mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-19 04:57:55 +00:00
4e22b503ba
14 Commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Thierry Laurion
|
77d4be1dc6
|
TPM extend ops: Augment output of TPM1/TMP22 for filename and file content hash ops
Debug logtrace, screenshots of non-debug will be added in PR #1758 TPM1: [ 4.815559] [U] hello world [ 5.099000] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config) [ 5.122059] TRACE: Under init [ 5.165917] DEBUG: Applying panic_on_oom setting to sysctl [ 5.388757] TRACE: /bin/cbfs-init(5): main [ 5.516637] TRACE: /bin/cbfs-init(24): main [ 5.662271] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/pubring.kbx [ 5.732223] TRACE: /bin/tpmr(790): main [ 5.785372] DEBUG: TPM: Extending PCR[7] with hash 7ccf4f64044946cf4e5b0efe3d959f00562227ae [ 5.838082] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/pubring.kbx [ 6.081466] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/pubring.kbx [ 6.147455] TRACE: /bin/tpmr(790): main [ 6.196545] DEBUG: TPM: Extending PCR[7] with hash ee79223a3b9724ad1aab290a3785132805c79eae [ 6.251251] DEBUG: exec tpm extend -ix 7 -if /.gnupg/pubring.kbx [ 6.445119] TRACE: /bin/cbfs-init(24): main [ 6.585854] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/trustdb.gpg [ 6.659172] TRACE: /bin/tpmr(790): main [ 6.707564] DEBUG: TPM: Extending PCR[7] with hash 7236ea8e612c1435259a8a0f8e0a8f1f5dba7042 [ 6.757645] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/trustdb.gpg [ 7.013547] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/trustdb.gpg [ 7.082863] TRACE: /bin/tpmr(790): main [ 7.131022] DEBUG: TPM: Extending PCR[7] with hash ca8898407cacd96d6f2de90ae90825351be81c62 [ 7.183344] DEBUG: exec tpm extend -ix 7 -if /.gnupg/trustdb.gpg [ 7.413787] TRACE: /bin/key-init(6): main [ 8.718367] TRACE: Under /etc/ash_functions:combine_configs [ 8.803914] TRACE: Under /etc/ash_functions:pause_recovery !!! Hit enter to proceed to recovery shell !!! [ 9.045341] TRACE: /bin/setconsolefont.sh(6): main [ 9.096853] DEBUG: Board does not ship setfont, not checking console font [ 9.320494] TRACE: /bin/gui-init(641): main [ 9.356729] TRACE: Under /etc/ash_functions:enable_usb [ 9.445981] TRACE: /sbin/insmod(9): main [ 9.609464] TRACE: /sbin/insmod(53): main [ 9.660145] DEBUG: No module parameters, extending only with the module's content [ 9.791896] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-hcd.ko [ 9.860477] TRACE: /bin/tpmr(790): main [ 9.914849] DEBUG: TPM: Extending PCR[5] with hash bc9ff28a99e314cda69695ba34b26ed0d8b1e4ed [ 9.976867] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-hcd.ko [ 10.146966] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod [ 10.184086] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 10.276564] TRACE: /sbin/insmod(9): main [ 10.433503] TRACE: /sbin/insmod(53): main [ 10.486272] DEBUG: No module parameters, extending only with the module's content [ 10.620200] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/uhci-hcd.ko [ 10.698710] TRACE: /bin/tpmr(790): main [ 10.750637] DEBUG: TPM: Extending PCR[5] with hash bcb2f15c7eb52484072a76fc8a0d7399f6cf2189 [ 10.808379] DEBUG: exec tpm extend -ix 5 -if /lib/modules/uhci-hcd.ko [ 10.996254] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod [ 11.026108] uhci_hcd: USB Universal Host Controller Interface driver [ 11.040703] uhci_hcd 0000:00:1d.0: UHCI Host Controller [ 11.053129] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1 [ 11.061568] uhci_hcd 0000:00:1d.0: detected 2 ports [ 11.070973] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00 [ 11.089004] hub 1-0:1.0: USB hub found [ 11.097535] hub 1-0:1.0: 2 ports detected [ 11.114890] uhci_hcd 0000:00:1d.1: UHCI Host Controller [ 11.123848] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2 [ 11.134989] uhci_hcd 0000:00:1d.1: detected 2 ports [ 11.142404] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0 [ 11.153338] hub 2-0:1.0: