2018-02-20 23:35:37 +00:00
#!/bin/sh
# Boot from a local disk installation
2020-10-23 22:18:20 +00:00
BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}}
MAIN_MENU_TITLE="${BOARD_NAME} | Heads Boot Menu"
2020-10-23 23:07:34 +00:00
export BG_COLOR_WARNING="${CONFIG_WARNING_BG_COLOR:-"--background-gradient 0 0 0 150 125 0"}"
export BG_COLOR_ERROR="${CONFIG_ERROR_BG_COLOR:-"--background-gradient 0 0 0 150 0 0"}"
2018-02-21 23:58:54 +00:00
2018-02-20 23:35:37 +00:00
. /etc/functions
2018-12-06 23:24:28 +00:00
. /tmp/config
2018-02-20 23:35:37 +00:00
2020-01-14 23:04:28 +00:00
first_pass=true
2018-02-20 23:35:37 +00:00
mount_boot()
{
2019-07-08 01:47:04 +00:00
2018-02-23 20:13:21 +00:00
# Mount local disk if it is not already mounted
2019-07-08 01:47:04 +00:00
while ! grep -q /boot /proc/mounts ; do
2020-10-23 23:35:39 +00:00
# try to mount if CONFIG_BOOT_DEV exists
if [ -e "$CONFIG_BOOT_DEV" ]; then
mount -o ro $CONFIG_BOOT_DEV /boot
[[ $? -eq 0 ]] && continue
2019-07-08 01:47:04 +00:00
fi
2020-10-23 23:35:39 +00:00
# CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
--menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
How would you like to proceed?" 30 90 4 \
'b' ' Select a new boot device' \
'u' ' Boot from USB' \
'm' ' Continue to the main menu' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
option=$(cat /tmp/whiptail)
case "$option" in
b )
2019-07-09 03:27:40 +00:00
config-gui.sh boot_device_select
2020-10-23 23:35:39 +00:00
if [ $? -eq 0 ]; then
# update CONFIG_BOOT_DEV
. /tmp/config
fi
;;
u )
exec /bin/usb-init
;;
m )
break
;;
* )
recovery "User requested recovery shell"
;;
esac
2019-07-08 01:47:04 +00:00
done
2018-02-20 23:35:37 +00:00
}
2018-04-03 22:20:34 +00:00
verify_global_hashes()
{
# Check the hashes of all the files, ignoring signatures for now
check_config /boot force
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
TMP_PACKAGE_TRIGGER_PRE="/tmp/kexec/kexec_package_trigger_pre.txt"
TMP_PACKAGE_TRIGGER_POST="/tmp/kexec/kexec_package_trigger_post.txt"
2020-07-13 22:22:40 +00:00
if ( cd /boot && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ) then
2018-04-03 22:20:34 +00:00
return 0
elif [ ! -f $TMP_HASH_FILE ]; then
2020-10-23 23:07:34 +00:00
if (whiptail $BG_COLOR_ERROR --clear --title 'ERROR: Missing Hash File!' \
2018-05-03 17:45:45 +00:00
--yesno "The file containing hashes for /boot is missing!\n\nIf you are setting this system up for the first time, select Yes to update\nyour list of checksums.\n\nOtherwise this could indicate a compromise and you should select No to\nreturn to the main menu.\n\nWould you like to update your checksums now?" 30 90) then
2019-12-10 15:53:24 +00:00
update_checksums
2018-04-03 22:20:34 +00:00
fi
return 1
else
CHANGED_FILES=$(grep -v 'OK$' /tmp/hash_output | cut -f1 -d ':')
# if files changed before package manager started, show stern warning
if [ -f "$TMP_PACKAGE_TRIGGER_PRE" ]; then
PRE_CHANGED_FILES=$(grep '^CHANGED_FILES' $TMP_PACKAGE_TRIGGER_POST | cut -f 2 -d '=' | tr -d '"')
2018-05-01 21:23:56 +00:00
TEXT="The following files failed the verification process BEFORE package updates ran:\n${PRE_CHANGED_FILES}\n\nCompare against the files Heads has detected have changed:\n${CHANGED_FILES}\n\nThis could indicate a compromise!\n\nWould you like to update your checksums anyway?"
