ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fa0f90cbec
heads/initrd/init

264 lines
8.8 KiB
Plaintext
Raw Normal View History

init: Use busybox ash init must use busybox ash because it is used on legacy-flash boards. Change shebang, move needed functions to ash_functions. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-13 16:26:41 +00:00
#! /bin/ash
# Note this is used on legacy-flash boards that lack bash, it runs with busybox
# ash. Calls to bash scripts must be guarded by checking config.
Build the Heads/NERF firmware for the Dell R630 server. This development branch builds a NERF firmware for the Dell R630 server. It does not use coreboot; instead it branches directly from the vendor's PEI core into Linux and the Heads runtime that is setup to be run as an EFI executable.
2017-09-20 14:29:14 +00:00
mknod /dev/ttyprintk c 5 3
echo "hello world" > /dev/ttyprintk
# Setup our path
add normal directories to path for chroot calls
2018-02-02 20:50:17 +00:00
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
Build the Heads/NERF firmware for the Dell R630 server. This development branch builds a NERF firmware for the Dell R630 server. It does not use coreboot; instead it branches directly from the vendor's PEI core into Linux and the Heads runtime that is setup to be run as an EFI executable.
2017-09-20 14:29:14 +00:00
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) This adds support for seamless booting of Qubes with a TPM disk key, as well as signing of qubes files in /boot with a Yubikey. The signed hashes also includes a TPM counter, which is incremented when new hashes are signed. This prevents rollback attacks against the /boot filesystem. The TPMTOTP value is presented to the user at the time of entering the disk encryption keys. Hitting enter will generate a new code. The LUKS headers are included in the TPM sealing of the disk encryption keys.
2017-04-12 10:57:58 +00:00
# This is the very first script invoked by the Linux kernel and is
# running out of the ram disk. There are no fileysstems mounted.
# It is important to have a way to invoke a recovery shell in case
# the boot scripts are messed up, but also important to modify the
Change disk encryption -> LUKS Disk Key and other relative/relative verbiage, remove irrelevant DEBUG trace under kexec-unseal-key TODO: - $(pcrs) call sometimes fail in DEBUG call, outputting too many chars to be inserted in kmesg. Call removed here since redundant (PCR6 already extended with LUKS header) - Notes added for TPM2 simplification over TPM1 in code as TODO Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-03-27 14:04:10 +00:00
# PCRs if this happens to prevent the TPM Disk Unlock Keys from being revealed.
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) This adds support for seamless booting of Qubes with a TPM disk key, as well as signing of qubes files in /boot with a Yubikey. The signed hashes also includes a TPM counter, which is incremented when new hashes are signed. This prevents rollback attacks against the /boot filesystem. The TPMTOTP value is presented to the user at the time of entering the disk encryption keys. Hitting enter will generate a new code. The LUKS headers are included in the TPM sealing of the disk encryption keys.
2017-04-12 10:57:58 +00:00
tpmtotp and qrencode deps
2016-08-01 02:39:07 +00:00
# First thing it is vital to mount the /dev and other system directories
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6)
2017-04-02 03:02:00 +00:00
mkdir /proc /sys /dev /tmp /boot /media 2>&- 1>&-
Build the Heads/NERF firmware for the Dell R630 server. This development branch builds a NERF firmware for the Dell R630 server. It does not use coreboot; instead it branches directly from the vendor's PEI core into Linux and the Heads runtime that is setup to be run as an EFI executable.
2017-09-20 14:29:14 +00:00
mount /dev 2>/dev/ttyprintk
mount /proc 2>/dev/ttyprintk
mount /sys 2>/dev/ttyprintk
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities
2022-08-25 18:43:31 +00:00
initrd: don't mount efivars fs on non-linuxboot systems it doesn't exist and produces a spurious error on Heads systems Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-06-19 21:27:44 +00:00
if [ "$CONFIG_LINUXBOOT" = "y" ]; then
mount /sys/firmware/efi/efivars
fi
Build the Heads/NERF firmware for the Dell R630 server. This development branch builds a NERF firmware for the Dell R630 server. It does not use coreboot; instead it branches directly from the vendor's PEI core into Linux and the Heads runtime that is setup to be run as an EFI executable.
