heads/initrd/bin/cbfs-init
Thierry Laurion e1a263ce3b
init: warn user that if CONFIG_QUIET_MODE was enabled in board config at build time but disabled through Configuration Settings applied override, early measurement output got suppressed
Also tell user that those early suppressed messages can be seen under /tmp/debug.txt

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-21 13:21:28 -05:00

42 lines
1.4 KiB
Bash
Executable File

#!/bin/bash
set -e -o pipefail
. /etc/functions
# CBFS extraction and measurement
# This extraction and measurement cannot be suppressed by quiet mode, since
# config.user is not yet loaded at this point.
# To suppress this output, set CONFIG_QUIET_MODE=y needs be be set in /etc/config
# which is defined at build time under board configuration file to be part of initrd.cpio
# This script is called from initrd/init so really early in the boot process to put files in place in initramfs
TRACE_FUNC
# Update initrd with CBFS files
if [ -z "$CONFIG_PCR" ]; then
CONFIG_PCR=7
fi
# Load individual files
cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"`
for cbfsname in `echo $cbfsfiles`; do
filename=${cbfsname:12}
if [ ! -z "$filename" ]; then
mkdir -p `dirname $filename` \
|| die "$filename: mkdir failed"
LOG "Extracting CBFS file $cbfsname into $filename"
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
|| die "$filename: cbfs file read failed"
if [ "$CONFIG_TPM" = "y" ]; then
TRACE_FUNC
LOG "TPM: Extending PCR[$CONFIG_PCR] with filename $filename and then its content"
# Measure both the filename and its content. This
# ensures that renaming files or pivoting file content
# will still affect the resulting PCR measurement.
tpmr extend -ix "$CONFIG_PCR" -ic "$filename"
tpmr extend -ix "$CONFIG_PCR" -if "$filename" \
|| die "$filename: tpm extend failed"
fi
fi
done