kexec-save-default kexec-select-boot: fix primary handle once more. Can't wait we get rid of this... file must exist and not be empty, and hash output to console must not be silenced

tlaurion · tlaurion · commit 78f17b1a93f7 · 2024-12-18T15:51:59.000-05:00
Signed-off-by: Thierry Laurion &lt;insurgo@riseup.net&gt;
diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default
@@ -279,10 +279,9 @@ fi
 if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
 	if [ -f /tmp/secret/primary.handle ]; then
 		DEBUG "Hashing TPM2 primary key handle..."
-		sha256sum /tmp/secret/primary.handle >"$PRIMHASH_FILE" 2>/dev/null ||
+		sha256sum /tmp/secret/primary.handle > "$PRIMHASH_FILE" ||
 			die "ERROR: Failed to Hash TPM2 primary key handle!"
 		DEBUG "TPM2 primary key handle hash saved to $PRIMHASH_FILE"
-		DEBUG "Hash content: $(cat $PRIMHASH_FILE)"
 	else
 		die "ERROR: TPM2 primary key handle file does not exist!"
 	fi
diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot
@@ -60,7 +60,8 @@ paramsdir="${paramsdir%%/}"
 
 PRIMHASH_FILE="$paramsdir/kexec_primhdl_hash.txt"
 if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
-	if [ -r "$PRIMHASH_FILE" ]; then
+	if [ -s "$PRIMHASH_FILE" ]; then
+		#PRIMHASH_FILE (normally /boot/kexec_primhdl_hash.txt) exists and is not empty
 		sha256sum -c "$PRIMHASH_FILE" >/dev/null 2>&1 ||
 			{
 				echo "FATAL: Hash of TPM2 primary key handle mismatch!"

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,8 @@ paramsdir="${paramsdir%%/}"`
`60`	`60`
`61`	`61`	`PRIMHASH_FILE="$paramsdir/kexec_primhdl_hash.txt"`
`62`	`62`	`if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then`
`63`		`- if [ -r "$PRIMHASH_FILE" ]; then`
	`63`	`+ if [ -s "$PRIMHASH_FILE" ]; then`
	`64`	`+ #PRIMHASH_FILE (normally /boot/kexec_primhdl_hash.txt) exists and is not empty`
`64`	`65`	`sha256sum -c "$PRIMHASH_FILE" >/dev/null 2>&1 \|\|`
`65`	`66`	`{`
`66`	`67`	`echo "FATAL: Hash of TPM2 primary key handle mismatch!"`