2017-09-20 14:29:14 +00:00
init: Adding checks for sysfs and runtime panic_on_oom=1 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-01 19:20:49 +00:00
# Setup the pty pseudo filesystem
Build the Heads/NERF firmware for the Dell R630 server. This development branch builds a NERF firmware for the Dell R630 server. It does not use coreboot; instead it branches directly from the vendor's PEI core into Linux and the Heads runtime that is setup to be run as an EFI executable.
2017-09-20 14:29:14 +00:00
mkdir /dev/pts
mount /dev/pts 2>/dev/ttyprintk
if [ ! -r /dev/ptmx ]; then
ln -s /dev/pts/ptmx /dev/ptmx
fi
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities
2022-08-25 18:43:31 +00:00
# Needed by bash
init: Fixes for legacy-flash boards Fix `[ -a` to POSIX `[ -e`. Only run cbfs-init, key-init on normal boards with bash. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-13 16:52:06 +00:00
[ -e /dev/stdin ] || ln -s /proc/self/fd/0 /dev/stdin
[ -e /dev/stdout ] || ln -s /proc/self/fd/1 /dev/stdout
[ -e /dev/stderr ] || ln -s /proc/self/fd/2 /dev/stderr
[ -e /dev/fd ] || ln -s /proc/self/fd /dev/fd
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities
2022-08-25 18:43:31 +00:00
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) This adds support for seamless booting of Qubes with a TPM disk key, as well as signing of qubes files in /boot with a Yubikey. The signed hashes also includes a TPM counter, which is incremented when new hashes are signed. This prevents rollback attacks against the /boot filesystem. The TPMTOTP value is presented to the user at the time of entering the disk encryption keys. Hitting enter will generate a new code. The LUKS headers are included in the TPM sealing of the disk encryption keys.
2017-04-12 10:57:58 +00:00
# Recovery shells will erase anything from here
mkdir -p /tmp/secret
tpmtotp and qrencode deps
2016-08-01 02:39:07 +00:00
# Now it is safe to print a banner
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules
2017-03-31 15:18:46 +00:00
if [ -r /etc/motd ]; then
Build the Heads/NERF firmware for the Dell R630 server. This development branch builds a NERF firmware for the Dell R630 server. It does not use coreboot; instead it branches directly from the vendor's PEI core into Linux and the Heads runtime that is setup to be run as an EFI executable.
2017-09-20 14:29:14 +00:00
cat /etc/motd > /dev/tty0
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules
2017-03-31 15:18:46 +00:00
fi
started on automated build process
2016-07-25 14:08:53 +00:00
tpmtotp and qrencode deps
2016-08-01 02:39:07 +00:00
# Load the date from the hardware clock, setting it in local time
hwclock -l -s
init: Silence exFAT errors when mounting iso9660; reorder exfat last Since exFAT support was enabled, mounting an iso9660 filesystem prints spurious exFAT errors to the console. That is because busybox mount tries all filesystems in the order listed, and exfat precedes iso9660 (those are the last two in our config). Most filesystems are silent when used on the wrong type of filesystem, but exFAT logs errors, which appear on the console. Move exFAT after iso9660, so iso9660 filesystems won't show these errors. The errors will still appear if the filesystem is actually exFAT but cannot be mounted. There's no significant risk of misdetecting a remnant iso9660 superblock here either. Although an iso9660 superblock could fall in the unused space between the exFAT boot region and the FAT itself, mkfs.exfat does zero this space so it is unlikely such a remnant superblock would exist. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-02-02 18:24:34 +00:00
# When mounting a filesystem, try exFAT last, since it logs errors if the
# filesystem is not exFAT, and the errors go to the console. Those errors are
# spurious when the medium is iso9660. By default in our config, the only
# filesystem after exFAT is iso9660, move exFAT last.
(grep -v '^\texfat$' /proc/filesystems && echo -e '\texfat') >/etc/filesystems
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules
2017-03-31 15:18:46 +00:00
# Read the system configuration parameters
init: Use busybox ash init must use busybox ash because it is used on legacy-flash boards. Change shebang, move needed functions to ash_functions. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-13 16:26:41 +00:00
. /etc/ash_functions
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) This adds support for seamless booting of Qubes with a TPM disk key, as well as signing of qubes files in /boot with a Yubikey. The signed hashes also includes a TPM counter, which is incremented when new hashes are signed. This prevents rollback attacks against the /boot filesystem. The TPMTOTP value is presented to the user at the time of entering the disk encryption keys. Hitting enter will generate a new code. The LUKS headers are included in the TPM sealing of the disk encryption keys.
