Skip to content

Commit 930d3e6

Browse files
committed
BUGFIX: replace direct calls from LOG to INFO, so that only DO_WITH_DEBUG uses LOG. INFO manages console output to log or console
Quiet mode introduced output reduction to console to limit technical info provided to end users. Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
1 parent 8f7b1c4 commit 930d3e6

9 files changed

Lines changed: 112 additions & 108 deletions

File tree

initrd/bin/cbfs-init

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,12 @@ for cbfsname in `echo $cbfsfiles`; do
2424
if [ ! -z "$filename" ]; then
2525
mkdir -p `dirname $filename` \
2626
|| die "$filename: mkdir failed"
27-
LOG "Extracting CBFS file $cbfsname into $filename"
27+
INFO "Extracting CBFS file $cbfsname into $filename"
2828
cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
2929
|| die "$filename: cbfs file read failed"
3030
if [ "$CONFIG_TPM" = "y" ]; then
3131
TRACE_FUNC
32-
LOG "TPM: Extending PCR[$CONFIG_PCR] with filename $filename and then its content"
32+
INFO "TPM: Extending PCR[$CONFIG_PCR] with filename $filename and then its content"
3333
# Measure both the filename and its content. This
3434
# ensures that renaming files or pivoting file content
3535
# will still affect the resulting PCR measurement.

initrd/bin/gui-init

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -553,7 +553,7 @@ reset_tpm() {
553553
mount -o rw,remount /boot
554554
#TODO: this is really problematic, we should really remove the primary handle hash
555555

556-
LOG "Removing rollback and primary handle hash under /boot"
556+
INFO "Removing rollback and primary handle hash under /boot"
557557
rm -f /boot/kexec_rollback.txt
558558
rm -f /boot/kexec_primhdl_hash.txt
559559

initrd/bin/kexec-insert-key

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ fi
6666

6767
# Override PCR 4 so that user can't read the key
6868
TRACE_FUNC
69-
LOG "TPM: Extending PCR[4] to prevent any future secret unsealing"
69+
INFO "TPM: Extending PCR[4] to prevent any future secret unsealing"
7070
tpmr extend -ix 4 -ic generic ||
7171
die 'Unable to scramble PCR'
7272

initrd/bin/kexec-select-boot

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -82,10 +82,10 @@ if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
8282
fi
8383

8484
verify_global_hashes() {
85-
LOG "+++ Checking verified boot hash file "
85+
INFO "+++ Checking verified boot hash file "
8686
# Check the hashes of all the files
8787
if verify_checksums "$bootdir" "$gui_menu"; then
88-
LOG "+++ Verified boot hashes "
88+
INFO "+++ Verified boot hashes "
8989
valid_hash='y'
9090
valid_global_hash='y'
9191
else
@@ -208,7 +208,7 @@ parse_option() {
208208
}
209209

210210
scan_options() {
211-
LOG "+++ Scanning for unsigned boot options"
211+
INFO "+++ Scanning for unsigned boot options"
212212
option_file="/tmp/kexec_options.txt"
213213
scan_boot_options "$bootdir" "$config" "$option_file"
214214
if [ ! -s $option_file ]; then
@@ -272,7 +272,7 @@ default_select() {
272272

273273
if [ "$CONFIG_BASIC" != "y" ]; then
274274
# Enforce that default option hashes are valid
275-
LOG "+++ Checking verified default boot hash file "
275+
INFO "+++ Checking verified default boot hash file "
276276
# Check the hashes of all the files
277277
if (cd $bootdir && sha256sum -c "$TMP_DEFAULT_HASH_FILE" >/tmp/hash_output); then
278278
echo "+++ Verified default boot hashes "
@@ -390,7 +390,7 @@ while true; do
390390
if [ ! -r "$TMP_KEY_DEVICES" ]; then
391391
# Extend PCR4 as soon as possible
392392
TRACE_FUNC
393-
LOG "TPM: Extending PCR[4] to prevent further secret unsealing"
393+
INFO "TPM: Extending PCR[4] to prevent further secret unsealing"
394394
tpmr extend -ix 4 -ic generic ||
395395
die "Failed to extend TPM PCR[4]"
396396
fi

initrd/bin/qubes-measure-luks

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,6 @@ DEBUG "Removing /tmp/lukshdr-*"
2020
rm /tmp/lukshdr-*
2121

2222
TRACE_FUNC
23-
LOG "TPM: Extending PCR[6] with hash of LUKS headers from /tmp/luksDump.txt"
23+
INFO "TPM: Extending PCR[6] with hash of LUKS headers from /tmp/luksDump.txt"
2424
tpmr extend -ix 6 -if /tmp/luksDump.txt ||
2525
die "Unable to extend PCR"

initrd/bin/tpmr

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -257,7 +257,7 @@ tpm2_extend() {
257257
esac
258258
done
259259
tpm2 pcrextend "$index:sha256=$hash"
260-
LOG $(tpm2 pcrread "sha256:$index" 2>&1)
260+
INFO $(tpm2 pcrread "sha256:$index" 2>&1)
261261

262262
TRACE_FUNC
263263
DEBUG "TPM: Extended PCR[$index] with hash $hash"
@@ -614,7 +614,7 @@ tpm2_unseal() {
614614
# stderr; capture stderr to log.
615615
if ! tpm2 unseal -Q -c "$handle" -p "session:$POLICY_SESSION$UNSEAL_PASS_SUFFIX" \
616616
-S "$ENC_SESSION_FILE" >"$file" 2> >(SINK_LOG "tpm2 stderr"); then
617-
LOG "Unable to unseal secret from TPM NVRAM"
617+
INFO "Unable to unseal secret from TPM NVRAM"
618618

619619
# should succeed, exit if it doesn't
620620
exit 1
@@ -800,7 +800,7 @@ if [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
800800
fi
801801

802802
TRACE_FUNC
803-
LOG "TPM: Extending PCR[$3] with hash $hash"
803+
INFO "TPM: Extending PCR[$3] with hash $hash"
804804

805805
# Silence stdout/stderr, they're only useful for debugging
806806
# and DO_WITH_DEBUG captures them
@@ -845,7 +845,7 @@ calcfuturepcr)
845845
;;
846846
extend)
847847
TRACE_FUNC
848-
LOG "TPM: Extending PCR[$2] with $4"
848+
INFO "TPM: Extending PCR[$2] with $4"
849849
tpm2_extend "$@"
850850
;;
851851
counter_read)

0 commit comments

Comments
 (0)