kexec-save-default kexec-select-boot: fix primary handle once more. C…

…an't wait we get rid of this... file must exist and not be empty, and hash output to console must not be silenced Signed-off-by: Thierry Laurion <insurgo@riseup.net>
linuxboot · Dec 18, 2024 · 78f17b1 · 78f17b1
1 parent 6f5f826
commit 78f17b1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default
@@ -279,10 +279,9 @@ fi
 if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
 	if [ -f /tmp/secret/primary.handle ]; then
 		DEBUG "Hashing TPM2 primary key handle..."
-		sha256sum /tmp/secret/primary.handle >"$PRIMHASH_FILE" 2>/dev/null ||
+		sha256sum /tmp/secret/primary.handle > "$PRIMHASH_FILE" ||
 			die "ERROR: Failed to Hash TPM2 primary key handle!"
 		DEBUG "TPM2 primary key handle hash saved to $PRIMHASH_FILE"
-		DEBUG "Hash content: $(cat $PRIMHASH_FILE)"
 	else
 		die "ERROR: TPM2 primary key handle file does not exist!"
 	fi

diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot
@@ -60,7 +60,8 @@ paramsdir="${paramsdir%%/}"
 
 PRIMHASH_FILE="$paramsdir/kexec_primhdl_hash.txt"
 if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
-	if [ -r "$PRIMHASH_FILE" ]; then
+	if [ -s "$PRIMHASH_FILE" ]; then
+		#PRIMHASH_FILE (normally /boot/kexec_primhdl_hash.txt) exists and is not empty
 		sha256sum -c "$PRIMHASH_FILE" >/dev/null 2>&1 ||
 			{
 				echo "FATAL: Hash of TPM2 primary key handle mismatch!"