Merge branch 'add_force_boot_mode' of https://github.com/kylerankin/heads

initrd/bin/gui-init

@@ -50,6 +50,7 @@ while true; do
       'm' ' Show OS boot menu' \
       'u' ' USB boot' \
       'g' ' Generate new TOTP secret' \
+      'i' ' Ignore tampering and force a boot (Unsafe!)' \
       'x' ' Exit to recovery shell' \
       2>/tmp/whiptail || recovery "GUI menu failed"
 
@@ -104,6 +105,18 @@ while true; do
     continue
   fi
 
+  if [ "$totp_confirm" = "i" ]; then
+    # Run the menu selection in "force" mode, bypassing hash checks
+    if (whiptail --title 'Unsafe Forced Boot Selected!' \
+        --yesno "WARNING: You have chosen to skip all tamper checks and boot anyway.\n\nThis is an unsafe option!\n\nDo you want to proceed?" 16 60) then
+      mount_boot
+      kexec-select-boot -m -b /boot -c "grub.cfg" -g -f
+    else
+      echo "Returning to the main menu"
+    fi
+    continue
+  fi
+
   if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
     # Try to boot the default
     mount_boot

initrd/bin/kexec-select-boot

@@ -13,7 +13,8 @@ valid_global_hash="n"
 valid_rollback="n"
 force_menu="n"
 gui_menu="n"
-while getopts "b:d:p:a:r:c:uimg" arg; do
+force_boot="n"
+while getopts "b:d:p:a:r:c:uimgf" arg; do
 	case $arg in
 		b) bootdir="$OPTARG" ;;
 		d) paramsdev="$OPTARG" ;;
@@ -25,6 +26,7 @@ while getopts "b:d:p:a:r:c:uimg" arg; do
 		m) force_menu="y" ;;
 		i) valid_hash="y"; valid_rollback="y" ;;
 		g) gui_menu="y" ;;
+		f) force_boot="y"; valid_hash="y"; valid_rollback="y" ;;
 	esac
 done
 
@@ -291,6 +293,13 @@ while true; do
 	TMP_KEY_DEVICES="/tmp/kexec/kexec_key_devices.txt"
 	TMP_KEY_LVM="/tmp/kexec/kexec_key_lvm.txt"
 
+# Allow a way for users to ignore warnings and boot into their systems
+# even if hashes don't match
+	if [ "$force_boot" = "y" ]; then
+		scan_options
+		user_select
+	fi
+
 	if [ "$CONFIG_TPM" = "y" \
 		-a ! -r "$TMP_KEY_DEVICES" ]; then
 		# Extend PCR4 as soon as possible