USB hub found [ 11.160572] hub 2-0:1.0: 2 ports detected [ 11.176481] uhci_hcd 0000:00:1d.2: UHCI Host Controller [ 11.183898] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3 [ 11.193509] uhci_hcd 0000:00:1d.2: detected 2 ports [ 11.201574] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0 [ 11.211182] hub 3-0:1.0: USB hub found [ 11.219256] hub 3-0:1.0: 2 ports detected [ 11.314467] TRACE: /sbin/insmod(9): main [ 11.468430] TRACE: /sbin/insmod(53): main [ 11.521914] DEBUG: No module parameters, extending only with the module's content [ 11.656647] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-hcd.ko [ 11.726721] TRACE: /bin/tpmr(790): main [ 11.778253] DEBUG: TPM: Extending PCR[5] with hash f563e46fbbed46423a1e10219953233d310792f5 [ 11.831718] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-hcd.ko [ 12.010752] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod [ 12.044192] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 12.136462] TRACE: /sbin/insmod(9): main [ 12.293409] TRACE: /sbin/insmod(53): main [ 12.345947] DEBUG: No module parameters, extending only with the module's content [ 12.481562] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-pci.ko [ 12.547754] TRACE: /bin/tpmr(790): main [ 12.604827] DEBUG: TPM: Extending PCR[5] with hash a24699fdaac9976cc9447fd0cd444a469299ad2f [ 12.661256] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-pci.ko [ 12.847247] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod [ 12.870986] ohci-pci: OHCI PCI platform driver [ 12.959387] TRACE: /sbin/insmod(9): main [ 13.112275] TRACE: /sbin/insmod(53): main [ 13.163112] DEBUG: No module parameters, extending only with the module's content [ 13.291360] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-pci.ko [ 13.364853] TRACE: /bin/tpmr(790): main [ 13.438536] DEBUG: TPM: Extending PCR[5] with hash b80a90e11a01eba40bb7e566f3374d0aad326acb [ 13.505500] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-pci.ko [ 13.679865] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod [ 13.704539] ehci-pci: EHCI PCI platform driver [ 13.725570] ehci-pci 0000:00:1d.7: EHCI Host Controller [ 13.735562] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4 [ 13.745092] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000 [ 13.773286] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00 [ 13.783544] hub 4-0:1.0: USB hub found [ 13.791110] hub 4-0:1.0: 6 ports detected [ 13.800844] hub 1-0:1.0: USB hub found [ 13.807808] hub 1-0:1.0: 2 ports detected [ 13.823094] hub 2-0:1.0: USB hub found [ 13.829910] hub 2-0:1.0: 2 ports detected [ 13.839182] hub 3-0:1.0: USB hub found [ 13.846231] hub 3-0:1.0: 2 ports detected [ 13.946297] TRACE: /sbin/insmod(9): main [ 14.099143] TRACE: /sbin/insmod(53): main [ 14.149765] DEBUG: No module parameters, extending only with the module's content [ 14.291413] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-hcd.ko [ 14.372815] TRACE: /bin/tpmr(790): main [ 14.426919] DEBUG: TPM: Extending PCR[5] with hash 1fc55e846b9d5c93e58c6c8b6f867e744fa694bc [ 14.482815] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-hcd.ko [ 14.670419] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod [ 14.783374] TRACE: /sbin/insmod(9): main [ 14.939364] TRACE: /sbin/insmod(53): main [ 14.995136] DEBUG: No module parameters, extending only with the module's content [ 15.135482] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-pci.ko [ 15.204263] TRACE: /bin/tpmr(790): main [ 15.255478] DEBUG: TPM: Extending PCR[5] with hash bbdd85242570aa438b908420a43b8d7042db8b4f [ 15.305598] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-pci.ko [ 15.480844] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod [ 15.512476] xhci_hcd 0000:00:04.0: xHCI Host Controller [ 15.528230] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5 [ 15.540456] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010 [ 15.554225] hub 5-0:1.0: USB hub found [ 