2023-02-08 21:01:48 +00:00
|
|
|
#!/bin/bash
|
2017-07-08 20:59:37 +00:00
|
|
|
# Generic configurable boot script via kexec
|
2017-07-12 04:17:45 +00:00
|
|
|
set -e -o pipefail
|
2018-12-06 23:24:28 +00:00
|
|
|
. /tmp/config
|
2017-07-03 03:01:04 +00:00
|
|
|
. /etc/functions
|
|
|
|
|
2024-02-01 19:30:31 +00:00
|
|
|
TRACE_FUNC
|
2023-02-18 17:58:43 +00:00
|
|
|
|
2017-07-04 23:49:14 +00:00
|
|
|
add=""
|
|
|
|
remove=""
|
|
|
|
config="*.cfg"
|
|
|
|
unique="n"
|
2017-07-08 20:59:37 +00:00
|
|
|
valid_hash="n"
|
|
|
|
valid_global_hash="n"
|
|
|
|
valid_rollback="n"
|
2017-07-22 18:57:46 +00:00
|
|
|
force_menu="n"
|
2018-02-22 21:18:16 +00:00
|
|
|
gui_menu="n"
|
2018-03-05 22:46:15 +00:00
|
|
|
force_boot="n"
|
2019-05-19 01:13:32 +00:00
|
|
|
skip_confirm="n"
|
|
|
|
while getopts "b:d:p:a:r:c:uimgfs" arg; do
|
2017-07-04 23:49:14 +00:00
|
|
|
case $arg in
|
2023-11-02 18:17:38 +00:00
|
|
|
b) bootdir="$OPTARG" ;;
|
|
|
|
d) paramsdev="$OPTARG" ;;
|
|
|
|
p) paramsdir="$OPTARG" ;;
|
|
|
|
a) add="$OPTARG" ;;
|
|
|
|
r) remove="$OPTARG" ;;
|
|
|
|
c) config="$OPTARG" ;;
|
|
|
|
u) unique="y" ;;
|
|
|
|
m) force_menu="y" ;;
|
|
|
|
i)
|
|
|
|
valid_hash="y"
|
|
|
|
valid_rollback="y"
|
|
|
|
;;
|
|
|
|
g) gui_menu="y" ;;
|
|
|
|
f)
|
|
|
|
force_boot="y"
|
|
|
|
valid_hash="y"
|
|
|
|
valid_rollback="y"
|
|
|
|
;;
|
|
|
|
s) skip_confirm="y" ;;
|
2017-07-04 23:49:14 +00:00
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
|
|
|
if [ -z "$bootdir" ]; then
|
2017-07-17 16:43:14 +00:00
|
|
|
die "Usage: $0 -b /boot"
|
2017-07-04 23:49:14 +00:00
|
|
|
fi
|
2017-07-03 03:01:04 +00:00
|
|
|
|
2017-07-04 23:49:14 +00:00
|
|
|
if [ -z "$paramsdev" ]; then
|
|
|
|
paramsdev="$bootdir"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -z "$paramsdir" ]; then
|
|
|
|
paramsdir="$bootdir"
|
|
|
|
fi
|
2017-07-03 03:01:04 +00:00
|
|
|
|
2017-07-22 18:25:39 +00:00
|
|
|
bootdir="${bootdir%%/}"
|
|
|
|
paramsdev="${paramsdev%%/}"
|
|
|
|
paramsdir="${paramsdir%%/}"
|
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
PRIMHASH_FILE="$paramsdir/kexec_primhdl_hash.txt"
|
|
|
|
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
|
|
|
if [ -r "$PRIMHASH_FILE" ]; then
|
|
|
|
sha256sum -c "$PRIMHASH_FILE" ||
|
|
|
|
{
|
|
|
|
echo "FATAL: Hash of TPM2 primary key handle mismatch!"
