heads/initrd/init

67 lines
1.4 KiB
Plaintext
Raw Normal View History

2016-07-25 14:08:53 +00:00
#!/bin/ash
2016-08-01 02:39:07 +00:00
# First thing it is vital to mount the /dev and other system directories
mkdir /proc /sys /dev /tmp /boot 2>&- 1>&-
2016-08-01 02:39:07 +00:00
mount -t devtmpfs none /dev
mount -t proc none /proc
mount -t sysfs none /sys
# Setup our path
export PATH=/sbin:/bin
2016-08-01 02:39:07 +00:00
# Now it is safe to print a banner
if [ -r /etc/motd ]; then
cat /etc/motd
fi
2016-07-25 14:08:53 +00:00
2016-08-01 02:39:07 +00:00
# Load the date from the hardware clock, setting it in local time
hwclock -l -s
# Read the system configuration parameters
. /config
if [ -z "$CONFIG_TIMEOUT" ]; then
CONFIG_TIMEOUT=10
2016-08-01 02:39:07 +00:00
fi
2017-03-27 22:03:09 +00:00
while true; do
2017-04-02 02:25:16 +00:00
boot_option=
# Verify the user's TPM secret
echo "TPM TOTP:"
if ! unsealtotp.sh ; then
echo '!!!!!'
echo '!!!!! TPM TOTP secret not found.'
echo '!!!!! This firmware can not be trusted.'
echo '!!!!! Entering recovery shell'
echo '!!!!!'
tpm extend -ix 4 -ic "tpm-failure"
exec /bin/ash
fi
# Secret decrypted ok, so prompt for a next step
read \
-t "$CONFIG_TIMEOUT" \
-p "Enter for normal boot or 'r' for recovery shell: " \
-n 1 \
boot_option
if [ "$boot_option" = "r" ]; then
# Start an interactive shell
echo '***** Starting recovery shell'
tpm extend -ix 4 -ic "recovery"
exec /bin/ash
fi
if [ "$boot_option" = "" ]; then
if [ ! -x "$CONFIG_BOOTSCRIPT" ]; then
echo '!!!!! Boot script missing? Entering recovery shell'
tpm extend -ix 4 -ic "boot-failure"
exec /bin/ash
fi
echo '***** Normal boot'
tpm extend -ix 4 -ic "normal-boot"
exec "$CONFIG_BOOTSCRIPT"
fi
done