From 999a82ed946c8fd57654a0a90e2a2e53ef98a788 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sat, 7 Jan 2023 12:46:21 -0500 Subject: [PATCH] output --- .../modules.d/10ram-wipe-exit/wipe-ram.sh | 6 +++--- .../40cold-boot-attack-defense/wipe-ram.sh | 20 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh index d43ff5e..b08c7bd 100644 --- a/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh +++ b/usr/lib/dracut/modules.d/10ram-wipe-exit/wipe-ram.sh @@ -9,16 +9,16 @@ ram_wipe_action() { kernel_wiperam_exit=$(getarg wiperamexit) if [ "$kernel_wiperam_exit" = "no" ]; then - info "INFO: Skip, because wiperamexit=no kernel parameter detected, OK." + info "Skip, because wiperamexit=no kernel parameter detected, OK." return 0 fi if [ "$kernel_wiperam_exit" != "yes" ]; then - info "INFO: Skip, becuase wiperamexit parameter is not used." + info "Skip, because wiperamexit parameter is unset." return 0 fi - info "INFO: wiperamexit=yes. Running second RAM wipe..." + info "wiperamexit=yes, therefore running second RAM wipe..." sdmem -l -l -v } diff --git a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh index edab86b..2cf5043 100755 --- a/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh +++ b/usr/lib/dracut/modules.d/40cold-boot-attack-defense/wipe-ram.sh @@ -23,20 +23,20 @@ ram_wipe() { kernel_wiperam_setting=$(getarg wiperam) if [ "$kernel_wiperam_setting" = "skip" ]; then - info "INFO: wipe-ram.sh: Skip, because wiperam=skip kernel parameter detected, OK." + info "wipe-ram.sh: Skip, because wiperam=skip kernel parameter detected, OK." return 0 fi if [ "$kernel_wiperam_setting" = "force" ]; then - info "INFO: wipe-ram.sh: wiperam=force detected, OK." + info "wipe-ram.sh: wiperam=force detected, OK." else if systemd-detect-virt &>/dev/null ; then - info "INFO: wipe-ram.sh: Skip, because VM detected and not using wiperam=force kernel parameter, OK." + info "wipe-ram.sh: Skip, because VM detected and not using wiperam=force kernel parameter, OK." return 0 fi fi - info "INFO: wipe-ram.sh: Cold boot attack defense... Starting RAM wipe on shutdown..." + info "wipe-ram.sh: Cold boot attack defense... Starting RAM wipe on shutdown..." drop_caches @@ -46,25 +46,25 @@ ram_wipe() { drop_caches - info "INFO: wipe-ram.sh: RAM wipe completed, OK." + info "wipe-ram.sh: RAM wipe completed, OK." ## In theory might be better to check this beforehand, but the test is ## really fast. The user has no chance of reading the console output ## without introducing an artificial delay because the sdmem which runs ## after this, results in much more console output. - info "INFO: wipe-ram.sh: Checking if there are still mounted encrypted disks..." + info "wipe-ram.sh: Checking if there are still mounted encrypted disks..." local dmsetup_actual_output dmsetup_expected_output dmsetup_actual_output="$(dmsetup ls --target crypt)" dmsetup_expected_output="No devices found" if [ "$dmsetup_actual_output" = "$dmsetup_expected_output" ]; then - info "INFO: wipe-ram.sh: Success, there are no more mounted encrypted disks, OK." + info "wipe-ram.sh: Success, there are no more mounted encrypted disks, OK." ## This should probably be removed in production? sleep 3 else - info "\ -WARNING: wipe-ram.sh: There are still mounted encrypted disks! RAM wipe failed! + warn "\ +wipe-ram.sh: There are still mounted encrypted disks! RAM wipe failed! debugging information: dmsetup_expected_output: '$dmsetup_expected_output' @@ -73,7 +73,7 @@ dmsetup_actual_output: '$dmsetup_actual_output'" sleep 5 fi - kexec -e && info "kexec -e succeeded" || info "kexec -e failed" + kexec -e && info "kexec -e succeeded" || warn "kexec -e failed" } ram_wipe