diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default
index d59b9f9aa..22ed28cfa 100755
--- a/initrd/bin/kexec-save-default
+++ b/initrd/bin/kexec-save-default
@@ -279,10 +279,9 @@ fi
 if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
 	if [ -f /tmp/secret/primary.handle ]; then
 		DEBUG "Hashing TPM2 primary key handle..."
-		sha256sum /tmp/secret/primary.handle >"$PRIMHASH_FILE" 2>/dev/null ||
+		sha256sum /tmp/secret/primary.handle > "$PRIMHASH_FILE" ||
 			die "ERROR: Failed to Hash TPM2 primary key handle!"
 		DEBUG "TPM2 primary key handle hash saved to $PRIMHASH_FILE"
-		DEBUG "Hash content: $(cat $PRIMHASH_FILE)"
 	else
 		die "ERROR: TPM2 primary key handle file does not exist!"
 	fi
diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot
index 405047735..e3390ac41 100755
--- a/initrd/bin/kexec-select-boot
+++ b/initrd/bin/kexec-select-boot
@@ -60,7 +60,8 @@ paramsdir="${paramsdir%%/}"
 
 PRIMHASH_FILE="$paramsdir/kexec_primhdl_hash.txt"
 if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
-	if [ -r "$PRIMHASH_FILE" ]; then
+	if [ -s "$PRIMHASH_FILE" ]; then
+		#PRIMHASH_FILE (normally /boot/kexec_primhdl_hash.txt) exists and is not empty
 		sha256sum -c "$PRIMHASH_FILE" >/dev/null 2>&1 ||
 			{
 				echo "FATAL: Hash of TPM2 primary key handle mismatch!"