tpmr: Remove PCR debug dump, silence nonsense unseal errors for new TPM

Remove dump of all PCRs from tpm2_extend, it was causing other errors
to roll off the screen before they could be inspected, and it's no
longer needed now that TPM2 is working.

Silence nonsense errors from unseal if TPM2 hasn't been reset.  tpm2 -S
with a file that doesn't exist would complain that the parameter format
was not understood (looks like a script error), when the actual problem
was that the file doesn't exist yet.  We can't try to unseal anyway
without a primary handle, so just exit unsuccessfully in that case.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>

initrd/bin/tpmr

@@ -43,7 +43,6 @@ tpm2_extend() {
 	tpm2 pcrextend "$index:sha256=$hash"
 	DEBUG "tpm2 pcread sha256:$index"
 	tpm2 pcrread "sha256:$index"
-	DEBUG "$(pcrs)"
 }
 
 tpm2_counter_read() {
@@ -229,6 +228,14 @@ tpm2_unseal() {
 
 	DEBUG "tpm2_unseal: handle=$handle pcrl=$pcrl file=$file pass=$([ "$pass" ] && echo "<yes>" || echo "<no>")"
 
+	# If we don't have the primary handle (TPM hasn't been reset), tpm2 will
+	# print nonsense error messages about an unexpected handle value.  We
+	# can't do anything without a primary handle.
+	if [ ! -f "/tmp/$PRIMARY_HANDLE_FILE" ]; then
+		DEBUG "tpm2_unseal: No primary handle, cannot attempt to unseal"
+		exit 1
+	fi
+
 	POLICY_SESSION=/tmp/unsealfile_policy.session
 	rm -f "$POLICY_SESSION"
 	tpm2 startauthsession -Q -g sha256 -c "/tmp/$PRIMARY_HANDLE_FILE" -S "$POLICY_SESSION" --policy-session