|
|
|
|
warn "If you have not intentionally regenerated TPM2 primary key,"
|
|
|
|
warn "your system may have been compromised"
|
|
|
|
DEBUG "Hash of TPM2 primary key handle mismatched for $PRIMHASH_FILE"
|
|
|
|
}
|
|
|
|
else
|
|
|
|
warn "Hash of TPM2 primary key handle does not exist"
|
|
|
|
warn "Please rebuild the boot hash tree"
|
2024-03-27 14:04:10 +00:00
|
|
|
warn "Select Options-> Update checksums and sign all files in /boot"
|
|
|
|
#TODO: Simplify/Automatize TPM2 firmware upgrade process. Today: upgrade, reboot, reseal(type TPM owner pass), resign, boot
|
2023-11-02 18:17:38 +00:00
|
|
|
default_failed="y"
|
|
|
|
DEBUG "Hash of TPM2 primary key handle does not exist under $PRIMHASH_FILE"
|
|
|
|
fi
|
|
|
|
fi
|
2023-10-23 21:23:38 +00:00
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
verify_global_hashes() {
|
2017-07-08 20:59:37 +00:00
|
|
|
echo "+++ Checking verified boot hash file "
|
|
|
|
# Check the hashes of all the files
|
2023-11-02 18:17:38 +00:00
|
|
|
if verify_checksums "$bootdir" "$gui_menu"; then
|
2017-07-08 20:59:37 +00:00
|
|
|
echo "+++ Verified boot hashes "
|
|
|
|
valid_hash='y'
|
|
|
|
valid_global_hash='y'
|
|
|
|
else
|
2018-03-08 19:41:44 +00:00
|
|
|
if [ "$gui_menu" = "y" ]; then
|
|
|
|
CHANGED_FILES=$(grep -v 'OK$' /tmp/hash_output | cut -f1 -d ':')
|
2020-10-23 23:07:34 +00:00
|
|
|
whiptail $BG_COLOR_ERROR --title 'ERROR: Boot Hash Mismatch' \
|
2022-11-09 16:51:27 +00:00
|
|
|
--msgbox "The following files failed the verification process:\n${CHANGED_FILES}\nExiting to a recovery shell" 0 80
|
2018-03-08 19:41:44 +00:00
|
|
|
fi
|
2017-07-08 20:59:37 +00:00
|
|
|
die "$TMP_HASH_FILE: boot hash mismatch"
|
|
|
|
fi
|
2023-11-02 18:17:38 +00:00
|
|
|
# If user enables it, check root hashes before boot as well
|
|
|
|
if [[ "$CONFIG_ROOT_CHECK_AT_BOOT" = "y" && "$force_menu" == "n" ]]; then
|
|
|
|
if root-hashes-gui.sh -c; then
|
|
|
|
echo "+++ Verified root hashes, continuing boot "
|
|
|
|
# if user re-signs, it wipes out saved options, so scan the boot directory and generate
|
|
|
|
if [ ! -r "$TMP_MENU_FILE" ]; then
|
|
|
|
scan_options
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
# root-hashes-gui.sh handles the GUI error menu, just die here
|
|
|
|
if [ "$gui_menu" = "y" ]; then
|
|
|
|
whiptail $BG_COLOR_ERROR --title 'ERROR: Root Hash Mismatch' \
|
|
|
|
--msgbox "The root hash check failed!\nExiting to a recovery shell" 0 80
|
|
|
|
fi
|
|
|
|
die "root hash mismatch, see /tmp/hash_output_mismatches for details"
|
|
|
|
fi
|
|
|
|
fi
|
2017-07-08 20:59:37 +00:00
|
|
|
}
|
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
verify_rollback_counter() {
|
|
|
|
TPM_COUNTER=$(grep counter $TMP_ROLLBACK_FILE | cut -d- -f2)
|
2017-07-08 20:59:37 +00:00
|
|
|
if [ -z "$TPM_COUNTER" ]; then
|
|
|
|
die "$TMP_ROLLBACK_FILE: TPM counter not found?"
