mirror of
https://github.com/linuxboot/heads.git
synced 2025-02-03 01:30:43 +00:00
35 lines
996 B
Bash
Executable File
35 lines
996 B
Bash
Executable File
#!/bin/bash
|
|
set -e -o pipefail
|
|
. /etc/functions
|
|
|
|
TRACE_FUNC
|
|
|
|
# Update initrd with CBFS files
|
|
if [ -z "$CONFIG_PCR" ]; then
|
|
CONFIG_PCR=7
|
|
fi
|
|
|
|
# Load individual files
|
|
cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"`
|
|
|
|
for cbfsname in `echo $cbfsfiles`; do
|
|
filename=${cbfsname:12}
|
|
if [ ! -z "$filename" ]; then
|
|
mkdir -p `dirname $filename` \
|
|
|| die "$filename: mkdir failed"
|
|
LOG "Extracting CBFS file $cbfsname into $filename"
|
|
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
|
|
|| die "$filename: cbfs file read failed"
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
|
TRACE_FUNC
|
|
LOG "TPM: Extending PCR[$CONFIG_PCR] with filename $filename and then its content"
|
|
# Measure both the filename and its content. This
|
|
# ensures that renaming files or pivoting file content
|
|
# will still affect the resulting PCR measurement.
|
|
tpmr extend -ix "$CONFIG_PCR" -ic "$filename"
|
|
tpmr extend -ix "$CONFIG_PCR" -if "$filename" \
|
|
|| die "$filename: tpm extend failed"
|
|
fi
|
|
fi
|
|
done
|