2018-04-03 22:20:34 +00:00
# if files changed after package manager started, probably caused by package manager
elif [ -f "$TMP_PACKAGE_TRIGGER_POST" ]; then
LAST_PACKAGE_LIST=$(grep -E "^(Install|Remove|Upgrade|Reinstall):" $TMP_PACKAGE_TRIGGER_POST)
UPDATE_INITRAMFS_PACKAGE=$(grep '^UPDATE_INITRAMFS_PACKAGE' $TMP_PACKAGE_TRIGGER_POST | cut -f 2 -d '=' | tr -d '"')
if [ "$UPDATE_INITRAMFS_PACKAGE" != "" ]; then
TEXT="The following files failed the verification process AFTER package updates ran:\n${CHANGED_FILES}\n\nThis is likely due to package triggers in$UPDATE_INITRAMFS_PACKAGE.\n\nYou will need to update your checksums for all files in /boot.\n\nWould you like to update your checksums now?"
else
TEXT="The following files failed the verification process AFTER package updates ran:\n${CHANGED_FILES}\n\nThis might be due to the following package updates:\n$LAST_PACKAGE_LIST.\n\nYou will need to update your checksums for all files in /boot.\n\nWould you like to update your checksums now?"
fi
else
2020-07-10 23:09:05 +00:00
TEXT="The following files failed the verification process:\n\n${CHANGED_FILES}\n\nThis could indicate a compromise!\n\nWould you like to update your checksums now?"
2018-04-03 22:20:34 +00:00
fi
2020-10-23 23:07:34 +00:00
if (whiptail $BG_COLOR_ERROR --clear --title 'ERROR: Boot Hash Mismatch' --yesno "$TEXT" 30 90) then
2019-12-10 15:53:24 +00:00
update_checksums
2018-04-03 22:20:34 +00:00
fi
return 1
fi
}
2019-07-05 22:04:00 +00:00
prompt_update_checksums()
2018-04-03 22:20:34 +00:00
{
if (whiptail --title 'Update Checksums and sign all files in /boot' \
2020-07-10 23:09:05 +00:00
--yesno "You have chosen to update the checksums and sign all of the files in /boot.\n\nThis means that you trust that these files have not been tampered with.\n\nYou will need your GPG key available, and this change will modify your disk.\n\nDo you want to continue?" 16 90) then
2019-07-05 22:04:00 +00:00
update_checksums
2018-04-03 22:20:34 +00:00
else
echo "Returning to the main menu"
fi
}
2018-06-19 19:27:27 +00:00
update_totp()
{
echo "Scan the QR code to add the new TOTP secret"
/bin/seal-totp
2020-06-25 13:35:47 +00:00
if [ -x /bin/hotp_verification ]; then
2020-06-24 15:54:39 +00:00
echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)"
2018-06-19 19:27:27 +00:00
read
2020-06-24 15:44:29 +00:00
/bin/seal-hotpkey
2018-06-19 19:27:27 +00:00
else
2019-07-09 03:25:57 +00:00
echo "Once you have scanned the QR code, hit Enter to continue"
2018-06-19 19:27:27 +00:00
read
fi
}
2018-02-20 23:35:37 +00:00
2019-08-19 22:09:42 +00:00
clean_boot_check()
{
# assume /boot mounted
if ! grep -q /boot /proc/mounts ; then
return
fi
# check for any kexec files in /boot
kexec_files=`find /boot -name kexec*.txt`
[ ! -z "$kexec_files" ] && return
#check for GPG key in keyring
GPG_KEY_COUNT=`gpg -k 2>/dev/null | wc -l`
[ $GPG_KEY_COUNT -ne 0 ] && return
# check for USB security token
2020-06-11 13:29:51 +00:00
if [ "$CONFIG_HOTPKEY" = "y" ]; then
2020-02-19 22:27:57 +00:00
enable_usb
if ! gpg --card-status > /dev/null ; then
return
fi
2019-08-19 22:09:42 +00:00
