From 05fc4c1747e190c59d4a514f0bf039419453f058 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 26 Oct 2023 16:51:58 -0400
Subject: [PATCH] PCR extend ops inform users on what happens, otherwise we tpm
 commands output on screen without context

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
---
 initrd/bin/cbfs-init          | 1 +
 initrd/bin/qubes-measure-luks | 2 +-
 initrd/sbin/insmod            | 6 ++++--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/initrd/bin/cbfs-init b/initrd/bin/cbfs-init
index 5343db7a..81948ef8 100755
--- a/initrd/bin/cbfs-init
+++ b/initrd/bin/cbfs-init
@@ -24,6 +24,7 @@ for cbfsname in `echo $cbfsfiles`; do
 			TMPFILE=/tmp/cbfs.$$
 			echo "$filename" > $TMPFILE
 			cat $filename >> $TMPFILE
+			echo " !!!!! Extending TPM PCR $CONFIG_PCR with $filename !!!!!"
 			tpmr extend -ix "$CONFIG_PCR" -if $TMPFILE \
 			|| die "$filename: tpm extend failed"
 		fi
diff --git a/initrd/bin/qubes-measure-luks b/initrd/bin/qubes-measure-luks
index 4d396ff6..12248160 100755
--- a/initrd/bin/qubes-measure-luks
+++ b/initrd/bin/qubes-measure-luks
@@ -19,6 +19,6 @@ sha256sum /tmp/lukshdr-* >/tmp/luksDump.txt || die "Unable to hash LUKS headers"
 DEBUG "Removing /tmp/lukshdr-*"
 rm /tmp/lukshdr-*
 
-DEBUG "Extending PCR 6 with /tmp/luksDump.txt"
+echo " !!!! Extending PCR 6 with hash of LUKS headers from /tmp/luksDump.txt !!!!"
 tpmr extend -ix 6 -if /tmp/luksDump.txt ||
 	die "Unable to extend PCR"
diff --git a/initrd/sbin/insmod b/initrd/sbin/insmod
index 39d205b0..34138ee5 100755
--- a/initrd/sbin/insmod
+++ b/initrd/sbin/insmod
@@ -30,7 +30,8 @@ if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then
 fi
 
 if [ -z "$tpm_missing" ]; then
-	DEBUG "Extending PCR $MODULE_PCR with $MODULE"
+	echo
+	echo " !!!!! Extending TPM PCR $MODULE_PCR with $MODULE prior of usage !!!!!"
 	tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
 	|| die "$MODULE: tpm extend failed"
 fi
@@ -39,7 +40,8 @@ if [ ! -z "$*" -a -z "$tpm_missing" ]; then
 	DEBUG "Extending PCR $MODULE_PCR with $*"
 	TMPFILE=/tmp/insmod.$$
 	echo "$@" > $TMPFILE
-	DEBUG "Extending PCR $MODULE_PCR with $TMPFILE"
+	echo
+	echo " !!!!! Extending TPM PCR $MODULE_PCR with $MODULE prior of usage !!!!!"
 	tpmr extend -ix "$MODULE_PCR" -if $TMPFILE \
 	|| die "$MODULE: tpm extend on arguments failed"
 fi