2023-03-13 16:26:41 +00:00
#! /bin/ash
# Note this is used on legacy-flash boards that lack bash, it runs with busybox
# ash. Calls to bash scripts must be guarded by checking config.
2017-09-20 14:29:14 +00:00
mknod /dev/ttyprintk c 5 3
echo "hello world" > /dev/ttyprintk
# Setup our path
2018-02-02 20:50:17 +00:00
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
2017-09-20 14:29:14 +00:00
2017-04-12 10:57:58 +00:00
# This is the very first script invoked by the Linux kernel and is
# running out of the ram disk. There are no fileysstems mounted.
# It is important to have a way to invoke a recovery shell in case
# the boot scripts are messed up, but also important to modify the
2024-03-27 14:04:10 +00:00
# PCRs if this happens to prevent the TPM Disk Unlock Keys from being revealed.
2017-04-12 10:57:58 +00:00
2016-08-01 02:39:07 +00:00
# First thing it is vital to mount the /dev and other system directories
2017-04-02 03:02:00 +00:00
mkdir /proc /sys /dev /tmp /boot /media 2>&- 1>&-
2017-09-20 14:29:14 +00:00
mount /dev 2>/dev/ttyprintk
mount /proc 2>/dev/ttyprintk
mount /sys 2>/dev/ttyprintk
2022-08-25 18:43:31 +00:00
2019-06-19 21:27:44 +00:00
if [ "$CONFIG_LINUXBOOT" = "y" ]; then
mount /sys/firmware/efi/efivars
fi
2017-09-20 14:29:14 +00:00
2024-04-01 19:20:49 +00:00
# Setup the pty pseudo filesystem
2017-09-20 14:29:14 +00:00
mkdir /dev/pts
mount /dev/pts 2>/dev/ttyprintk
if [ ! -r /dev/ptmx ]; then
ln -s /dev/pts/ptmx /dev/ptmx
fi
2022-08-25 18:43:31 +00:00
# Needed by bash
2023-03-13 16:52:06 +00:00
[ -e /dev/stdin ] || ln -s /proc/self/fd/0 /dev/stdin
[ -e /dev/stdout ] || ln -s /proc/self/fd/1 /dev/stdout
[ -e /dev/stderr ] || ln -s /proc/self/fd/2 /dev/stderr
[ -e /dev/fd ] || ln -s /proc/self/fd /dev/fd
2022-08-25 18:43:31 +00:00
2017-04-12 10:57:58 +00:00
# Recovery shells will erase anything from here
mkdir -p /tmp/secret
2016-08-01 02:39:07 +00:00
# Now it is safe to print a banner
2017-03-31 15:18:46 +00:00
if [ -r /etc/motd ]; then
2017-09-20 14:29:14 +00:00
cat /etc/motd > /dev/tty0
2017-03-31 15:18:46 +00:00
fi
2016-07-25 14:08:53 +00:00
2016-08-01 02:39:07 +00:00
# Load the date from the hardware clock, setting it in local time
hwclock -l -s
2024-02-02 18:24:34 +00:00
# When mounting a filesystem, try exFAT last, since it logs errors if the
# filesystem is not exFAT, and the errors go to the console. Those errors are
# spurious when the medium is iso9660. By default in our config, the only
# filesystem after exFAT is iso9660, move exFAT last.
(grep -v '^\texfat$' /proc/filesystems && echo -e '\texfat') >/etc/filesystems
2017-03-31 15:18:46 +00:00
# Read the system configuration parameters
2023-03-13 16:26:41 +00:00
. /etc/ash_functions
2017-04-12 10:57:58 +00:00
. /etc/config
2023-10-10 16:28:52 +00:00
# Board config had CONFIG_DEBUG_OUTPUT=y defined.
# Note that boards's coreboot config kernel command line "debug" option only will have all kernel messages output on console prior of this point
if [ "$CONFIG_DEBUG_OUTPUT" = "y" ]; then
#Maximize printk messages to output all to console (8=debug)
#DEBUG and TRACE calls will output to /dev/kmsg, outputting both on dmesg and on console
dmesg -n 8 || true
DEBUG "Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)"
2023-10-20 20:20:17 +00:00
else
# Board config did't have CONFIG_DEBUG_OUTPUT=y defined
# config.user extracted and combined from CBFS had CONFIG_DEBUG_OUTPUT=y
# Output only print messages with a priority of 4 (warnings) or lower (errors and critical) kernel messages to console
# This way, "debug" kernel command line option will have all kernel messages output on console prior of this point
# This is useful to debug boot issues but permits qemu board to boot without flooding console with kernel messages by disabling CONFIG_DEBUG_OUTPUT=y in qemu board config
dmesg -n 4 || true
DEBUG "Debug output enabled from /etc/config.user's CONFIG_DEBUG_OUTPUT=y after combine_configs (Config menu enabled Debug)"
2023-10-10 16:28:52 +00:00
fi
2023-02-20 16:01:17 +00:00
TRACE "Under init"
2023-02-18 17:58:43 +00:00
2024-04-01 19:20:49 +00:00
# make sure we have sysctl requirements
if [ ! -d /proc/sys ]; then
warn "BUG!!! The following requirements to apply runtime kernel tweaks are missing:"
warn "CONFIG_SYSCTL=y"
warn "CONFIG_PROC_SYSCTL=y"
warn "Please open an issue"
fi
if [ ! -e /proc/sys/vm/panic_on_oom ]; then
warn "BUG!!! Requirements to setup Panic when under Out Of Memory situation through PROC_SYSCTL are missing (panic_on_oom was not enabled)"
warn "Please open an issue"
else
DEBUG "Applying panic_on_oom setting to sysctl"
echo 1 > /proc/sys/vm/panic_on_oom
fi
2022-08-19 21:21:39 +00:00
# set CONFIG_TPM dynamically before init
2022-08-25 18:43:31 +00:00
if [ ! -e /dev/tpm0 ]; then
2022-08-19 21:21:39 +00:00
CONFIG_TPM='n'
2022-08-25 18:43:31 +00:00
CONFIG_TPM2_TOOLS='n'
2022-08-19 21:21:39 +00:00
fi
2021-10-29 17:29:31 +00:00
#Specify whiptail background colors cues under FBWhiptail only
2021-12-17 19:45:53 +00:00
if [ -x /bin/fbwhiptail ]; then
2021-10-29 17:29:31 +00:00
export BG_COLOR_WARNING="${CONFIG_WARNING_BG_COLOR:-"--background-gradient 0 0 0 150 125 0"}"
export BG_COLOR_ERROR="${CONFIG_ERROR_BG_COLOR:-"--background-gradient 0 0 0 150 0 0"}"
2021-12-17 19:45:53 +00:00
else
2021-10-29 17:29:31 +00:00
export BG_COLOR_WARNING="${CONFIG_WARNING_BG_COLOR:-""}"
export BG_COLOR_ERROR="${CONFIG_ERROR_BG_COLOR:-""}"
