Add a configuration GUI script

This change will add a new GUI script that will allow users to change
their running configuration (currently just /boot and USB boot options)
and optionally persist that modified configuration with reflashing the
BIOS with a modified cbfs.

initrd/bin/config-gui.sh

@@ -0,0 +1,135 @@
+#!/bin/sh
+#
+set -e -o pipefail
+. /etc/functions
+. /etc/config
+
+file_selector() {
+  FILE=""
+  FILE_LIST=$1
+  MENU_MSG=${2:-"Choose the file"}
+# create file menu options
+  if [ `cat "$FILE_LIST" | wc -l` -gt 0 ]; then
+    option=""
+    while [ -z "$option" ]
+    do
+      MENU_OPTIONS=""
+      n=0
+      while read option
+      do
+        n=`expr $n + 1`
+        option=$(echo $option | tr " " "_")
+        MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
+      done < $FILE_LIST
+
+      MENU_OPTIONS="$MENU_OPTIONS a Abort"
+      whiptail --clear --title "Select your File" \
+        --menu "${MENU_MSG} [1-$n, a to abort]:" 20 120 8 \
+        -- $MENU_OPTIONS \
+        2>/tmp/whiptail || die "Aborting"
+
+      option_index=$(cat /tmp/whiptail)
+
+      if [ "$option_index" = "a" ]; then
+        option="a"
+        return
+      fi
+
+      option=`head -n $option_index $FILE_LIST | tail -1`
+      if [ "$option" == "a" ]; then
+        return
+      fi
+    done
+    if [ -n "$option" ]; then
+      FILE=$option
+    fi
+  else
+    whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Files Found' \
+      --msgbox "No Files found matching the pattern. Aborting." 16 60
+    exit 1
+  fi
+}
+replace_config() {
+  CONFIG_OPTION=$1
+  NEW_SETTING=$2
+
+  awk "gsub(\"^export ${CONFIG_OPTION}=.*\",\"export ${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /etc/config > /tmp/config
+  awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /etc/config >> /tmp/config
+  grep -v "^export ${CONFIG_OPTION}=" /etc/config | grep -v "^${CONFIG_OPTION}=" >> /tmp/config
+  mv /tmp/config /etc/config
+}
+
+while true; do
+  unset menu_choice
+  whiptail --clear --title "Config Management Menu" \
+    --menu "This menu lets you change existing configuration options for the existing BIOS session.\n\nIf you want those changes to persist after reboot\n\nyou must also save them to the running BIOS." 20 90 10 \
+    'b' ' Change the /boot device' \
+    'u' ' Change the USB boot device' \
+    's' ' Save the current configuration to the running BIOS' \
+    'x' ' Exit' \
+    2>/tmp/whiptail || recovery "GUI menu failed"
+
+  menu_choice=$(cat /tmp/whiptail)
+
+  case "$menu_choice" in
+    "x" )
+      exit 0
+    ;;
+    "b" )
+      CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /etc/config | cut -f2 -d '=' | tr -d '"'`
+      find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt
+      file_selector "/tmp/filelist.txt" "Choose the default /boot device.\n\nCurrently set to $CURRENT_OPTION."
+      if [ "$FILE" == "" ]; then
+        return
+      else
+        SELECTED_FILE=$FILE
+      fi
+
+      replace_config "CONFIG_BOOT_DEV" "$SELECTED_FILE"
+
+      whiptail --title 'Config change successful' \
+        --msgbox "The /boot device was successfully changed to $SELECTED_FILE" 16 60
+    ;;
+    "u" )
+      CURRENT_OPTION=`grep 'CONFIG_USB_BOOT_DEV=' /etc/config | cut -f2 -d '=' | tr -d '"'`
+      find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt
+      file_selector "/tmp/filelist.txt" "Choose the default USB boot device.\n\nCurrently set to $CURRENT_OPTION."
+      if [ "$FILE" == "" ]; then
+        return
+      else
+        SELECTED_FILE=$FILE
+      fi
+
+      replace_config "CONFIG_USB_BOOT_DEV" "$SELECTED_FILE"
+
+      whiptail --title 'Config change successful' \
+        --msgbox "The USB boot device was successfully changed to $SELECTED_FILE" 16 60
+    ;;
+    "s" )
+      /bin/flash.sh -r /tmp/config-gui.rom
+      if [ ! -s /tmp/config-gui.rom ]; then
+        whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \
+          --msgbox "Unable to read BIOS" 16 60
+        exit 1
+      fi
+
+      if (cbfs -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config") then
+        cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config"
+      fi
+      cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config" -f /etc/config
+
+      if (whiptail --title 'Update ROM?' \
+          --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then
+        /bin/flash.sh /tmp/config-gui.rom
+        whiptail --title 'BIOS Updated Successfully' \
+          --msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 16 60
+        umount /media
+        /bin/reboot
+      else
+        exit 0
+      fi
+    ;;
+  esac
+
+done
+exit 0

initrd/bin/gui-init

@@ -183,6 +183,7 @@ while true; do
       --menu "Configure Advanced Settings" 20 90 10 \
       'g' ' Generate new TOTP/HOTP secret' \
       's' ' Update checksums and sign all files in /boot' \
+      'c' ' Change configuration settings -->' \
       'f' ' Flash/Update the BIOS -->' \
       'p' ' Reset the TPM' \
       'n' ' TOTP/HOTP does not match after refresh, troubleshoot' \
@@ -286,6 +287,11 @@ while true; do
     continue
   fi
 
+  if [ "$totp_confirm" = "c" ]; then
+    config-gui.sh
+    continue
+  fi
+
   if [ "$totp_confirm" = "f" ]; then
     flash-gui.sh
     continue