TPM extend ops: Augment output of TPM1/TMP22 for filename and file content hash ops

Debug logtrace, screenshots of non-debug will be added in PR #1758

TPM1:
[    4.815559] [U] hello world
[    5.099000] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[    5.122059] TRACE: Under init
[    5.165917] DEBUG: Applying panic_on_oom setting to sysctl
[    5.388757] TRACE: /bin/cbfs-init(5): main
[    5.516637] TRACE: /bin/cbfs-init(24): main
[    5.662271] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/pubring.kbx
[    5.732223] TRACE: /bin/tpmr(790): main
[    5.785372] DEBUG: TPM: Extending PCR[7] with hash 7ccf4f64044946cf4e5b0efe3d959f00562227ae
[    5.838082] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/pubring.kbx
[    6.081466] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/pubring.kbx
[    6.147455] TRACE: /bin/tpmr(790): main
[    6.196545] DEBUG: TPM: Extending PCR[7] with hash ee79223a3b9724ad1aab290a3785132805c79eae
[    6.251251] DEBUG: exec tpm extend -ix 7 -if /.gnupg/pubring.kbx
[    6.445119] TRACE: /bin/cbfs-init(24): main
[    6.585854] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/trustdb.gpg
[    6.659172] TRACE: /bin/tpmr(790): main
[    6.707564] DEBUG: TPM: Extending PCR[7] with hash 7236ea8e612c1435259a8a0f8e0a8f1f5dba7042
[    6.757645] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/trustdb.gpg
[    7.013547] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/trustdb.gpg
[    7.082863] TRACE: /bin/tpmr(790): main
[    7.131022] DEBUG: TPM: Extending PCR[7] with hash ca8898407cacd96d6f2de90ae90825351be81c62
[    7.183344] DEBUG: exec tpm extend -ix 7 -if /.gnupg/trustdb.gpg
[    7.413787] TRACE: /bin/key-init(6): main
[    8.718367] TRACE: Under /etc/ash_functions:combine_configs
[    8.803914] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[    9.045341] TRACE: /bin/setconsolefont.sh(6): main
[    9.096853] DEBUG: Board does not ship setfont, not checking console font
[    9.320494] TRACE: /bin/gui-init(641): main
[    9.356729] TRACE: Under /etc/ash_functions:enable_usb
[    9.445981] TRACE: /sbin/insmod(9): main
[    9.609464] TRACE: /sbin/insmod(53): main
[    9.660145] DEBUG: No module parameters, extending only with the module's content
[    9.791896] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-hcd.ko
[    9.860477] TRACE: /bin/tpmr(790): main
[    9.914849] DEBUG: TPM: Extending PCR[5] with hash bc9ff28a99e314cda69695ba34b26ed0d8b1e4ed
[    9.976867] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-hcd.ko
[   10.146966] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod
[   10.184086] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   10.276564] TRACE: /sbin/insmod(9): main
[   10.433503] TRACE: /sbin/insmod(53): main
[   10.486272] DEBUG: No module parameters, extending only with the module's content
[   10.620200] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/uhci-hcd.ko
[   10.698710] TRACE: /bin/tpmr(790): main
[   10.750637] DEBUG: TPM: Extending PCR[5] with hash bcb2f15c7eb52484072a76fc8a0d7399f6cf2189
[   10.808379] DEBUG: exec tpm extend -ix 5 -if /lib/modules/uhci-hcd.ko
[   10.996254] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod
[   11.026108] uhci_hcd: USB Universal Host Controller Interface driver
[   11.040703] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[   11.053129] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[   11.061568] uhci_hcd 0000:00:1d.0: detected 2 ports
[   11.070973] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00
[   11.089004] hub 1-0:1.0: USB hub found
[   11.097535] hub 1-0:1.0: 2 ports detected
[   11.114890] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[   11.123848] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[   11.134989] uhci_hcd 0000:00:1d.1: detected 2 ports
[   11.142404] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0
[   11.153338] hub 2-0:1.0: USB hub found
[   11.160572] hub 2-0:1.0: 2 ports detected
[   11.176481] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[   11.183898] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[   11.193509] uhci_hcd 0000:00:1d.2: detected 2 ports
[   11.201574] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0
[   11.211182] hub 3-0:1.0: USB hub found
[   11.219256] hub 3-0:1.0: 2 ports detected
[   11.314467] TRACE: /sbin/insmod(9): main
[   11.468430] TRACE: /sbin/insmod(53): main
[   11.521914] DEBUG: No module parameters, extending only with the module's content
[   11.656647] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-hcd.ko
[   11.726721] TRACE: /bin/tpmr(790): main
[   11.778253] DEBUG: TPM: Extending PCR[5] with hash f563e46fbbed46423a1e10219953233d310792f5
[   11.831718] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-hcd.ko
[   12.010752] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod
[   12.044192] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   12.136462] TRACE: /sbin/insmod(9): main
[   12.293409] TRACE: /sbin/insmod(53): main
[   12.345947] DEBUG: No module parameters, extending only with the module's content
[   12.481562] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-pci.ko
[   12.547754] TRACE: /bin/tpmr(790): main
[   12.604827] DEBUG: TPM: Extending PCR[5] with hash a24699fdaac9976cc9447fd0cd444a469299ad2f
[   12.661256] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-pci.ko
