heads/initrd/sbin/insmod

#!/bin/bash
# extend a TPM PCR with a module and then load it
# any arguments will also be measured.
# The default PCR to be extended is 5, but can be
# overridden with the MODULE_PCR environment variable

. /etc/functions

TRACE_FUNC

MODULE="$1"; shift

if [ -z "$MODULE_PCR" ]; then
	MODULE_PCR=5
fi


if [ -z "$MODULE" ]; then
	die "Usage: $0 module [args...]"
fi

if [ ! -r "$MODULE" ]; then
	die "$MODULE: not found?"
fi

# Check if module is already loaded while remove trailing .ko if present
module=$(basename "$MODULE")
module=${module%.ko}
if lsmod | grep -q "^$module\\b"; then
	DEBUG "$module: already loaded"
	exit 0
fi

if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then
   if [ ! -c /dev/tpmrm0 -o ! -x /bin/tpm2 ]; then
	   tpm_missing=1
   fi
fi

if [ -z "$tpm_missing" ]; then
	DEBUG "Extending TPM PCR $MODULE_PCR with $MODULE prior of usage"
	tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
	|| die "$MODULE: tpm extend failed"
fi

if [ ! -z "$*" -a -z "$tpm_missing" ]; then
	DEBUG "Extending TPM PCR $MODULE_PCR with $*"
	TMPFILE=/tmp/insmod.$$
	echo "$@" > $TMPFILE
	DEBUG "Extending TPM PCR $MODULE_PCR with $MODULE prior of usage"
	tpmr extend -ix "$MODULE_PCR" -if $TMPFILE \
	|| die "$MODULE: tpm extend on arguments failed"
fi

# Since we have replaced the real insmod, we must invoke
# the busybox insmod via the original executable
DEBUG "Loading $MODULE with busybox insmod"
busybox insmod "$MODULE" "$@" \
	|| die "$MODULE: insmod failed"
Add dual support for real bash and busybox's bash(ash) - modify bash to have it configured with -Os 2023-02-08 16:01:48 -05:00			`#!/bin/bash`
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules 2017-03-31 11:18:46 -04:00			`# extend a TPM PCR with a module and then load it`
			`# any arguments will also be measured.`
			`# The default PCR to be extended is 5, but can be`
			`# overridden with the MODULE_PCR environment variable`

sbin/insmod wrapper: Add TRACE and DEBUG traces 2023-09-02 04:16:16 -04:00			`. /etc/functions`

all scripts: replace TRACE manual strings with dynamic tracing by bash debug Exception: scripts sourcing/calls within etc/ash_functions continues to use old TRACE functions until we switch to bash completely getting rid of ash. This would mean getting rid of legacy boards (flash + legacy boards which do not have enough space for bash in flash boards) once and for all. Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-02-01 14:30:31 -05:00			`TRACE_FUNC`
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules 2017-03-31 11:18:46 -04:00
			`MODULE="$1"; shift`

			`if [ -z "$MODULE_PCR" ]; then`
			`MODULE_PCR=5`
			`fi`


			`if [ -z "$MODULE" ]; then`
			`die "Usage: $0 module [args...]"`
			`fi`

			`if [ ! -r "$MODULE" ]; then`
			`die "$MODULE: not found?"`
			`fi`

insmod: check if module already loaded and if so exit early Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-02-22 13:36:25 -05:00			`# Check if module is already loaded while remove trailing .ko if present`
			`module=$(basename "$MODULE")`
			`module=${module%.ko}`
			`if lsmod \| grep -q "^$module\\b"; then`
			`DEBUG "$module: already loaded"`
			`exit 0`
			`fi`

check for TPM program and device before loading modules (issue #181) 2017-04-10 17:48:52 -04:00			`if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then`
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities 2022-08-25 14:43:31 -04:00			`if [ ! -c /dev/tpmrm0 -o ! -x /bin/tpm2 ]; then`
			`tpm_missing=1`
			`fi`
check for TPM program and device before loading modules (issue #181) 2017-04-10 17:48:52 -04:00			`fi`

			`if [ -z "$tpm_missing" ]; then`
All TPM Extend additional context passed from console echo output to DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements. Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2023-11-06 15:53:17 -05:00			`DEBUG "Extending TPM PCR $MODULE_PCR with $MODULE prior of usage"`
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities 2022-08-25 14:43:31 -04:00			`tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \`
check for TPM program and device before loading modules (issue #181) 2017-04-10 17:48:52 -04:00			`\|\| die "$MODULE: tpm extend failed"`
			`fi`
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules 2017-03-31 11:18:46 -04:00
"$@" does not expand correctly in test expressions, use "$*" instead (issue #181) 2017-04-11 06:31:25 -04:00			`if [ ! -z "$*" -a -z "$tpm_missing" ]; then`
All TPM Extend additional context passed from console echo output to DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements. Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2023-11-06 15:53:17 -05:00			`DEBUG "Extending TPM PCR $MODULE_PCR with $*"`
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules 2017-03-31 11:18:46 -04:00			`TMPFILE=/tmp/insmod.$$`
			`echo "$@" > $TMPFILE`
All TPM Extend additional context passed from console echo output to DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements. Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2023-11-06 15:53:17 -05:00			`DEBUG "Extending TPM PCR $MODULE_PCR with $MODULE prior of usage"`
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities 2022-08-25 14:43:31 -04:00			`tpmr extend -ix "$MODULE_PCR" -if $TMPFILE \`
check for TPM program and device before loading modules (issue #181) 2017-04-10 17:48:52 -04:00			`\|\| die "$MODULE: tpm extend on arguments failed"`
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules 2017-03-31 11:18:46 -04:00			`fi`

			`# Since we have replaced the real insmod, we must invoke`
			`# the busybox insmod via the original executable`
sbin/insmod wrapper: Add TRACE and DEBUG traces 2023-09-02 04:16:16 -04:00			`DEBUG "Loading $MODULE with busybox insmod"`
check for TPM program and device before loading modules (issue #181) 2017-04-10 17:48:52 -04:00			`busybox insmod "$MODULE" "$@" \`
insmod: check if module already loaded and if so exit early Signed-off-by: Thierry Laurion <insurgo@riseup.net> 2024-02-22 13:36:25 -05:00			`\|\| die "$MODULE: insmod failed"`