|
|
|
|
fi
|
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
read_tpm_counter $TPM_COUNTER ||
|
|
|
|
die "Failed to read TPM counter"
|
2017-07-08 20:59:37 +00:00
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
sha256sum -c $TMP_ROLLBACK_FILE ||
|
|
|
|
die "Invalid TPM counter state"
|
2017-07-08 20:59:37 +00:00
|
|
|
|
|
|
|
valid_rollback="y"
|
|
|
|
}
|
|
|
|
|
2017-07-03 17:07:03 +00:00
|
|
|
first_menu="y"
|
2017-07-03 03:01:04 +00:00
|
|
|
get_menu_option() {
|
2023-11-02 18:17:38 +00:00
|
|
|
num_options=$(cat $TMP_MENU_FILE | wc -l)
|
2017-07-03 17:07:03 +00:00
|
|
|
if [ $num_options -eq 0 ]; then
|
2017-07-08 20:59:37 +00:00
|
|
|
die "No boot options"
|
2017-07-03 17:07:03 +00:00
|
|
|
fi
|
2017-07-03 03:01:04 +00:00
|
|
|
|
2017-07-03 17:07:03 +00:00
|
|
|
if [ $num_options -eq 1 -a $first_menu = "y" ]; then
|
|
|
|
option_index=1
|
2018-02-22 21:18:16 +00:00
|
|
|
elif [ "$gui_menu" = "y" ]; then
|
|
|
|
MENU_OPTIONS=""
|
|
|
|
n=0
|
2023-11-02 18:17:38 +00:00
|
|
|
while read option; do
|
2018-02-22 21:18:16 +00:00
|
|
|
parse_option
|
2023-11-02 18:17:38 +00:00
|
|
|
n=$(expr $n + 1)
|
2018-02-22 21:18:16 +00:00
|
|
|
name=$(echo $name | tr " " "_")
|
2022-03-15 17:00:20 +00:00
|
|
|
MENU_OPTIONS="$MENU_OPTIONS $n ${name} "
|
2023-11-02 18:17:38 +00:00
|
|
|
done <$TMP_MENU_FILE
|
2018-02-22 21:18:16 +00:00
|
|
|
|
2022-11-15 20:11:58 +00:00
|
|
|
whiptail --title "Select your boot option" \
|
2022-11-09 16:51:27 +00:00
|
|
|
--menu "Choose the boot option [1-$n, a to abort]:" 0 80 8 \
|
2018-02-22 21:18:16 +00:00
|
|
|
-- $MENU_OPTIONS \
|
|
|
|
2>/tmp/whiptail || die "Aborting boot attempt"
|
|
|
|
|
|
|
|
option_index=$(cat /tmp/whiptail)
|
2017-07-03 17:07:03 +00:00
|
|
|
else
|
|
|
|
echo "+++ Select your boot option:"
|
|
|
|
n=0
|
2023-11-02 18:17:38 +00:00
|
|
|
while read option; do
|
2017-07-03 17:07:03 +00:00
|
|
|
parse_option
|
2023-11-02 18:17:38 +00:00
|
|
|
n=$(expr $n + 1)
|
2017-07-03 17:07:03 +00:00
|
|
|
echo "$n. $name [$kernel]"
|
2023-11-02 18:17:38 +00:00
|
|
|
done <$TMP_MENU_FILE
|
2017-07-03 17:07:03 +00:00
|
|
|
|
|
|
|
read \
|
|
|
|
-p "Choose the boot option [1-$n, a to abort]: " \
|
|
|
|
option_index
|
2017-07-03 03:01:04 +00:00
|
|
|
|
2017-07-03 17:07:03 +00:00
|
|
|
if [ "$option_index" = "a" ]; then
|
2017-07-08 20:59:37 +00:00
|
|
|
die "Aborting boot attempt"
|
2017-07-03 17:07:03 +00:00
|
|
|
fi
|
2017-07-03 03:01:04 +00:00
|
|
|
fi
|
2017-07-03 17:07:03 +00:00
|
|
|
first_menu="n"
|
2017-07-03 03:01:04 +00:00
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
option=$(head -n $option_index $TMP_MENU_FILE | tail -1)
|
2017-07-03 03:01:04 +00:00
|
|
|
parse_option
|
|
|
|
}
|
|
|
|
|
|
|
|
confirm_menu_option() {
|
2018-02-28 20:06:06 +00:00
|
|
|