[   12.847247] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod
[   12.870986] ohci-pci: OHCI PCI platform driver
[   12.959387] TRACE: /sbin/insmod(9): main
[   13.112275] TRACE: /sbin/insmod(53): main
[   13.163112] DEBUG: No module parameters, extending only with the module's content
[   13.291360] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-pci.ko
[   13.364853] TRACE: /bin/tpmr(790): main
[   13.438536] DEBUG: TPM: Extending PCR[5] with hash b80a90e11a01eba40bb7e566f3374d0aad326acb
[   13.505500] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-pci.ko
[   13.679865] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod
[   13.704539] ehci-pci: EHCI PCI platform driver
[   13.725570] ehci-pci 0000:00:1d.7: EHCI Host Controller
[   13.735562] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4
[   13.745092] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000
[   13.773286] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[   13.783544] hub 4-0:1.0: USB hub found
[   13.791110] hub 4-0:1.0: 6 ports detected
[   13.800844] hub 1-0:1.0: USB hub found
[   13.807808] hub 1-0:1.0: 2 ports detected
[   13.823094] hub 2-0:1.0: USB hub found
[   13.829910] hub 2-0:1.0: 2 ports detected
[   13.839182] hub 3-0:1.0: USB hub found
[   13.846231] hub 3-0:1.0: 2 ports detected
[   13.946297] TRACE: /sbin/insmod(9): main
[   14.099143] TRACE: /sbin/insmod(53): main
[   14.149765] DEBUG: No module parameters, extending only with the module's content
[   14.291413] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-hcd.ko
[   14.372815] TRACE: /bin/tpmr(790): main
[   14.426919] DEBUG: TPM: Extending PCR[5] with hash 1fc55e846b9d5c93e58c6c8b6f867e744fa694bc
[   14.482815] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-hcd.ko
[   14.670419] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod
[   14.783374] TRACE: /sbin/insmod(9): main
[   14.939364] TRACE: /sbin/insmod(53): main
[   14.995136] DEBUG: No module parameters, extending only with the module's content
[   15.135482] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-pci.ko
[   15.204263] TRACE: /bin/tpmr(790): main
[   15.255478] DEBUG: TPM: Extending PCR[5] with hash bbdd85242570aa438b908420a43b8d7042db8b4f
[   15.305598] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-pci.ko
[   15.480844] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod
[   15.512476] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   15.528230] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5
[   15.540456] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010
[   15.554225] hub 5-0:1.0: USB hub found
[   15.562061] hub 5-0:1.0: 4 ports detected
[   15.572058] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   15.589966] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6
[   15.598116] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed
[   15.606150] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM.
[   15.616354] hub 6-0:1.0: USB hub found
[   15.623767] hub 6-0:1.0: 4 ports detected
[   15.909854] usb 5-1: new high-speed USB device number 2 using xhci_hcd
[   16.193548] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[   16.345381] usb 5-3: new full-speed USB device number 3 using xhci_hcd
[   17.674973] TRACE: /etc/functions(715): detect_boot_device
[   17.718114] TRACE: /etc/functions(682): mount_possible_boot_device
[   17.759829] TRACE: /etc/functions(642): is_gpt_bios_grub
[   17.833271] TRACE: /dev/vda1 is partition 1 of vda
[   17.925490] TRACE: /etc/functions(619): find_lvm_vg_name
[   18.068352] TRACE: Try mounting /dev/vda1 as /boot
[   18.114444] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[   18.158648] TRACE: /bin/gui-init(319): clean_boot_check
[   18.247883] TRACE: /bin/gui-init(348): check_gpg_key
[   18.338052] TRACE: /bin/gui-init(185): update_totp
[   18.419286] TRACE: /bin/unseal-totp(8): main
[   18.511352] TRACE: /bin/tpmr(614): tpm1_unseal
[   18.624811] DEBUG: Running at_exit handlers
[   18.661992] TRACE: /bin/tpmr(390): cleanup_shred
[   18.692897]  !!! ERROR: Unable to unseal TOTP secret !!!
[   21.295284] TRACE: /bin/unseal-totp(8): main
[   21.386377] TRACE: /bin/tpmr(614): tpm1_unseal
[   21.496183] DEBUG: Running at_exit handlers
[   21.527060] TRACE: /bin/tpmr(390): cleanup_shred
[   21.558625]  !!! ERROR: Unable to unseal TOTP secret !!!
[   24.162881] TRACE: /bin/unseal-totp(8): main
[   24.249549] TRACE: /bin/tpmr(614): tpm1_unseal
[   24.362331] DEBUG: Running at_exit handlers
[   24.394154] TRACE: /bin/tpmr(390): cleanup_shred
[   24.427400]  !!! ERROR: Unable to unseal TOTP secret !!!
[   26.475340] DEBUG: CONFIG_TPM: y
[   26.521538] DEBUG: CONFIG_TPM2_TOOLS:
[   26.578490] DEBUG: Show PCRs
[   26.730805] DEBUG: PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.751488] PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.778571] PCR-02: C0 A9 54 C8 45 5C 78 49 80 EC 1C DB D8 E8 9B CC 65 11 58 BF
[   26.808771] PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.830508] PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.849538] PCR-05: 2C 3A 40 05 70 DB 21 89 4F CD C2 F8 D6 AE 40 DA 56 E1 B6 74
[   26.878951] PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.895421] PCR-07: 7A 8A 4C E6 BA B0 AA 26 22 B1 26 A2 F6 36 BD F3 86 23 50 B6

