mirror of
https://github.com/linuxboot/heads.git
synced 2025-03-15 08:41:00 +00:00
Quiet mode introduced output reduction to console to limit technical info provided to end users. Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
42 lines
1.4 KiB
Bash
Executable File
42 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e -o pipefail
|
|
. /etc/functions
|
|
|
|
# CBFS extraction and measurement
|
|
# This extraction and measurement cannot be suppressed by quiet mode, since
|
|
# config.user is not yet loaded at this point.
|
|
# To suppress this output, set CONFIG_QUIET_MODE=y needs be be set in /etc/config
|
|
# which is defined at build time under board configuration file to be part of initrd.cpio
|
|
# This script is called from initrd/init so really early in the boot process to put files in place in initramfs
|
|
|
|
TRACE_FUNC
|
|
|
|
# Update initrd with CBFS files
|
|
if [ -z "$CONFIG_PCR" ]; then
|
|
CONFIG_PCR=7
|
|
fi
|
|
|
|
# Load individual files
|
|
cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"`
|
|
|
|
for cbfsname in `echo $cbfsfiles`; do
|
|
filename=${cbfsname:12}
|
|
if [ ! -z "$filename" ]; then
|
|
mkdir -p `dirname $filename` \
|
|
|| die "$filename: mkdir failed"
|
|
INFO "Extracting CBFS file $cbfsname into $filename"
|
|
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
|
|
|| die "$filename: cbfs file read failed"
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
|
TRACE_FUNC
|
|
INFO "TPM: Extending PCR[$CONFIG_PCR] with filename $filename and then its content"
|
|
# Measure both the filename and its content. This
|
|
# ensures that renaming files or pivoting file content
|
|
# will still affect the resulting PCR measurement.
|
|
tpmr extend -ix "$CONFIG_PCR" -ic "$filename"
|
|
tpmr extend -ix "$CONFIG_PCR" -if "$filename" \
|
|
|| die "$filename: tpm extend failed"
|
|
fi
|
|
fi
|
|
done
|