ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'kylerankin-add_gui_init'

Browse Source
This commit is contained in:
Trammell hudson 2018-02-28 15:06:41 -05:00
commit 149635ef95
No known key found for this signature in database
GPG Key ID: 687A5005935B1533
3 changed files with 169 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
boards/librem13v2.config
View File

@ -9,19 +9,21 @@ CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y CONFIG_LVM2=y
CONFIG_MBEDTLS=y CONFIG_MBEDTLS=y
CONFIG_NEWT=y
CONFIG_PCIUTILS=y CONFIG_PCIUTILS=y
CONFIG_POPT=y CONFIG_POPT=y
CONFIG_QRENCODE=y CONFIG_QRENCODE=y
CONFIG_SLANG=y
CONFIG_TPMTOTP=y CONFIG_TPMTOTP=y
CONFIG_LINUX_USB=y CONFIG_LINUX_USB=y
export CONFIG_TPM=y export CONFIG_TPM=y
export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOTSCRIPT=/bin/gui-init
export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_KERNEL_REMOVE="quiet"
export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_DEV="/dev/sda1"
export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu"
export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_USB_BOOT_DEV="/dev/sdb1"

127
initrd/bin/gui-init Executable file
View File

@ -0,0 +1,127 @@
#!/bin/sh
# Boot from a local disk installation
CONFIG_BOOT_GUI_MENU_NAME='Heads Boot Menu'
. /etc/functions
. /etc/config
mount_boot()
{
# Mount local disk if it is not already mounted
if ! grep -q /boot /proc/mounts ; then
mount -o ro /boot \
|| recovery "Unable to mount /boot"
fi
}
last_half=X
while true; do
MAIN_MENU_OPTIONS=""
unset totp_confirm
# update the TOTP code every thirty seconds
date=`date "+%Y-%m-%d %H:%M:%S"`
seconds=`date "+%s"`
half=`expr \( $seconds % 60 \) / 30`
if [ "$CONFIG_TPM" = n ]; then
TOTP="NO TPM"
elif [ "$half" != "$last_half" ]; then
last_half=$half;
TOTP=`unseal-totp`
if [ $? -ne 0 ]; then
whiptail --clear --title "ERROR: TOTP Generation Failed!" \
--menu "ERROR: Heads couldn't generate the TOTP code.\n\nIf you have just reflashed your BIOS, you will need to generate a new TOTP secret.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 20 60 4 \
'g' ' Generate new TOTP secret' \
'i' ' Ignore error and continue to default boot menu' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
totp_confirm=$(cat /tmp/whiptail)
fi
fi
if [ "$totp_confirm" = "i" -o -z "$totp_confirm" ]; then
whiptail --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \
--menu "$date\nTOTP code: $TOTP" 20 60 8 \
'y' ' Default boot' \
'r' ' TOTP does not match, refresh code' \
'n' ' TOTP does not match after refresh, troubleshoot' \
'm' ' Show OS boot menu' \
'u' ' USB boot' \
'g' ' Generate new TOTP secret' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
totp_confirm=$(cat /tmp/whiptail)
fi
if [ "$totp_confirm" = "x" ]; then
recovery "User requested recovery shell"
fi
if [ "$totp_confirm" = "r" ]; then
continue
fi
if [ "$totp_confirm" = "n" ]; then
if (whiptail --title "TOTP code mismatched" \
--yesno "TOTP code mismatches could indicate either TPM tampering or clock drift:\n\nTo correct clock drift: 'date -s HH:MM:SS'\nand save it to the RTC: 'hwclock -w'\nthen reboot and try again.\n\nWould you like to exit to a recovery console?" 30 60) then
echo ""
echo "To correct clock drift: 'date -s HH:MM:SS'"
echo "and save it to the RTC: 'hwclock -w'"
echo "then reboot and try again"
echo ""
recovery "TOTP mismatch"
else
continue
fi
fi
if [ "$totp_confirm" = "u" ]; then
exec /bin/usb-init
continue
fi
if [ "$totp_confirm" = "g" ]; then
if (whiptail --title 'Generate new TOTP secret' \
--yesno "This will erase your old secret and replace it with a new one!\n\nDo you want to proceed?" 16 60) then
echo "Scan the QR code to add the new TOTP secret"
/bin/seal-totp
echo "Once you have scanned the QR code, hit Enter to reboot"
read
/bin/reboot
else
echo "Returning to the main menu"
fi
continue
fi
if [ "$totp_confirm" = "m" ]; then
# Try to select a kernel from the menu
mount_boot
kexec-select-boot -m -b /boot -c "grub.cfg" -g
continue
fi
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
# Try to boot the default
mount_boot
DEFAULT_FILE=`find /boot/kexec_default.*.txt 2>/dev/null | head -1`
if [ -r "$DEFAULT_FILE" ]; then
kexec-select-boot -b /boot -c "grub.cfg" \
|| recovery "Failed default boot"
else
if (whiptail --title 'No Default Boot Option Configured' \
--yesno "There is no default boot option configured yet. Would you like to load a menu of boot options? Otherwise you will return to the main menu." 16 60) then
kexec-select-boot -m -b /boot -c "grub.cfg" -g
else
echo "Returning to the main menu"
fi
continue
fi
fi
done
recovery "Something failed during boot"