TPM2:
[    5.305235] [U] hello world
[    5.591175] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[    5.615802] TRACE: Under init
[    5.657823] DEBUG: Applying panic_on_oom setting to sysctl
[    5.831457] TRACE: /bin/tpmr(349): tpm2_startsession
[    6.567984] TRACE: /bin/cbfs-init(5): main
[    6.695758] TRACE: /bin/cbfs-init(24): main
[    6.811665] TRACE: /bin/tpmr(832): main
[    6.870411] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx
[    6.907262] TRACE: /bin/tpmr(234): tpm2_extend
[    6.983504] TRACE: /bin/tpmr(247): tpm2_extend
[    7.037543] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/pubring.kbx
[    7.192665] TRACE: /bin/tpmr(265): tpm2_extend
[    7.246318] DEBUG: TPM: Extended PCR[7] with hash 96ab5053e4630a040d55549ba73cff2178d401d763147776771f9774597b86a1
[    7.355327] TRACE: /bin/tpmr(832): main
[    7.409042] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx
[    7.446920] TRACE: /bin/tpmr(234): tpm2_extend
[    7.485782] TRACE: /bin/tpmr(252): tpm2_extend
[    7.540496] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/pubring.kbx
[    7.759033] TRACE: /bin/tpmr(265): tpm2_extend
[    7.811693] DEBUG: TPM: Extended PCR[7] with hash f196f9cae98362568d31638e7522eee5042286b2c18627b06b30a0275207872e
[    7.903033] TRACE: /bin/cbfs-init(24): main
[    8.026099] TRACE: /bin/tpmr(832): main
[    8.077074] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg
[    8.108061] TRACE: /bin/tpmr(234): tpm2_extend
[    8.180580] TRACE: /bin/tpmr(247): tpm2_extend
[    8.234748] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/trustdb.gpg
[    8.412522] TRACE: /bin/tpmr(265): tpm2_extend
[    8.469868] DEBUG: TPM: Extended PCR[7] with hash 53b843fe9bb52894d3a7d00197c776d56f3059f6a285124c7916724cd5013b0b
[    8.596316] TRACE: /bin/tpmr(832): main
[    8.655651] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg
[    8.690508] TRACE: /bin/tpmr(234): tpm2_extend
[    8.723206] TRACE: /bin/tpmr(252): tpm2_extend
[    8.782554] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/trustdb.gpg
[    8.999969] TRACE: /bin/tpmr(265): tpm2_extend
[    9.066744] DEBUG: TPM: Extended PCR[7] with hash abf745ef9f960af5d8b19a1acd4bc0a19da056f607b06cce6b920eab83cbbdec
[    9.215143] TRACE: /bin/key-init(6): main
[   10.661503] TRACE: Under /etc/ash_functions:combine_configs
[   10.749050] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[   10.998267] TRACE: /bin/setconsolefont.sh(6): main
[   11.059640] DEBUG: Board does not ship setfont, not checking console font
[   11.303012] TRACE: /bin/gui-init(641): main
[   11.334099] TRACE: Under /etc/ash_functions:enable_usb
[   11.421487] TRACE: /sbin/insmod(9): main
[   11.578754] TRACE: /sbin/insmod(53): main
[   11.630500] DEBUG: No module parameters, extending only with the module's content
[   11.741780] TRACE: /bin/tpmr(832): main
[   11.789365] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-hcd.ko
[   11.823496] TRACE: /bin/tpmr(234): tpm2_extend
[   11.862739] TRACE: /bin/tpmr(252): tpm2_extend
[   11.920404] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-hcd.ko
[   12.123507] TRACE: /bin/tpmr(265): tpm2_extend
[   12.175292] DEBUG: TPM: Extended PCR[5] with hash 40c5206f06702e45d8e6632632255258af433be0641c96f514ea75ac14523a30
[   12.234130] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod
[   12.278479] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   12.371875] TRACE: /sbin/insmod(9): main
[   12.523874] TRACE: /sbin/insmod(53): main
[   12.578418] DEBUG: No module parameters, extending only with the module's content
[   12.697785] TRACE: /bin/tpmr(832): main
[   12.753607] DEBUG: TPM: Extending PCR[5] with /lib/modules/uhci-hcd.ko
[   12.786940] TRACE: /bin/tpmr(234): tpm2_extend
[   12.819199] TRACE: /bin/tpmr(252): tpm2_extend
[   12.879805] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/uhci-hcd.ko
[   13.088925] TRACE: /bin/tpmr(265): tpm2_extend
[   13.158660] DEBUG: TPM: Extended PCR[5] with hash 1877332107fb8737a5636da26d4db2c10ffe4d1db2bcbde30b47774cdf05e02f
[   13.223888] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod
[   13.253700] uhci_hcd: USB Universal Host Controller Interface driver
[   13.269580] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[   13.278675] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[   13.287280] uhci_hcd 0000:00:1d.0: detected 2 ports
[   13.296481] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00
[   13.314557] hub 1-0:1.0: USB hub found
[   13.332614] hub 1-0:1.0: 2 ports detected
[   13.352400] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[   13.361016] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[   13.368653] uhci_hcd 0000:00:1d.1: detected 2 ports
