Move Qubes startup script to /boot/boot.sh

This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.

Issue #154: for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM.  This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.

Issue #123: this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue #29).

This does not address issues #110 of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.

initrd/bin/qubes-init

@@ -22,6 +22,23 @@ recovery() {
 mount -o ro "$CONFIG_QUBES_BOOT_DEV" /boot \
 	|| recovery '$CONFIG_BOOT_DEV: Unable to mount /boot'
 
+BOOT_SCRIPT=/boot/boot.sh
+if [ ! -x /boot/boot.sh ]; then
+	recovery "$BOOT_SCRIPT does not exist"
+fi
+
+# Hand control over to the user boot script
+echo "+++ Checking $BOOT_SCRIPT"
+gpgv "$BOOT_SCRIPT.asc" "$BOOT_SCRIPT" \
+	|| recovery 'boot script signature failed'
+
+exec "$BOOT_SCRIPT"
+
+recovery 'Boot script exec failed?'
+
+############################
+# For historical reference
+
 # TODO: Allow these to be specified on the /boot device
 XEN=/boot/xen-4.6.3.heads
 INITRD=/boot/initramfs-4.4.31-11.pvops.qubes.x86_64.img
@@ -51,12 +68,19 @@ unseal-key \
 # command line arguments are in the hash, so they are "correct".
 kexec \
 	-l \
-	--module "${KERNEL} root=LABEL=root rhgb" \
+	--module "${KERNEL} root=LABEL=root ro rd.qubes.hide_all_usb rhgb" \
 	--module "${INITRD}" \
-	--command-line "no-real-mode reboot=no console=vga dom0_mem=min:1024M dom0_mem=max:4096M" \
+	--command-line "no-real-mode reboot=no"
 	"${XEN}" \
 || recovery "kexec load failed"
 
+
+kexec -l \
+	--module "${KERNEL} root=UUID=257b593f-d4ae-46ee-b499-14bc9ffd37d4 ro rd.qubes.hide_all_usb" \
+	--module "/boot/initramfs-4.4.31-11.pvops.qubes.x86_64.img" \
+	--command-line "no-real-mode reboot=no" \
+	/boot/xen-4.6.3.heads
+
 # Last step is to override PCR 6 so that user can't read the key
 tpm extend -ix 4 -ic qubes \
 	|| recovery 'Unable to scramble PCR'

qubes/boot.sh

@@ -0,0 +1,70 @@
+#!/bin/sh
+# /boot/boot.sh -- Startup Qubes
+#
+# The signature on this script will be verified by the ROM,
+# and this script lives on the /boot partition to allow
+# the system owner to change the specific Qubes boot parameters
+#
+# This depends on the PCR 4 being "normal-boot":
+# f8fa3b6e32e7c6fe04c366e74636e505b28f3b0d
+# which is only set if the top level /init script has started
+# without user intervention or dropping into a recovery shell.
+#
+# To sign this script and the other bootable components:
+#
+#	gpg -a --sign --detach-sign boot.sh
+#
+
+XEN=/boot/xen-4.6.4.heads
+INITRD=/boot/initramfs-4.4.38-11.pvops.qubes.x86_64.img
+KERNEL=/boot/vmlinuz-4.4.38-11.pvops.qubes.x86_64
+
+
+recovery() {
+	echo >&2 "!!!!! $@"
+	rm -f /tmp/secret.key
+	tpm extend -ix 4 -if recovery
+
+	echo >&2 "!!!!! Starting recovery shell"
+	exec /bin/ash
+}
+
+. /config
+
+echo "+++ Checking $XEN"
+gpgv "${XEN}.asc" "${XEN}" \
+	|| recovery 'Xen signature failed'
+
+echo "+++ Checking $INITRD"
+gpgv "${INITRD}.asc" "${INITRD}" \
+	|| recovery 'Initrd signature failed'
+
+echo "+++ Checking $KERNEL"
+gpgv "${KERNEL}.asc" "${KERNEL}" \
+	|| recovery 'Kernel signature failed'
+
+# Measure the LUKS headers before we unseal the disk key
+qubes-measure-luks $CONFIG_QUBES_DEVS \
+	|| recovery "LUKS measure failed"
+
+# Attempt to unseal the disk key from the TPM
+# should we give this some number of tries?
+unseal-key \
+	|| recovery 'Unseal disk key failed. Starting recovery shell'
+
+# command line arguments are include in the signature on this script,
+# although the root UUID should be specified in some better manner.
+kexec \
+	-l \
+	--module "${KERNEL} root=UUID=257b593f-d4ae-46ee-b499-14bc9ffd37d4 ro rd.qubes.hide_all_usb" \
+	--module "${INITRD}" \
+	--command-line "no-real-mode reboot=no" \
+	"${XEN}" \
+|| recovery "kexec load failed"
+
+# Last step is to override PCR 4 so that user can't read the key
+tpm extend -ix 4 -ic qubes \
+	|| recovery 'Unable to scramble PCR'
+
+echo "+++ Starting Qubes..."
+exec kexec -e

