ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-06 11:10:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
heads/initrd/bin/config-gui.sh

239 lines
8.9 KiB
Bash
Raw Normal View History

Add dual support for real bash and busybox's bash(ash) - modify bash to have it configured with -Os
2023-02-08 16:01:48 -05:00
#!/bin/bash
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
#
set -e -o pipefail
. /etc/functions
*gui.sh: move common ops to gui_functions Move code duplicated across several GUI scripts into a common gui_functions file and include/use that. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-10 12:58:32 -05:00
. /etc/gui_functions
Use global /tmp/config that combines multiple config files As part of the config gui we want to be able to have the system define new config options without them being lost if the user makes their own changes in CBFS. To allow that this change creates a function initiated in init that combines all /etc/config* files into /tmp/config. All existing scripts have been changed to source /tmp/config instead of /etc/config. The config-gui.sh script now uses /etc/config.user to hold user configuration options but the combine_configs function will allow that to expand as others want to split configuration out further. As it stands here are the current config files: /etc/config -- Compiled-in configuration options /etc/config.user -- User preferences that override /etc/config /tmp/config -- Running config referenced by the BIOS, combination of existing configs
2018-12-06 15:24:28 -08:00
. /tmp/config
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
Add TRACE function tracing function to output on console when enabled - Add TRACE function tracing output under etc/functions, depending on CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT enabled in board configs - Replace current DEBUG to TRACE calls in code, reserving DEBUG calls for more verbose debugging later on (output of variables etc) - add 'export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y' in qemu-coreboot(fb)whiptail-tpm1(-hotp) boards to see it in action
2023-02-20 11:01:17 -05:00
TRACE "Under /bin/config-gui.sh"
All scripts and functions: Add DEBUG calling trace on console when CONFIG_DEBUG_OUTPUT is exported in board config -qemu-coreboot-*whiptail-tpm1(-hotp) boards have 'export CONFIG_DEBUG_OUTPUT=y' by default now
2023-02-18 12:58:43 -05:00
Add Root file hash feature Currently Heads will check files in /boot for tampering before booting into a system. It would be nice if you could use the trusted environment within Heads and extend this to check files in / itself. This new script adds that functionality, however due to the length of time it takes to perform these kinds of checks, it doesn't run automatically (yet). This feature can be configured from the config GUI - the root device/ directories to check can be set, and it can be configured to run during boot. To make this a bit easier to use, I added a feature to detect whether the hash file exists and if not, to display a more limited menu to the user guiding them to create the initial hash file. Otherwise it will display the date the file was last modified, which can be useful to determine how stale it is.
2021-09-03 14:20:46 -07:00
ROOT_HASH_FILE="/boot/kexec_root_hashes.txt"
config-gui: add optional param to bypass menu Add optional parameter to bypass menu selection and immediately select a menu option. This allows us to call the 'Set Boot Device' option directly, saving the user an unnecessary step. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-08 22:20:45 -05:00
param=$1
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
while true; do
config-gui: add optional param to bypass menu Add optional parameter to bypass menu selection and immediately select a menu option. This allows us to call the 'Set Boot Device' option directly, saving the user an unnecessary step. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-08 22:20:45 -05:00
if [ ! -z "$param" ]; then
# use first char from parameter
menu_choice=${param::1}
unset param
else
config-gui: filter out invalid boot device options use similar filtering logic as with USB drives to provide the user a more sane list of boot device options. Show user only valid bootable partitions, not block devices. There's no point in showing /dev/nvme0 and /dev/nvme0n1 (eg) when /dev/nvme0n1p[1..n] (eg) exist, as the former are not valid boot devices. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-08 22:23:04 -05:00
unset menu_choice
whiptail: no more whiptail reseting console on call (--clear) So we have console logs to troubleshoot errors and catch them correctly
2022-11-15 15:11:58 -05:00
whiptail $BG_COLOR_MAIN_MENU --title "Config Management Menu" \
whiptail: fixate width to 80 characters and have height dynamic to all whiptail/fbwhiptail prompts
2022-11-09 11:51:27 -05:00
--menu "This menu lets you change settings for the current BIOS session.\n\nAll changes will revert after a reboot,\n\nunless you also save them to the running BIOS." 0 80 10 \
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
'b' ' Change the /boot device' \
config-gui: add 'Full Reset' option Add Full Reset option to clear all GPG keys and user settings, both from the local filesystem and running firmware, and clear/reset the TPM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-09 09:02:46 -05:00
'r' ' Clear GPG key(s) and reset all user settings' \
Add Root file hash feature Currently Heads will check files in /boot for tampering before booting into a system. It would be nice if you could use the trusted environment within Heads and extend this to check files in / itself. This new script adds that functionality, however due to the length of time it takes to perform these kinds of checks, it doesn't run automatically (yet). This feature can be configured from the config GUI - the root device/ directories to check can be set, and it can be configured to run during boot. To make this a bit easier to use, I added a feature to detect whether the hash file exists and if not, to display a more limited menu to the user guiding them to create the initial hash file. Otherwise it will display the date the file was last modified, which can be useful to determine how stale it is.
