From 8da5d5d723aff8d8e7c4156688cb30b374e6132b Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Wed, 8 Feb 2023 16:01:48 -0500
Subject: [PATCH] Add dual support for real bash and busybox's bash(ash) -
 modify bash to have it configured with -Os

---
 initrd/bin/cbfs-init                    |  2 +-
 initrd/bin/cbfs.sh                      |  2 +-
 initrd/bin/config-gui.sh                |  2 +-
 initrd/bin/flash-gui.sh                 |  2 +-
 initrd/bin/flash.sh                     |  2 +-
 initrd/bin/flashrom-kgpe-d16-openbmc.sh |  2 +-
 initrd/bin/generic-init                 |  2 +-
 initrd/bin/gpg-gui.sh                   |  2 +-
 initrd/bin/gpgv                         |  2 +-
 initrd/bin/gui-init                     |  2 +-
 initrd/bin/kexec-boot                   |  2 +-
 initrd/bin/kexec-insert-key             |  2 +-
 initrd/bin/kexec-iso-init               |  2 +-
 initrd/bin/kexec-parse-bls              |  2 +-
 initrd/bin/kexec-parse-boot             |  2 +-
 initrd/bin/kexec-save-default           |  2 +-
 initrd/bin/kexec-save-key               |  2 +-
 initrd/bin/kexec-seal-key               |  2 +-
 initrd/bin/kexec-select-boot            |  2 +-
 initrd/bin/kexec-sign-config            |  2 +-
 initrd/bin/kexec-unseal-key             |  2 +-
 initrd/bin/key-init                     |  2 +-
 initrd/bin/media-scan                   |  2 +-
 initrd/bin/mount-usb                    |  2 +-
 initrd/bin/network-init-recovery        |  2 +-
 initrd/bin/oem-factory-reset            |  2 +-
 initrd/bin/oem-system-info-xx30         |  2 +-
 initrd/bin/poweroff                     |  2 +-
 initrd/bin/qubes-measure-luks           |  2 +-
 initrd/bin/reboot                       |  2 +-
 initrd/bin/seal-hotpkey                 |  2 +-
 initrd/bin/seal-totp                    |  2 +-
 initrd/bin/t430-flash.init              |  4 ++--
 initrd/bin/tpm-reset                    |  2 +-
 initrd/bin/tpmr                         |  2 +-
 initrd/bin/uefi-init                    |  2 +-
 initrd/bin/unseal-hotp                  |  2 +-
 initrd/bin/unseal-totp                  |  2 +-
 initrd/bin/usb-init                     |  2 +-
 initrd/bin/wget-measure.sh              |  2 +-
 initrd/bin/x230-flash.init              |  4 ++--
 initrd/etc/functions                    |  6 +++---
 initrd/etc/gui_functions                |  2 +-
 initrd/etc/luks-functions               |  2 +-
 initrd/etc/passwd                       |  2 +-
 initrd/init                             | 18 ++++++++++--------
 initrd/mount-boot                       |  2 +-
 initrd/sbin/config-dhcp.sh              |  2 +-
 initrd/sbin/insmod                      |  2 +-
 49 files changed, 62 insertions(+), 60 deletions(-)

diff --git a/initrd/bin/cbfs-init b/initrd/bin/cbfs-init
index 8ab72c71..4125257a 100755
--- a/initrd/bin/cbfs-init
+++ b/initrd/bin/cbfs-init
@@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions
 