15.562061] hub 5-0:1.0: 4 ports detected [ 15.572058] xhci_hcd 0000:00:04.0: xHCI Host Controller [ 15.589966] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6 [ 15.598116] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed [ 15.606150] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM. [ 15.616354] hub 6-0:1.0: USB hub found [ 15.623767] hub 6-0:1.0: 4 ports detected [ 15.909854] usb 5-1: new high-speed USB device number 2 using xhci_hcd [ 16.193548] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd [ 16.345381] usb 5-3: new full-speed USB device number 3 using xhci_hcd [ 17.674973] TRACE: /etc/functions(715): detect_boot_device [ 17.718114] TRACE: /etc/functions(682): mount_possible_boot_device [ 17.759829] TRACE: /etc/functions(642): is_gpt_bios_grub [ 17.833271] TRACE: /dev/vda1 is partition 1 of vda [ 17.925490] TRACE: /etc/functions(619): find_lvm_vg_name [ 18.068352] TRACE: Try mounting /dev/vda1 as /boot [ 18.114444] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null) [ 18.158648] TRACE: /bin/gui-init(319): clean_boot_check [ 18.247883] TRACE: /bin/gui-init(348): check_gpg_key [ 18.338052] TRACE: /bin/gui-init(185): update_totp [ 18.419286] TRACE: /bin/unseal-totp(8): main [ 18.511352] TRACE: /bin/tpmr(614): tpm1_unseal [ 18.624811] DEBUG: Running at_exit handlers [ 18.661992] TRACE: /bin/tpmr(390): cleanup_shred [ 18.692897] !!! ERROR: Unable to unseal TOTP secret !!! [ 21.295284] TRACE: /bin/unseal-totp(8): main [ 21.386377] TRACE: /bin/tpmr(614): tpm1_unseal [ 21.496183] DEBUG: Running at_exit handlers [ 21.527060] TRACE: /bin/tpmr(390): cleanup_shred [ 21.558625] !!! ERROR: Unable to unseal TOTP secret !!! [ 24.162881] TRACE: /bin/unseal-totp(8): main [ 24.249549] TRACE: /bin/tpmr(614): tpm1_unseal [ 24.362331] DEBUG: Running at_exit handlers [ 24.394154] TRACE: /bin/tpmr(390): cleanup_shred [ 24.427400] !!! ERROR: Unable to unseal TOTP secret !!! [ 26.475340] DEBUG: CONFIG_TPM: y [ 26.521538] DEBUG: CONFIG_TPM2_TOOLS: [ 26.578490] DEBUG: Show PCRs [ 26.730805] DEBUG: PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.751488] PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.778571] PCR-02: C0 A9 54 C8 45 5C 78 49 80 EC 1C DB D8 E8 9B CC 65 11 58 BF [ 26.808771] PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.830508] PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.849538] PCR-05: 2C 3A 40 05 70 DB 21 89 4F CD C2 F8 D6 AE 40 DA 56 E1 B6 74 [ 26.878951] PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.895421] PCR-07: 7A 8A 4C E6 BA B0 AA 26 22 B1 26 A2 F6 36 BD F3 86 23 50 B6 TPM2: [ 5.305235] [U] hello world [ 5.591175] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config) [ 5.615802] TRACE: Under init [ 5.657823] DEBUG: Applying panic_on_oom setting to sysctl [ 5.831457] TRACE: /bin/tpmr(349): tpm2_startsession [ 6.567984] TRACE: /bin/cbfs-init(5): main [ 6.695758] TRACE: /bin/cbfs-init(24): main [ 6.811665] TRACE: /bin/tpmr(832): main [ 6.870411] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx [ 6.907262] TRACE: /bin/tpmr(234): tpm2_extend [ 6.983504] TRACE: /bin/tpmr(247): tpm2_extend [ 7.037543] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/pubring.kbx [ 7.192665] TRACE: /bin/tpmr(265): tpm2_extend [ 7.246318] DEBUG: TPM: Extended PCR[7] with hash 96ab5053e4630a040d55549ba73cff2178d401d763147776771f9774597b86a1 [ 7.355327] TRACE: /bin/tpmr(832): main [ 7.409042] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx [ 7.446920] TRACE: /bin/tpmr(234): tpm2_extend [ 7.485782] TRACE: /bin/tpmr(252): tpm2_extend [ 7.540496] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/pubring.kbx [ 7.759033] TRACE: /bin/tpmr(265): tpm2_extend [ 7.811693] DEBUG: TPM: Extended PCR[7] with hash f196f9cae98362568d31638e7522eee5042286b2c18627b06b30a0275207872e [ 7.903033] TRACE: /bin/cbfs-init(24): main [ 8.026099] TRACE: /bin/tpmr(832): main [ 8.077074] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg [ 8.108061] TRACE: /bin/tpmr(234): tpm2_extend [ 8.180580] TRACE: /bin/tpmr(247): tpm2_extend [ 8.234748] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/trustdb.gpg [ 8.412522] TRACE: /bin/tpmr(265): tpm2_extend [ 8.469868] DEBUG: TPM: Extended PCR[7] with hash 53b843fe9bb52894d3a7d00197c776d56f3059f6a285124c7916724cd5013b0b [ 8.596316] TRACE: /bin/tpmr(832): main [ 8.655651] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg [ 8.690508] TRACE: /bin/tpmr(234): tpm2_extend [ 8.723206] TRACE: /bin/tpmr(252): tpm2_extend [ 8.782554] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/trustdb.gpg [ 8.999969] TRACE: /bin/tpmr(265): tpm2_extend [ 9.066744] DEBUG: TPM: Extended PCR[7] with hash abf745ef9f960af5d8b19a1acd4bc0a19da056f607b06cce6b920eab83cbbdec [ 9.215143] TRACE: /bin/key-init(6): main [ 10.661503] TRACE: Under /etc/ash_functions:combine_configs [ 10.749050] TRACE: Under /etc/ash_functions:pause_recovery !!! Hit enter to proceed to recovery shell !!! [ 10.998267] TRACE: /bin/setconsolefont.sh(6): main [ 11.059640] DEBUG: Board does not ship setfont, not checking console font [ 11.303012] TRACE: /bin/gui-init(641): main [ 11.334099] TRACE: Under /etc/ash_functions:enable_usb [ 11.421487] TRACE: /sbin/insmod(9): main [ 11.578754] TRACE: /sbin/insmod(53): main [ 11.630500] DEBUG: No module parameters, extending only with the module's content [ 11.741780] TRACE: /bin/tpmr(832): main [ 11.789365] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-hcd.ko [ 11.823496] TRACE: /bin/tpmr(234): tpm2_extend [ 11.862739] TRACE: /bin/tpmr(252): tpm2_extend [ 11.920404] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-hcd.ko [ 12.123507] TRACE: /bin/tpmr(265): tpm2_extend [ 12.175292] DEBUG: TPM: Extended PCR[5] with hash 40c5206f06702e45d8e6632632255258af433be0641c96f514ea75ac14523a30 [ 12.234130] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod [ 12.278479] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 12.371875] TRACE: /sbin/insmod(9): main [ 12.523874] TRACE: /sbin/insmod(53): main [ 12.578418] DEBUG: No module parameters, extending only with the module's content [ 12.697785] TRACE: /bin/tpmr(832): main [ 12.753607] DEBUG: TPM: Extending PCR[5] with /lib/modules/uhci-hcd.ko [ 12.786940] TRACE: /bin/tpmr(234): tpm2_extend [ 12.819199] TRACE: /bin/tpmr(252): tpm2_extend [ 12.879805] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/uhci-hcd.ko [ 13.088925] TRACE: /bin/tpmr(265): tpm2_extend [ 13.158660] DEBUG: TPM: Extended PCR[5] with hash 1877332107fb8737a5636da26d4db2c10ffe4d1db2bcbde30b47774cdf05e02f [ 13.223888] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod [ 13.253700] uhci_hcd: USB Universal Host Controller Interface driver [ 13.269580] uhci_hcd 0000:00:1d.0: UHCI Host Controller [ 13.278675] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1 [ 13.287280] uhci_hcd 0000:00:1d.0: detected 2 ports [ 13.296481] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00 [ 13.314557] hub 1-0:1.0: USB hub found [ 13.332614] hub 1-0:1.0: 2 ports detected [ 13.352400] uhci_hcd 0000:00:1d.1: UHCI Host Controller [ 13.361016] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2 [ 13.368653] uhci_hcd 0000:00:1d.1: detected 2 ports [ 13.376700] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0 [ 13.395046] hub 2-0:1.0: USB hub found [ 13.403107] hub 2-0:1.0: 2 ports detected [ 13.418573] uhci_hcd 0000:00:1d.2: UHCI Host Controller [ 13.426975] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3 [ 13.434733] uhci_hcd 0000:00:1d.2: detected 2 ports [ 13.442497] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0 [ 13.460237] hub 3-0:1.0: USB hub found [ 13.467466] hub 3-0:1.0: 2 ports detected [ 13.579102] TRACE: /sbin/insmod(9): main [ 13.730892] TRACE: /sbin/insmod(53): main [ 13.781345] DEBUG: No module parameters, extending only with the module's content [ 13.891152] TRACE: /bin/tpmr(832): main [ 13.954015] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-hcd.ko [ 