2021-09-03 14:20:46 -07:00
'R' ' Change the root device for hashing' \
'D' ' Change the root directories to hash' \
'B' ' Check root hashes at boot' \
's' ' Save the current configuration to the running BIOS' \
config-gui: add optional param to bypass menu Add optional parameter to bypass menu selection and immediately select a menu option. This allows us to call the 'Set Boot Device' option directly, saving the user an unnecessary step. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-08 22:20:45 -05:00
'x' ' Return to Main Menu' \
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
2>/tmp/whiptail || recovery "GUI menu failed"
config-gui: filter out invalid boot device options use similar filtering logic as with USB drives to provide the user a more sane list of boot device options. Show user only valid bootable partitions, not block devices. There's no point in showing /dev/nvme0 and /dev/nvme0n1 (eg) when /dev/nvme0n1p[1..n] (eg) exist, as the former are not valid boot devices. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-08 22:23:04 -05:00
menu_choice=$(cat /tmp/whiptail)
config-gui: add optional param to bypass menu Add optional parameter to bypass menu selection and immediately select a menu option. This allows us to call the 'Set Boot Device' option directly, saving the user an unnecessary step. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-08 22:20:45 -05:00
fi
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
case "$menu_choice" in
"x" )
exit 0
;;
"b" )
Show the last setting for a config option if more than one exist
2018-12-06 16:45:40 -08:00
CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'`
etc/functions, gpg-gui: Filter boot device options with '/dev/' Grepping on just 'Disk' can lead to disk UUID identifier strings being added to /tmp/disklist, which then fail to parse later on. Avoid this by grepping on 'Disk /dev' instead. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-01-05 16:13:41 -06:00
if ! fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist.txt ; then
config-gui: Show error if no disks found Currently, if no disks on system, selection of a new /boot device will silently fail and simply return the user to the previous screen. Add an error dialog if no disks found. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-09-23 13:07:07 -05:00
whiptail $BG_COLOR_ERROR --title 'ERROR: No bootable devices found' \
--msgbox " $ERROR\n\n" 16 60
exit 1
fi
config-gui: filter out invalid boot device options use similar filtering logic as with USB drives to provide the user a more sane list of boot device options. Show user only valid bootable partitions, not block devices. There's no point in showing /dev/nvme0 and /dev/nvme0n1 (eg) when /dev/nvme0n1p[1..n] (eg) exist, as the former are not valid boot devices. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-08 22:23:04 -05:00
# filter out extraneous options
> /tmp/boot_device_list.txt
for i in `cat /tmp/disklist.txt`; do
# remove block device from list if numeric partitions exist, since not bootable
Fix eval of DEV_NUM_PARTITIONS Using 'let' in these scripts fails when evaluating to zero for some reason, so replace with '$(())' which works as intended. Test: Boot device selection menu shown properly when new/unpartitioned drive installed. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-27 14:39:13 -06:00
DEV_NUM_PARTITIONS=$((`ls -1 $i* | wc -l`-1))
config-gui: filter out invalid boot device options use similar filtering logic as with USB drives to provide the user a more sane list of boot device options. Show user only valid bootable partitions, not block devices. There's no point in showing /dev/nvme0 and /dev/nvme0n1 (eg) when /dev/nvme0n1p[1..n] (eg) exist, as the former are not valid boot devices. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-08 22:23:04 -05:00
if [ ${DEV_NUM_PARTITIONS} -eq 0 ]; then
echo $i >> /tmp/boot_device_list.txt
else
ls $i* | tail -${DEV_NUM_PARTITIONS} >> /tmp/boot_device_list.txt
fi
done
file_selector "/tmp/boot_device_list.txt" \
"Choose the default /boot device.\n\nCurrently set to $CURRENT_OPTION." \
"Boot Device Selection"
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
if [ "$FILE" == "" ]; then
return
else
SELECTED_FILE=$FILE
fi
config-gui: clean up boot device selection When a new /boot device is selected, wait until after successfully mounting the newly-selected device before updating CONFIG_BOOT_DEV. Also, don't assume /boot already mounted, as this can cause a false failure and prevent mounting of the newly-selected device. Lastly, tidy up the error output in case mounting /boot fails. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-28 18:54:14 -06:00
# unmount /boot if needed
if grep -q /boot /proc/mounts ; then
umount /boot 2>/dev/null
fi
config-gui: mount new /boot after selection Users may wish to temporarily boot an OS from a drive other than their primary boot drive, without changing the default and saving to ROM. Mounting /boot after changing the device selection facilitates this by allowing the user to then choose an unsafe boot from the newly-selected boot drive. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-08-28 21:47:45 -05:00
# mount newly selected /boot device
config-gui: clean up boot device selection When a new /boot device is selected, wait until after successfully mounting the newly-selected device before updating CONFIG_BOOT_DEV. Also, don't assume /boot already mounted, as this can cause a false failure and prevent mounting of the newly-selected device. Lastly, tidy up the error output in case mounting /boot fails. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-28 18:54:14 -06:00