[   13.376700] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0
[   13.395046] hub 2-0:1.0: USB hub found
[   13.403107] hub 2-0:1.0: 2 ports detected
[   13.418573] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[   13.426975] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[   13.434733] uhci_hcd 0000:00:1d.2: detected 2 ports
[   13.442497] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0
[   13.460237] hub 3-0:1.0: USB hub found
[   13.467466] hub 3-0:1.0: 2 ports detected
[   13.579102] TRACE: /sbin/insmod(9): main
[   13.730892] TRACE: /sbin/insmod(53): main
[   13.781345] DEBUG: No module parameters, extending only with the module's content
[   13.891152] TRACE: /bin/tpmr(832): main
[   13.954015] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-hcd.ko
[   13.995207] TRACE: /bin/tpmr(234): tpm2_extend
[   14.031074] TRACE: /bin/tpmr(252): tpm2_extend
[   14.095694] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-hcd.ko
[   14.315253] TRACE: /bin/tpmr(265): tpm2_extend
[   14.369608] DEBUG: TPM: Extended PCR[5] with hash 8a12ce4abfc87f11a023d4f1c26c225f5cffae248f9dad1fd30e78022996df02
[   14.425800] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod
[   14.455207] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   14.548050] TRACE: /sbin/insmod(9): main
[   14.693175] TRACE: /sbin/insmod(53): main
[   14.742761] DEBUG: No module parameters, extending only with the module's content
[   14.855233] TRACE: /bin/tpmr(832): main
[   14.908035] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-pci.ko
[   14.940321] TRACE: /bin/tpmr(234): tpm2_extend
[   14.970307] TRACE: /bin/tpmr(252): tpm2_extend
[   15.018421] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-pci.ko
[   15.226408] TRACE: /bin/tpmr(265): tpm2_extend
[   15.279951] DEBUG: TPM: Extended PCR[5] with hash 2065ee6544d78a5d31e67983166a9b8cf60dbe61bf0ee99c39e92816cc3a98db
[   15.335930] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod
[   15.360537] ohci-pci: OHCI PCI platform driver
[   15.446600] TRACE: /sbin/insmod(9): main
[   15.597149] TRACE: /sbin/insmod(53): main
[   15.649850] DEBUG: No module parameters, extending only with the module's content
[   15.753738] TRACE: /bin/tpmr(832): main
[   15.809086] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-pci.ko
[   15.847559] TRACE: /bin/tpmr(234): tpm2_extend
[   15.878030] TRACE: /bin/tpmr(252): tpm2_extend
[   15.930320] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-pci.ko
[   16.131948] TRACE: /bin/tpmr(265): tpm2_extend
[   16.190395] DEBUG: TPM: Extended PCR[5] with hash 116145df2c495dfd58354025799fe5bb9b4d8e078960e8d0d7ceda746e4f2d06
[   16.247675] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod
[   16.275465] ehci-pci: EHCI PCI platform driver
[   16.296704] ehci-pci 0000:00:1d.7: EHCI Host Controller
[   16.306151] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4
[   16.316293] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000
[   16.340527] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[   16.357688] hub 4-0:1.0: USB hub found
[   16.365707] hub 4-0:1.0: 6 ports detected
[   16.376687] hub 1-0:1.0: USB hub found
[   16.384573] hub 1-0:1.0: 2 ports detected
[   16.393986] hub 2-0:1.0: USB hub found
[   16.401424] hub 2-0:1.0: 2 ports detected
[   16.410387] hub 3-0:1.0: USB hub found
[   16.418087] hub 3-0:1.0: 2 ports detected
[   16.513839] TRACE: /sbin/insmod(9): main
[   16.670778] TRACE: /sbin/insmod(53): main
[   16.721953] DEBUG: No module parameters, extending only with the module's content
[   16.835964] TRACE: /bin/tpmr(832): main
[   16.888003] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-hcd.ko
[   16.919798] TRACE: /bin/tpmr(234): tpm2_extend
[   16.957470] TRACE: /bin/tpmr(252): tpm2_extend
[   17.013535] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-hcd.ko
[   17.225097] TRACE: /bin/tpmr(265): tpm2_extend
[   17.281099] DEBUG: TPM: Extended PCR[5] with hash 7f5a6bd0f7de6104e49374e1e5ce421e11795fcc4f53014ef9259d630d7876bc
[   17.337551] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod
[   17.448660] TRACE: /sbin/insmod(9): main
[   17.595458] TRACE: /sbin/insmod(53): main
[   17.653305] DEBUG: No module parameters, extending only with the module's content
[   17.763612] TRACE: /bin/tpmr(832): main
[   17.817350] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-pci.ko
[   17.849196] TRACE: /bin/tpmr(234): tpm2_extend
[   17.879069] TRACE: /bin/tpmr(252): tpm2_extend
[   17.927859] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-pci.ko
