codebase: silence dd output while capturing output in variables when needed

Signed-off-by: Thierry Laurion <insurgo@riseup.net>

initrd/bin/inject_firmware.sh

@@ -96,7 +96,7 @@ chmod a+x "$INITRD_ROOT/init"
 # Linux ignores zeros between archive segments, so any extra padding is not
 # harmful.
 FW_INITRD="/tmp/inject_firmware_initrd.cpio.gz"
-dd if="$ORIG_INITRD" of="$FW_INITRD" bs=512 conv=sync status=none
+dd if="$ORIG_INITRD" of="$FW_INITRD" bs=512 conv=sync status=none > /dev/null 2>&1
 # Pack up the new contents and append to the initrd.  Don't spend time
 # compressing this.
 (cd "$INITRD_ROOT"; find . | cpio -o -H newc) >>"$FW_INITRD"

initrd/bin/tpmr

@@ -332,7 +332,7 @@ tpm2_counter_create() {
 		esac
 	done
 	prompt_tpm_owner_password
-	rand_index="1$(dd if=/dev/urandom bs=1 count=3 | xxd -pc3)"
+	rand_index="1$(dd if=/dev/urandom bs=1 count=3 2>/dev/null | xxd -pc3)"
 	tpm2 nvdefine -C o -s 8 -a "ownerread|authread|authwrite|nt=1" \
 		-P "$(tpm2_password_hex "$(cat "/tmp/secret/tpm_owner_password")")" "0x$rand_index" >/dev/console ||
 		{
@@ -412,7 +412,7 @@ tpm1_destroy() {
 	index="$1" # Index of the sealed file
 	size="$2"  # Size of zeroes to overwrite for TPM1
 
-	dd if=/dev/zero bs="$size" count=1 of=/tmp/wipe-totp-zero
+	dd if=/dev/zero bs="$size" count=1 of=/tmp/wipe-totp-zero > /dev/null 2>&1
 	tpm nv_writevalue -in "$index" -if /tmp/wipe-totp-zero ||
 		die "Unable to wipe sealed secret from TPM NVRAM"
 }
@@ -690,7 +690,7 @@ tpm2_reset() {
 	# The default lockout password is empty, so we must set this, and we
 	# don't need to provide any auth (use the default empty password).
 	tpm2 changeauth -Q -c lockout \
-		"hex:$(dd if=/dev/urandom bs=32 count=1 status=none | xxd -p | tr -d ' \n')"
+		"hex:$(dd if=/dev/urandom bs=32 count=1 status=none 2>/dev/null | xxd -p | tr -d ' \n')"
 }
 tpm1_reset() {
 	TRACE_FUNC
@@ -729,7 +729,7 @@ tpm2_kexec_finalize() {
 	# being cleared in the OS.
 	# This passphrase is only effective before the next boot.
 	echo "Locking TPM2 platform hierarchy..."
-	randpass=$(dd if=/dev/urandom bs=4 count=1 status=none | xxd -p)
+	randpass=$(dd if=/dev/urandom bs=4 count=1 status=none 2>/dev/null | xxd -p)
 	tpm2 changeauth -c platform "$randpass" ||
 		warn "Failed to lock platform hierarchy of TPM2"
 }

initrd/bin/unpack_initramfs.sh

@@ -61,7 +61,7 @@ unpack_first_segment() {
 	mkdir -p "$dest_dir"
 
 	# peek the beginning of the file to determine what type of content is next
-	magic="$(dd if="$unpack_archive" bs=6 count=1 status=none | xxd -p)"
+	magic="$(dd if="$unpack_archive" bs=6 count=1 status=none 2>/dev/null | xxd -p)"
 
 	# read this segment of the archive, then write the rest to the next file
 	(

initrd/mount-boot

@@ -36,7 +36,7 @@ dev_blocks=`cat "$dev_size_file"`
 #
 # Extract the signed file from the hard disk image
 #
-if ! dd if="$dev" of="$cmd_sig" bs=512 skip="`expr $dev_blocks - 1`"; then
+if ! dd if="$dev" of="$cmd_sig" bs=512 skip="`expr $dev_blocks - 1`" > /dev/null 2>&1; then
 	echo >&2 '!!!!!'
 	echo >&2 '!!!!! Boot block extraction failed'
 	echo >&2 '!!!!! Dropping to recovery shell'

targets/qemu.mk

@@ -45,7 +45,7 @@ $(MEMORY_SIZE_FILE):
 	@echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)"
 USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw
 $(USB_FD_IMG):
-	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256
+	dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 >/dev/null 2>&1
 	# Debian obnoxiously does not include /usr/sbin in PATH for non-root, even
 	# though it is meaningful to use mkfs.vfat (etc.) as non-root
 	MKFS_VFAT=mkfs.vfat; \