PCR extend ops inform users on what happens, otherwise we tpm commands output on screen without context

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-19 21:17:55 +00:00 · 2023-10-26 16:51:58 -04:00 · 2023-10-26 16:51:58 -04:00 · 05fc4c1747
commit 05fc4c1747
parent 9e838ad615
3 changed files with 6 additions and 3 deletions
--- a/initrd/bin/cbfs-init
+++ b/initrd/bin/cbfs-init
@ -24,6 +24,7 @@ for cbfsname in `echo $cbfsfiles`; do
 			TMPFILE=/tmp/cbfs.$$
 			echo "$filename" > $TMPFILE
 			cat $filename >> $TMPFILE
+			echo " !!!!! Extending TPM PCR $CONFIG_PCR with $filename !!!!!"
 			tpmr extend -ix "$CONFIG_PCR" -if $TMPFILE \
 			|| die "$filename: tpm extend failed"
 		fi
--- a/initrd/bin/qubes-measure-luks
+++ b/initrd/bin/qubes-measure-luks
@ -19,6 +19,6 @@ sha256sum /tmp/lukshdr-* >/tmp/luksDump.txt || die "Unable to hash LUKS headers"
 DEBUG "Removing /tmp/lukshdr-*"
 rm /tmp/lukshdr-*

-DEBUG "Extending PCR 6 with /tmp/luksDump.txt"
+echo " !!!! Extending PCR 6 with hash of LUKS headers from /tmp/luksDump.txt !!!!"
 tpmr extend -ix 6 -if /tmp/luksDump.txt ||
 	die "Unable to extend PCR"
--- a/initrd/sbin/insmod
+++ b/initrd/sbin/insmod
@ -30,7 +30,8 @@ if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then
 fi

 if [ -z "$tpm_missing" ]; then
-	DEBUG "Extending PCR $MODULE_PCR with $MODULE"
+	echo
+	echo " !!!!! Extending TPM PCR $MODULE_PCR with $MODULE prior of usage !!!!!"
 	tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
 	|| die "$MODULE: tpm extend failed"
 fi
@ -39,7 +40,8 @@ if [ ! -z "$*" -a -z "$tpm_missing" ]; then
 	DEBUG "Extending PCR $MODULE_PCR with $*"
 	TMPFILE=/tmp/insmod.$$
 	echo "$@" > $TMPFILE
-	DEBUG "Extending PCR $MODULE_PCR with $TMPFILE"
+	echo
+	echo " !!!!! Extending TPM PCR $MODULE_PCR with $MODULE prior of usage !!!!!"
 	tpmr extend -ix "$MODULE_PCR" -if $TMPFILE \
 	|| die "$MODULE: tpm extend on arguments failed"
 fi