qubes/boot.sh.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEVAwUAWOGvZA+UgFLd7L5oAQIeEggA1MAF+Tb+ArEbUsJrvPF7104c+tXzPQXU
+7w0cSiJvmsMxLGwg4hAGLcy3ptqTzrVEngmkblCnl2+b2O7Vy0N64t0ptfXj8FCA
+FoEMdmwiMNN7W2CglXgwaEmymc0cE8GrppZK6LRSUdngtKQftgyPRCicX+J7xH1Y
+0Lnien+/qgIFHM8QVgVi8s8KFcY0OXKYVOFYWiHUE32/hQTSUllTaj+hW3+NCEnZ
+K+HMydkQM7rdL974KFZn+0VMLnruD6c//ITXY0kE5I6XCdkOu3KaUm5QP6rIAydk
+MM+47hJTnXThMK9wTBfvrJE0BZvK7t90bl+r6QPVErwLOpC0r00S/w==
+=OJy5
+-----END PGP SIGNATURE-----

qubes/initramfs-4.4.38-11.pvops.qubes.x86_64.img.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEVAwUAWOGqKg+UgFLd7L5oAQJ0RQgA2HlVhBhct6L49tblW+7vJKgWw4Kplf19
+1CQvohKHcms3IDKJX1RZxkcnm7RVefyRBaaeUk5b94JHpX/UgJnwxc19c7tO8TXw
+2EPJfzUTOJQXSIpkEIzVsd+5AaF4TpW8FTsPJ08mALfp8jK3dJGEWrAOVkKSfig6
+k6oC0jac59WAatzAaUqEoOp/gfBfsuh2BmXSlAuShm9DFo3GhggQ+RIyyDlF2Cgu
+gXwBoRk5buAvCdp8c6I8R6bbHRXrRR01AVxmke0fM5vSnW0BICrIVfMYdr4TAqxL
+J+hsE/ea3XVGU/P1on5lLQglpM9dhIcsJL36hSzC58oGpT71xUiTFQ==
+=Nkga
+-----END PGP SIGNATURE-----

qubes/vmlinuz-4.4.38-11.pvops.qubes.x86_64.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEVAwUAWOGqMA+UgFLd7L5oAQLPxwgAljBeqZXRGeO3pGZhIZa9DMHMm1SluzX9
+9iOFQgGdG9mxX70vdBF9567AlndVtZdi4ZAxZpfe5QuW9PNV34cxEjHqOwqOX3H3
+XMOh8pgD5IgSxdegnfLCPIkk06RkwBnjZGTY1OumlnKydGcT0FoQbqqKtve/1vir
+AKB6HO8jdtMIJzjCmF4NmSQyJ+hJgvYebUxY771dUlskrdJNedlCH1LEWRGPYAGO
+D4UZhz0leWZ9rfIS3QBnMHKdlGk1S+c4L5RwRsJ5cNYomAP84ZrUqDfSeNecICgo
+zyWXjoDOEu5qeht+hTvj8s81J9c1Nl7aeqDdNBGVDF5wPknD8nP6nQ==
+=2H9g
+-----END PGP SIGNATURE-----

qubes/xen-4.6.4.heads.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEVAwUAWOGqDg+UgFLd7L5oAQImNwf6A8cD8aoTyzIMhOYyXXwDsGLJht8WLEUH
+KTXdYvzoU7T+gB+XQclz8kqnp1GWO0vuoI9S6x74ApziHb+WnXQg8O0WUP2J+MXq
+nNRZ3i5yl4qBpA2j1sCC8GZxU77v5lzNCDtHEOQys00fDgG4K7Anofn2b9zhMbrm
+RD0Z8Xqf/yAa6xVyFWhCdsyitmWvlzTwWzCB+XvbO3fyF+uJ+dn9gawRmD8JUACH
+kw8h2CDhoYX8doBoji1u9dvUDyyOeamAhmLpEvd7F1YWqIKpDiquen6BjgS28rOV
+DHuUiq0qmcCGZdbt0r/8fNau5DUHodlJIurGmRCZzc6n+4eO9q/JEA==
+=f6cv
+-----END PGP SIGNATURE-----