mirror of
https://github.com/linuxboot/heads.git
synced 2025-03-15 08:41:00 +00:00
e1a263ce3b
Also tell user that those early suppressed messages can be seen under /tmp/debug.txt Signed-off-by: Thierry Laurion <insurgo@riseup.net>
42 lines
1.4 KiB
Bash
Executable File
42 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e -o pipefail
|
|
. /etc/functions
|
|
|
|
# CBFS extraction and measurement
|
|
# This extraction and measurement cannot be suppressed by quiet mode, since
|
|
# config.user is not yet loaded at this point.
|
|
# To suppress this output, set CONFIG_QUIET_MODE=y needs be be set in /etc/config
|
|
# which is defined at build time under board configuration file to be part of initrd.cpio
|
|
# This script is called from initrd/init so really early in the boot process to put files in place in initramfs
|
|
|
|
TRACE_FUNC
|
|
|
|
# Update initrd with CBFS files
|
|
if [ -z "$CONFIG_PCR" ]; then
|
|
CONFIG_PCR=7
|
|
fi
|
|
|
|
# Load individual files
|
|
cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"`
|
|
|
|
for cbfsname in `echo $cbfsfiles`; do
|
|
filename=${cbfsname:12}
|
|
if [ ! -z "$filename" ]; then
|
|
mkdir -p `dirname $filename` \
|
|
|| die "$filename: mkdir failed"
|
|
LOG "Extracting CBFS file $cbfsname into $filename"
|
|
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
|
|
|| die "$filename: cbfs file read failed"
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
|
TRACE_FUNC
|
|
LOG "TPM: Extending PCR[$CONFIG_PCR] with filename $filename and then its content"
|
|
# Measure both the filename and its content. This
|
|
# ensures that renaming files or pivoting file content
|
|
# will still affect the resulting PCR measurement.
|
|
tpmr extend -ix "$CONFIG_PCR" -ic "$filename"
|
|
tpmr extend -ix "$CONFIG_PCR" -if "$filename" \
|
|
|| die "$filename: tpm extend failed"
|
|
fi
|
|
fi
|
|
done
|