2017-04-12 10:57:58 +00:00
. /etc/config
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console.
2023-10-10 16:28:52 +00:00
# Board config had CONFIG_DEBUG_OUTPUT=y defined.
# Note that boards's coreboot config kernel command line "debug" option only will have all kernel messages output on console prior of this point
if [ "$CONFIG_DEBUG_OUTPUT" = "y" ]; then
#Maximize printk messages to output all to console (8=debug)
#DEBUG and TRACE calls will output to /dev/kmsg, outputting both on dmesg and on console
dmesg -n 8 || true
DEBUG "Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)"
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-10-20 20:20:17 +00:00
else
# Board config did't have CONFIG_DEBUG_OUTPUT=y defined
# config.user extracted and combined from CBFS had CONFIG_DEBUG_OUTPUT=y
# Output only print messages with a priority of 4 (warnings) or lower (errors and critical) kernel messages to console
# This way, "debug" kernel command line option will have all kernel messages output on console prior of this point
# This is useful to debug boot issues but permits qemu board to boot without flooding console with kernel messages by disabling CONFIG_DEBUG_OUTPUT=y in qemu board config
dmesg -n 4 || true
DEBUG "Debug output enabled from /etc/config.user's CONFIG_DEBUG_OUTPUT=y after combine_configs (Config menu enabled Debug)"
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console.
2023-10-10 16:28:52 +00:00
fi
Add TRACE function tracing function to output on console when enabled - Add TRACE function tracing output under etc/functions, depending on CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT enabled in board configs - Replace current DEBUG to TRACE calls in code, reserving DEBUG calls for more verbose debugging later on (output of variables etc) - add 'export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y' in qemu-coreboot(fb)whiptail-tpm1(-hotp) boards to see it in action
2023-02-20 16:01:17 +00:00
TRACE "Under init"
All scripts and functions: Add DEBUG calling trace on console when CONFIG_DEBUG_OUTPUT is exported in board config -qemu-coreboot-*whiptail-tpm1(-hotp) boards have 'export CONFIG_DEBUG_OUTPUT=y' by default now
2023-02-18 17:58:43 +00:00
init: Adding checks for sysfs and runtime panic_on_oom=1 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-01 19:20:49 +00:00
# make sure we have sysctl requirements
if [ ! -d /proc/sys ]; then
warn "BUG!!! The following requirements to apply runtime kernel tweaks are missing:"
warn "CONFIG_SYSCTL=y"
warn "CONFIG_PROC_SYSCTL=y"
warn "Please open an issue"
fi
if [ ! -e /proc/sys/vm/panic_on_oom ]; then
warn "BUG!!! Requirements to setup Panic when under Out Of Memory situation through PROC_SYSCTL are missing (panic_on_oom was not enabled)"
warn "Please open an issue"
else
DEBUG "Applying panic_on_oom setting to sysctl"
echo 1 > /proc/sys/vm/panic_on_oom
fi
init: assign CONFIG_TPM depending on /dev/tpm0 presence Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-19 21:21:39 +00:00
# set CONFIG_TPM dynamically before init
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities
2022-08-25 18:43:31 +00:00
if [ ! -e /dev/tpm0 ]; then
init: assign CONFIG_TPM depending on /dev/tpm0 presence Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-19 21:21:39 +00:00
CONFIG_TPM='n'
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities
2022-08-25 18:43:31 +00:00
CONFIG_TPM2_TOOLS='n'
init: assign CONFIG_TPM depending on /dev/tpm0 presence Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-19 21:21:39 +00:00
fi
Whiptail: move BG_COLOR default definitions from gui-init to init - Set them only when FBWHIPTAIL is used. - If NEWT is used (console mode without framebuffer): set default to none.
2021-10-29 17:29:31 +00:00
#Specify whiptail background colors cues under FBWhiptail only
Apply background colors when fbwhiptail binary is present.