diff --git a/initrd/bin/cbfs.sh b/initrd/bin/cbfs.sh
index 52eedeff..54d2022f 100755
--- a/initrd/bin/cbfs.sh
+++ b/initrd/bin/cbfs.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions
 . /tmp/config
diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh
index 3799b67f..db77c0c1 100755
--- a/initrd/bin/config-gui.sh
+++ b/initrd/bin/config-gui.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 set -e -o pipefail
 . /etc/functions
diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh
index b03bd8c6..e952272f 100755
--- a/initrd/bin/flash-gui.sh
+++ b/initrd/bin/flash-gui.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 set -e -o pipefail
 . /etc/functions
diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh
index 81cc7be5..4635ed04 100755
--- a/initrd/bin/flash.sh
+++ b/initrd/bin/flash.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 # based off of flashrom-x230
 #
diff --git a/initrd/bin/flashrom-kgpe-d16-openbmc.sh b/initrd/bin/flashrom-kgpe-d16-openbmc.sh
index bbc65bd0..4c860d80 100755
--- a/initrd/bin/flashrom-kgpe-d16-openbmc.sh
+++ b/initrd/bin/flashrom-kgpe-d16-openbmc.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 . /etc/functions
 
 TRACE "Under /bin/flashrom-kgpe-d16-openbmc.sh"
diff --git a/initrd/bin/generic-init b/initrd/bin/generic-init
index a34817a6..438f29d9 100755
--- a/initrd/bin/generic-init
+++ b/initrd/bin/generic-init
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Boot from a local disk installation
 
 . /etc/functions
diff --git a/initrd/bin/gpg-gui.sh b/initrd/bin/gpg-gui.sh
index bf5bb962..e0c484ca 100755
--- a/initrd/bin/gpg-gui.sh
+++ b/initrd/bin/gpg-gui.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 set -e -o pipefail
 . /etc/functions
diff --git a/initrd/bin/gpgv b/initrd/bin/gpgv
index 116da35b..67631eda 100755
--- a/initrd/bin/gpgv
+++ b/initrd/bin/gpgv
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # if we are using the full GPG we need a wrapper for the gpgv executable
 . /etc/functions
 
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 9b2a983d..905e3d09 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Boot from a local disk installation
 
 BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}} 
diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot
index 9f85ef7b..fa4d219b 100755
--- a/initrd/bin/kexec-boot
+++ b/initrd/bin/kexec-boot
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Launches kexec from saved configuration entries
 set -e -o pipefail
 . /tmp/config
diff --git a/initrd/bin/kexec-insert-key b/initrd/bin/kexec-insert-key
index 59e4db60..79c2084b 100755
--- a/initrd/bin/kexec-insert-key
+++ b/initrd/bin/kexec-insert-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Unseal a disk key from TPM and add to a new initramfs
 set -e -o pipefail
 . /etc/functions
diff --git a/initrd/bin/kexec-iso-init b/initrd/bin/kexec-iso-init
index 6dcb0265..0a3da042 100755
--- a/initrd/bin/kexec-iso-init
+++ b/initrd/bin/kexec-iso-init
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Boot from signed ISO
 set -e -o pipefail
 . /etc/functions
diff --git a/initrd/bin/kexec-parse-bls b/initrd/bin/kexec-parse-bls
index c256d0c3..a2d98faf 100755
--- a/initrd/bin/kexec-parse-bls
+++ b/initrd/bin/kexec-parse-bls
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions
 TRACE "Under /bin/kexec-parse-bls"
diff --git a/initrd/bin/kexec-parse-boot b/initrd/bin/kexec-parse-boot
index 53b89d78..ada8c13d 100755
--- a/initrd/bin/kexec-parse-boot
+++ b/initrd/bin/kexec-parse-boot
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions
 
diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default
index 06a0fc27..90f9a8f9 100755
--- a/initrd/bin/kexec-save-default
+++ b/initrd/bin/kexec-save-default
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Save these options to be the persistent default
 set -e -o pipefail
 . /tmp/config
diff --git a/initrd/bin/kexec-save-key b/initrd/bin/kexec-save-key
index 4c89f6ce..d6785d67 100755
--- a/initrd/bin/kexec-save-key
+++ b/initrd/bin/kexec-save-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Generate a TPM key used to unlock LUKS disks
 set -e -o pipefail
 . /etc/functions
diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key
index 7789eb61..6d7ebf5b 100755
--- a/initrd/bin/kexec-seal-key
+++ b/initrd/bin/kexec-seal-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # This will generate a disk encryption key and seal / ecncrypt
 # with the current PCRs and then store it in the TPM NVRAM.
 # It will then need to be bundled into initrd that is booted.
diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot
index 3ddf4fcd..756b7d55 100755
--- a/initrd/bin/kexec-select-boot
+++ b/initrd/bin/kexec-select-boot
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Generic configurable boot script via kexec
 set -e -o pipefail
 . /tmp/config
diff --git a/initrd/bin/kexec-sign-config b/initrd/bin/kexec-sign-config
index a0593fa0..b5d3ac16 100755
--- a/initrd/bin/kexec-sign-config
+++ b/initrd/bin/kexec-sign-config
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Sign a valid directory of kexec params
 set -e -o pipefail
 . /tmp/config
diff --git a/initrd/bin/kexec-unseal-key b/initrd/bin/kexec-unseal-key
index 7f7ee347..7db78ac7 100755
--- a/initrd/bin/kexec-unseal-key
+++ b/initrd/bin/kexec-unseal-key
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # This will unseal and unecncrypt the drive encryption key from the TPM
 # The TOTP secret will be shown to the user on each encryption attempt.
 # It will then need to be bundled into initrd that is booted with Qubes.
diff --git a/initrd/bin/key-init b/initrd/bin/key-init
index f68921f5..44a9063f 100755
--- a/initrd/bin/key-init
+++ b/initrd/bin/key-init
@@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions
 
diff --git a/initrd/bin/media-scan b/initrd/bin/media-scan
index ae30d3f0..28a61274 100755
--- a/initrd/bin/media-scan
+++ b/initrd/bin/media-scan
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Scan for USB installation options
 set -e -o pipefail
 . /etc/functions
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
index fa7ca151..29bc5f74 100755
--- a/initrd/bin/mount-usb
+++ b/initrd/bin/mount-usb
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Mount a USB device
 . /etc/functions
 
diff --git a/initrd/bin/network-init-recovery b/initrd/bin/network-init-recovery
index aa0bf287..c7b93b84 100755
--- a/initrd/bin/network-init-recovery
+++ b/initrd/bin/network-init-recovery
@@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 
 . /etc/functions
 
diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset
index cb162e22..9ad808ca 100755
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Automated setup of TPM, GPG keys, and disk
 
 TRACE "Under /bin/oem-factory-reset"
diff --git a/initrd/bin/oem-system-info-xx30 b/initrd/bin/oem-system-info-xx30
index d72f66e0..489a5d78 100755
--- a/initrd/bin/oem-system-info-xx30
+++ b/initrd/bin/oem-system-info-xx30
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # System Info
 
 BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}} 
diff --git a/initrd/bin/poweroff b/initrd/bin/poweroff
index 57a25b57..6290246b 100755
--- a/initrd/bin/poweroff
+++ b/initrd/bin/poweroff
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 . /etc/functions
 
 TRACE "Under /bin/poweroff"
diff --git a/initrd/bin/qubes-measure-luks b/initrd/bin/qubes-measure-luks
index e40881e4..257ee861 100755
--- a/initrd/bin/qubes-measure-luks
+++ b/initrd/bin/qubes-measure-luks
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Measure all of the luks disk encryption headers into
 # a PCR so that we can detect disk swap attacks.
 . /etc/functions
diff --git a/initrd/bin/reboot b/initrd/bin/reboot
index 66375950..97d606c9 100755
--- a/initrd/bin/reboot
+++ b/initrd/bin/reboot
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 . /etc/functions
 
 TRACE "Under /bin/reboot"
diff --git a/initrd/bin/seal-hotpkey b/initrd/bin/seal-hotpkey
index 988f9d47..7f9efcda 100755
--- a/initrd/bin/seal-hotpkey
+++ b/initrd/bin/seal-hotpkey
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Retrieve the sealed TOTP secret and initialize a USB Security dongle with it
 
