2018-02-20 23:35:37 +00:00
|
|
|
#!/bin/sh
|
|
|
|
# Boot from a local disk installation
|
|
|
|
|
2018-02-21 23:58:54 +00:00
|
|
|
CONFIG_BOOT_GUI_MENU_NAME='Heads Boot Menu'
|
|
|
|
|
2018-02-20 23:35:37 +00:00
|
|
|
. /etc/functions
|
|
|
|
. /etc/config
|
|
|
|
|
|
|
|
mount_boot()
|
|
|
|
{
|
|
|
|
# Mount local disk if it is not already mounted
|
|
|
|
if ! grep -q /boot /proc/mounts ; then
|
|
|
|
mount -o ro /boot \
|
|
|
|
|| recovery "Unable to mount /boot"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-02-21 23:58:54 +00:00
|
|
|
last_half=X
|
2018-02-20 23:35:37 +00:00
|
|
|
while true; do
|
|
|
|
unset totp_confirm
|
|
|
|
# update the TOTP code every thirty seconds
|
|
|
|
date=`date "+%Y-%m-%d %H:%M:%S"`
|
|
|
|
seconds=`date "+%s"`
|
|
|
|
half=`expr \( $seconds % 60 \) / 30`
|
|
|
|
if [ "$CONFIG_TPM" = n ]; then
|
|
|
|
TOTP="NO TPM"
|
|
|
|
elif [ "$half" != "$last_half" ]; then
|
|
|
|
last_half=$half;
|
|
|
|
TOTP=`unseal-totp` \
|
|
|
|
|| recovery "TOTP code generation failed"
|
|
|
|
fi
|
|
|
|
|
2018-02-21 23:58:54 +00:00
|
|
|
whiptail --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \
|
2018-02-20 23:35:37 +00:00
|
|
|
--menu "$date\nTOTP code: $TOTP" 20 60 8 \
|
|
|
|
'y' ' Default boot' \
|
|
|
|
'n' ' TOTP does not match' \
|
|
|
|
'r' ' Refresh TOTP code' \
|
2018-02-21 23:58:54 +00:00
|
|
|
'm' ' Boot menu' \
|
2018-02-20 23:35:37 +00:00
|
|
|
'u' ' USB boot' \
|
2018-02-21 23:58:54 +00:00
|
|
|
'g' ' Generate new TOTP secret' \
|
2018-02-20 23:35:37 +00:00
|
|
|
'x' ' Exit to recovery shell' \
|
2018-02-21 23:58:54 +00:00
|
|
|
2>/tmp/whiptail || recovery "GUI menu failed"
|
2018-02-20 23:35:37 +00:00
|
|
|
|
|
|
|
totp_confirm=$(cat /tmp/whiptail)
|
|
|
|
|
|
|
|
if [ "$totp_confirm" = "x" ]; then
|
|
|
|
recovery "User requested recovery shell"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$totp_confirm" = "r" ]; then
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$totp_confirm" = "n" ]; then
|
|
|
|
echo ""
|
|
|
|
echo "To correct clock drift: 'date -s HH:MM:SS'"
|
|
|
|
echo "and save it to the RTC: 'hwclock -w'"
|
|
|
|
echo "then reboot and try again"
|
|
|
|
echo ""
|
|
|
|
recovery "TOTP mismatch"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$totp_confirm" = "u" ]; then
|
|
|
|
exec /bin/usb-init
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
|
2018-02-21 23:58:54 +00:00
|
|
|
if [ "$totp_confirm" = "g" ]; then
|
|
|
|
if (whiptail --title 'Generate new TOTP secret' \
|
|
|
|
--yesno "This will erase your old secret and replace it with a new one!\n\nDo you want to proceed?" 16 60) then
|
|
|
|
echo "Scan the QR code to add the new TOTP secret"
|
|
|
|
/bin/seal-totp
|
|
|
|
echo "Hit Enter to return to the main menu"
|
|
|
|
read
|
|
|
|
else
|
|
|
|
echo "Returning to the main menu"
|
|
|
|
fi
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
|
2018-02-20 23:35:37 +00:00
|
|
|
if [ "$totp_confirm" = "m" ]; then
|
|
|
|
# Try to select a kernel from the menu
|
|
|
|
mount_boot
|
2018-02-22 21:18:16 +00:00
|
|
|
kexec-select-boot -m -b /boot -c "grub.cfg" -g
|
2018-02-20 23:35:37 +00:00
|
|
|
continue
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
|
|
|
|
# Try to boot the default
|
|
|
|
mount_boot
|
|
|
|
kexec-select-boot -b /boot -c "grub.cfg" \
|
|
|
|
|| recovery "Failed default boot"
|
|
|
|
fi
|
|
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
recovery "Something failed during boot"
|