if [ "$gui_menu" = "y" ]; then
|
2022-03-15 17:01:49 +00:00
|
|
|
default_text="Make default"
|
|
|
|
[[ "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" = "y" ]] && default_text="${default_text} and boot"
|
2022-11-15 20:11:58 +00:00
|
|
|
whiptail $BG_COLOR_WARNING --title "Confirm boot details" \
|
2023-11-02 18:17:38 +00:00
|
|
|
--menu "Confirm the boot details for $name:\n\n$(echo $kernel | fold -s -w 80) \n\n" 0 80 8 \
|
2022-03-15 17:01:49 +00:00
|
|
|
-- 'd' "${default_text}" 'y' "Boot one time" \
|
2018-02-22 21:18:16 +00:00
|
|
|
2>/tmp/whiptail || die "Aborting boot attempt"
|
2017-07-03 03:01:04 +00:00
|
|
|
|
2018-02-22 21:18:16 +00:00
|
|
|
option_confirm=$(cat /tmp/whiptail)
|
2018-02-28 20:06:06 +00:00
|
|
|
else
|
2018-02-22 21:18:16 +00:00
|
|
|
echo "+++ Please confirm the boot details for $name:"
|
|
|
|
echo $option
|
|
|
|
|
|
|
|
read \
|
|
|
|
-n 1 \
|
|
|
|
-p "Confirm selection by pressing 'y', make default with 'd': " \
|
|
|
|
option_confirm
|
|
|
|
echo
|
2018-02-28 20:06:06 +00:00
|
|
|
fi
|
2017-07-03 03:01:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
parse_option() {
|
2023-11-02 18:17:38 +00:00
|
|
|
name=$(echo $option | cut -d\| -f1)
|
|
|
|
kernel=$(echo $option | cut -d\| -f3)
|
2017-07-03 03:01:04 +00:00
|
|
|
}
|
|
|
|
|
2017-07-04 23:49:14 +00:00
|
|
|
scan_options() {
|
2017-07-03 03:01:04 +00:00
|
|
|
echo "+++ Scanning for unsigned boot options"
|
|
|
|
option_file="/tmp/kexec_options.txt"
|
2022-11-16 19:24:28 +00:00
|
|
|
scan_boot_options "$bootdir" "$config" "$option_file"
|
2020-07-29 03:26:20 +00:00
|
|
|
if [ ! -s $option_file ]; then
|
2017-07-08 20:59:37 +00:00
|
|
|
die "Failed to parse any boot options"
|
2017-07-03 03:01:04 +00:00
|
|
|
fi
|
2017-07-04 23:49:14 +00:00
|
|
|
if [ "$unique" = 'y' ]; then
|
2023-11-02 18:17:38 +00:00
|
|
|
sort -r $option_file | uniq >$TMP_MENU_FILE
|
2017-07-04 23:49:14 +00:00
|
|
|
else
|
|
|
|
cp $option_file $TMP_MENU_FILE
|
|
|
|
fi
|
|
|
|
}
|
2017-07-03 03:01:04 +00:00
|
|
|
|
2017-07-08 20:59:37 +00:00
|
|
|
save_default_option() {
|
2022-03-15 17:03:04 +00:00
|
|
|
if [ "$gui_menu" != "y" ]; then
|
|
|
|
read \
|
|
|
|
-n 1 \
|
|
|
|
-p "Saving a default will modify the disk. Proceed? (Y/n): " \
|
|
|
|
default_confirm
|
|
|
|
echo
|
|
|
|
fi
|
2017-07-08 20:59:37 +00:00
|
|
|
|
2019-07-09 16:43:06 +00:00
|
|
|
[ "$default_confirm" = "" ] && default_confirm="y"
|
|
|
|
if [[ "$default_confirm" = "y" || "$default_confirm" = "Y" ]]; then
|
2017-07-08 20:59:37 +00:00
|
|
|
if kexec-save-default \
|
|
|
|
-b "$bootdir" \
|
|
|
|
-d "$paramsdev" \
|
|
|
|
-p "$paramsdir" \
|
|
|
|
-i "$option_index" \
|
2023-11-02 18:17:38 +00:00
|
|
|
; then
|
2017-07-08 20:59:37 +00:00
|
|
|
echo "+++ Saved defaults to device"
|
|
|
|
