mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-03 11:44:11 +00:00
c40748aa25
This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules
38 lines
857 B
Bash
Executable File
38 lines
857 B
Bash
Executable File
#!/bin/sh
|
|
# extend a TPM PCR with a module and then load it
|
|
# any arguments will also be measured.
|
|
# The default PCR to be extended is 5, but can be
|
|
# overridden with the MODULE_PCR environment variable
|
|
|
|
die() {
|
|
echo >&2 "$@"
|
|
exit 1
|
|
}
|
|
|
|
MODULE="$1"; shift
|
|
|
|
if [ -z "$MODULE_PCR" ]; then
|
|
MODULE_PCR=5
|
|
fi
|
|
|
|
|
|
if [ -z "$MODULE" ]; then
|
|
die "Usage: $0 module [args...]"
|
|
fi
|
|
|
|
if [ ! -r "$MODULE" ]; then
|
|
die "$MODULE: not found?"
|
|
fi
|
|
|
|
tpm extend -ix "$MODULE_PCR" -if "$MODULE" || die "$MODULE: tpm extend failed"
|
|
|
|
if [ ! -z "$@" ]; then
|
|
TMPFILE=/tmp/insmod.$$
|
|
echo "$@" > $TMPFILE
|
|
tpm extend -ix "$MODULE_PCR" -if $TMPFILE || die "$MODULE: tpm extend on arguments failed"
|
|
fi
|
|
|
|
# Since we have replaced the real insmod, we must invoke
|
|
# the busybox insmod via the original executable
|
|
busybox insmod "$MODULE" "$@" || die "$MODULE: insmod failed"
|