45
initrd/bin/kexec-select-boot
View File

@ -12,7 +12,8 @@ valid_hash="n"
valid_global_hash="n" valid_global_hash="n"
valid_rollback="n" valid_rollback="n"
force_menu="n" force_menu="n"
while getopts "b:d:p:a:r:c:uim" arg; do gui_menu="n"
while getopts "b:d:p:a:r:c:uimg" arg; do
case $arg in case $arg in
b) bootdir="$OPTARG" ;; b) bootdir="$OPTARG" ;;
d) paramsdev="$OPTARG" ;; d) paramsdev="$OPTARG" ;;
@ -23,6 +24,7 @@ while getopts "b:d:p:a:r:c:uim" arg; do
u) unique="y" ;; u) unique="y" ;;
m) force_menu="y" ;; m) force_menu="y" ;;
i) valid_hash="y"; valid_rollback="y" ;; i) valid_hash="y"; valid_rollback="y" ;;
g) gui_menu="y" ;;
esac esac
done done
@ -80,6 +82,24 @@ get_menu_option() {
if [ $num_options -eq 1 -a $first_menu = "y" ]; then if [ $num_options -eq 1 -a $first_menu = "y" ]; then
option_index=1 option_index=1
elif [ "$gui_menu" = "y" ]; then
MENU_OPTIONS=""
n=0
while read option
do
parse_option
n=`expr $n + 1`
name=$(echo $name | tr " " "_")
kernel=$(echo $kernel | cut -f2 -d " ")
MENU_OPTIONS="$MENU_OPTIONS $n ${name}_[$kernel]"
done < $TMP_MENU_FILE
whiptail --clear --title "Select your boot option" \
--menu "Choose the boot option [1-$n, a to abort]:" 20 120 8 \
-- $MENU_OPTIONS \
2>/tmp/whiptail || die "Aborting boot attempt"
option_index=$(cat /tmp/whiptail)
else else
echo "+++ Select your boot option:" echo "+++ Select your boot option:"
n=0 n=0
@ -105,14 +125,23 @@ get_menu_option() {
} }
confirm_menu_option() { confirm_menu_option() {
echo "+++ Please confirm the boot details for $name:" if [ "$gui_menu" = "y" ]; then
echo $option whiptail --clear --title "Confirm boot details" \
--menu "Confirm the boot details for $name:\n\n$option\n\n" 20 120 8 \
-- 'y' "Boot $name" 'd' "Make $name the default" \
2>/tmp/whiptail || die "Aborting boot attempt"
read \ option_confirm=$(cat /tmp/whiptail)
-n 1 \ else
-p "Confirm selection by pressing 'y', make default with 'd': " \ echo "+++ Please confirm the boot details for $name:"
option_confirm echo $option
echo
read \
-n 1 \
-p "Confirm selection by pressing 'y', make default with 'd': " \
option_confirm
echo
fi
} }
parse_option() { parse_option() {