diff --git a/initrd/bin/inject_firmware.sh b/initrd/bin/inject_firmware.sh index 0de9e33c..f9e6556e 100755 --- a/initrd/bin/inject_firmware.sh +++ b/initrd/bin/inject_firmware.sh @@ -96,7 +96,7 @@ chmod a+x "$INITRD_ROOT/init" # Linux ignores zeros between archive segments, so any extra padding is not # harmful. FW_INITRD="/tmp/inject_firmware_initrd.cpio.gz" -dd if="$ORIG_INITRD" of="$FW_INITRD" bs=512 conv=sync status=none +dd if="$ORIG_INITRD" of="$FW_INITRD" bs=512 conv=sync status=none > /dev/null 2>&1 # Pack up the new contents and append to the initrd. Don't spend time # compressing this. (cd "$INITRD_ROOT"; find . | cpio -o -H newc) >>"$FW_INITRD" diff --git a/initrd/bin/tpmr b/initrd/bin/tpmr index 5adb4825..5d8a5953 100755 --- a/initrd/bin/tpmr +++ b/initrd/bin/tpmr @@ -332,7 +332,7 @@ tpm2_counter_create() { esac done prompt_tpm_owner_password - rand_index="1$(dd if=/dev/urandom bs=1 count=3 | xxd -pc3)" + rand_index="1$(dd if=/dev/urandom bs=1 count=3 2>/dev/null | xxd -pc3)" tpm2 nvdefine -C o -s 8 -a "ownerread|authread|authwrite|nt=1" \ -P "$(tpm2_password_hex "$(cat "/tmp/secret/tpm_owner_password")")" "0x$rand_index" >/dev/console || { @@ -412,7 +412,7 @@ tpm1_destroy() { index="$1" # Index of the sealed file size="$2" # Size of zeroes to overwrite for TPM1 - dd if=/dev/zero bs="$size" count=1 of=/tmp/wipe-totp-zero + dd if=/dev/zero bs="$size" count=1 of=/tmp/wipe-totp-zero > /dev/null 2>&1 tpm nv_writevalue -in "$index" -if /tmp/wipe-totp-zero || die "Unable to wipe sealed secret from TPM NVRAM" } @@ -690,7 +690,7 @@ tpm2_reset() { # The default lockout password is empty, so we must set this, and we # don't need to provide any auth (use the default empty password). tpm2 changeauth -Q -c lockout \ - "hex:$(dd if=/dev/urandom bs=32 count=1 status=none | xxd -p | tr -d ' \n')" + "hex:$(dd if=/dev/urandom bs=32 count=1 status=none 2>/dev/null | xxd -p | tr -d ' \n')" } tpm1_reset() { TRACE_FUNC @@ -729,7 +729,7 @@ tpm2_kexec_finalize() { # being cleared in the OS. # This passphrase is only effective before the next boot. echo "Locking TPM2 platform hierarchy..." - randpass=$(dd if=/dev/urandom bs=4 count=1 status=none | xxd -p) + randpass=$(dd if=/dev/urandom bs=4 count=1 status=none 2>/dev/null | xxd -p) tpm2 changeauth -c platform "$randpass" || warn "Failed to lock platform hierarchy of TPM2" } diff --git a/initrd/bin/unpack_initramfs.sh b/initrd/bin/unpack_initramfs.sh index 77213118..4fff52f6 100755 --- a/initrd/bin/unpack_initramfs.sh +++ b/initrd/bin/unpack_initramfs.sh @@ -61,7 +61,7 @@ unpack_first_segment() { mkdir -p "$dest_dir" # peek the beginning of the file to determine what type of content is next - magic="$(dd if="$unpack_archive" bs=6 count=1 status=none | xxd -p)" + magic="$(dd if="$unpack_archive" bs=6 count=1 status=none 2>/dev/null | xxd -p)" # read this segment of the archive, then write the rest to the next file ( diff --git a/initrd/mount-boot b/initrd/mount-boot index 42e4c9ae..be02e08d 100755 --- a/initrd/mount-boot +++ b/initrd/mount-boot @@ -36,7 +36,7 @@ dev_blocks=`cat "$dev_size_file"` # # Extract the signed file from the hard disk image # -if ! dd if="$dev" of="$cmd_sig" bs=512 skip="`expr $dev_blocks - 1`"; then +if ! dd if="$dev" of="$cmd_sig" bs=512 skip="`expr $dev_blocks - 1`" > /dev/null 2>&1; then echo >&2 '!!!!!' echo >&2 '!!!!! Boot block extraction failed' echo >&2 '!!!!! Dropping to recovery shell' diff --git a/targets/qemu.mk b/targets/qemu.mk index d5d7dc01..5520ebcd 100644 --- a/targets/qemu.mk +++ b/targets/qemu.mk @@ -45,7 +45,7 @@ $(MEMORY_SIZE_FILE): @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw $(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 + dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 >/dev/null 2>&1 # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even # though it is meaningful to use mkfs.vfat (etc.) as non-root MKFS_VFAT=mkfs.vfat; \