kexec-select-boot: Fix test for basic mode

The CONFIG_BASIC test was backwards, as a result it skipped the LUKS disk unlock logic if basic mode was _not_ enabled. This wasn't observed in the PureBoot distribution because we disable the LUKS disk unlock feature. CONFIG_BOOT_REQ_ROLLBACK and CONFIG_BOOT_REQ_HASH logic was also skipped incorrectly, though neither of these are enabled on any board so this had no effect in the PureBoot distribution either. Test basic with each bit of logic to eliminate duplication of the kexec-boot call and fix the LUKS disk unlock feature. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-12-19 21:17:55 +00:00 · 2023-07-07 14:34:05 -04:00 · 2023-07-07 14:34:05 -04:00 · 157efc6b03
commit 157efc6b03
parent 252efc6945
1 changed files with 3 additions and 8 deletions
--- a/initrd/bin/kexec-select-boot
+++ b/initrd/bin/kexec-select-boot
@ -321,20 +321,15 @@ user_select() {

 do_boot()
 {
-	if [ "$CONFIG_BASIC" != "y" ]; then
-		kexec-boot -b "$bootdir" -e "$option" -a "$add" -r "$remove" \
-				|| die "!!! Failed to boot w/ options: $option"
-	fi
-
-	if [ "$CONFIG_BOOT_REQ_ROLLBACK" = "y" -a "$valid_rollback" = "n" ]; then
+	if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_BOOT_REQ_ROLLBACK" = "y" ] && [ "$valid_rollback" = "n" ]; then
 		die "!!! Missing required rollback counter state"
 	fi

-	if [ "$CONFIG_BOOT_REQ_HASH" = "y" -a "$valid_hash" = "n" ]; then
+	if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_BOOT_REQ_HASH" = "y" ] && [ "$valid_hash" = "n" ]; then
 		die "!!! Missing required boot hashes"
 	fi

-	if [ "$CONFIG_TPM" = "y" ] && [ -r "$TMP_KEY_DEVICES" ]; then
+	if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_TPM" = "y" ] && [ -r "$TMP_KEY_DEVICES" ]; then
 		INITRD=`kexec-boot -b "$bootdir" -e "$option" -i` \
 			|| die "!!! Failed to extract the initrd from boot option"
 		if [ -z "$INITRD" ]; then