diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index f4ff9193..9156fae5 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -42,3 +42,46 @@ preserve_rom() { fi done } + +recovery() { + TRACE "Under /etc/functions:recovery" + echo >&2 "!!!!! $*" + + # Remove any temporary secret files that might be hanging around + # but recreate the directory so that new tools can use it. + + #safe to always be true. Otherwise "set -e" would make it exit here + shred -n 10 -z -u /tmp/secret/* 2> /dev/null || true + rm -rf /tmp/secret + mkdir -p /tmp/secret + + # ensure /tmp/config exists for recovery scripts that depend on it + touch /tmp/config + + if [ "$CONFIG_TPM" = "y" ]; then + tpmr extend -ix 4 -ic recovery + fi + + while [ true ] + do + echo >&2 "!!!!! Starting recovery shell" + sleep 1 + + if [ -x /bin/setsid ]; then + /bin/setsid -c /bin/sh + else + /bin/sh + fi + done +} + +pause_recovery() { + TRACE "Under /etc/functions:pause_recovery" + read -p $'!!! Hit enter to proceed to recovery shell !!!\n' + recovery $* +} + +combine_configs() { + TRACE "Under /etc/functions:combine_configs" + cat /etc/config* > /tmp/config +} diff --git a/initrd/etc/functions b/initrd/etc/functions index e36c85e8..14da231a 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -33,44 +33,6 @@ DO_WITH_DEBUG() { "$@" } -recovery() { - TRACE "Under /etc/functions:recovery" - echo >&2 "!!!!! $*" - - # Remove any temporary secret files that might be hanging around - # but recreate the directory so that new tools can use it. - - #safe to always be true. Otherwise "set -e" would make it exit here - shred -n 10 -z -u /tmp/secret/* 2> /dev/null || true - rm -rf /tmp/secret - mkdir -p /tmp/secret - - # ensure /tmp/config exists for recovery scripts that depend on it - touch /tmp/config - - if [ "$CONFIG_TPM" = "y" ]; then - tpmr extend -ix 4 -ic recovery - fi - - while [ true ] - do - echo >&2 "!!!!! Starting recovery shell" - sleep 1 - - if [ -x /bin/setsid ]; then - /bin/setsid -c /bin/sh - else - /bin/sh - fi - done -} - -pause_recovery() { - TRACE "Under /etc/functions:pause_recovery" - read -p $'!!! Hit enter to proceed to recovery shell !!!\n' - recovery $* -} - pcrs() { if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then tpm2 pcrread sha256 @@ -345,10 +307,6 @@ replace_config() { sort ${CONFIG_FILE}.tmp | uniq > ${CONFIG_FILE} rm -f ${CONFIG_FILE}.tmp } -combine_configs() { - TRACE "Under /etc/functions:combine_configs" - cat /etc/config* > /tmp/config -} update_checksums() { diff --git a/initrd/init b/initrd/init index 6b03279b..445722df 100755 --- a/initrd/init +++ b/initrd/init @@ -1,4 +1,7 @@ -#!/bin/bash +#! /bin/ash +# Note this is used on legacy-flash boards that lack bash, it runs with busybox +# ash. Calls to bash scripts must be guarded by checking config. + mknod /dev/ttyprintk c 5 3 echo "hello world" > /dev/ttyprintk @@ -48,7 +51,7 @@ fi hwclock -l -s # Read the system configuration parameters -. /etc/functions +. /etc/ash_functions . /etc/config TRACE "Under init"