fi
2023-03-13 17:10:24 +00:00
if [ "$CONFIG_TPM" = "y" ]; then
2022-08-25 18:43:31 +00:00
# Initialize tpm2 encrypted sessions here
tpmr startsession
fi
2018-03-12 01:27:19 +00:00
if [ "$CONFIG_COREBOOT" = "y" ]; then
2023-03-13 16:52:06 +00:00
[ -x /bin/bash ] && /bin/cbfs-init
2018-03-12 01:27:19 +00:00
fi
2018-04-30 02:58:44 +00:00
if [ "$CONFIG_LINUXBOOT" = "y" ]; then
/bin/uefi-init
fi
2018-12-01 13:37:34 +00:00
# Set GPG_TTY before calling gpg in key-init
2020-01-26 04:45:03 +00:00
export GPG_TTY=/dev/console
2018-12-01 13:37:34 +00:00
2023-10-10 16:28:52 +00:00
# Initialize gpnupg with distro/user keys and setup the keyrings
2023-03-13 16:52:06 +00:00
[ -x /bin/bash ] && /bin/key-init
2018-03-12 01:27:19 +00:00
2023-07-11 14:20:56 +00:00
# Override CONFIG_USE_BLOB_JAIL if needed and persist via user config
2023-06-23 16:24:22 +00:00
if lspci -n | grep -E -q "8086:(2723|4df0)"; then
2023-07-11 14:20:56 +00:00
if ! cat /etc/config.user 2>/dev/null | grep -q "USE_BLOB_JAIL"; then
echo "CONFIG_USE_BLOB_JAIL=y" >> /etc/config.user
fi
fi
# Override CONFIG_TPM and CONFIG_TPM2_TOOLS from /etc/config with runtime value
# determined above.
#
# Values in user config have higher priority during combining thus effectively
# changing the value for the rest of the scripts which source /tmp/config.
echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user
echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user
# CONFIG_BASIC was previously CONFIG_PUREBOOT_BASIC in the PureBoot distribution.
# Substitute it in config.user if present for backward compatibility.
sed -i -e 's/^export CONFIG_PUREBOOT_BASIC=/export CONFIG_BASIC=/g' /etc/config.user
combine_configs
. /tmp/config
2023-10-10 16:28:52 +00:00
# Enable maximum debug info from here if config.user extracted and combined from CBFS had CONFIG_DEBUG_OUTPUT=y
if [ "$CONFIG_DEBUG_OUTPUT" = "y" ]; then
#Output all kernel messages to console (8=debug)
#DEBUG and TRACE calls will be in dmesg and on console
if ! grep -q 'CONFIG_DEBUG_OUTPUT="y"' /etc/config;then
# Board config did't have CONFIG_DEBUG_OUTPUT=y defined
# config.user extracted and combined from CBFS had CONFIG_DEBUG_OUTPUT=y
dmesg -n 8
DEBUG "Debug output enabled from /etc/config.user's CONFIG_DEBUG_OUTPUT=y after combine_configs (Config menu enabled Debug)"
TRACE "Under init:after combine_configs"
fi
fi
2018-03-10 23:40:07 +00:00
# Setup recovery serial shell
if [ ! -z "$CONFIG_BOOT_RECOVERY_SERIAL" ]; then
stty -F "$CONFIG_BOOT_RECOVERY_SERIAL" 115200
pause_recovery 'Console recovery shell' \
< "$CONFIG_BOOT_RECOVERY_SERIAL" \
> "$CONFIG_BOOT_RECOVERY_SERIAL" 2>&1 &
2016-08-01 02:39:07 +00:00
fi
2017-03-27 22:03:09 +00:00
2020-02-19 17:40:34 +00:00
# load USB modules for boards using a USB keyboard
2024-01-09 14:43:28 +00:00
if [ "$CONFIG_USB_KEYBOARD_REQUIRED" = y ] || [ "$CONFIG_USER_USB_KEYBOARD" = "y" ]; then
