ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-01-18 10:46:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check for TPM program and device before loading modules (issue #181)

Browse Source
This commit is contained in:
Trammell Hudson 2017-04-10 17:48:52 -04:00
parent b6eaa5c295
commit c19193d7c6
Failed to extract signature
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
initrd/sbin/insmod
View File

@ -24,14 +24,23 @@ if [ ! -r "$MODULE" ]; then
die "$MODULE: not found?"
fi
tpm extend -ix "$MODULE_PCR" -if "$MODULE" || die "$MODULE: tpm extend failed"
if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then
tpm_missing=1
fi
if [ ! -z "$@" ]; then
if [ -z "$tpm_missing" ]; then
tpm extend -ix "$MODULE_PCR" -if "$MODULE" \
|| die "$MODULE: tpm extend failed"
fi
if [ ! -z "$@" -a -z "$tpm_missing" ]; then
TMPFILE=/tmp/insmod.$$
echo "$@" > $TMPFILE
tpm extend -ix "$MODULE_PCR" -if $TMPFILE || die "$MODULE: tpm extend on arguments failed"
tpm extend -ix "$MODULE_PCR" -if $TMPFILE \
|| die "$MODULE: tpm extend on arguments failed"
fi
# Since we have replaced the real insmod, we must invoke
# the busybox insmod via the original executable
busybox insmod "$MODULE" "$@" || die "$MODULE: insmod failed"
busybox insmod "$MODULE" "$@" \
|| die "$MODULE: insmod failed"