sleep 2
|
|
|
|
default_failed="n"
|
2017-07-22 18:57:46 +00:00
|
|
|
force_menu="n"
|
2017-07-08 20:59:37 +00:00
|
|
|
return
|
|
|
|
else
|
|
|
|
echo "Failed to save defaults"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
option_confirm="n"
|
|
|
|
}
|
|
|
|
|
2017-07-04 23:49:14 +00:00
|
|
|
default_select() {
|
|
|
|
# Attempt boot with expected parameters
|
|
|
|
|
|
|
|
# Check that entry matches that which is expected from menu
|
2023-11-02 18:17:38 +00:00
|
|
|
default_index=$(basename "$TMP_DEFAULT_FILE" | cut -d. -f 2)
|
2017-07-04 23:49:14 +00:00
|
|
|
|
|
|
|
# Check to see if entries have changed - useful for detecting grub update
|
2023-11-02 18:17:38 +00:00
|
|
|
expectedoption=$(cat $TMP_DEFAULT_FILE)
|
|
|
|
option=$(head -n $default_index $TMP_MENU_FILE | tail -1)
|
2017-07-04 23:49:14 +00:00
|
|
|
if [ "$option" != "$expectedoption" ]; then
|
2018-04-04 21:25:22 +00:00
|
|
|
if [ "$gui_menu" = "y" ]; then
|
2020-10-23 23:07:34 +00:00
|
|
|
whiptail $BG_COLOR_ERROR --title 'ERROR: Boot Entry Has Changed' \
|
2023-06-30 18:21:11 +00:00
|
|
|
--msgbox "The list of boot entries has changed\n\nPlease set a new default" 0 80
|
2018-04-04 21:25:22 +00:00
|
|
|
fi
|
2023-08-22 18:34:29 +00:00
|
|
|
warn "Boot entry has changed - please set a new default"
|
2018-04-04 21:27:31 +00:00
|
|
|
return
|
2017-07-04 23:49:14 +00:00
|
|
|
fi
|
|
|
|
parse_option
|
|
|
|
|
2023-06-21 18:36:28 +00:00
|
|
|
if [ "$CONFIG_BASIC" != "y" ]; then
|
2022-03-15 17:05:04 +00:00
|
|
|
# Enforce that default option hashes are valid
|
|
|
|
echo "+++ Checking verified default boot hash file "
|
|
|
|
# Check the hashes of all the files
|
2023-11-02 18:17:38 +00:00
|
|
|
if (cd $bootdir && sha256sum -c "$TMP_DEFAULT_HASH_FILE" >/tmp/hash_output); then
|
2022-03-15 17:05:04 +00:00
|
|
|
echo "+++ Verified default boot hashes "
|
|
|
|
valid_hash='y'
|
|
|
|
else
|
|
|
|
if [ "$gui_menu" = "y" ]; then
|
|
|
|
CHANGED_FILES=$(grep -v 'OK$' /tmp/hash_output | cut -f1 -d ':')
|
|
|
|
whiptail $BG_COLOR_ERROR --title 'ERROR: Default Boot Hash Mismatch' \
|
|
|
|
--msgbox "The following files failed the verification process:\n${CHANGED_FILES}\nExiting to a recovery shell" 0 80
|
|
|
|
fi
|
2018-03-08 19:41:44 +00:00
|
|
|
fi
|
2017-07-04 23:49:14 +00:00
|
|
|
fi
|
2017-07-03 03:01:04 +00:00
|
|
|
|
2017-07-04 23:49:14 +00:00
|
|
|
echo "+++ Executing default boot for $name:"
|
2017-07-08 20:59:37 +00:00
|
|
|
do_boot
|
|
|
|
warn "Failed to boot default option"
|
2017-07-04 23:49:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
user_select() {
|
|
|
|
# No default expected boot parameters, ask user
|
|
|
|
|
|
|
|
option_confirm=""
|
2023-11-02 18:17:38 +00:00
|
|
|
while [ "$option_confirm" != "y" -a "$option_confirm" != "d" ]; do
