From c19193d7c6b40a4456a8742c1b2a37253a4eb346 Mon Sep 17 00:00:00 2001
From: Trammell Hudson <hudson@trmm.net>
Date: Mon, 10 Apr 2017 17:48:52 -0400
Subject: [PATCH] check for TPM program and device before loading modules
 (issue #181)

---
 initrd/sbin/insmod | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/initrd/sbin/insmod b/initrd/sbin/insmod
index ac623e2f..a244e862 100755
--- a/initrd/sbin/insmod
+++ b/initrd/sbin/insmod
@@ -24,14 +24,23 @@ if [ ! -r "$MODULE" ]; then
 	die "$MODULE: not found?"
 fi
 
-tpm extend -ix "$MODULE_PCR" -if "$MODULE" || die "$MODULE: tpm extend failed"
+if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then
+	tpm_missing=1
+fi
 
-if [ ! -z "$@" ]; then
+if [ -z "$tpm_missing" ]; then
+	tpm extend -ix "$MODULE_PCR" -if "$MODULE" \
+	|| die "$MODULE: tpm extend failed"
+fi
+
+if [ ! -z "$@" -a -z "$tpm_missing" ]; then
 	TMPFILE=/tmp/insmod.$$
 	echo "$@" > $TMPFILE
-	tpm extend -ix "$MODULE_PCR" -if $TMPFILE || die "$MODULE: tpm extend on arguments failed"
+	tpm extend -ix "$MODULE_PCR" -if $TMPFILE \
+	|| die "$MODULE: tpm extend on arguments failed"
 fi
 
 # Since we have replaced the real insmod, we must invoke
 # the busybox insmod via the original executable
-busybox insmod "$MODULE" "$@" || die "$MODULE: insmod failed"
+busybox insmod "$MODULE" "$@" \
+|| die "$MODULE: insmod failed"