[   18.126778] TRACE: /bin/tpmr(265): tpm2_extend
[   18.188056] DEBUG: TPM: Extended PCR[5] with hash 5502fa8c101f7e509145b9826094f06dd0e225c2311a14edc9ae9c812518a250
[   18.247945] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod
[   18.286509] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   18.294553] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5
[   18.308276] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010
[   18.320288] hub 5-0:1.0: USB hub found
[   18.328425] hub 5-0:1.0: 4 ports detected
[   18.337635] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   18.344430] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6
[   18.351769] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed
[   18.360900] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM.
[   18.371095] hub 6-0:1.0: USB hub found
[   18.378046] hub 6-0:1.0: 4 ports detected
[   18.673695] usb 5-1: new high-speed USB device number 2 using xhci_hcd
[   18.960744] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[   19.112485] usb 5-3: new full-speed USB device number 3 using xhci_hcd
[   20.433294] TRACE: /etc/functions(715): detect_boot_device
[   20.489580] TRACE: /etc/functions(682): mount_possible_boot_device
[   20.546126] TRACE: /etc/functions(642): is_gpt_bios_grub
[   20.653417] TRACE: /dev/vda1 is partition 1 of vda
[   20.777737] TRACE: /etc/functions(619): find_lvm_vg_name
[   20.946450] TRACE: Try mounting /dev/vda1 as /boot
[   20.997145] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[   21.053058] TRACE: /bin/gui-init(319): clean_boot_check
[   21.157752] TRACE: /bin/gui-init(348): check_gpg_key
[   21.260339] TRACE: /bin/gui-init(185): update_totp
[   21.376906] TRACE: /bin/unseal-totp(8): main
[   21.497372] TRACE: /bin/tpmr(569): tpm2_unseal
[   21.574501] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   22.212056] DEBUG: Running at_exit handlers
[   22.247818] TRACE: /bin/tpmr(374): cleanup_session
[   22.301292] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   22.423005]  !!! ERROR: Unable to unseal TOTP secret !!!
[   25.058227] TRACE: /bin/unseal-totp(8): main
[   25.205031] TRACE: /bin/tpmr(569): tpm2_unseal
[   25.284388] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   25.914243] DEBUG: Running at_exit handlers
[   25.947988] TRACE: /bin/tpmr(374): cleanup_session
[   26.001694] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   26.126464]  !!! ERROR: Unable to unseal TOTP secret !!!
[   28.766165] TRACE: /bin/unseal-totp(8): main
[   28.898452] TRACE: /bin/tpmr(569): tpm2_unseal
[   28.982708] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   29.609216] DEBUG: Running at_exit handlers
[   29.643372] TRACE: /bin/tpmr(374): cleanup_session
[   29.696741] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   29.822748]  !!! ERROR: Unable to unseal TOTP secret !!!
[   31.890980] DEBUG: CONFIG_TPM: y
[   31.945147] DEBUG: CONFIG_TPM2_TOOLS: y
[   31.999643] DEBUG: Show PCRs
[   32.157607] DEBUG:   sha256:
[   32.190288] 0 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.221302] 1 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.251240] 2 : 0x9FC171D45D54BDD49D40E8438BCF15808427BA72B11EC2DF1ACE877CA0CF4F14
[   32.282127] 3 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.315382] 4 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.345767] 5 : 0xD76470232B7C3FD7D18D4DF3B77DACAFFDB876DBF3E84C996D74F7ECFA0FF60F
[   32.379099] 6 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.409630] 7 : 0x2E3147A8ADA1FEBEB2D32D7F50F25DC10F47D7CD48DF1D61A2D6BF958114A231
[   32.439780] 8 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.508514] 9 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.537395] 10: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.583510] 11: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.622661] 12: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.651831] 13: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.687298] 14: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.721766] 15: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.751345] 16: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.782919] 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.813071] 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.841994] 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.869358] 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.907215] 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.937346] 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.967810] 23: 0x0000000000000000000000000000000000000000000000000000000000000000

