Change echo to info. Included more reliable way of getting initrd and kernel. Allow user custom kexec

2025-05-31 05:54:21 -04:00 · 2023-01-07 11:14:31 -05:00 · 2023-01-07 11:14:31 -05:00 · 78a4fad667
commit 78a4fad667
parent 8da3b9c40c
5 changed files with 32 additions and 33 deletions
--- a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram-needshutdown.sh
+++ b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram-needshutdown.sh
@ -16,10 +16,6 @@ ram_wipe_check_needshutdown() {
      reboot -f
   fi
   
-   if [ "$wipe_action" = "kexec" ]; then
-      reboot -f
-   fi
-
   if [ "$wipe_action" = "poweroff" ]; then
      poweroff -f
   fi
@ -29,7 +25,7 @@ ram_wipe_check_needshutdown() {
   fi
   
   if [ "$wipe_action" = "error" ]; then
-	   echo "Choice of shutdown option led to an error. Shutting down..."
+	   info "Choice of shutdown option led to an error. Shutting down..."
 	   sleep 5
 	   poweroff -f
   fi
--- a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh
+++ b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh
@ -6,19 +6,18 @@

 ram_wipe_action() {
   local kernel_wiperam_exit
-   ## getarg returns the last parameter only.
-   ## if /proc/cmdline contains 'wiperam=skip wiperam=force' the last one wins.
   kernel_wiperam_exit=$(getarg wiperamexit)


   if [ "$kernel_wiperam_exit" = "no" ]; then
-      info "INFO: Skip, because wiperamexit=no kernel parameter detected, OK."
-      return 0
-   else 
-      if [ "$kernel_wiperam_exit" != "yes" ]; then
-         info "INFO: Skip, becuase wiperamexit parameter is not used. "
-         return 0
-      fi
+	   info "INFO: Skip, because wiperamexit=no kernel parameter detected, OK."
+	   return 0
+   fi
+
+
+   if [ "$kernel_wiperam_exit" != "yes" ]; then
+	   info "INFO: Skip, becuase wiperamexit parameter is not used. "
+	   return 0
   fi

   info "INFO: wiperamexit=yes. Running second RAM wipe... "
--- a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh
+++ b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh
@ -23,20 +23,20 @@ ram_wipe() {
   kernel_wiperam_setting=$(getarg wiperam)

   if [ "$kernel_wiperam_setting" = "skip" ]; then
-      echo "INFO: wipe-ram.sh: Skip, because wiperam=skip kernel parameter detected, OK." > /dev/kmsg
+      info "INFO: wipe-ram.sh: Skip, because wiperam=skip kernel parameter detected, OK." > /dev/kmsg
      return 0
   fi

   if [ "$kernel_wiperam_setting" = "force" ]; then
-      echo "INFO: wipe-ram.sh: wiperam=force detected, OK." > /dev/kmsg
+      info "INFO: wipe-ram.sh: wiperam=force detected, OK." > /dev/kmsg
   else
      if systemd-detect-virt &>/dev/null ; then
-         echo "INFO: wipe-ram.sh: Skip, because VM detected and not using wiperam=force kernel parameter, OK." > /dev/kmsg
+         info "INFO: wipe-ram.sh: Skip, because VM detected and not using wiperam=force kernel parameter, OK." > /dev/kmsg
         return 0
      fi
   fi

-   echo "INFO: wipe-ram.sh: Cold boot attack defense... Starting RAM wipe on shutdown..." > /dev/kmsg
+   info "INFO: wipe-ram.sh: Cold boot attack defense... Starting RAM wipe on shutdown..." > /dev/kmsg

   drop_caches

@ -46,24 +46,24 @@ ram_wipe() {

   drop_caches

-   echo "INFO: wipe-ram.sh: RAM wipe completed, OK." > /dev/kmsg
+   info "INFO: wipe-ram.sh: RAM wipe completed, OK." > /dev/kmsg

   ## In theory might be better to check this beforehand, but the test is
   ## really fast. The user has no chance of reading the console output
   ## without introducing an artificial delay because the sdmem which runs
   ## after this, results in much more console output.
-   echo "INFO: wipe-ram.sh: Checking if there are still mounted encrypted disks..." > /dev/kmsg
+   info "INFO: wipe-ram.sh: Checking if there are still mounted encrypted disks..." > /dev/kmsg

   local dmsetup_actual_output dmsetup_expected_output
   dmsetup_actual_output="$(dmsetup ls --target crypt)"
   dmsetup_expected_output="No devices found"

   if [ "$dmsetup_actual_output" = "$dmsetup_expected_output" ]; then
-      echo "INFO: wipe-ram.sh: Success, there are no more mounted encrypted disks, OK." > /dev/kmsg
+      info "INFO: wipe-ram.sh: Success, there are no more mounted encrypted disks, OK." > /dev/kmsg
      ## This should probably be removed in production?
      sleep 3
   else
-      echo "\
+      info "\
 WARNING: wipe-ram.sh:There are still mounted encrypted disks! RAM wipe failed!

 debugging information:
@ -73,7 +73,7 @@ dmsetup_actual_output: '$dmsetup_actual_output'" > /dev/kmsg
      sleep 5
   fi

-   kexec -e && echo "kexec -e succeeded" || echo "kexec -e failed"
+   kexec -e && info "kexec -e succeeded" || info "kexec -e failed"
 }

 ram_wipe