fi
# OS is installed, no kexec files present, no GPG keys in keyring, security token present
# prompt user to run OEM factory reset
oem-factory-reset \
2020-10-23 23:07:34 +00:00
"Clean Boot Detected - Perform OEM Factory Reset?" "$BG_COLOR_WARNING"
2019-08-19 22:09:42 +00:00
}
if detect_boot_device ; then
# /boot device with installed OS found
clean_boot_check
else
# can't determine /boot device or no OS installed,
# so fall back to interactive selection
mount_boot
fi
2019-05-27 16:45:09 +00:00
2020-06-24 15:36:53 +00:00
# Use stored HOTP key branding
if [ -r /boot/kexec_hotp_key ]; then
2020-06-24 16:12:56 +00:00
HOTPKEY_BRANDING="$(cat /boot/kexec_hotp_key)"
2020-06-24 15:36:53 +00:00
else
2020-06-24 16:12:56 +00:00
HOTPKEY_BRANDING="HOTP USB Security Dongle"
2020-06-24 15:36:53 +00:00
fi
2018-02-21 23:58:54 +00:00
last_half=X
2018-02-20 23:35:37 +00:00
while true; do
2018-02-23 20:13:21 +00:00
MAIN_MENU_OPTIONS=""
2018-06-21 23:04:46 +00:00
MAIN_MENU_BG_COLOR=""
2018-02-20 23:35:37 +00:00
unset totp_confirm
2018-12-04 00:09:55 +00:00
# detect whether any GPG keys exist in the keyring, if not, initialize that first
GPG_KEY_COUNT=`gpg -k 2>/dev/null | wc -l`
if [ $GPG_KEY_COUNT -eq 0 ]; then
2020-10-23 23:07:34 +00:00
whiptail $BG_COLOR_ERROR --clear --title "ERROR: GPG keyring empty!" \
2018-12-12 22:09:19 +00:00
--menu "ERROR: Heads couldn't find any GPG keys in your keyring.\n\nIf this is the first time the system has booted,\nyou should add a public GPG key to the BIOS now.\n\nIf you just reflashed a new BIOS, you'll need to add at least one\npublic key to the keyring.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 30 90 4 \
2019-02-11 22:29:13 +00:00
'G' ' Add a GPG key to the running BIOS' \
2020-08-04 20:52:18 +00:00
'i' ' Ignore error and continue to main menu' \
2018-12-04 00:09:55 +00:00
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
2018-02-23 20:13:21 +00:00
totp_confirm=$(cat /tmp/whiptail)
2018-12-04 00:09:55 +00:00
fi
if [ "$totp_confirm" = "i" -o -z "$totp_confirm" ]; then
# update the TOTP code every thirty seconds
date=`date "+%Y-%m-%d %H:%M:%S"`
seconds=`date "+%s"`
half=`expr \( $seconds % 60 \) / 30`
if [ "$CONFIG_TPM" = n ]; then
TOTP="NO TPM"
elif [ "$half" != "$last_half" ]; then
last_half=$half;
TOTP=`unseal-totp`
if [ $? -ne 0 ]; then
2020-10-23 23:07:34 +00:00
whiptail $BG_COLOR_ERROR --clear --title "ERROR: TOTP Generation Failed!" \
2019-08-21 20:39:34 +00:00
--menu " ERROR: Heads couldn't generate the TOTP code.\n
If you have just completed a Factory Reset, or just reflashed
your BIOS, you should generate a new HOTP/TOTP secret.\n
If this is the first time the system has booted, you should
reset the TPM and set your own password.\n
If you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n
How would you like to proceed?" 30 90 4 \
'g' ' Generate new HOTP/TOTP secret' \
2020-08-04 20:52:18 +00:00
'i' ' Ignore error and continue to main menu' \
2018-11-30 23:32:29 +00:00
'p' ' Reset the TPM' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
2018-12-04 00:09:55 +00:00
totp_confirm=$(cat /tmp/whiptail)
