tpmr: Add seal/unseal debug tracing

Trace parameters to seal/unseal and some key tpm2 invocations. Trace invocation of tpmr seal/unseal for disk unlock key. Add DO_WITH_DEBUG() to trace a command and parameters, then execute it. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2025-06-24 02:04:08 +00:00 · 2023-02-24 16:45:41 -05:00
parent e6acaad215
commit 8bf5415e79
4 changed files with 13 additions and 4 deletions
--- a/initrd/bin/kexec-unseal-key
+++ b/initrd/bin/kexec-unseal-key
@ -44,7 +44,7 @@ for tries in 1 2 3; do

 	unseal_result=1
 	if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
-		tpmr unseal "0x8100000$TPM_INDEX" "sha256:0,1,2,3,4,5,6,7" "$key_file" "$tpm_password"
+		DO_WITH_DEBUG tpmr unseal "0x8100000$TPM_INDEX" "sha256:0,1,2,3,4,5,6,7" "$key_file" "$tpm_password"
 		unseal_result="$?"
 	else
 		tpm unsealfile \