|
2017-07-04 23:49:14 +00:00
|
|
|
get_menu_option
|
2023-11-02 18:17:38 +00:00
|
|
|
# In force boot mode, no need offer the option to set a default, just boot
|
2019-05-19 01:13:32 +00:00
|
|
|
if [[ "$force_boot" = "y" || "$skip_confirm" = "y" ]]; then
|
2018-04-20 21:11:49 +00:00
|
|
|
do_boot
|
|
|
|
else
|
|
|
|
confirm_menu_option
|
|
|
|
fi
|
2017-07-04 23:49:14 +00:00
|
|
|
|
|
|
|
if [ "$option_confirm" = 'd' ]; then
|
2017-07-08 20:59:37 +00:00
|
|
|
save_default_option
|
2017-07-04 23:49:14 +00:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
if [ "$option_confirm" = "d" ]; then
|
2017-07-22 18:57:46 +00:00
|
|
|
if [ ! -r "$TMP_KEY_DEVICES" ]; then
|
2023-03-25 21:06:47 +00:00
|
|
|
# continue below to boot the new default option
|
|
|
|
true
|
2017-07-22 18:57:46 +00:00
|
|
|
else
|
|
|
|
echo "+++ Rebooting to start the new default option"
|
|
|
|
sleep 2
|
2023-02-23 22:05:15 +00:00
|
|
|
if [ "$CONFIG_DEBUG_OUTPUT" != "y" ]; then
|
2023-11-02 18:17:38 +00:00
|
|
|
reboot ||
|
|
|
|
die "!!! Failed to reboot system"
|
2023-02-23 22:05:15 +00:00
|
|
|
else
|
|
|
|
DEBUG "Rebooting is required prior of booting default boot entry"
|
2023-02-24 21:47:07 +00:00
|
|
|
# Instead of rebooting, drop to a recovery shell
|
|
|
|
# for a chance to inspect debug output
|
2023-03-09 18:28:04 +00:00
|
|
|
recovery "Entering recovery to permit inspection of /tmp/debug.log output, reboot to continue"
|
2023-02-23 22:05:15 +00:00
|
|
|
fi
|
2017-07-22 18:57:46 +00:00
|
|
|
fi
|
2017-07-04 23:49:14 +00:00
|
|
|
fi
|
|
|
|
|
2017-07-08 20:59:37 +00:00
|
|
|
do_boot
|
|
|
|
}
|
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
do_boot() {
|
2023-07-07 18:34:05 +00:00
|
|
|
if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_BOOT_REQ_ROLLBACK" = "y" ] && [ "$valid_rollback" = "n" ]; then
|
2017-07-22 18:57:46 +00:00
|
|
|
die "!!! Missing required rollback counter state"
|
2017-07-08 20:59:37 +00:00
|
|
|
fi
|
|
|
|
|
2023-07-07 18:34:05 +00:00
|
|
|
if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_BOOT_REQ_HASH" = "y" ] && [ "$valid_hash" = "n" ]; then
|
2017-07-22 18:57:46 +00:00
|
|
|
die "!!! Missing required boot hashes"
|
2017-07-04 23:49:14 +00:00
|
|
|
fi
|
|
|
|
|
2023-07-07 18:34:05 +00:00
|
|
|
if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_TPM" = "y" ] && [ -r "$TMP_KEY_DEVICES" ]; then
|
2023-11-02 18:17:38 +00:00
|
|
|
INITRD=$(kexec-boot -b "$bootdir" -e "$option" -i) ||
|
|
|
|
die "!!! Failed to extract the initrd from boot option"
|
2017-07-12 04:17:45 +00:00
|
|
|
if [ -z "$INITRD" ]; then
|
|
|
|
die "!!! No initrd file found in boot option"
|
|
|
|
fi
|
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
kexec-insert-key $INITRD ||
|
2024-03-27 14:04:10 +00:00
|
|
|
