initrd/bin/tmpr: silence tpm reset console output, LOG instead

Signed-off-by: Thierry Laurion <[email protected]>

Author: tlaurion

initrd/bin/tpmr

@@ -650,15 +650,15 @@ tpm2_reset() {
 	# output TPM Owner Password to a file to be reused in this boot session until recovery shell/reboot
 	DEBUG "Caching TPM Owner Password to $SECRET_DIR/tpm_owner_password"
 	echo -n "$tpm_owner_password" >"$SECRET_DIR/tpm_owner_password"
-	tpm2 clear -c platform || warn "Unable to clear TPM on platform hierarchy"
-	tpm2 changeauth -c owner "$(tpm2_password_hex "$tpm_owner_password")"
-	tpm2 changeauth -c endorsement "$(tpm2_password_hex "$tpm_owner_password")"
+	tpm2 clear -c platform > /dev/null 2>&1 || LOG "Unable to clear TPM on platform hierarchy"
+	tpm2 changeauth -c owner "$(tpm2_password_hex "$tpm_owner_password")" > /dev/null 2>&1 || LOG "Unable to change owner password"
+	tpm2 changeauth -c endorsement "$(tpm2_password_hex "$tpm_owner_password")" > /dev/null 2>&1 || LOG "Unable to change endorsement password"
 	tpm2 createprimary -C owner -g sha256 -G "${CONFIG_PRIMARY_KEY_TYPE:-rsa}" \
-		-c "$SECRET_DIR/primary.ctx" -P "$(tpm2_password_hex "$tpm_owner_password")"
+		-c "$SECRET_DIR/primary.ctx" -P "$(tpm2_password_hex "$tpm_owner_password")" > /dev/null 2>&1 || LOG "Unable to create primary key"
 	tpm2 evictcontrol -C owner -c "$SECRET_DIR/primary.ctx" "$PRIMARY_HANDLE" \
-		-P "$(tpm2_password_hex "$tpm_owner_password")"
-	shred -u "$SECRET_DIR/primary.ctx"
-	tpm2_startsession
+		-P "$(tpm2_password_hex "$tpm_owner_password")" > /dev/null 2>&1 || LOG "Unable to evict primary key"
+	shred -u "$SECRET_DIR/primary.ctx" > /dev/null 2>&1
+	tpm2_startsession > /dev/null 2>&1 || LOG "Unable to start session"
 
 	# Set the dictionary attack parameters.  TPM2 defaults vary widely, we
 	# want consistent behavior on any TPM.
@@ -681,7 +681,7 @@ tpm2_reset() {
 		--max-tries=10 \
 		--recovery-time=3600 \
 		--lockout-recovery-time=0 \
-		--auth="session:$ENC_SESSION_FILE"
+		--auth="session:$ENC_SESSION_FILE" > /dev/null 2>&1 || LOG "Unable to set dictionary lockout parameters"
 
 	# Set a random DA lockout password, so the DA lockout can't be cleared
 	# with a password.  Heads doesn't offer dictionary attach reset, instead
@@ -690,7 +690,7 @@ tpm2_reset() {
 	# The default lockout password is empty, so we must set this, and we
 	# don't need to provide any auth (use the default empty password).
 	tpm2 changeauth -Q -c lockout \
-		"hex:$(dd if=/dev/urandom bs=32 count=1 status=none 2>/dev/null | xxd -p | tr -d ' \n')"
+		"hex:$(dd if=/dev/urandom bs=32 count=1 status=none 2>/dev/null | xxd -p | tr -d ' \n')" > /dev/null 2>&1 || LOG "Unable to set lockout password"
 }
 tpm1_reset() {
 	TRACE_FUNC
@@ -700,17 +700,17 @@ tpm1_reset() {
 	DEBUG "Caching TPM Owner Password to $SECRET_DIR/tpm_owner_password"
 	echo -n "$tpm_owner_password" >"$SECRET_DIR/tpm_owner_password"
 	# Make sure the TPM is ready to be reset
-	tpm physicalpresence -s
-	tpm physicalenable
-	tpm physicalsetdeactivated -c
-	tpm forceclear
-	tpm physicalenable
-	tpm takeown -pwdo "$tpm_owner_password"
+	tpm physicalpresence -s > /dev/null 2>&1 || LOG "Unable to assert physical presence"
+	tpm physicalenable > /dev/null 2>&1 || >LOG "Unable to enable TPM"
+	tpm physicalsetdeactivated -c > /dev/null 2>&1 || LOG "Unable to deactivate TPM"
+	tpm forceclear -pwdo "$tpm_owner_password" > /dev/null 2>&1 || LOG "Unable to clear TPM"
+	tpm physicalenable > /dev/null 2>&1 || LOG "Unable to enable TPM"
+	tpm takeown -pwdo "$tpm_owner_password" > /dev/null 2>&1 || LOG "Unable to take ownership of TPM"
 
 	# And now turn it all back on
-	tpm physicalpresence -s
-	tpm physicalenable
-	tpm physicalsetdeactivated -c
+	tpm physicalpresence -s > /dev/null 2>&1 || LOG "Unable to assert physical presence"
+	tpm physicalenable > /dev/null 2>&1 || LOG "Unable to enable TPM"
+	tpm physicalsetdeactivated -c > /dev/null 2>&1 || LOG "Unable to deactivate TPM"
 }
 
 # Perform final cleanup before boot and lock the platform heirarchy.