2021-12-17 19:45:53 +00:00
if [ -x /bin/fbwhiptail ]; then
Whiptail: move BG_COLOR default definitions from gui-init to init - Set them only when FBWHIPTAIL is used. - If NEWT is used (console mode without framebuffer): set default to none.
2021-10-29 17:29:31 +00:00
export BG_COLOR_WARNING="${CONFIG_WARNING_BG_COLOR:-"--background-gradient 0 0 0 150 125 0"}"
export BG_COLOR_ERROR="${CONFIG_ERROR_BG_COLOR:-"--background-gradient 0 0 0 150 0 0"}"
init: add export BG_COLOR_MAIN_MENU="normal" so that media-scan, config-gui and others can still be called from command line without passing from gui-init which was sole exporter of it Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-07 20:19:17 +00:00
export BG_COLOR_MAIN_MENU="normal"
Apply background colors when fbwhiptail binary is present.
2021-12-17 19:45:53 +00:00
else
Add functions to handle normal, warning, and error for whiptail and fbwhiptail. Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
2024-06-06 22:59:13 +00:00
export TEXT_BG_COLOR_WARNING="${CONFIG_WARNING_TEXT_BG_COLOR:-"yellow"}"
export TEXT_BG_COLOR_ERROR="${CONFIG_ERROR_TEXT_BG_COLOR:-"red"}"
init: add export BG_COLOR_MAIN_MENU="normal" so that media-scan, config-gui and others can still be called from command line without passing from gui-init which was sole exporter of it Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-07 20:19:17 +00:00
export BG_COLOR_MAIN_MENU="normal"
Whiptail: move BG_COLOR default definitions from gui-init to init - Set them only when FBWHIPTAIL is used. - If NEWT is used (console mode without framebuffer): set default to none.
2021-10-29 17:29:31 +00:00
fi
tpmr: Provide startsession for TPM1 and TPM2 It's a no-op on TPM1, but provide it so init doesn't have to distinguish TPM1/TPM2. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-13 17:10:24 +00:00
if [ "$CONFIG_TPM" = "y" ]; then
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards -coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations) -swtpm set to be launched under TPM v2.0 mode under board config -Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized) This is skeleton for TPM v2 integration under Heads ------------- WiP TODO: - libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built - Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing - init tries to bind fd and fails currently - Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output - When no OS' /boot can be mounted, do not try to TPM reset (will fail) - seal-hotpkey is not working properly - setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM) - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase. - primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup - would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only - tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help. - Implementing them would be better - REVIEW TODOS IN CODE - READD CIRCLECI CONFIG Current state: - TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid) - TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without. - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails. - Current tests are with fbwhiptail (no clear called so having traces on command line of what happens) - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities
2022-08-25 18:43:31 +00:00
# Initialize tpm2 encrypted sessions here
tpmr startsession
fi
Read and measure CBFS files into initrd during init
2018-03-12 01:27:19 +00:00
if [ "$CONFIG_COREBOOT" = "y" ]; then
init: Fixes for legacy-flash boards Fix `[ -a` to POSIX `[ -e`. Only run cbfs-init, key-init on normal boards with bash. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-13 16:52:06 +00:00
[ -x /bin/bash ] && /bin/cbfs-init
Read and measure CBFS files into initrd during init
2018-03-12 01:27:19 +00:00
fi
Read and measure an EFI file into initrd during init
2018-04-30 02:58:44 +00:00
if [ "$CONFIG_LINUXBOOT" = "y" ]; then
/bin/uefi-init
fi
Set GPG_TTY before calling gpg in key-init gpg2 needs GPG_TTY set to function properly. We set it in /init so it is inherited by all children. The call to $(tty) must be after /dev and (preferably) /dev/pts are mounted. Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
2018-12-01 13:37:34 +00:00
# Set GPG_TTY before calling gpg in key-init
init: fix invalid GPG_TTY variable busyboy tty isn't working after the musl-cross-make change so revert to known good value.
2020-01-26 04:45:03 +00:00
export GPG_TTY=/dev/console
Set GPG_TTY before calling gpg in key-init gpg2 needs GPG_TTY set to function properly. We set it in /init so it is inherited by all children. The call to $(tty) must be after /dev and (preferably) /dev/pts are mounted. Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
2018-12-01 13:37:34 +00:00
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console.
