ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-03-15 16:46:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
heads/initrd/bin/cbfs-init
Thierry Laurion 930d3e6114
BUGFIX: replace direct calls from LOG to INFO, so that only DO_WITH_DEBUG uses LOG. INFO manages console output to log or console 
Quiet mode introduced output reduction to console to limit technical info provided to end users.
Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log
Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log

This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2025-01-13 11:00:14 -05:00

42 lines
1.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -e -o pipefail
. /etc/functions
# CBFS extraction and measurement
# This extraction and measurement cannot be suppressed by quiet mode, since
# config.user is not yet loaded at this point.
# To suppress this output, set CONFIG_QUIET_MODE=y needs be be set in /etc/config
# which is defined at build time under board configuration file to be part of initrd.cpio
# This script is called from initrd/init so really early in the boot process to put files in place in initramfs
TRACE_FUNC
# Update initrd with CBFS files
if [ -z "$CONFIG_PCR" ]; then
CONFIG_PCR=7
fi
# Load individual files
cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"`
for cbfsname in `echo $cbfsfiles`; do
filename=${cbfsname:12}
if [ ! -z "$filename" ]; then
mkdir -p `dirname $filename` \
|| die "$filename: mkdir failed"
INFO "Extracting CBFS file $cbfsname into $filename"
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
|| die "$filename: cbfs file read failed"
if [ "$CONFIG_TPM" = "y" ]; then
TRACE_FUNC
INFO "TPM: Extending PCR[$CONFIG_PCR] with filename $filename and then its content"
# Measure both the filename and its content. This
# ensures that renaming files or pivoting file content
# will still affect the resulting PCR measurement.
tpmr extend -ix "$CONFIG_PCR" -ic "$filename"
tpmr extend -ix "$CONFIG_PCR" -if "$filename" \
|| die "$filename: tpm extend failed"
fi
fi
done
Reference in New Issue View Git Blame Copy Permalink