 . /etc/functions
diff --git a/initrd/bin/seal-totp b/initrd/bin/seal-totp
index 610f8a4a..6213edb0 100755
--- a/initrd/bin/seal-totp
+++ b/initrd/bin/seal-totp
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Generate a random secret, seal it with the PCRs
 # and write it to the TPM NVRAM.
 #
diff --git a/initrd/bin/t430-flash.init b/initrd/bin/t430-flash.init
index 9b97970e..30b76b04 100755
--- a/initrd/bin/t430-flash.init
+++ b/initrd/bin/t430-flash.init
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Initialize the USB and network device drivers,
 # invoke a recovery shell and prompt the user for how to proceed
 
@@ -23,4 +23,4 @@ echo '  mount -o ro /dev/sdb1 /media'
 echo '  flash.sh /media/t430.rom'
 echo ''
 
-exec /bin/ash
+exec /bin/bash
diff --git a/initrd/bin/tpm-reset b/initrd/bin/tpm-reset
index d3c33d00..83d3abb2 100755
--- a/initrd/bin/tpm-reset
+++ b/initrd/bin/tpm-reset
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 . /etc/functions
 
 if [ "$CONFIG_TPM" = "y" ]; then
diff --git a/initrd/bin/tpmr b/initrd/bin/tpmr
index 05b46dfb..ab25b052 100755
--- a/initrd/bin/tpmr
+++ b/initrd/bin/tpmr
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # TPM Wrapper - to unify tpm and tpm2 subcommands
 
 . /etc/functions
diff --git a/initrd/bin/uefi-init b/initrd/bin/uefi-init
index 08067ac9..e7c63b99 100755
--- a/initrd/bin/uefi-init
+++ b/initrd/bin/uefi-init
@@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions
 
diff --git a/initrd/bin/unseal-hotp b/initrd/bin/unseal-hotp
index 3e20db4c..8772d069 100755
--- a/initrd/bin/unseal-hotp
+++ b/initrd/bin/unseal-hotp
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Retrieve the sealed file and counter from the NVRAM, unseal it and compute the hotp
 
 . /etc/functions
diff --git a/initrd/bin/unseal-totp b/initrd/bin/unseal-totp
index e46e32ff..88f17736 100755
--- a/initrd/bin/unseal-totp
+++ b/initrd/bin/unseal-totp
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Retrieve the sealed file from the NVRAM, unseal it and compute the totp
 
 . /etc/functions
diff --git a/initrd/bin/usb-init b/initrd/bin/usb-init
index 94eb8b1e..5ac53409 100755
--- a/initrd/bin/usb-init
+++ b/initrd/bin/usb-init
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Boot a USB installation
 
 . /etc/functions
diff --git a/initrd/bin/wget-measure.sh b/initrd/bin/wget-measure.sh
index ec05df80..604f83eb 100755
--- a/initrd/bin/wget-measure.sh
+++ b/initrd/bin/wget-measure.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # get a file and extend a TPM PCR
 . /etc/functions
 
diff --git a/initrd/bin/x230-flash.init b/initrd/bin/x230-flash.init
index e5ea182b..65358c5a 100755
--- a/initrd/bin/x230-flash.init
+++ b/initrd/bin/x230-flash.init
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Initialize the USB and network device drivers,
 # invoke a recovery shell and prompt the user for how to proceed
 
@@ -25,4 +25,4 @@ echo '  mount -o ro /dev/sdb1 /media'
 echo '  flash.sh /media/x230.rom'
 echo ''
 
