kexec-save-default kexec-select-boot: fix primary handle once more. Can't wait we get rid of this... file must exist and not be empty, and hash output to console must not be silenced

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-03-14 08:16:44 +00:00 · 2024-12-18 14:57:48 -05:00 · 2024-12-18 14:57:48 -05:00 · 02d8ce8d0d
commit 02d8ce8d0d
parent 1e6079620a
2 changed files with 3 additions and 3 deletions
--- a/initrd/bin/kexec-save-default
+++ b/initrd/bin/kexec-save-default
@ -279,10 +279,9 @@ fi
 if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
 	if [ -f /tmp/secret/primary.handle ]; then
 		DEBUG "Hashing TPM2 primary key handle..."
-		sha256sum /tmp/secret/primary.handle >"$PRIMHASH_FILE" 2>/dev/null ||
+		sha256sum /tmp/secret/primary.handle > "$PRIMHASH_FILE" ||
 			die "ERROR: Failed to Hash TPM2 primary key handle!"
 		DEBUG "TPM2 primary key handle hash saved to $PRIMHASH_FILE"
-		DEBUG "Hash content: $(cat $PRIMHASH_FILE)"
 	else
 		die "ERROR: TPM2 primary key handle file does not exist!"
 	fi
--- a/initrd/bin/kexec-select-boot
+++ b/initrd/bin/kexec-select-boot
@ -60,7 +60,8 @@ paramsdir="${paramsdir%%/}"

 PRIMHASH_FILE="$paramsdir/kexec_primhdl_hash.txt"
 if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
-	if [ -r "$PRIMHASH_FILE" ]; then
+	if [ -s "$PRIMHASH_FILE" ]; then
+		#PRIMHASH_FILE (normally /boot/kexec_primhdl_hash.txt) exists and is not empty
 		sha256sum -c "$PRIMHASH_FILE" >/dev/null 2>&1 ||
 			{
 				echo "FATAL: Hash of TPM2 primary key handle mismatch!"