if ! mount -o ro $SELECTED_FILE /boot 2>/tmp/error ; then
config-gui: mount new /boot after selection Users may wish to temporarily boot an OS from a drive other than their primary boot drive, without changing the default and saving to ROM. Mounting /boot after changing the device selection facilitates this by allowing the user to then choose an unsafe boot from the newly-selected boot drive. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-08-28 21:47:45 -05:00
ERROR=`cat /tmp/error`
Drop duplicate board-specific background color configs Set and export currently-used defaults in gui-init, but still allow for inidividual boards to override via config if desired. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-23 18:07:34 -05:00
whiptail $BG_COLOR_ERROR --title 'ERROR: unable to mount /boot' \
config-gui: clean up boot device selection When a new /boot device is selected, wait until after successfully mounting the newly-selected device before updating CONFIG_BOOT_DEV. Also, don't assume /boot already mounted, as this can cause a false failure and prevent mounting of the newly-selected device. Lastly, tidy up the error output in case mounting /boot fails. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-28 18:54:14 -06:00
--msgbox " $ERROR\n\n" 16 60
config-gui: mount new /boot after selection Users may wish to temporarily boot an OS from a drive other than their primary boot drive, without changing the default and saving to ROM. Mounting /boot after changing the device selection facilitates this by allowing the user to then choose an unsafe boot from the newly-selected boot drive. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-08-28 21:47:45 -05:00
exit 1
fi
config-gui: clean up boot device selection When a new /boot device is selected, wait until after successfully mounting the newly-selected device before updating CONFIG_BOOT_DEV. Also, don't assume /boot already mounted, as this can cause a false failure and prevent mounting of the newly-selected device. Lastly, tidy up the error output in case mounting /boot fails. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-28 18:54:14 -06:00
replace_config /etc/config.user "CONFIG_BOOT_DEV" "$SELECTED_FILE"
combine_configs
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
whiptail --title 'Config change successful' \
--msgbox "The /boot device was successfully changed to $SELECTED_FILE" 16 60
;;
"s" )
/bin/flash.sh -r /tmp/config-gui.rom
if [ ! -s /tmp/config-gui.rom ]; then
Drop duplicate board-specific background color configs Set and export currently-used defaults in gui-init, but still allow for inidividual boards to override via config if desired. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-23 18:07:34 -05:00
whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
--msgbox "Unable to read BIOS" 16 60
exit 1
fi
Add cbfs wrapper script to handle PNOR Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-10-10 00:24:16 +03:00
if (cbfs.sh -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then
cbfs.sh -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user"
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
fi
Add cbfs wrapper script to handle PNOR Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-10-10 00:24:16 +03:00
cbfs.sh -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user
config-gui: fix Save Config option when commit [928f003] config-gui: add 'Full Reset' option was added, the bottom end of the save config option was accidentally truncated; restore it to fix save config option Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:13:27 -06:00
if (whiptail --title 'Update ROM?' \
whiptail: fixate width to 80 characters and have height dynamic to all whiptail/fbwhiptail prompts
2022-11-09 11:51:27 -05:00
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80) then
config-gui: fix Save Config option when commit [928f003] config-gui: add 'Full Reset' option was added, the bottom end of the save config option was accidentally truncated; restore it to fix save config option Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:13:27 -06:00
/bin/flash.sh /tmp/config-gui.rom
whiptail --title 'BIOS Updated Successfully' \
--msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 16 60
/bin/reboot
else
exit 0
fi
config-gui: add 'Full Reset' option Add Full Reset option to clear all GPG keys and user settings, both from the local filesystem and running firmware, and clear/reset the TPM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-09 09:02:46 -05:00
;;
"r" )
# prompt for confirmation
gui*: Improve consistency of background color use Persist the background color (and error state) through the main menu and all submenus. Use warning background color for destructive operations, error color for errors. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-09-23 12:56:17 -05:00
if (whiptail $BG_COLOR_WARNING --title 'Reset Configuration?' \
config-gui: add 'Full Reset' option Add Full Reset option to clear all GPG keys and user settings, both from the local filesystem and running firmware, and clear/reset the TPM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-09 09:02:46 -05:00
--yesno "This will clear all GPG keys, clear boot signatures and checksums,
\nreset the /boot device, clear/reset the TPM (if present),
\nand reflash your BIOS with the cleaned configuration.
