kexec-select-boot: Fix test for basic mode

The CONFIG_BASIC test was backwards, as a result it skipped the
LUKS disk unlock logic if basic mode was _not_ enabled.  This wasn't
observed in the PureBoot distribution because we disable the LUKS disk
unlock feature.

CONFIG_BOOT_REQ_ROLLBACK and CONFIG_BOOT_REQ_HASH logic was also
skipped incorrectly, though neither of these are enabled on any board
so this had no effect in the PureBoot distribution either.

Test basic with each bit of logic to eliminate duplication of the
kexec-boot call and fix the LUKS disk unlock feature.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
Jonathon Hall 2023-07-07 14:34:05 -04:00
parent 252efc6945
commit 157efc6b03
No known key found for this signature in database
GPG Key ID: 1E9C3CA91AE25114

View File

@ -321,20 +321,15 @@ user_select() {
do_boot() do_boot()
{ {
if [ "$CONFIG_BASIC" != "y" ]; then if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_BOOT_REQ_ROLLBACK" = "y" ] && [ "$valid_rollback" = "n" ]; then
kexec-boot -b "$bootdir" -e "$option" -a "$add" -r "$remove" \
|| die "!!! Failed to boot w/ options: $option"
fi
if [ "$CONFIG_BOOT_REQ_ROLLBACK" = "y" -a "$valid_rollback" = "n" ]; then
die "!!! Missing required rollback counter state" die "!!! Missing required rollback counter state"
fi fi
if [ "$CONFIG_BOOT_REQ_HASH" = "y" -a "$valid_hash" = "n" ]; then if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_BOOT_REQ_HASH" = "y" ] && [ "$valid_hash" = "n" ]; then
die "!!! Missing required boot hashes" die "!!! Missing required boot hashes"
fi fi
if [ "$CONFIG_TPM" = "y" ] && [ -r "$TMP_KEY_DEVICES" ]; then if [ "$CONFIG_BASIC" != y ] && [ "$CONFIG_TPM" = "y" ] && [ -r "$TMP_KEY_DEVICES" ]; then
INITRD=`kexec-boot -b "$bootdir" -e "$option" -i` \ INITRD=`kexec-boot -b "$bootdir" -e "$option" -i` \
|| die "!!! Failed to extract the initrd from boot option" || die "!!! Failed to extract the initrd from boot option"
if [ -z "$INITRD" ]; then if [ -z "$INITRD" ]; then