2023-10-10 16:28:52 +00:00
# Initialize gpnupg with distro/user keys and setup the keyrings
init: Fixes for legacy-flash boards Fix `[ -a` to POSIX `[ -e`. Only run cbfs-init, key-init on normal boards with bash. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-13 16:52:06 +00:00
[ -x /bin/bash ] && /bin/key-init
Read and measure CBFS files into initrd during init
2018-03-12 01:27:19 +00:00
initrd/init: Prevent Restricted Boot bypass The early recovery shell ("hold R") and serial recovery both could bypass Restricted Boot since they occurred before config.user was loaded. Load config.user earlier before these recovery methods. Executing a shell directly (if recovery failed) also would bypass Restricted Boot, additionally leaking /tmp/secret. Remove this from the early recovery shell logic. Also remove the final failsafe exec and move the "just in case" recovery from normal boot here instead, in case the regular init script fails. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-07-11 14:20:56 +00:00
# Override CONFIG_USE_BLOB_JAIL if needed and persist via user config
boards/librem_11: Add Librem 11 Add Librem 11 board. Librem 11 uses coreboot graphics init, which is done with FSP GOP. Set a custom keymap for the volume/power keys. Configure the volume keys as up/down arrows (for navigation in fbwhiptail, and for shell history in the Linux console). Configure the power key as Enter. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-23 16:24:22 +00:00
if lspci -n | grep -E -q "8086:(2723|4df0)"; then
initrd/init: Prevent Restricted Boot bypass The early recovery shell ("hold R") and serial recovery both could bypass Restricted Boot since they occurred before config.user was loaded. Load config.user earlier before these recovery methods. Executing a shell directly (if recovery failed) also would bypass Restricted Boot, additionally leaking /tmp/secret. Remove this from the early recovery shell logic. Also remove the final failsafe exec and move the "just in case" recovery from normal boot here instead, in case the regular init script fails. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-07-11 14:20:56 +00:00
if ! cat /etc/config.user 2>/dev/null | grep -q "USE_BLOB_JAIL"; then
echo "CONFIG_USE_BLOB_JAIL=y" >> /etc/config.user
fi
fi
# Override CONFIG_TPM and CONFIG_TPM2_TOOLS from /etc/config with runtime value
# determined above.
#
# Values in user config have higher priority during combining thus effectively
# changing the value for the rest of the scripts which source /tmp/config.
init: make sure config.user is overriden only with new values so that going DEBUG/undoing can work reproducibly Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-02 01:01:04 +00:00
#Only set CONFIG_TPM and CONFIG_TPM2_TOOLS if they are not already set in /etc/config.user
if ! grep -q 'CONFIG_TPM=' /etc/config.user; then
echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user
fi
if ! grep -q 'CONFIG_TPM2_TOOLS=' /etc/config.user; then
echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user
fi
initrd/init: Prevent Restricted Boot bypass The early recovery shell ("hold R") and serial recovery both could bypass Restricted Boot since they occurred before config.user was loaded. Load config.user earlier before these recovery methods. Executing a shell directly (if recovery failed) also would bypass Restricted Boot, additionally leaking /tmp/secret. Remove this from the early recovery shell logic. Also remove the final failsafe exec and move the "just in case" recovery from normal boot here instead, in case the regular init script fails. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-07-11 14:20:56 +00:00
# CONFIG_BASIC was previously CONFIG_PUREBOOT_BASIC in the PureBoot distribution.
# Substitute it in config.user if present for backward compatibility.
sed -i -e 's/^export CONFIG_PUREBOOT_BASIC=/export CONFIG_BASIC=/g' /etc/config.user
combine_configs
. /tmp/config
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console.