Signed-off-by: Thierry Laurion <[email protected]>

Author: tlaurion

initrd/bin/cbfs-init

@@ -21,7 +21,8 @@ for cbfsname in `echo $cbfsfiles`; do
 		cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \
 		|| die "$filename: cbfs file read failed"
 		if [ "$CONFIG_TPM" = "y" ]; then
-			echo "TPM: Extending PCR[$CONFIG_PCR with] with $filename"
+			TRACE_FUNC
+			echo "TPM: Extending PCR[$CONFIG_PCR] with $filename"
 			# Measure both the filename and its content.  This
 			# ensures that renaming files or pivoting file content
 			# will still affect the resulting PCR measurement.

initrd/bin/kexec-insert-key

@@ -65,6 +65,7 @@ if ! kexec-unseal-key "$INITRD_DIR/secret.key"; then
 fi
 
 # Override PCR 4 so that user can't read the key
+TRACE_FUNC
 echo "TPM: Extending PCR[4] to prevent any future secret unsealing"
 tpmr extend -ix 4 -ic generic ||
 	die 'Unable to scramble PCR'

initrd/bin/kexec-select-boot

@@ -384,6 +384,7 @@ while true; do
 	if [ "$CONFIG_TPM" = "y" ]; then
 		if [ ! -r "$TMP_KEY_DEVICES" ]; then
 			# Extend PCR4 as soon as possible
+			TRACE_FUNC
 			DEBUG "TPM: Extending PCR[4] to prevent further secret unsealing"
 			tpmr extend -ix 4 -ic generic ||
 				die "Failed to extend TPM PCR[4]"

initrd/bin/qubes-measure-luks

@@ -19,6 +19,7 @@ sha256sum /tmp/lukshdr-* >/tmp/luksDump.txt || die "Unable to hash LUKS headers"
 DEBUG "Removing /tmp/lukshdr-*"
 rm /tmp/lukshdr-*
 
