diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index afa9fb7a..37744211 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -122,7 +122,7 @@ if [ ! -d $paramsdir ]; then fi rm $paramsdir/kexec_default.*.txt 2>/dev/null || true echo "$entry" > $ENTRY_FILE -cd $bootdir && kexec-boot -b "$bootdir" -e "$entry" -f | \ +kexec-boot -b "$bootdir" -e "$entry" -f | \ xargs sha256sum > $HASH_FILE \ || die "Failed to create hashes of boot files" if [ ! -r $ENTRY_FILE -o ! -r $HASH_FILE ]; then diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index f7525463..ceb0c5e9 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -52,7 +52,7 @@ verify_global_hashes() { echo "+++ Checking verified boot hash file " # Check the hashes of all the files - if cd $bootdir && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ; then + if ( cd $bootdir && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ); then echo "+++ Verified boot hashes " valid_hash='y' valid_global_hash='y' @@ -236,7 +236,7 @@ default_select() { # Enforce that default option hashes are valid echo "+++ Checking verified default boot hash file " # Check the hashes of all the files - if cd $bootdir && sha256sum -c "$TMP_DEFAULT_HASH_FILE" > /tmp/hash_output ; then + if ( cd $bootdir && sha256sum -c "$TMP_DEFAULT_HASH_FILE" > /tmp/hash_output ); then echo "+++ Verified default boot hashes " valid_hash='y' else diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 21e20197..89459f6d 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -322,9 +322,8 @@ report_integrity_measurements() check_config /boot force TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt" - if cd /boot && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ; then + if ( cd /boot && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ); then HASH="OK" - cd / else HASH="ALTERED" fi