-
-
Notifications
You must be signed in to change notification settings - Fork 191
/
Copy pathcbfs-init
executable file
·41 lines (36 loc) · 1.41 KB
/
cbfs-init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
set -e -o pipefail
. /etc/functions
# CBFS extraction and measurement
# This extraction and measurement cannot be suppressed by quiet mode, since
# config.user is not yet loaded at this point.
# To suppress this output, set CONFIG_QUIET_MODE=y needs be be set in /etc/config
# which is defined at build time under board configuration file to be part of initrd.cpio
# This script is called from initrd/init so really early in the boot process to put files in place in initramfs
TRACE_FUNC
# Update initrd with CBFS files
if [ -z "$CONFIG_PCR" ]; then
CONFIG_PCR=7
fi
# Load individual files
cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"`
for cbfsname in `echo $cbfsfiles`; do
filename=${cbfsname:12}
if [ ! -z "$filename" ]; then
mkdir -p `dirname $filename` \
|| die "$filename: mkdir failed"
INFO "Extracting CBFS file $cbfsname into $filename"
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
|| die "$filename: cbfs file read failed"
if [ "$CONFIG_TPM" = "y" ]; then
TRACE_FUNC
INFO "TPM: Extending PCR[$CONFIG_PCR] with filename $filename and then its content"
# Measure both the filename and its content. This
# ensures that renaming files or pivoting file content
# will still affect the resulting PCR measurement.
tpmr extend -ix "$CONFIG_PCR" -ic "$filename"
tpmr extend -ix "$CONFIG_PCR" -if "$filename" \
|| die "$filename: tpm extend failed"
fi
fi
done