13.995207] TRACE: /bin/tpmr(234): tpm2_extend [ 14.031074] TRACE: /bin/tpmr(252): tpm2_extend [ 14.095694] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-hcd.ko [ 14.315253] TRACE: /bin/tpmr(265): tpm2_extend [ 14.369608] DEBUG: TPM: Extended PCR[5] with hash 8a12ce4abfc87f11a023d4f1c26c225f5cffae248f9dad1fd30e78022996df02 [ 14.425800] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod [ 14.455207] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 14.548050] TRACE: /sbin/insmod(9): main [ 14.693175] TRACE: /sbin/insmod(53): main [ 14.742761] DEBUG: No module parameters, extending only with the module's content [ 14.855233] TRACE: /bin/tpmr(832): main [ 14.908035] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-pci.ko [ 14.940321] TRACE: /bin/tpmr(234): tpm2_extend [ 14.970307] TRACE: /bin/tpmr(252): tpm2_extend [ 15.018421] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-pci.ko [ 15.226408] TRACE: /bin/tpmr(265): tpm2_extend [ 15.279951] DEBUG: TPM: Extended PCR[5] with hash 2065ee6544d78a5d31e67983166a9b8cf60dbe61bf0ee99c39e92816cc3a98db [ 15.335930] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod [ 15.360537] ohci-pci: OHCI PCI platform driver [ 15.446600] TRACE: /sbin/insmod(9): main [ 15.597149] TRACE: /sbin/insmod(53): main [ 15.649850] DEBUG: No module parameters, extending only with the module's content [ 15.753738] TRACE: /bin/tpmr(832): main [ 15.809086] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-pci.ko [ 15.847559] TRACE: /bin/tpmr(234): tpm2_extend [ 15.878030] TRACE: /bin/tpmr(252): tpm2_extend [ 15.930320] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-pci.ko [ 16.131948] TRACE: /bin/tpmr(265): tpm2_extend [ 16.190395] DEBUG: TPM: Extended PCR[5] with hash 116145df2c495dfd58354025799fe5bb9b4d8e078960e8d0d7ceda746e4f2d06 [ 16.247675] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod [ 16.275465] ehci-pci: EHCI PCI platform driver [ 16.296704] ehci-pci 0000:00:1d.7: EHCI Host Controller [ 16.306151] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4 [ 16.316293] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000 [ 16.340527] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00 [ 16.357688] hub 4-0:1.0: USB hub found [ 16.365707] hub 4-0:1.0: 6 ports detected [ 16.376687] hub 1-0:1.0: USB hub found [ 16.384573] hub 1-0:1.0: 2 ports detected [ 16.393986] hub 2-0:1.0: USB hub found [ 16.401424] hub 2-0:1.0: 2 ports detected [ 16.410387] hub 3-0:1.0: USB hub found [ 16.418087] hub 3-0:1.0: 2 ports detected [ 16.513839] TRACE: /sbin/insmod(9): main [ 16.670778] TRACE: /sbin/insmod(53): main [ 16.721953] DEBUG: No module parameters, extending only with the module's content [ 16.835964] TRACE: /bin/tpmr(832): main [ 16.888003] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-hcd.ko [ 16.919798] TRACE: /bin/tpmr(234): tpm2_extend [ 16.957470] TRACE: /bin/tpmr(252): tpm2_extend [ 17.013535] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-hcd.ko [ 17.225097] TRACE: /bin/tpmr(265): tpm2_extend [ 17.281099] DEBUG: TPM: Extended PCR[5] with hash 7f5a6bd0f7de6104e49374e1e5ce421e11795fcc4f53014ef9259d630d7876bc [ 17.337551] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod [ 17.448660] TRACE: /sbin/insmod(9): main [ 17.595458] TRACE: /sbin/insmod(53): main [ 17.653305] DEBUG: No module parameters, extending only with the module's content [ 17.763612] TRACE: /bin/tpmr(832): main [ 17.817350] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-pci.ko [ 17.849196] TRACE: /bin/tpmr(234): tpm2_extend [ 17.879069] TRACE: /bin/tpmr(252): tpm2_extend [ 17.927859] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-pci.ko [ 18.126778] TRACE: /bin/tpmr(265): tpm2_extend [ 18.188056] DEBUG: TPM: Extended PCR[5] with hash 5502fa8c101f7e509145b9826094f06dd0e225c2311a14edc9ae9c812518a250 [ 18.247945] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod [ 18.286509] xhci_hcd 0000:00:04.0: xHCI Host Controller [ 