2018-11-30 23:32:29 +00:00
fi
2018-02-23 20:13:21 +00:00
fi
fi
if [ "$totp_confirm" = "i" -o -z "$totp_confirm" ]; then
2020-06-25 13:35:47 +00:00
if [ -x /bin/hotp_verification ]; then
2018-06-19 19:27:27 +00:00
HOTP=`unseal-hotp`
enable_usb
2020-06-25 13:35:47 +00:00
if ! hotp_verification info ; then
2020-10-23 23:07:34 +00:00
whiptail $BG_COLOR_WARNING --clear \
2020-06-24 16:12:56 +00:00
--title "WARNING: Please Insert Your $HOTPKEY_BRANDING" \
--msgbox "Your $HOTPKEY_BRANDING was not detected.\n\nPlease insert your $HOTPKEY_BRANDING" 30 90
2018-12-05 22:51:53 +00:00
fi
2018-06-19 19:27:27 +00:00
# Don't output HOTP codes to screen, so as to make replay attacks harder
2020-06-25 13:35:47 +00:00
hotp_verification check $HOTP
2018-06-19 19:27:27 +00:00
case "$?" in
0 )
2018-07-03 19:40:52 +00:00
HOTP="Success"
2018-06-19 19:27:27 +00:00
;;
4 )
2018-07-03 19:40:52 +00:00
HOTP="Invalid code"
2020-10-23 23:07:34 +00:00
MAIN_MENU_BG_COLOR=$BG_COLOR_ERROR
2018-06-19 19:27:27 +00:00
;;
* )
2020-06-24 16:12:56 +00:00
HOTP="Error checking code, Insert $HOTPKEY_BRANDING and retry"
2020-10-23 23:07:34 +00:00
MAIN_MENU_BG_COLOR=$BG_COLOR_WARNING
2018-06-19 19:27:27 +00:00
;;
esac
else
HOTP='N/A'
fi
2020-01-14 23:04:28 +00:00
if [[ "$HOTP" = "Success" && $CONFIG_AUTO_BOOT_TIMEOUT && $first_pass = true ]]; then
# save IFS before changing, restore after read
IFS_DEF=$IFS
IFS=''
first_pass=false
echo -e "\nHOTP verification success\n\n"
read -t $CONFIG_AUTO_BOOT_TIMEOUT -s -n 1 -p "Automatic boot in $CONFIG_AUTO_BOOT_TIMEOUT seconds unless interrupted by keypress... "
if [[ $? -ne 0 ]]; then
IFS=$IFS_DEF
# skip to default boot
totp_confirm='y'
echo -e "\n\nAttempting default boot...\n\n"
fi
IFS=$IFS_DEF
fi
2018-03-14 17:14:22 +00:00
2020-01-14 23:04:28 +00:00
if [ "$totp_confirm" != "y" -o -z "$totp_confirm" ]; then
whiptail $MAIN_MENU_BG_COLOR --clear --title "$MAIN_MENU_TITLE" \
--menu "$date\nTOTP: $TOTP | HOTP: $HOTP" 20 90 10 \
'y' ' Default boot' \
'r' ' Refresh TOTP/HOTP' \
'a' ' Options -->' \
'S' ' System Info' \
'P' ' Power Off' \
2>/tmp/whiptail || recovery "GUI menu failed"
totp_confirm=$(cat /tmp/whiptail)
fi
2018-03-14 17:14:22 +00:00
fi
if [ "$totp_confirm" = "a" ]; then
2019-06-27 22:30:54 +00:00
whiptail --clear --title "HEADS Options" \
--menu "" 20 90 10 \
'o' ' Boot Options -->' \
2019-02-11 22:29:13 +00:00
't' ' TPM/TOTP/HOTP Options -->' \
2018-03-14 17:14:22 +00:00
's' ' Update checksums and sign all files in /boot' \
2018-12-06 18:43:34 +00:00
'c' ' Change configuration settings -->' \
2018-05-17 22:31:23 +00:00
'f' ' Flash/Update the BIOS -->' \
2019-02-11 22:29:13 +00:00
'G' ' GPG Options -->' \
2019-08-16 14:33:17 +00:00
'F' ' OEM Factory Reset -->' \
2019-05-24 21:25:22 +00:00
'x' ' Exit to recovery shell' \
2018-03-14 17:14:22 +00:00
'r' ' <-- Return to main menu' \
2018-02-23 20:13:21 +00:00
2>/tmp/whiptail || recovery "GUI menu failed"
totp_confirm=$(cat /tmp/whiptail)
fi
2018-11-30 23:32:29 +00:00
if [ "$totp_confirm" = "o" ]; then
2019-06-27 22:30:54 +00:00
whiptail --clear --title "Boot Options" \
