From d769099db1dbf90350838430cda2de7196076c5d Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 9 Jan 2023 05:34:07 -0500 Subject: [PATCH] use warn instead of info for now because dracut does not show info messages when kernel parameter quiet is set --- .../10ram-wipe-exit/wipe-ram-needshutdown.sh | 8 ++++---- .../modules.d/10ram-wipe-exit/wipe-ram.sh | 8 ++++---- .../wipe-ram-needshutdown.sh | 14 +++++++------- .../40cold-boot-attack-defense/wipe-ram.sh | 18 +++++++++--------- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram-needshutdown.sh b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram-needshutdown.sh index 900f24d..c224cc9 100755 --- a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram-needshutdown.sh +++ b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram-needshutdown.sh @@ -11,7 +11,7 @@ ram_wipe_check_needshutdown() { wipe_action=$(getarg wiperamaction) if [ "$wipe_action" = "reboot" ]; then - info "wipe-ram.sh wiperamexit: reboot..." + warn "wipe-ram.sh wiperamexit: reboot..." ## Why reboot? Why not just continue to boot? ## To get rid of kernel command line options 'wiperamexit=yes wiperamaction=reboot'? ## Also RAM wipe using sdmem leads to an OOM and the following error as seen in serial console: @@ -19,13 +19,13 @@ ram_wipe_check_needshutdown() { ## In other words, the system might not boot up cleanly. reboot --force elif [ "$wipe_action" = "poweroff" ]; then - info "wipe-ram.sh wiperamexit: poweroff..." + warn "wipe-ram.sh wiperamexit: poweroff..." poweroff --force elif [ "$wipe_action" = "halt" ]; then - info "wipe-ram.sh wiperamexit: halt..." + warn "wipe-ram.sh wiperamexit: halt..." halt --force else - info "wipe-ram.sh wiperamexit: normal boot..." + warn "wipe-ram.sh wiperamexit: normal boot..." fi } diff --git a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh index 3059910..7046e7b 100755 --- a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh +++ b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh @@ -21,22 +21,22 @@ ram_wipe_action() { kernel_wiperam_exit=$(getarg wiperamexit) if [ "$kernel_wiperam_exit" = "no" ]; then - info "wipe-ram.sh wiperamexit: Skip, because wiperamexit=no kernel parameter detected, OK." + warn "wipe-ram.sh wiperamexit: Skip, because wiperamexit=no kernel parameter detected, OK." return 0 fi if [ "$kernel_wiperam_exit" != "yes" ]; then - info "wipe-ram.sh wiperamexit: Skip, because wiperamexit parameter is unset." + warn "wipe-ram.sh wiperamexit: Skip, because wiperamexit parameter is unset." return 0 fi - info "wipe-ram.sh wiperamexit: wiperamexit=yes, therefore running second RAM wipe..." + warn "wipe-ram.sh wiperamexit: wiperamexit=yes, therefore running second RAM wipe..." drop_caches sdmem -l -l -v drop_caches - info "wipe-ram.sh wiperamexit: Second RAM wipe completed." + warn "wipe-ram.sh wiperamexit: Second RAM wipe completed." } ram_wipe_action diff --git a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram-needshutdown.sh b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram-needshutdown.sh index 4cf9562..f0a7e0a 100755 --- a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram-needshutdown.sh +++ b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram-needshutdown.sh @@ -13,25 +13,25 @@ ram_wipe_check_needshutdown() { kernel_wiperam_setting=$(getarg wiperam) if [ "$kernel_wiperam_setting" = "skip" ]; then - info "wipe-ram-needshutdown.sh: Skip, because wiperam=skip kernel parameter detected, OK." + warn "wipe-ram-needshutdown.sh: Skip, because wiperam=skip kernel parameter detected, OK." return 0 fi if [ "$kernel_wiperam_setting" = "force" ]; then - info "wipe-ram-needshutdown.sh: wiperam=force detected, OK." + warn "wipe-ram-needshutdown.sh: wiperam=force detected, OK." else detect_virt_output="$(systemd-detect-virt 2>&1)" detect_virt_exit_code="$?" - info "wipe-ram-needshutdown.sh: detect_virt_output: '$detect_virt_output'" - info "wipe-ram-needshutdown.sh: detect_virt_exit_code: '$detect_virt_exit_code'" + warn "wipe-ram-needshutdown.sh: detect_virt_output: '$detect_virt_output'" + warn "wipe-ram-needshutdown.sh: detect_virt_exit_code: '$detect_virt_exit_code'" if [ "$detect_virt_exit_code" = "0" ]; then - info "wipe-ram-needshutdown.sh: Skip, because running inside a VM detected and not using wiperam=force kernel parameter, OK." + warn "wipe-ram-needshutdown.sh: Skip, because running inside a VM detected and not using wiperam=force kernel parameter, OK." return 0 fi - info "wipe-ram-needshutdown.sh: Bare metal (not running inside a VM) detected, OK." + warn "wipe-ram-needshutdown.sh: Bare metal (not running inside a VM) detected, OK." fi - info "wipe-ram-needshutdown.sh: Calling dracut function need_shutdown to drop back into initramfs at shutdown, OK." + warn "wipe-ram-needshutdown.sh: Calling dracut function need_shutdown to drop back into initramfs at shutdown, OK." need_shutdown return 0 diff --git a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh index a025d05..fe2aa03 100755 --- a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh +++ b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh @@ -25,15 +25,15 @@ ram_wipe() { kernel_wiperam_setting=$(getarg wiperam) if [ "$kernel_wiperam_setting" = "skip" ]; then - info "wipe-ram.sh: Skip, because wiperam=skip kernel parameter detected, OK." + warn "wipe-ram.sh: Skip, because wiperam=skip kernel parameter detected, OK." return 0 fi if [ "$kernel_wiperam_setting" = "force" ]; then - info "wipe-ram.sh: wiperam=force detected, OK." + warn "wipe-ram.sh: wiperam=force detected, OK." else if systemd-detect-virt &>/dev/null ; then - info "wipe-ram.sh: Skip, because VM detected and not using wiperam=force kernel parameter, OK." + warn "wipe-ram.sh: Skip, because VM detected and not using wiperam=force kernel parameter, OK." return 0 fi fi @@ -44,7 +44,7 @@ ram_wipe() { return 0 fi - info "wipe-ram.sh: Cold boot attack defense... Starting RAM wipe on shutdown..." + warn "wipe-ram.sh: Cold boot attack defense... Starting RAM wipe on shutdown..." drop_caches @@ -54,20 +54,20 @@ ram_wipe() { drop_caches - info "wipe-ram.sh: RAM wipe completed, OK." + warn "wipe-ram.sh: RAM wipe completed, OK." ## In theory might be better to check this beforehand, but the test is ## really fast. The user has no chance of reading the console output ## without introducing an artificial delay because the sdmem which runs ## after this, results in much more console output. - info "wipe-ram.sh: Checking if there are still mounted encrypted disks..." + warn "wipe-ram.sh: Checking if there are still mounted encrypted disks..." local dmsetup_actual_output dmsetup_expected_output dmsetup_actual_output="$(dmsetup ls --target crypt)" dmsetup_expected_output="No devices found" if [ "$dmsetup_actual_output" = "$dmsetup_expected_output" ]; then - info "wipe-ram.sh: Success, there are no more mounted encrypted disks, OK." + warn "wipe-ram.sh: Success, there are no more mounted encrypted disks, OK." else ## dracut should unmount the root encrypted disk cryptsetup luksClose during shutdown ## https://github.com/dracutdevs/dracut/issues/1888 @@ -81,9 +81,9 @@ dmsetup_actual_output: '$dmsetup_actual_output'" sleep 5 fi - info "wipe-ram.sh: Now running 'kexec --exec'..." + warn "wipe-ram.sh: Now running 'kexec --exec'..." if kexec --exec ; then - info "wipe-ram.sh: 'kexec --exec' succeeded." + warn "wipe-ram.sh: 'kexec --exec' succeeded." return 0 fi