ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-15 23:12:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
heads/initrd/sbin/insmod
Thierry Laurion 930d3e6114
BUGFIX: replace direct calls from LOG to INFO, so that only DO_WITH_DEBUG uses LOG. INFO manages console output to log or console 
Quiet mode introduced output reduction to console to limit technical info provided to end users.
Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log
Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log

This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-01-13 11:00:14 -05:00

65 lines
1.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# extend a TPM PCR with a module and then load it
# any arguments will also be measured.
# The default PCR to be extended is 5, but can be
# overridden with the MODULE_PCR environment variable
. /etc/functions
TRACE_FUNC
MODULE="$1"; shift
if [ -z "$MODULE_PCR" ]; then
MODULE_PCR=5
fi
if [ -z "$MODULE" ]; then
die "Usage: $0 module [args...]"
fi
if [ ! -r "$MODULE" ]; then
die "$MODULE: not found?"
fi
# Check if module is already loaded
# Transform module name changing _ for - and trailing .ko if present
# Unify lsmod output to use - instead of _ for comparison
module_name=$(basename "$MODULE" | sed 's/_/-/g' | sed 's/\.ko$//')
if lsmod | sed 's/_/-/g' | grep -q "^$module_name\\b"; then
DEBUG "$MODULE: already loaded, skipping"
exit 0
fi
if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then
if [ ! -c /dev/tpmrm0 -o ! -x /bin/tpm2 ]; then
tpm_missing=1
fi
fi
if [ -z "$tpm_missing" ]; then
INFO "TPM: Extending PCR[$MODULE_PCR] with $MODULE and parameters '$*' before loading"
# Extend with the module parameters (even if they are empty) and the
# module. Changing the parameters or the module content will result in a
# different PCR measurement.
if [ -n "$*" ]; then
TRACE_FUNC
INFO "Extending with module parameters and the module's content"
tpmr extend -ix "$MODULE_PCR" -ic "$*"
tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
|| die "$MODULE: tpm extend failed"
else
TRACE_FUNC
INFO "No module parameters, extending only with the module's content"
tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
|| die "$MODULE: tpm extend failed"
fi
fi
# Since we have replaced the real insmod, we must invoke
# the busybox insmod via the original executable
DEBUG "Loading $MODULE with busybox insmod"
busybox insmod "$MODULE" "$@" \
|| die "$MODULE: insmod failed"
Reference in New Issue View Git Blame Copy Permalink