kexec-seal-key, seal-totp: Silence dd status when setting up PCRs

Add status=none to dd invocations building PCR data. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-12-20 05:28:08 +00:00 · 2023-03-08 16:42:19 -05:00 · 2023-03-08 16:42:19 -05:00 · d88fcca2f2
commit d88fcca2f2
parent 50daa904f9
2 changed files with 3 additions and 3 deletions
--- a/initrd/bin/kexec-seal-key
+++ b/initrd/bin/kexec-seal-key
@ -94,7 +94,7 @@ tpmr pcrread -a 1 "$pcrf"
 tpmr pcrread -a 2 "$pcrf"
 tpmr pcrread -a 3 "$pcrf"
 # Note that PCR 4 needs to be set with the "normal-boot" path value, which is 0.
-dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 >> "$pcrf"
+dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 status=none >> "$pcrf"
 if [ "$CONFIG_USB_KEYBOARD" = "y" -o -r /lib/modules/libata.ko -o -x /bin/hotp_verification ]; then
 	DEBUG "Seal with PCR5 involvement (additional kernel modules are loaded per board config)..."
 	# Here, we take pcr 5 into consideration if modules are expected to be measured+loaded
@ -102,7 +102,7 @@ if [ "$CONFIG_USB_KEYBOARD" = "y" -o -r /lib/modules/libata.ko -o -x /bin/hotp_v
 else
 	DEBUG "Seal without PCR5 involvement, PCR5=0..."
 	#no kernel modules are expected to be measured+loaded
-	dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 >> "$pcrf"
+	dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 status=none >> "$pcrf"
 fi
 # Precompute the value for pcr 6
 tpmr calcfuturepcr -a "/tmp/luksDump.txt" "$pcrf"
--- a/initrd/bin/seal-totp
+++ b/initrd/bin/seal-totp
@ -34,7 +34,7 @@ tpmr pcrread -a 1 "$pcrf"
 tpmr pcrread -a 2 "$pcrf"
 tpmr pcrread -a 3 "$pcrf"
 # pcr 4 is expected to be zero (boot mode: init)
-dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 >> "$pcrf"
+dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 status=none >> "$pcrf"
 # pcr 5 (kernel modules loaded) is not measured at sealing/unsealing of totp
 # pcr 6 (drive luks header) is not measured at sealing/unsealing of totp
 # pcr 7 is containing measurements of user injected stuff in cbfs