die "!!! Failed to prepare TPM Disk Unlock Key for boot"
|
2017-07-12 04:17:45 +00:00
|
|
|
|
|
|
|
kexec-boot -b "$bootdir" -e "$option" \
|
2023-11-02 18:17:38 +00:00
|
|
|
-a "$add" -r "$remove" -o "/tmp/secret/initrd.cpio" ||
|
|
|
|
die "!!! Failed to boot w/ options: $option"
|
2017-07-12 04:17:45 +00:00
|
|
|
else
|
2023-11-02 18:17:38 +00:00
|
|
|
kexec-boot -b "$bootdir" -e "$option" -a "$add" -r "$remove" ||
|
|
|
|
die "!!! Failed to boot w/ options: $option"
|
2017-07-12 04:17:45 +00:00
|
|
|
fi
|
2017-07-04 23:49:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
while true; do
|
2023-06-21 18:36:28 +00:00
|
|
|
if [ "$force_boot" = "y" -o "$CONFIG_BASIC" = "y" ]; then
|
2023-11-02 18:17:38 +00:00
|
|
|
check_config $paramsdir force
|
2018-03-14 17:24:14 +00:00
|
|
|
else
|
2023-11-02 18:17:38 +00:00
|
|
|
check_config $paramsdir
|
2018-03-14 17:24:14 +00:00
|
|
|
fi
|
2023-11-02 18:17:38 +00:00
|
|
|
TMP_DEFAULT_FILE=$(find /tmp/kexec/kexec_default.*.txt 2>/dev/null | head -1) || true
|
2017-07-04 23:49:14 +00:00
|
|
|
TMP_MENU_FILE="/tmp/kexec/kexec_menu.txt"
|
|
|
|
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
|
2022-12-31 17:41:24 +00:00
|
|
|
TMP_TREE_FILE="/tmp/kexec/kexec_tree.txt"
|
2017-07-04 23:49:14 +00:00
|
|
|
TMP_DEFAULT_HASH_FILE="/tmp/kexec/kexec_default_hashes.txt"
|
2017-07-08 20:59:37 +00:00
|
|
|
TMP_ROLLBACK_FILE="/tmp/kexec/kexec_rollback.txt"
|
2017-07-12 04:17:45 +00:00
|
|
|
TMP_KEY_DEVICES="/tmp/kexec/kexec_key_devices.txt"
|
|
|
|
TMP_KEY_LVM="/tmp/kexec/kexec_key_lvm.txt"
|
|
|
|
|
2023-11-02 18:17:38 +00:00
|
|
|
# Allow a way for users to ignore warnings and boot into their systems
|
|
|
|
# even if hashes don't match
|
2018-03-05 22:46:15 +00:00
|
|
|
if [ "$force_boot" = "y" ]; then
|
|
|
|
scan_options
|
2023-06-21 18:36:28 +00:00
|
|
|
if [ "$CONFIG_BASIC" != "y" ]; then
|
2022-03-15 17:05:04 +00:00
|
|
|
# Remove boot splash and make background red in the event of a forced boot
|
|
|
|
add="$add vt.default_red=0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff"
|
|
|
|
remove="$remove splash quiet"
|
|
|
|
fi
|
2018-03-05 22:46:15 +00:00
|
|
|
user_select
|
|
|
|
fi
|
|
|
|
|
tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1.
Most logic throughout Heads doesn't need to know TPM1 versus TPM2 (and
shouldn't, the differences should be localized). Some checks were
incorrect and are fixed by this change. Most checks are now unchanged
relative to master.
There are not that many places outside of tpmr that need to
differentiate TPM1 and TPM2. Some of those are duplicate code that
should be consolidated (seal-hotpkey, unseal-totp, unseal-hotp), and
some more are probably good candidates for abstracting in tpmr so the
business logic doesn't have to know TPM1 vs. TPM2.