2018-11-30 23:32:29 +00:00
--menu "Select A Boot Option" 20 90 10 \
'm' ' Show OS boot menu' \
'u' ' USB boot' \
'i' ' Ignore tampering and force a boot (Unsafe!)' \
'r' ' <-- Return to main menu' \
2>/tmp/whiptail || recovery "GUI menu failed"
totp_confirm=$(cat /tmp/whiptail)
fi
2019-02-11 22:29:13 +00:00
if [ "$totp_confirm" = "t" ]; then
whiptail --clear --title "TPM/TOTP/HOTP Options" \
--menu "Select An Option" 20 90 10 \
'g' ' Generate new TOTP/HOTP secret' \
'p' ' Reset the TPM' \
'n' ' TOTP/HOTP does not match after refresh, troubleshoot' \
'r' ' <-- Return to main menu' \
2>/tmp/whiptail || recovery "GUI menu failed"
totp_confirm=$(cat /tmp/whiptail)
fi
2018-02-23 20:13:21 +00:00
if [ "$totp_confirm" = "x" ]; then
recovery "User requested recovery shell"
fi
if [ "$totp_confirm" = "r" ]; then
continue
fi
if [ "$totp_confirm" = "n" ]; then
2020-10-23 23:07:34 +00:00
if (whiptail $BG_COLOR_WARNING --title "TOTP/HOTP code mismatched" \
2018-06-19 19:27:27 +00:00
--yesno "TOTP/HOTP code mismatches could indicate either TPM tampering or clock drift:\n\nTo correct clock drift: 'date -s HH:MM:SS'\nand save it to the RTC: 'hwclock -w'\nthen reboot and try again.\n\nWould you like to exit to a recovery console?" 30 90) then
2018-02-23 20:13:21 +00:00
echo ""
echo "To correct clock drift: 'date -s HH:MM:SS'"
echo "and save it to the RTC: 'hwclock -w'"
echo "then reboot and try again"
echo ""
2018-06-19 19:27:27 +00:00
recovery "TOTP/HOTP mismatch"
2018-02-23 20:13:21 +00:00
else
continue
fi
fi
if [ "$totp_confirm" = "u" ]; then
exec /bin/usb-init
continue
fi
if [ "$totp_confirm" = "g" ]; then
2018-06-19 19:27:27 +00:00
if (whiptail --title 'Generate new TOTP/HOTP secret' \
2018-05-01 22:20:35 +00:00
--yesno "This will erase your old secret and replace it with a new one!\n\nDo you want to proceed?" 16 90) then
2018-06-19 19:27:27 +00:00
update_totp
2018-03-09 00:36:56 +00:00
else
echo "Returning to the main menu"
fi
continue
fi
if [ "$totp_confirm" = "p" ]; then
2020-07-24 00:54:53 +00:00
if [ "$CONFIG_TPM" = "y" ]; then
if (whiptail --title 'Reset the TPM' \
--yesno "This will clear the TPM and TPM password, replace them with new ones!\n\nDo you want to proceed?" 16 90) then
/bin/tpm-reset
2018-04-03 22:20:34 +00:00
2020-07-24 00:54:53 +00:00
# now that the TPM is reset, remove invalid TPM counter files
mount_boot
mount -o rw,remount /boot
rm -f /boot/kexec_rollback.txt
2018-06-19 19:27:27 +00:00
2020-07-24 00:54:53 +00:00
# create Heads TPM counter before any others
check_tpm_counter /boot/kexec_rollback.txt \
|| die "Unable to find/create tpm counter"
counter="$TPM_COUNTER"
2018-06-19 19:27:27 +00:00
2020-07-24 00:54:53 +00:00
increment_tpm_counter $counter \
|| die "Unable to increment tpm counter"
2018-06-19 23:28:37 +00:00
2020-07-24 00:54:53 +00:00
sha256sum /tmp/counter-$counter > /boot/kexec_rollback.txt \
|| die "Unable to create rollback file"
mount -o ro,remount /boot
2018-04-03 22:20:34 +00:00
2020-07-24 00:54:53 +00:00
update_totp
else
echo "Returning to the main menu"
fi
2018-02-23 20:13:21 +00:00
else
2020-07-24 00:54:53 +00:00