2023-10-10 16:28:52 +00:00
# Enable maximum debug info from here if config.user extracted and combined from CBFS had CONFIG_DEBUG_OUTPUT=y
if [ "$CONFIG_DEBUG_OUTPUT" = "y" ]; then
#Output all kernel messages to console (8=debug)
#DEBUG and TRACE calls will be in dmesg and on console
if ! grep -q 'CONFIG_DEBUG_OUTPUT="y"' /etc/config;then
# Board config did't have CONFIG_DEBUG_OUTPUT=y defined
# config.user extracted and combined from CBFS had CONFIG_DEBUG_OUTPUT=y
dmesg -n 8
DEBUG "Debug output enabled from /etc/config.user's CONFIG_DEBUG_OUTPUT=y after combine_configs (Config menu enabled Debug)"
TRACE "Under init:after combine_configs"
fi
fi
Moved network init to a separate bootscript Enabled recovery serial console (tested on kgpe-d16) Minor fix to kexec-boot to correct xen boot Remove busybox power utils
2018-03-10 23:40:07 +00:00
# Setup recovery serial shell
if [ ! -z "$CONFIG_BOOT_RECOVERY_SERIAL" ]; then
stty -F "$CONFIG_BOOT_RECOVERY_SERIAL" 115200
pause_recovery 'Console recovery shell' \
< "$CONFIG_BOOT_RECOVERY_SERIAL" \
> "$CONFIG_BOOT_RECOVERY_SERIAL" 2>&1 &
tpmtotp and qrencode deps
2016-08-01 02:39:07 +00:00
fi
run dhcp automatically on boot
2017-03-27 22:03:09 +00:00
init: load usb modules for devices using USB keyboard Some (out of tree) servers require use of a USB keyboard, and need the USB kernel modules loaded prior to checking for keypress to enter a recovery console. Since loading the modules affects the value in PRC5 and can cause issues putting a LUKS key in TPM, guard the loading of the USB modules with CONFIG_USB_KEYBOARD and remove the unguarded call from gui-init. This should resolve issues #603 and #674. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 17:40:34 +00:00
# load USB modules for boards using a USB keyboard
Allow laptops to include optional USB keyboard support Laptops can include optional USB keyboard support (default off unless the board also sets the default to 'y'). The setting is in the configuration GUI. CONFIG_USER_USB_KEYBOARD is now the user-controlled setting on those boards. 'CONFIG_USB_KEYBOARD' is no longer used to avoid any conflict with prior releases that expect this to be a compile-time setting only (conflicts risk total lock out requiring hardware flash, so some caution is justified IMO). Boards previously exporting CONFIG_USB_KEYBOARD now export CONFIG_USB_KEYBOARD_REQUIRED. Those boards don't have built-in keyboards, USB keyboard is always enabled. (librem_mini, librem_mini_v2, librem_11, librem_l1um, librem_l1um_v2, talos-2, kgpe-d16_workstation-usb_keyboard, x230-hotp-maximized_usb-kb). Librem laptops now export CONFIG_SUPPORT_USB_KEYBOARD to enable optional support. The default is still 'off'. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 14:43:28 +00:00
if [ "$CONFIG_USB_KEYBOARD_REQUIRED" = y ] || [ "$CONFIG_USER_USB_KEYBOARD" = "y" ]; then
init: load usb modules for devices using USB keyboard Some (out of tree) servers require use of a USB keyboard, and need the USB kernel modules loaded prior to checking for keypress to enter a recovery console. Since loading the modules affects the value in PRC5 and can cause issues putting a LUKS key in TPM, guard the loading of the USB modules with CONFIG_USB_KEYBOARD and remove the unguarded call from gui-init. This should resolve issues #603 and #674. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 17:40:34 +00:00
enable_usb
fi
rework startup scripts to combine totp prompt with boot mode selection (issue #221)
2017-07-18 17:44:02 +00:00
# If the user has been holding down r, enter a recovery shell
# otherwise immediately start the configured boot script.
# We don't print a prompt, since this is a near instant timeout.
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) This adds support for seamless booting of Qubes with a TPM disk key, as well as signing of qubes files in /boot with a Yubikey. The signed hashes also includes a TPM counter, which is incremented when new hashes are signed. This prevents rollback attacks against the /boot filesystem. The TPMTOTP value is presented to the user at the time of entering the disk encryption keys. Hitting enter will generate a new code. The LUKS headers are included in the TPM sealing of the disk encryption keys.