whiptail: fixate width to 80 characters and have height dynamic to all whiptail/fbwhiptail prompts
2022-11-09 11:51:27 -05:00
\n\nDo you want to proceed?" 0 80) then
config-gui: add 'Full Reset' option Add Full Reset option to clear all GPG keys and user settings, both from the local filesystem and running firmware, and clear/reset the TPM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-09 09:02:46 -05:00
# read current firmware
/bin/flash.sh -r /tmp/config-gui.rom
if [ ! -s /tmp/config-gui.rom ]; then
Drop duplicate board-specific background color configs Set and export currently-used defaults in gui-init, but still allow for inidividual boards to override via config if desired. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-23 18:07:34 -05:00
whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \
config-gui: add 'Full Reset' option Add Full Reset option to clear all GPG keys and user settings, both from the local filesystem and running firmware, and clear/reset the TPM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-09 09:02:46 -05:00
--msgbox "Unable to read BIOS" 16 60
exit 1
fi
# clear local keyring
rm /.gnupg/* | true
# clear /boot signatures/checksums
mount -o remount,rw /boot
rm /boot/kexec* | true
mount -o remount,ro /boot
# clear GPG keys and user settings
Add cbfs wrapper script to handle PNOR Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-10-10 00:24:16 +03:00
for i in `cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"`; do
cbfs.sh -o /tmp/config-gui.rom -d $i
config-gui: add 'Full Reset' option Add Full Reset option to clear all GPG keys and user settings, both from the local filesystem and running firmware, and clear/reset the TPM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-09 09:02:46 -05:00
done
# flash cleared ROM
/bin/flash.sh -c /tmp/config-gui.rom
# reset TPM if present
tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1. Most logic throughout Heads doesn't need to know TPM1 versus TPM2 (and shouldn't, the differences should be localized). Some checks were incorrect and are fixed by this change. Most checks are now unchanged relative to master. There are not that many places outside of tpmr that need to differentiate TPM1 and TPM2. Some of those are duplicate code that should be consolidated (seal-hotpkey, unseal-totp, unseal-hotp), and some more are probably good candidates for abstracting in tpmr so the business logic doesn't have to know TPM1 vs. TPM2. Previously, CONFIG_TPM could be variously 'y', 'n', or empty. Now it is always 'y' or 'n', and 'y' means "any TPM". Board configs are unchanged, setting CONFIG_TPM2_TOOLS=y implies CONFIG_TPM=y so this doesn't have to be duplicated and can't be mistakenly mismatched. There were a few checks for CONFIG_TPM = n that only coincidentally worked for TPM2 because CONFIG_TPM was empty (not 'n'). This test is now OK, but the checks were also cleaned up to '!= "y"' for robustness. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-02-22 16:30:07 -05:00
if [ "$CONFIG_TPM" = "y" ]; then
config-gui: add 'Full Reset' option Add Full Reset option to clear all GPG keys and user settings, both from the local filesystem and running firmware, and clear/reset the TPM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-07-09 09:02:46 -05:00
/bin/tpm-reset
fi
whiptail --title 'Configuration Reset Updated Successfully' \
--msgbox "Configuration reset and BIOS updated successfully.\n\nPress Enter to reboot" 16 60
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
/bin/reboot
config-gui: fix Save Config option when commit [928f003] config-gui: add 'Full Reset' option was added, the bottom end of the save config option was accidentally truncated; restore it to fix save config option Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:13:27 -06:00
else
exit 0
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
fi
;;
Add Root file hash feature Currently Heads will check files in /boot for tampering before booting into a system. It would be nice if you could use the trusted environment within Heads and extend this to check files in / itself. This new script adds that functionality, however due to the length of time it takes to perform these kinds of checks, it doesn't run automatically (yet). This feature can be configured from the config GUI - the root device/ directories to check can be set, and it can be configured to run during boot. To make this a bit easier to use, I added a feature to detect whether the hash file exists and if not, to display a more limited menu to the user guiding them to create the initial hash file. Otherwise it will display the date the file was last modified, which can be useful to determine how stale it is.
