mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-18 20:47:55 +00:00
Allow laptops to include optional USB keyboard support
Laptops can include optional USB keyboard support (default off unless the board also sets the default to 'y'). The setting is in the configuration GUI. CONFIG_USER_USB_KEYBOARD is now the user-controlled setting on those boards. 'CONFIG_USB_KEYBOARD' is no longer used to avoid any conflict with prior releases that expect this to be a compile-time setting only (conflicts risk total lock out requiring hardware flash, so some caution is justified IMO). Boards previously exporting CONFIG_USB_KEYBOARD now export CONFIG_USB_KEYBOARD_REQUIRED. Those boards don't have built-in keyboards, USB keyboard is always enabled. (librem_mini, librem_mini_v2, librem_11, librem_l1um, librem_l1um_v2, talos-2, kgpe-d16_workstation-usb_keyboard, x230-hotp-maximized_usb-kb). Librem laptops now export CONFIG_SUPPORT_USB_KEYBOARD to enable optional support. The default is still 'off'. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
Jonathon Hall
parent
de7dad25d7
commit
0a823cb491
12
Makefile
12
Makefile
@ -72,6 +72,18 @@ CONFIG_HEADS ?= y
|
||||
# Unless otherwise specified, we are building bash to have non-interactive shell for scripts (arrays and bashisms)
|
||||
CONFIG_BASH ?= y
|
||||
|
||||
# USB keyboards can be ignored, optionally supported, or required.
|
||||
#
|
||||
# To optionally support USB keyboards, export CONFIG_SUPPORT_USB_KEYBOARD=y. To
|
||||
# default the setting to 'on', also export CONFIG_USER_USB_KEYBOARD=y.
|
||||
#
|
||||
# To require USB keyboard support (not user-configurable, for boards with no
|
||||
# built-in keyboard), export CONFIG_USB_KEYBOARD_REQUIRED=y.
|
||||
ifeq "$(CONFIG_USB_KEYBOARD_REQUIRED)" "y"
|
||||
# CONFIG_USB_KEYBOARD_REQUIRED implies CONFIG_SUPPORT_USB_KEYBOARD.
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
endif
|
||||
|
||||
# Determine arch part for a host triplet
|
||||
ifeq "$(CONFIG_TARGET_ARCH)" "x86"
|
||||
MUSL_ARCH := x86_64
|
||||
|
||||
@ -44,7 +44,7 @@ CONFIG_LINUX_E1000E=y
|
||||
export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
|
||||
|
||||
#Enable USB Keyboard support
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
#BOOT SCRIPT SELECTION
|
||||
|
||||
@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE=""
|
||||
export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem 11"
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
|
||||
@ -26,6 +26,7 @@ CONFIG_FBWHIPTAIL=y
|
||||
CONFIG_HOTPKEY=y
|
||||
|
||||
CONFIG_LINUX_USB=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
|
||||
@ -26,6 +26,7 @@ CONFIG_FBWHIPTAIL=y
|
||||
CONFIG_HOTPKEY=y
|
||||
|
||||
CONFIG_LINUX_USB=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
|
||||
@ -26,6 +26,7 @@ CONFIG_HOTPKEY=y
|
||||
CONFIG_LINUX_USB=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
export CONFIG_BOOT_REQ_HASH=n
|
||||
|
||||
@ -26,6 +26,7 @@ CONFIG_FBWHIPTAIL=y
|
||||
CONFIG_HOTPKEY=y
|
||||
|
||||
CONFIG_LINUX_USB=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
|
||||
@ -27,6 +27,7 @@ CONFIG_FBWHIPTAIL=y
|
||||
CONFIG_HOTPKEY=y
|
||||
|
||||
CONFIG_LINUX_USB=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
|
||||
@ -37,7 +37,7 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem Server L1UM"
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
export CONFIG_ROOT_CHECK_AT_BOOT="n"
|
||||
|
||||
@ -41,7 +41,7 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem Server L1UM v2"
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
export CONFIG_ROOT_CHECK_AT_BOOT="n"
|
||||
|
||||
@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE=""
|
||||
export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem Mini"
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
|
||||
@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE=""
|
||||
export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem Mini v2"
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
|
||||
@ -37,7 +37,7 @@ CONFIG_DROPBEAR=y
|
||||
|
||||
# for OpenBMC VGA console
|
||||
export CONFIG_USE_AGETTY=y
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_BOOT_EXTRA_TTYS="tty0"
|
||||
|
||||
export CONFIG_TPM=y
|
||||
|
||||
@ -18,7 +18,7 @@ CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
|
||||
#Additional hardware support
|
||||
CONFIG_LINUX_USB=y
|
||||
CONFIG_LINUX_E1000E=y
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
|
||||
CONFIG_CRYPTSETUP2=y
|
||||
CONFIG_FLASHROM=y
|
||||
|
||||
@ -70,6 +70,16 @@ while true; do
|
||||
'N' " $(get_config_display_action "$CONFIG_AUTOMATIC_POWERON") automatic power-on"
|
||||
)