2017-04-12 10:57:58 +00:00
read \
rework startup scripts to combine totp prompt with boot mode selection (issue #221)
2017-07-18 17:44:02 +00:00
-t 0.1 \
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) This adds support for seamless booting of Qubes with a TPM disk key, as well as signing of qubes files in /boot with a Yubikey. The signed hashes also includes a TPM counter, which is incremented when new hashes are signed. This prevents rollback attacks against the /boot filesystem. The TPMTOTP value is presented to the user at the time of entering the disk encryption keys. Hitting enter will generate a new code. The LUKS headers are included in the TPM sealing of the disk encryption keys.
2017-04-12 10:57:58 +00:00
-n 1 \
boot_option
echo
if [ "$boot_option" = "r" ]; then
# Start an interactive shell
recovery 'User requested recovery shell'
# just in case...
Moved network init to a separate bootscript Enabled recovery serial console (tested on kgpe-d16) Minor fix to kexec-boot to correct xen boot Remove busybox power utils
2018-03-10 23:40:07 +00:00
exit
init: add early boot 'o' option to jump directly to oem-factory-reset for OEM provisioning of secret prior of shipping products, once OS is installed and after MRC training happened on first boot. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-03 20:40:06 +00:00
elif [ "$boot_option" = "o" ]; then
# Launch OEM Factory Reset/Re-Ownership
oem-factory-reset
# just in case...
exit
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) This adds support for seamless booting of Qubes with a TPM disk key, as well as signing of qubes files in /boot with a Yubikey. The signed hashes also includes a TPM counter, which is incremented when new hashes are signed. This prevents rollback attacks against the /boot filesystem. The TPMTOTP value is presented to the user at the time of entering the disk encryption keys. Hitting enter will generate a new code. The LUKS headers are included in the TPM sealing of the disk encryption keys.
2017-04-12 10:57:58 +00:00
fi
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules
2017-03-31 15:18:46 +00:00
Rename CONFIG_PUREBOOT_BASIC to CONFIG_BASIC Remove brand name from this configuration variable. For backward compatibility, update config.user in init if the branded variable is present. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-21 18:36:28 +00:00
if [ "$CONFIG_BASIC" = "y" ]; then
Add PureBoot Basic Mode PureBoot Basic mode provides the full Linux userspace in firmware from Heads without requiring verified boot or a Librem Key. Basic and verified boot can be switched freely without changing firmware, such as if a Librem Key is lost. PureBoot Basic can apply firmware updates from a USB flash drive, and having a complete Linux userspace enables more sophisticated recovery options. Basic mode boots to the first boot option by default, setting a default is not required. This can be configured in the config GUI. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-03-15 17:05:04 +00:00
echo -e "***** BASIC mode: tamper detection disabled\n" > /dev/tty0
fi
Include adaption of @MrChromebox See https://source.puri.sm/coreboot/purism-heads/-/commit/5a3f5992337316caf4831fbc46099a8f2a624bd4
2020-06-25 07:58:01 +00:00
# export firmware version
ash_functions: Log board and version when entering recovery shell Log the board and version when entering the recovery shell. Extract the firmware version logic from init. Currently this is the only way to get the debug log. If we add a way from the GUI, we may want to log the board and version somewhere else too. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-04-19 18:16:41 +00:00
export FW_VER=$(fw_version)
Include adaption of @MrChromebox See https://source.puri.sm/coreboot/purism-heads/-/commit/5a3f5992337316caf4831fbc46099a8f2a624bd4
2020-06-25 07:58:01 +00:00
Move custom configs below recovery shell For safety it would be better if we source any custom configs after the recovery shell in init. That way we can recover from any config mistakes.
