mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-18 20:47:55 +00:00
52992664ea
cbfs-init: remove temp files, measure direct cbfs output, extend PCR with proper introspection tracing flash.sh: do not die but go to recovery if flashrom fails, cosmetic fix for warning given to user kexec-insert-key: extend PCR with proper introspection tracing kexec-select-boot: extend PCR with proper introspection tracing kexec-measure-luks: extend PCR with proper introspection tracing tpmr: Add missing TRACE_FUNC, fix comments, extend give hash that was extended to tpm call in DEBUG, fix TPM startsession unsuppressed output still present ash_functions: extend PCR with proper introspection tracing insmod: DEBUG info more pertinent, extend PCR with proper introspection tracing Signed-off-by: Thierry Laurion <insurgo@riseup.net>
32 lines
820 B
Bash
Executable File
32 lines
820 B
Bash
Executable File
#!/bin/bash
|
|
set -e -o pipefail
|
|
. /etc/functions
|
|
|
|
TRACE_FUNC
|
|
|
|
# Update initrd with CBFS files
|
|
if [ -z "$CONFIG_PCR" ]; then
|
|
CONFIG_PCR=7
|
|
fi
|
|
|
|
# Load individual files
|
|
cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"`
|
|
|
|
for cbfsname in `echo $cbfsfiles`; do
|
|
filename=${cbfsname:12}
|
|
if [ ! -z "$filename" ]; then
|
|
mkdir -p `dirname $filename` \
|
|
|| die "$filename: mkdir failed"
|
|
echo "Extracting CBFS file $cbfsname into $filename"
|
|
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
|
|
|| die "$filename: cbfs file read failed"
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
|
echo "TPM: Extending PCR[$CONFIG_PCR with] with $filename"
|
|
tpmr extend -ix "$CONFIG_PCR" -if $filename \
|
|
|| die "$filename: tpm extend failed"
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# TODO: copy CBFS file named "heads/initrd.tgz" to /tmp, measure and extract
|