Skip to content

Commit ebde089

Browse files
jakogutjakogut
committed
flasher: improve logging with secure boot
Print the PCR digest values used to create the PCR policy used to seal the LUKS passphrase during flashing. These values can be cross referenced with the logs during secure boot to diagnose policy check failures. Change-type: patch Signed-off-by: Joseph Kogut <[email protected]>
1 parent 1fcd66f commit ebde089

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

meta-balena-common/recipes-support/resin-init/resin-init-flasher/balena-init-flasher-tpm

+5
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,11 @@ diskenc_setup() {
7878
seek="$(du -b "${PCR_VAL_BIN_PRIMARY}" | cut -f1)"
7979
done
8080

81+
info "Creating combined policy for PCRs ${PCRS}"
82+
83+
print_pcr_val_bin "$PCRS" "$PCR_VAL_BIN_PRIMARY"
84+
print_pcr_val_bin "$PCRS" "$PCR_VAL_BIN_SECONDARY"
85+
8186
tpm2_createpolicy --policy-pcr \
8287
-l "sha256:${PCRS}" \
8388
-f "${PCR_VAL_BIN_PRIMARY}" \

0 commit comments

Comments
 (0)