+TRACE_FUNC
 echo "TPM: Extending PCR[6] with hash of LUKS headers from /tmp/luksDump.txt"
 tpmr extend -ix 6 -if /tmp/luksDump.txt ||
 	die "Unable to extend PCR"

initrd/bin/tpmr

@@ -235,14 +235,22 @@ tpm2_extend() {
 	while true; do
 		case "$1" in
 		-ix)
+			# store index and shift so -ic and -if can be processed
 			index="$2"
 			shift 2
 			;;
 		-ic)
+			# this is to extend the PCR with a hash of a multiword string, use array to pass multiple words in $2
+			# use array to pass multiple words in $2
+			string=$(echo -n "$2")
 			hash="$(echo -n "$2" | sha256sum | cut -d' ' -f1)"
+			TRACE_FUNC
+			DEBUG "TPM: Will extend PCR[$index] with hash of string $string"
 			shift 2
 			;;
 		-if)
+			TRACE_FUNC
+			DEBUG "TPM: Will extend PCR[$index] with hash of file content $2"
 			hash="$(sha256sum "$2" | cut -d' ' -f1)"
 			shift 2
 			;;
@@ -253,7 +261,9 @@ tpm2_extend() {
 	done
 	tpm2 pcrextend "$index:sha256=$hash"
 	tpm2 pcrread "sha256:$index"
-	DEBUG "TPM: Extended PCR[$index] with $hash"
+
+	TRACE_FUNC
+	DEBUG "TPM: Extended PCR[$index] with hash $hash"
 }
 
 tpm2_counter_read() {
@@ -767,7 +777,18 @@ if [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
 		tpm1_destroy "$@"
 		;;
 	extend)
-		DEBUG "TPM: Extending PCR[$3] with $5"
+		#check if we extend with a hash or a file
+		if [ "$4" = "-if" ]; then
+			DEBUG "TPM: Will extend PCR[$3] hash content of file $5"
+			hash="$(sha1sum "$5" | cut -d' ' -f1)"
+		elif [ "$4" = "-ic" ]; then
+			string=$(echo -n "$5")
+			DEBUG "TPM: Will extend PCR[$3] with hash of filename $string"
+			hash="$(echo -n "$5" | sha1sum | cut -d' ' -f1)"
+		fi
+		
+		TRACE_FUNC
+		DEBUG "TPM: Extending PCR[$3] with hash $hash"
 		DO_WITH_DEBUG exec tpm "$@"
 		;;
 	seal)
@@ -808,6 +829,7 @@ calcfuturepcr)
 	replay_pcr "sha256" "$@"
 	;;
 extend)
+	TRACE_FUNC
 	DEBUG "TPM: Extending PCR[$2] with $4"
 	tpm2_extend "$@"
 	;;

initrd/etc/ash_functions

@@ -241,6 +241,7 @@ recovery() {
 	DEBUG "Board $CONFIG_BOARD - version $(fw_version)"
 
 	if [ "$CONFIG_TPM" = "y" ]; then
+		TRACE_FUNC
 		echo "TPM: Extending PCR[4] to prevent any further secret unsealing"
 		tpmr extend -ix 4 -ic recovery
 	fi

initrd/sbin/insmod

@@ -43,9 +43,18 @@ if [ -z "$tpm_missing" ]; then
 	# Extend with the module parameters (even if they are empty) and the
 	# module. Changing the parameters or the module content will result in a
 	# different PCR measurement.
-	tpmr extend -ix "$MODULE_PCR" -ic "$*"
-	tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
-	|| die "$MODULE: tpm extend failed"
+	if [ -n "$*" ]; then
+		TRACE_FUNC
+		DEBUG "Extending with module parameters and the module's content"
+		tpmr extend -ix "$MODULE_PCR" -ic "$*"
+		tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
+		|| die "$MODULE: tpm extend failed"
+	else
+		TRACE_FUNC
+		DEBUG "No module parameters, extending only with the module's content"
+		tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \
+		|| die "$MODULE: tpm extend failed"
+	fi
 fi
 
 # Since we have replaced the real insmod, we must invoke