search

Nitrokey / heads

A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops and servers.
http://osresearch.net/
GNU General Public License v2.0
15 stars 1 forks source link

Missing file existence check for $TMP_DEFAULT_HASH_FILE #2

Closed szszszsz closed 1 year ago

szszszsz commented 4 years ago

User reported that his boot was stopping after +++ Checking verified default boot hash file message (left for 3-4 hours powered on). I think the most probable cause is the following line:

https://github.com/Nitrokey/heads/blob/624faa1a9d9c7794927757ff49fbb567d6d031fb/initrd/bin/kexec-select-boot#L236

Assuming $TMP_DEFAULT_HASH_FILE variable would be empty this ends with infinite waiting for the input, similarly for calling just sha256sum -c. It should be checked before whether this variable is not empty.

alex-nitrokey commented 4 years ago

Unfortunately, I am not sure if I can add something useful here, currently...

szszszsz commented 4 years ago

In case you would have any ideas what could cause the file to be missing, that would be very helpful! My debugging idea is to not execute the sha256sum tool directly, but to wrap it over a Bash function, which would be checking whether the argument is not empty, and print error otherwise. That would at least tell users to not wait infinitely for process finish.