm2_unseal
[ 28.982708] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[ 29.609216] DEBUG: Running at_exit handlers
[ 29.643372] TRACE: /bin/tpmr(374): cleanup_session
[ 29.696741] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[ 29.822748] !!! ERROR: Unable to unseal TOTP secret !!!
[ 31.890980] DEBUG: CONFIG_TPM: y
[ 31.945147] DEBUG: CONFIG_TPM2_TOOLS: y
[ 31.999643] DEBUG: Show PCRs
[ 32.157607] DEBUG: sha256:
[ 32.190288] 0 : 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.221302] 1 : 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.251240] 2 : 0x9FC171D45D54BDD49D40E8438BCF15808427BA72B11EC2DF1ACE877CA0CF4F14
[ 32.282127] 3 : 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.315382] 4 : 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.345767] 5 : 0xD76470232B7C3FD7D18D4DF3B77DACAFFDB876DBF3E84C996D74F7ECFA0FF60F
[ 32.379099] 6 : 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.409630] 7 : 0x2E3147A8ADA1FEBEB2D32D7F50F25DC10F47D7CD48DF1D61A2D6BF958114A231
[ 32.439780] 8 : 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.508514] 9 : 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.537395] 10: 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.583510] 11: 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.622661] 12: 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.651831] 13: 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.687298] 14: 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.721766] 15: 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.751345] 16: 0x0000000000000000000000000000000000000000000000000000000000000000
[ 32.782919] 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[ 32.813071] 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[ 32.841994] 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[ 32.869358] 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[ 32.907215] 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[ 32.937346] 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[ 32.967810] 23: 0x0000000000000000000000000000000000000000000000000000000000000000
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-06 19:07:51 +00:00
|
|
|
TRACE_FUNC
|
|
|
|
|
echo "TPM: Extending PCR[$CONFIG_PCR] with $filename"
|
2024-09-05 18:00:58 +00:00
|
|
|
# Measure both the filename and its content. This
|
|
|
|
|
# ensures that renaming files or pivoting file content
|
|
|
|
|
# will still affect the resulting PCR measurement.
|
|
|
|
|
tpmr extend -ix "$CONFIG_PCR" -ic "$filename"
|
|
|
|
|
tpmr extend -ix "$CONFIG_PCR" -if "$filename" \
|
2018-03-12 01:27:19 +00:00
|
|
|
|| die "$filename: tpm extend failed"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
2018-04-30 02:58:44 +00:00
|
|
|
# TODO: copy CBFS file named "heads/initrd.tgz" to /tmp, measure and extract
|
