#!/bin/bash set -e -o pipefail . /etc/functions TRACE_FUNC # Update initrd with CBFS files if [ -z "$CONFIG_PCR" ]; then CONFIG_PCR=7 fi # Load individual files cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"` for cbfsname in `echo $cbfsfiles`; do filename=${cbfsname:12} if [ ! -z "$filename" ]; then mkdir -p `dirname $filename` \ || die "$filename: mkdir failed" echo "Extracting CBFS file $cbfsname into $filename" cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \ || die "$filename: cbfs file read failed" if [ "$CONFIG_TPM" = "y" ]; then TRACE_FUNC echo "TPM: Extending PCR[$CONFIG_PCR] with $filename" # Measure both the filename and its content. This # ensures that renaming files or pivoting file content # will still affect the resulting PCR measurement. tpmr extend -ix "$CONFIG_PCR" -ic "$filename" tpmr extend -ix "$CONFIG_PCR" -if "$filename" \ || die "$filename: tpm extend failed" fi fi done # TODO: copy CBFS file named "heads/initrd.tgz" to /tmp, measure and extract