2020-02-19 17:40:34 +00:00
enable_usb
fi
2017-07-18 17:44:02 +00:00
# If the user has been holding down r, enter a recovery shell
# otherwise immediately start the configured boot script.
# We don't print a prompt, since this is a near instant timeout.
2017-04-12 10:57:58 +00:00
read \
2017-07-18 17:44:02 +00:00
-t 0.1 \
2017-04-12 10:57:58 +00:00
-n 1 \
boot_option
echo
if [ "$boot_option" = "r" ]; then
# Start an interactive shell
recovery 'User requested recovery shell'
# just in case...
2018-03-10 23:40:07 +00:00
exit
2023-11-03 20:40:06 +00:00
elif [ "$boot_option" = "o" ]; then
# Launch OEM Factory Reset/Re-Ownership
oem-factory-reset
# just in case...
exit
2017-04-12 10:57:58 +00:00
fi
2017-03-31 15:18:46 +00:00
2023-06-21 18:36:28 +00:00
if [ "$CONFIG_BASIC" = "y" ]; then
2022-03-15 17:05:04 +00:00
echo -e "***** BASIC mode: tamper detection disabled\n" > /dev/tty0
fi
2020-06-25 07:58:01 +00:00
# export firmware version
2020-07-01 16:44:40 +00:00
export FW_VER=$(dmesg | grep 'DMI' | grep -o 'BIOS.*' | cut -f2- -d ' ')
# chop off date, since will always be epoch w/timeless builds
FW_VER=${FW_VER::-10}
2020-06-25 07:58:01 +00:00
2018-12-07 00:34:47 +00:00
# Add our boot devices into the /etc/fstab, if they are defined
# in the configuration file.
if [ ! -z "$CONFIG_BOOT_DEV" ]; then
echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0"
fi
2023-08-09 20:06:08 +00:00
# Set the console font if needed
[ -x /bin/bash ] && setconsolefont.sh
2023-06-21 18:36:28 +00:00
if [ "$CONFIG_BASIC" = "y" ]; then
2022-03-15 17:05:04 +00:00
CONFIG_BOOTSCRIPT=/bin/gui-init-basic
export CONFIG_HOTPKEY=n
fi
2022-11-28 20:15:38 +00:00
# Perform board-specific init if present
if [ -x /bin/board-init.sh ]; then
/bin/board-init.sh
fi
2018-03-10 23:40:07 +00:00
if [ ! -x "$CONFIG_BOOTSCRIPT" -a ! -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then
recovery 'Boot script missing? Entering recovery shell'
else
if [ -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then
echo '***** Network Boot:' $CONFIG_BOOTSCRIPT_NETWORK
$CONFIG_BOOTSCRIPT_NETWORK
echo '***** Network Boot Completed:' $CONFIG_BOOTSCRIPT_NETWORK
# not blocking
fi
if [ -x "$CONFIG_BOOTSCRIPT" ]; then
echo '***** Normal boot:' $CONFIG_BOOTSCRIPT
2022-07-22 17:27:28 +00:00
if [ -x /bin/setsid ] && [ -x /bin/agetty ]; then
for console in $CONFIG_BOOT_EXTRA_TTYS; do
setsid agetty -aroot -l"$CONFIG_BOOTSCRIPT" "$console" linux &
done
fi
2023-10-10 16:28:52 +00:00
#Setup a control tty so that all terminals outputs correct tty when tty is called
exec cttyhack "$CONFIG_BOOTSCRIPT"
2018-03-10 23:40:07 +00:00
else
# wait for boot via network to occur
pause_recovery 'Override network boot. Entering recovery shell'
fi
fi
2017-03-31 15:18:46 +00:00
2023-07-11 14:20:56 +00:00
# We should never reach here, but just in case...
recovery 'Boot script failure? Entering recovery shell'