Previously, CONFIG_TPM could be variously 'y', 'n', or empty. Now it
is always 'y' or 'n', and 'y' means "any TPM". Board configs are
unchanged, setting CONFIG_TPM2_TOOLS=y implies CONFIG_TPM=y so this
doesn't have to be duplicated and can't be mistakenly mismatched.
There were a few checks for CONFIG_TPM = n that only coincidentally
worked for TPM2 because CONFIG_TPM was empty (not 'n'). This test is
now OK, but the checks were also cleaned up to '!= "y"' for robustness.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-02-22 21:30:07 +00:00
|
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
2022-08-25 18:43:31 +00:00
|
|
|
if [ ! -r "$TMP_KEY_DEVICES" ]; then
|
|
|
|
# Extend PCR4 as soon as possible
|
2023-11-06 20:53:17 +00:00
|
|
|
DEBUG "Extending TPM PCR 4 to prevent further secret unsealing"
|
2023-11-02 18:17:38 +00:00
|
|
|
tpmr extend -ix 4 -ic generic ||
|
|
|
|
die "Failed to extend PCR 4"
|
2022-08-25 18:43:31 +00:00
|
|
|
fi
|
2017-07-12 04:17:45 +00:00
|
|
|
fi
|
2017-07-04 23:49:14 +00:00
|
|
|
|
|
|
|
# if no saved options, scan the boot directory and generate
|
2017-07-08 20:59:37 +00:00
|
|
|
if [ ! -r "$TMP_MENU_FILE" ]; then
|
2017-07-04 23:49:14 +00:00
|
|
|
scan_options
|
|
|
|
fi
|
|
|
|
|
2023-06-30 17:13:48 +00:00
|
|
|
if [ "$CONFIG_BASIC" != "y" ]; then
|
2017-12-05 08:29:07 +00:00
|
|
|
# Optionally enforce device file hashes
|
|
|
|
if [ -r "$TMP_HASH_FILE" ]; then
|
|
|
|
valid_global_hash="n"
|
2017-07-08 20:59:37 +00:00
|
|
|
|
2017-12-05 08:29:07 +00:00
|
|
|
verify_global_hashes
|
2017-07-08 20:59:37 +00:00
|
|
|
|
2017-12-05 08:29:07 +00:00
|
|
|
if [ "$valid_global_hash" = "n" ]; then
|
|
|
|
die "Failed to verify global hashes"
|
|
|
|
fi
|
2017-07-08 20:59:37 +00:00
|
|
|
fi
|
|
|
|
|
2022-08-25 18:43:31 +00:00
|
|
|
if [ "$CONFIG_IGNORE_ROLLBACK" != "y" -a -r "$TMP_ROLLBACK_FILE" ]; then
|
2017-12-05 08:29:07 +00:00
|
|
|
# in the case of iso boot with a rollback file, do not assume valid
|
|
|
|
valid_rollback="n"
|
2017-07-08 20:59:37 +00:00
|
|
|
|
2017-12-05 08:29:07 +00:00
|
|
|
verify_rollback_counter
|
|
|
|
fi
|
2017-07-08 20:59:37 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$default_failed" != "y" \
|
2017-07-22 18:57:46 +00:00
|
|
|
-a "$force_menu" = "n" \
|
2017-07-08 20:59:37 +00:00
|
|
|
-a -r "$TMP_DEFAULT_FILE" \
|
|
|
|
-a -r "$TMP_DEFAULT_HASH_FILE" ] \
|
2023-11-02 18:17:38 +00:00
|
|
|
; then
|
2017-07-04 23:49:14 +00:00
|
|
|
default_select
|
2017-07-08 20:59:37 +00:00
|
|
|
default_failed="y"
|
2017-07-04 23:49:14 +00:00
|
|
|
else
|
|
|
|
user_select
|
|
|
|
fi
|
|
|
|
done
|
2017-07-08 20:59:37 +00:00
|
|
|
|
2022-12-31 17:41:24 +00:00
|
|
|
die "!!! Shouldn't get here"
|