initrd/bin/flash.sh: Remove '-s' "SHA-256" mode

flash.sh had a special mode to read (like -r) and then sha256sum the resulting file. This is no different from just a read followed by a sha256sum, and the only caller also had logic to sha256sum a cached file anyway. Just use flash.sh -r and sha256sum the result. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2025-01-29 15:44:07 +00:00 · 2023-07-03 16:59:23 -04:00 · 2023-07-03 16:59:23 -04:00 · 75cb8a070f
commit 75cb8a070f
parent 048bec6ebb
4 changed files with 8 additions and 20 deletions
--- a/initrd/bin/flash.sh
+++ b/initrd/bin/flash.sh
@ -119,10 +119,6 @@ flash_rom() {
  if [ "$READ" -eq 1 ]; then
    flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}" \
    || die "Backup to $ROM failed"
-  elif [ "$SHA" -eq 1 ]; then
-    flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}" 1&>2 >/dev/null \
-    || die "$ROM: Read failed"
-    sha256sum ${ROM} | cut -f1 -d ' '
  else
    cp "$ROM" /tmp/${CONFIG_BOARD}.rom
    sha256sum /tmp/${CONFIG_BOARD}.rom
@ -154,24 +150,15 @@ flash_rom() {
 if [ "$1" == "-c" ]; then
  CLEAN=1
  READ=0
-  SHA=0
  ROM="$2"
 elif [ "$1" == "-r" ]; then
  CLEAN=0
  READ=1
-  SHA=0
-  ROM="$2"
-  touch $ROM
-elif [ "$1" == "-s" ]; then
-  CLEAN=0
-  READ=0
-  SHA=1
  ROM="$2"
  touch $ROM
 else
  CLEAN=0
  READ=0
-  SHA=0
  ROM="$1"
 fi

--- a/initrd/bin/seal-hotpkey
+++ b/initrd/bin/seal-hotpkey
@ -39,7 +39,7 @@ if [ "$CONFIG_TPM" = "y" ]; then
 		|| fatal_error "Unable to unseal HOTP secret"
 else
 	# without a TPM, use the first 20 characters of the ROM SHA256sum 
-	secret_from_rom_hash > "$HOTP_SECRET"
+	secret_from_rom_hash > "$HOTP_SECRET" || die "Reading ROM failed"
 fi

 # Store counter in file instead of TPM for now, as it conflicts with Heads
--- a/initrd/bin/unseal-hotp
+++ b/initrd/bin/unseal-hotp
@ -42,7 +42,7 @@ if [ "$CONFIG_TPM" = "y" ]; then
 	tpmr unseal 4d47 0,1,2,3,4,7 312 "$HOTP_SECRET"
 else
 	# without a TPM, use the first 20 characters of the ROM SHA256sum 
-	secret_from_rom_hash > "$HOTP_SECRET"
+	secret_from_rom_hash > "$HOTP_SECRET" || die "Reading ROM failed"
 fi

 if ! hotp $counter_value < "$HOTP_SECRET"; then
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@ -354,12 +354,13 @@ secret_from_rom_hash() {
 	local ROM_IMAGE="/tmp/coreboot-notpm.rom"

 	echo -e "\nTPM not detected; measuring ROM directly\n" 1>&2
-	# use a previously-copied image if it exists
-	if [ -f ${ROM_IMAGE} ]; then
-		sha256sum ${ROM_IMAGE} | cut -f1 -d ' ' | cut -c 1-20 | tr -d '\n'
-	else
-		flash.sh -s ${ROM_IMAGE} | cut -c 1-20 | tr -d '\n'
+
+	# Read the ROM if we haven't read it yet
+	if [ ! -f "${ROM_IMAGE}" ]; then
+		flash.sh -r "${ROM_IMAGE}" >/dev/null 2>&1 || return 1
 	fi
+
+	sha256sum ${ROM_IMAGE} | cut -f1 -d ' ' | cut -c 1-20 | tr -d '\n'
 }

 update_checksums()