18.294553] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5 [ 18.308276] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010 [ 18.320288] hub 5-0:1.0: USB hub found [ 18.328425] hub 5-0:1.0: 4 ports detected [ 18.337635] xhci_hcd 0000:00:04.0: xHCI Host Controller [ 18.344430] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6 [ 18.351769] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed [ 18.360900] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM. [ 18.371095] hub 6-0:1.0: USB hub found [ 18.378046] hub 6-0:1.0: 4 ports detected [ 18.673695] usb 5-1: new high-speed USB device number 2 using xhci_hcd [ 18.960744] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd [ 19.112485] usb 5-3: new full-speed USB device number 3 using xhci_hcd [ 20.433294] TRACE: /etc/functions(715): detect_boot_device [ 20.489580] TRACE: /etc/functions(682): mount_possible_boot_device [ 20.546126] TRACE: /etc/functions(642): is_gpt_bios_grub [ 20.653417] TRACE: /dev/vda1 is partition 1 of vda [ 20.777737] TRACE: /etc/functions(619): find_lvm_vg_name [ 20.946450] TRACE: Try mounting /dev/vda1 as /boot [ 20.997145] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null) [ 21.053058] TRACE: /bin/gui-init(319): clean_boot_check [ 21.157752] TRACE: /bin/gui-init(348): check_gpg_key [ 21.260339] TRACE: /bin/gui-init(185): update_totp [ 21.376906] TRACE: /bin/unseal-totp(8): main [ 21.497372] TRACE: /bin/tpmr(569): tpm2_unseal [ 21.574501] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty> [ 22.212056] DEBUG: Running at_exit handlers [ 22.247818] TRACE: /bin/tpmr(374): cleanup_session [ 22.301292] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session [ 22.423005] !!! ERROR: Unable to unseal TOTP secret !!! [ 25.058227] TRACE: /bin/unseal-totp(8): main [ 25.205031] TRACE: /bin/tpmr(569): tpm2_unseal [ 25.284388] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty> [ 25.914243] DEBUG: Running at_exit handlers [ 25.947988] TRACE: /bin/tpmr(374): cleanup_session [ 26.001694] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session [ 26.126464] !!! ERROR: Unable to unseal TOTP secret !!! [ 28.766165] TRACE: /bin/unseal-totp(8): main [ 28.898452] TRACE: /bin/tpmr(569): tpm2_unseal [ 28.982708] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty> [ 29.609216] DEBUG: Running at_exit handlers [ 29.643372] TRACE: /bin/tpmr(374): cleanup_session [ 29.696741] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session [ 29.822748] !!! ERROR: Unable to unseal TOTP secret !!! [ 31.890980] DEBUG: CONFIG_TPM: y [ 31.945147] DEBUG: CONFIG_TPM2_TOOLS: y [ 31.999643] DEBUG: Show PCRs [ 32.157607] DEBUG: sha256: [ 32.190288] 0 : 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.221302] 1 : 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.251240] 2 : 0x9FC171D45D54BDD49D40E8438BCF15808427BA72B11EC2DF1ACE877CA0CF4F14 [ 32.282127] 3 : 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.315382] 4 : 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.345767] 5 : 0xD76470232B7C3FD7D18D4DF3B77DACAFFDB876DBF3E84C996D74F7ECFA0FF60F [ 32.379099] 6 : 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.409630] 7 : 0x2E3147A8ADA1FEBEB2D32D7F50F25DC10F47D7CD48DF1D61A2D6BF958114A231 [ 32.439780] 8 : 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.508514] 9 : 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.537395] 10: 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.583510] 11: 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.622661] 12: 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.651831] 13: 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.687298] 14: 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.721766] 15: 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.751345] 16: 0x0000000000000000000000000000000000000000000000000000000000000000 [ 32.782919] 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [ 32.813071] 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [ 32.841994] 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [ 32.869358] 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [ 32.907215] 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [ 32.937346] 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [ 32.967810] 23: 0x0000000000000000000000000000000000000000000000000000000000000000 Signed-off-by: Thierry Laurion <insurgo@riseup.net> |