whiptail --clear --title 'ERROR: No TPM Detected' --msgbox "This device does not have a TPM.\n\nPress OK to return to the Main Menu" 30 90
2018-02-23 20:13:21 +00:00
fi
continue
fi
if [ "$totp_confirm" = "m" ]; then
# Try to select a kernel from the menu
mount_boot
2018-04-03 22:20:34 +00:00
verify_global_hashes
if [ $? -ne 0 ]; then
continue
fi
2018-02-23 20:13:21 +00:00
kexec-select-boot -m -b /boot -c "grub.cfg" -g
continue
fi
2018-03-05 22:46:15 +00:00
if [ "$totp_confirm" = "i" ]; then
# Run the menu selection in "force" mode, bypassing hash checks
2020-10-23 23:07:34 +00:00
if (whiptail $BG_COLOR_WARNING --title 'Unsafe Forced Boot Selected!' \
2018-05-01 22:20:35 +00:00
--yesno "WARNING: You have chosen to skip all tamper checks and boot anyway.\n\nThis is an unsafe option!\n\nDo you want to proceed?" 16 90) then
2018-03-05 22:46:15 +00:00
mount_boot
kexec-select-boot -m -b /boot -c "grub.cfg" -g -f
else
echo "Returning to the main menu"
fi
continue
fi
2018-03-14 17:14:22 +00:00
if [ "$totp_confirm" = "s" ]; then
2019-07-05 22:04:00 +00:00
prompt_update_checksums
2018-03-14 17:14:22 +00:00
continue
fi
2018-12-06 18:43:34 +00:00
if [ "$totp_confirm" = "c" ]; then
config-gui.sh
continue
fi
2018-05-11 19:27:50 +00:00
if [ "$totp_confirm" = "f" ]; then
2018-05-11 21:08:31 +00:00
flash-gui.sh
2018-05-11 19:27:50 +00:00
continue
fi
2019-02-11 22:29:13 +00:00
if [ "$totp_confirm" = "G" ]; then
gpg-gui.sh
continue
fi
2020-06-24 08:07:36 +00:00
if [ "$totp_confirm" = "S" ]; then
2020-06-25 07:58:01 +00:00
memtotal=$(cat /proc/meminfo | grep 'MemTotal' | tr -s ' ' | cut -f2 -d ' ')
2020-07-01 16:44:40 +00:00
memtotal=$((${memtotal} / 1024 / 1024 + 1))
2020-06-25 07:58:01 +00:00
cpustr=$(cat /proc/cpuinfo | grep 'model name' | uniq | sed -r 's/\(R\)//;s/\(TM\)//;s/CPU //;s/model name.*: //')
2020-10-23 22:20:00 +00:00
kernel=$(uname -s -r)
whiptail --title 'System Info' \
--msgbox "${BOARD_NAME}\n\nFW_VER: ${FW_VER}\nKernel: ${kernel}\n\nCPU: ${cpustr}\nRAM: ${memtotal} GB\n\n$(fdisk -l | grep -e '/dev/sd.:' -e '/dev/nvme.*:' | sed 's/B,.*/B/')" 16 60
2020-06-24 08:07:36 +00:00
continue
fi
2019-08-16 14:33:17 +00:00
if [ "$totp_confirm" = "F" ]; then
oem-factory-reset
continue
fi
2019-05-24 09:23:28 +00:00
if [ "$totp_confirm" = "P" ]; then
poweroff
fi
2018-02-23 20:13:21 +00:00
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
# Try to boot the default
mount_boot
2018-04-03 22:20:34 +00:00
verify_global_hashes
if [ $? -ne 0 ]; then
continue
fi
DEFAULT_FILE=`find /boot/kexec_default.*.txt 2>/dev/null | head -1`
2018-02-23 20:13:21 +00:00
if [ -r "$DEFAULT_FILE" ]; then
2018-03-08 19:41:44 +00:00
kexec-select-boot -b /boot -c "grub.cfg" -g \
2018-02-23 20:13:21 +00:00
|| recovery "Failed default boot"
else
if (whiptail --title 'No Default Boot Option Configured' \
2018-05-01 22:20:35 +00:00
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
2018-02-23 20:13:21 +00:00
kexec-select-boot -m -b /boot -c "grub.cfg" -g
else
echo "Returning to the main menu"
fi
continue
fi
fi
2018-02-20 23:35:37 +00:00
done
recovery "Something failed during boot"