2021-09-03 14:20:46 -07:00
"R" )
CURRENT_OPTION=`grep 'CONFIG_ROOT_DEV=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'`
fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist.txt
# filter out extraneous options
> /tmp/root_device_list.txt
for i in `cat /tmp/disklist.txt`; do
# remove block device from list if numeric partitions exist, since not bootable
DEV_NUM_PARTITIONS=$((`ls -1 $i* | wc -l`-1))
if [ ${DEV_NUM_PARTITIONS} -eq 0 ]; then
echo $i >> /tmp/root_device_list.txt
else
ls $i* | tail -${DEV_NUM_PARTITIONS} >> /tmp/root_device_list.txt
fi
done
file_selector "/tmp/root_device_list.txt" \
"Choose the default root device.\n\nCurrently set to $CURRENT_OPTION." \
"Root Device Selection"
if [ "$FILE" == "" ]; then
return
else
SELECTED_FILE=$FILE
fi
replace_config /etc/config.user "CONFIG_ROOT_DEV" "$SELECTED_FILE"
combine_configs
whiptail --title 'Config change successful' \
--msgbox "The root device was successfully changed to $SELECTED_FILE" 0 80
;;
"D" )
CURRENT_OPTION=`grep 'CONFIG_ROOT_DIRLIST=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'`
echo "The current list of directories to hash is $CURRENT_OPTION"
echo -e "\nEnter the new list of directories separated by spaces, without any beginning forward slashes:"
echo -e "(Press enter with the list empty to cancel)"
read -r NEW_CONFIG_ROOT_DIRLIST
# strip any leading forward slashes in case the user ignored us
NEW_CONFIG_ROOT_DIRLIST=$(echo $NEW_CONFIG_ROOT_DIRLIST | sed -e 's/^\///;s/ \// /g')
#check if list empty
if [ -s $NEW_CONFIG_ROOT_DIRLIST ] ; then
whiptail --title 'Config change canceled' \
--msgbox "Root device directory change canceled by user" 0 80
break
fi
replace_config /etc/config.user "CONFIG_ROOT_DIRLIST" "$NEW_CONFIG_ROOT_DIRLIST"
combine_configs
whiptail --title 'Config change successful' \
--msgbox "The root directories to hash was successfully changed to:\n$NEW_CONFIG_ROOT_DIRLIST" 0 80
;;
"B" )
CURRENT_OPTION=`grep 'CONFIG_ROOT_CHECK_AT_BOOT=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'`
if [ "$CURRENT_OPTION" = "n" ]; then
if (whiptail --title 'Enable Root Hash Check at Boot?' \
--yesno "This will enable checking root hashes each time you boot.
\nDepending on the directories you are checking, this might add
\na minute or more to the boot time.
\n\nDo you want to proceed?" 0 80) then
replace_config /etc/config.user "CONFIG_ROOT_CHECK_AT_BOOT" "y"
combine_configs
# check that root hash file exists
if [ ! -f ${ROOT_HASH_FILE} ]; then
if (whiptail --title 'Generate Root Hash File' \
--yesno "\nNo root hash file exists.
\nWould you like to create the initial hash file now?" 0 80) then
root-hashes-gui.sh -n
fi
fi
whiptail --title 'Config change successful' \
--msgbox "The root device will be checked at each boot." 0 80
fi
else
if (whiptail --title 'Disable Root Hash Check at Boot?' \
--yesno "This will disable checking root hashes each time you boot.
\n\nDo you want to proceed?" 0 80) then
replace_config /etc/config.user "CONFIG_ROOT_CHECK_AT_BOOT" "n"
combine_configs
whiptail --title 'Config change successful' \
--msgbox "The root device will not be checked at each boot." 0 80
fi
fi
;;
Add a configuration GUI script This change will add a new GUI script that will allow users to change their running configuration (currently just /boot and USB boot options) and optionally persist that modified configuration with reflashing the BIOS with a modified cbfs.
2018-12-06 10:43:34 -08:00
esac
done
exit 0
Reference in New Issue Copy Permalink