2018-12-07 00:34:47 +00:00
# Add our boot devices into the /etc/fstab, if they are defined
# in the configuration file.
if [ ! -z "$CONFIG_BOOT_DEV" ]; then
echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0"
fi
kbd: Add setfont from kbd to set large console font on large displays Build kbd and ship setfont if enabled with CONFIG_KBD. When CONFIG_KBD is enabled, setconsolefont.sh will double the console font size on large displays (>1600 lines tall as a heuristic). Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-08-09 20:06:08 +00:00
# Set the console font if needed
[ -x /bin/bash ] && setconsolefont.sh
Rename CONFIG_PUREBOOT_BASIC to CONFIG_BASIC Remove brand name from this configuration variable. For backward compatibility, update config.user in init if the branded variable is present. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-21 18:36:28 +00:00
if [ "$CONFIG_BASIC" = "y" ]; then
Add PureBoot Basic Mode PureBoot Basic mode provides the full Linux userspace in firmware from Heads without requiring verified boot or a Librem Key. Basic and verified boot can be switched freely without changing firmware, such as if a Librem Key is lost. PureBoot Basic can apply firmware updates from a USB flash drive, and having a complete Linux userspace enables more sophisticated recovery options. Basic mode boots to the first boot option by default, setting a default is not required. This can be configured in the config GUI. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-03-15 17:05:04 +00:00
CONFIG_BOOTSCRIPT=/bin/gui-init-basic
export CONFIG_HOTPKEY=n
fi
init: Add optional board-specific init script Boards can place a file in $(board)/initrd/bin/board-init.sh to perform board-specific initialization. If present, the board's $(board)/initrd directory is included in the initrd via board.initrd. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-11-28 20:15:38 +00:00
# Perform board-specific init if present
if [ -x /bin/board-init.sh ]; then
/bin/board-init.sh
fi
Moved network init to a separate bootscript Enabled recovery serial console (tested on kgpe-d16) Minor fix to kexec-boot to correct xen boot Remove busybox power utils
2018-03-10 23:40:07 +00:00
if [ ! -x "$CONFIG_BOOTSCRIPT" -a ! -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then
recovery 'Boot script missing? Entering recovery shell'
else
if [ -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then
echo '***** Network Boot:' $CONFIG_BOOTSCRIPT_NETWORK
$CONFIG_BOOTSCRIPT_NETWORK
echo '***** Network Boot Completed:' $CONFIG_BOOTSCRIPT_NETWORK
# not blocking
fi
if [ -x "$CONFIG_BOOTSCRIPT" ]; then
echo '***** Normal boot:' $CONFIG_BOOTSCRIPT
Add CONFIG_BOOT_EXTRA_TTYS option It specifies whitespace-separated list of console devices to run Heads on in addition to the default one. Example for board config: export CONFIG_BOOT_EXTRA_TTYS="tty0 tty1" Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-07-22 17:27:28 +00:00
if [ -x /bin/setsid ] && [ -x /bin/agetty ]; then
for console in $CONFIG_BOOT_EXTRA_TTYS; do
setsid agetty -aroot -l"$CONFIG_BOOTSCRIPT" "$console" linux &
done
fi
init: enable cttyhack so that init launches BOOTSCRIPT in a controlled terminal. DEBUG/TRACE now output on /dev/kmsg and console.
2023-10-10 16:28:52 +00:00
#Setup a control tty so that all terminals outputs correct tty when tty is called
exec cttyhack "$CONFIG_BOOTSCRIPT"
Moved network init to a separate bootscript Enabled recovery serial console (tested on kgpe-d16) Minor fix to kexec-boot to correct xen boot Remove busybox power utils
2018-03-10 23:40:07 +00:00
else
# wait for boot via network to occur
pause_recovery 'Override network boot. Entering recovery shell'
fi
fi
Build time configuration for startup scripts and modules. This addresses multiple issues: * Issue #63: initrd is build fresh each time, so tracked files do not matter. * Issue #144: build time configuration * Issue #123: allows us to customize the startup experience * Issue #122: manual start-xen will go away * Issue #25: tpmtotp PCRs are updated after reading the secret * Issue #16: insmod now meaures modules
2017-03-31 15:18:46 +00:00
initrd/init: Prevent Restricted Boot bypass The early recovery shell ("hold R") and serial recovery both could bypass Restricted Boot since they occurred before config.user was loaded. Load config.user earlier before these recovery methods. Executing a shell directly (if recovery failed) also would bypass Restricted Boot, additionally leaking /tmp/secret. Remove this from the early recovery shell logic. Also remove the final failsafe exec and move the "just in case" recovery from normal boot here instead, in case the regular init script fails. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-07-11 14:20:56 +00:00
# We should never reach here, but just in case...
recovery 'Boot script failure? Entering recovery shell'
Reference in New Issue Copy Permalink