|
||||
|
||||
# Boards with built-in keyboards can support optional USB keyboards as well.
|
||||
# Export CONFIG_SUPPORT_USB_KEYBOARD=y to enable optional support.
|
||||
# Boards that do not have a built-in keyboard export
|
||||
# CONFIG_USB_KEYBOARD_REQUIRED=y; this hides the config option and ensures
|
||||
# USB keyboard support always loads.
|
||||
[ "$CONFIG_SUPPORT_USB_KEYBOARD" = y ] && [ "$CONFIG_USB_KEYBOARD_REQUIRED" != y ] \
|
||||
&& dynamic_config_options+=(
|
||||
'K' " $(get_config_display_action "$CONFIG_USER_USB_KEYBOARD") USB keyboard"
|
||||
)
|
||||
|
||||
# Debugging option always available
|
||||
dynamic_config_options+=(
|
||||
'Z' " $(get_config_display_action "$CONFIG_DEBUG_OUTPUT") $CONFIG_BRAND_NAME debug and function tracing output"
|
||||
@ -514,6 +524,34 @@ while true; do
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
"K" )
|
||||
if [ "$CONFIG_USER_USB_KEYBOARD" != "y" ]; then
|
||||
if (whiptail --title 'Enable USB Keyboard?' \
|
||||
--yesno "USB keyboards will be usable in $CONFIG_BRAND_NAME.
|
||||
\n\nIgnoring USB keyboards prevents a compromised USB device from controlling
|
||||
\n$CONFIG_BRAND_NAME.
|
||||
\n\nDo you want to proceed?" 0 80) then
|
||||
|
||||
set_user_config "CONFIG_USER_USB_KEYBOARD" "y"
|
||||
|
||||
whiptail --title 'Config change successful' \
|
||||
--msgbox "USB Keyboard support has been enabled;\nsave the config change and reboot for it to go into effect." 0 80
|
||||
|
||||
fi
|
||||
else
|
||||
if (whiptail --title 'Disable USB Keyboard?' \
|
||||
--yesno "Only the built-in keyboard will be usable in $CONFIG_BRAND_NAME.
|
||||
\n\nIgnoring USB keyboards prevents a compromised USB device from controlling
|
||||
\n$CONFIG_BRAND_NAME.
|
||||
\n\nDo you want to proceed?" 0 80) then
|
||||
|
||||
set_user_config "CONFIG_USER_USB_KEYBOARD" "n"
|
||||
|
||||
whiptail --title 'Config change successful' \
|
||||
--msgbox "USB Keyboard support has been disabled;\nsave the config change and reboot for it to go into effect." 0 80
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
"Z" )
|
||||
if [ "$CONFIG_DEBUG_OUTPUT" != "y" ]; then
|
||||
if (whiptail --title 'Enable Debugging and Tracing output?' \
|
||||
|
||||
@ -120,7 +120,7 @@ tpmr pcrread -a 2 "$pcrf"
|
||||
tpmr pcrread -a 3 "$pcrf"
|
||||
# Note that PCR 4 needs to be set with the "normal-boot" path value, read it from event log.
|
||||
tpmr calcfuturepcr 4 >>"$pcrf"
|
||||
if [ "$CONFIG_USB_KEYBOARD" = "y" -o -r /lib/modules/libata.ko -o -x /bin/hotp_verification ]; then
|
||||
if [ "$CONFIG_USER_USB_KEYBOARD" = "y" -o -r /lib/modules/libata.ko -o -x /bin/hotp_verification ]; then
|
||||
DEBUG "Sealing TPM Disk Unlock key with PCR5 involvement (additional kernel modules are loaded per board config)..."
|
||||
# Here, we take pcr 5 into consideration if modules are expected to be measured+loaded
|
||||
tpmr pcrread -a 5 "$pcrf"
|
||||
|
||||
@ -350,7 +350,13 @@ enable_usb()
|
||||
sleep 2
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_USB_KEYBOARD" = y ]; then
|
||||
# For resiliency, test CONFIG_USB_KEYBOARD_REQUIRED explicitly rather
|
||||
# than having it imply CONFIG_USER_USB_KEYBOARD at build time.
|
||||
# Otherwise, if a user got CONFIG_USER_USB_KEYBOARD=n in their
|
||||
# config.user by mistake (say, by copying config.user from a laptop to a
|
||||
# desktop/server), they could lock themselves out, only recoverable by
|
||||
# hardware flash.
|
||||
if [ "$CONFIG_USB_KEYBOARD_REQUIRED" = y ] || [ "$CONFIG_USER_USB_KEYBOARD" = y ]; then
|
||||
if ! lsmod | grep -q usbhid; then
|
||||
insmod /lib/modules/usbhid.ko \
|
||||
|| die "usbhid: module load failed"
|
||||
|
||||
@ -150,7 +150,7 @@ if [ ! -z "$CONFIG_BOOT_RECOVERY_SERIAL" ]; then
|
||||
fi
|
||||
|
||||
# load USB modules for boards using a USB keyboard
|
||||
if [ "$CONFIG_USB_KEYBOARD" = "y" ]; then
|
||||
if [ "$CONFIG_USB_KEYBOARD_REQUIRED" = y ] || [ "$CONFIG_USER_USB_KEYBOARD" = "y" ]; then
|
||||
enable_usb
|
||||
fi
|
||||
|
||||
|
||||
@ -123,7 +123,7 @@ linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/xhci-pci.ko
|
||||
linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/storage/usb-storage.ko
|
||||
|
||||
#USB modules when a USB keyboard is defined in board config
|
||||
linux_modules-$(CONFIG_USB_KEYBOARD) += drivers/hid/usbhid/usbhid.ko
|
||||
linux_modules-$(CONFIG_SUPPORT_USB_KEYBOARD) += drivers/hid/usbhid/usbhid.ko
|
||||
|
||||
# NVMe driver for winterfell and other servers
|
||||
linux_modules-$(CONFIG_LINUX_NVME) += drivers/nvme/host/nvme.ko
|
||||
|
||||
Loading…
Reference in New Issue
Block a user