ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-22 01:46:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
heads/initrd/sbin/insmod
Thierry Laurion 52992664ea
Improve TPM Extend infor in normal and DEBUG mode 
cbfs-init: remove temp files, measure direct cbfs output, extend PCR with proper introspection tracing
flash.sh: do not die but go to recovery if flashrom fails, cosmetic fix for warning given to user
kexec-insert-key: extend PCR with proper introspection tracing
kexec-select-boot: extend PCR with proper introspection tracing
kexec-measure-luks: extend PCR with proper introspection tracing
tpmr: Add missing TRACE_FUNC, fix comments, extend give hash that was extended to tpm call in DEBUG, fix TPM startsession unsuppressed output still present
ash_functions: extend PCR with proper introspection tracing
insmod: DEBUG info more pertinent, extend PCR with proper introspection tracing

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-08-24 15:33:51 -04:00

58 lines
1.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# extend a TPM PCR with a module and then load it
# any arguments will also be measured.
# The default PCR to be extended is 5, but can be
# overridden with the MODULE_PCR environment variable
. /etc/functions
TRACE_FUNC
MODULE="$1"; shift
if [ -z "$MODULE_PCR" ]; then
MODULE_PCR=5
fi
if [ -z "$MODULE" ]; then
die "Usage: $0 module [args...]"
fi
if [ ! -r "$MODULE" ]; then
die "$MODULE: not found?"
fi
# Check if module is already loaded
# Transform module name changing _ for - and trailing .ko if present
# Unify lsmod output to use - instead of _ for comparison
module_name=$(basename "$MODULE" | sed 's/_/-/g' | sed 's/\.ko$//')
if lsmod | sed 's/_/-/g' | grep -q "^$module_name\\b"; then
DEBUG "$MODULE: already loaded, skipping"
exit 0
fi
if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then
if [ ! -c /dev/tpmrm0 -o ! -x /bin/tpm2 ]; then
tpm_missing=1
fi
fi
if [ -z "$tpm_missing" ]; then
echo "TPM: Extending PCR[$MODULE_PCR] with $MODULE prior of loading into kernel"
tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
|| die "$MODULE: tpm extend failed"
fi
if [ ! -z "$*" -a -z "$tpm_missing" ]; then
echo "TPM: Extending PCR[$MODULE_PCR] with $MODULE prior of loading into kernel"
tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
|| die "$MODULE: tpm extend on arguments failed"
fi
# Since we have replaced the real insmod, we must invoke
# the busybox insmod via the original executable
DEBUG "Loading $MODULE with busybox insmod"
busybox insmod "$MODULE" "$@" \
|| die "$MODULE: insmod failed"
Reference in New Issue View Git Blame Copy Permalink