-exec /bin/ash
+exec /bin/bash
diff --git a/initrd/etc/functions b/initrd/etc/functions
index ad0086e4..56a9cf0a 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Shell functions for most initialization scripts
 
 die() {
@@ -51,9 +51,9 @@ recovery() {
 		sleep 1
 
 		if [ -x /bin/setsid ]; then
-			/bin/setsid -c /bin/ash
+			/bin/setsid -c /bin/bash
 		else
-			/bin/ash
+			/bin/bash
 		fi
 	done
 }
diff --git a/initrd/etc/gui_functions b/initrd/etc/gui_functions
index 3f7130bf..d1920bd3 100755
--- a/initrd/etc/gui_functions
+++ b/initrd/etc/gui_functions
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Shell functions for common operations using fbwhiptail
 . /etc/functions
 
diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions
index 8331f7ab..3fa3cd52 100644
--- a/initrd/etc/luks-functions
+++ b/initrd/etc/luks-functions
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Reencrypt LUKS container and change Disk Recovery Key associated passphrase (Slot 0: main slot)
 
 . /etc/functions
diff --git a/initrd/etc/passwd b/initrd/etc/passwd
index 75a443fe..9ada0152 100644
--- a/initrd/etc/passwd
+++ b/initrd/etc/passwd
@@ -1 +1 @@
-root:x:0:0:root:/:/bin/ash
+root:x:0:0:root:/:/bin/bash
diff --git a/initrd/init b/initrd/init
index a1145998..07b3b249 100755
--- a/initrd/init
+++ b/initrd/init
@@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 mknod /dev/ttyprintk c 5 3
 echo "hello world" > /dev/ttyprintk
 
@@ -30,12 +30,14 @@ if [ ! -r /dev/ptmx ]; then
 	ln -s /dev/pts/ptmx /dev/ptmx
 fi
 
-
-[ -a /dev/stdin ] || ln -s /proc/self/fd/0 /dev/stdin
-[ -a /dev/stdout ] || ln -s /proc/self/fd/1 /dev/stdout
-[ -a /dev/stderr ] || ln -s /proc/self/fd/2 /dev/stderr
 # Needed by bash
-[ -a /dev/fd ] || ln -s /proc/self/fd /dev/fd
+if ! [ -L /bin/bash ]; then
+	# /bin/bash is not a symbolink link (not busybox)
+	[ -a /dev/stdin ] || ln -s /proc/self/fd/0 /dev/stdin
+	[ -a /dev/stdout ] || ln -s /proc/self/fd/1 /dev/stdout
+	[ -a /dev/stderr ] || ln -s /proc/self/fd/2 /dev/stderr
+	[ -a /dev/fd ] || ln -s /proc/self/fd /dev/fd
+fi
 
 # Recovery shells will erase anything from here
 mkdir -p /tmp/secret
@@ -116,7 +118,7 @@ if [ "$boot_option" = "r" ]; then
 	if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
 		tpmr extend -ix 4 -ic recovery
 	fi
-	exec /bin/ash
+	exec /bin/bash
 	exit
 fi
 
@@ -173,4 +175,4 @@ fi
 if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = y ]; then
 	tpmr extend -ix 4 -ic recovery
 fi
-exec /bin/ash
+exec /bin/bash
diff --git a/initrd/mount-boot b/initrd/mount-boot
index 5f2d3515..42e4c9ae 100755
--- a/initrd/mount-boot
+++ b/initrd/mount-boot
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Extract the GPG signed dmsetup configuration from
 # the header of the file system, validate it against
 # the trusted key database, and execute it to mount
diff --git a/initrd/sbin/config-dhcp.sh b/initrd/sbin/config-dhcp.sh
index 10169634..6dcb8297 100755
--- a/initrd/sbin/config-dhcp.sh
+++ b/initrd/sbin/config-dhcp.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # udhcpc script
 
diff --git a/initrd/sbin/insmod b/initrd/sbin/insmod
index 60f37d0e..ce1adefd 100755
--- a/initrd/sbin/insmod
+++ b/initrd/sbin/insmod
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # extend a TPM PCR with a module and then load it
 # any arguments will also be measured.
 # The default PCR to be extended is 5, but can be