||
Jonathon Hall
|
de7902f5b9
|
cbfs-init, insmod: Bring back params/filenames into PCR measurements
cbfs-init used to measure filenames as well as the data in the files, but after refactoring it only measures file data. This means files could be renamed, or contents pivoted, without affecting the PCR measurements. Bring back the filename measurement. Similarly, insmod used to measure module parameters, but no longer does. Though we don't currently insert any modules with parameters, there's no reason to leave this open to break later, bring back the measurement. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> |
||
Thierry Laurion
|
52992664ea
|
Improve TPM Extend infor in normal and DEBUG mode
cbfs-init: remove temp files, measure direct cbfs output, extend PCR with proper introspection tracing flash.sh: do not die but go to recovery if flashrom fails, cosmetic fix for warning given to user kexec-insert-key: extend PCR with proper introspection tracing kexec-select-boot: extend PCR with proper introspection tracing kexec-measure-luks: extend PCR with proper introspection tracing tpmr: Add missing TRACE_FUNC, fix comments, extend give hash that was extended to tpm call in DEBUG, fix TPM startsession unsuppressed output still present ash_functions: extend PCR with proper introspection tracing insmod: DEBUG info more pertinent, extend PCR with proper introspection tracing Signed-off-by: Thierry Laurion <insurgo@riseup.net> |
||
Thierry Laurion
|
a5ab32b761
|
insmod: uniformize module name and lsmod output prior of comapring if module already insmodded (ehci-hcd.ko module name is ehci_hcd...)
Signed-off-by: Thierry Laurion <insurgo@riseup.net> |
||
Thierry Laurion
|
bec2545688
|
insmod: check if module already loaded and if so exit early
Signed-off-by: Thierry Laurion <insurgo@riseup.net> |
||
Thierry Laurion
|
40c34453df
|
all scripts: replace TRACE manual strings with dynamic tracing by bash debug
Exception: scripts sourcing/calls within etc/ash_functions continues to use old TRACE functions until we switch to bash completely getting rid of ash. This would mean getting rid of legacy boards (flash + legacy boards which do not have enough space for bash in flash boards) once and for all. Signed-off-by: Thierry Laurion <insurgo@riseup.net> |
||
Thierry Laurion
|
388ee5198b
|
All TPM Extend additional context passed from console echo output to DEBUG. Put back console output as of master. TODO: decide what we do with tpmr extend output for the future. Hint: forward sealing of next flashed firmware measurements.
Signed-off-by: Thierry Laurion <insurgo@riseup.net> |
||
Thierry Laurion
|
05fc4c1747
|
PCR extend ops inform users on what happens, otherwise we tpm commands output on screen without context
Signed-off-by: Thierry Laurion <insurgo@riseup.net> |
||
Thierry Laurion
|
51b1ad39c3
|
sbin/insmod wrapper: Add TRACE and DEBUG traces | ||
Thierry Laurion
|
8da5d5d723
|
Add dual support for real bash and busybox's bash(ash)
- modify bash to have it configured with -Os |
||
Thierry Laurion
|
6923fb5e20
|
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards
-coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities |
||
Trammell Hudson
|
51ecbdc8cb
|
"$@" does not expand correctly in test expressions, use "$*" instead (issue #181) | ||
Trammell Hudson
|
c19193d7c6
|
check for TPM program and device before loading modules (issue #181) | ||
Trammell Hudson
|
c40748aa25
|
Build time configuration for startup scripts and modules.
This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules |