From 3a917bb90b250217e65dabe0d7a5755f09026e20 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Thu, 3 Nov 2022 14:13:16 -0400 Subject: [PATCH] config-gui.sh: Extract utilities from config-gui.sh Extract utilities from config-gui.sh for use in additional config settings. read_rom() reads the current ROM with a message for failure. replace_rom_file() replaces a CBFS file in a ROM. set_config() sets a configuration variable in a file. Signed-off-by: Jonathon Hall --- initrd/bin/config-gui.sh | 30 +++++++++++++----------------- initrd/etc/functions | 26 ++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 17 deletions(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 605fb4ec..014c8da7 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -11,6 +11,16 @@ ROOT_HASH_FILE="/boot/kexec_root_hashes.txt" param=$1 +# Read the current ROM; if it fails display an error and exit. +read_rom() { + /bin/flash.sh -r "$1" + if [ ! -s "$1" ]; then + whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \ + --msgbox "Unable to read BIOS" 0 80 + exit 1 + fi +} + while true; do if [ ! -z "$param" ]; then # use first char from parameter @@ -82,17 +92,9 @@ while true; do --msgbox "The /boot device was successfully changed to $SELECTED_FILE" 16 60 ;; "s" ) - /bin/flash.sh -r /tmp/config-gui.rom - if [ ! -s /tmp/config-gui.rom ]; then - whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \ - --msgbox "Unable to read BIOS" 16 60 - exit 1 - fi + read_rom /tmp/config-gui.rom - if (cbfs.sh -o /tmp/config-gui.rom -l | grep -q "heads/initrd/etc/config.user") then - cbfs.sh -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user" - fi - cbfs.sh -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user + replace_rom_file /tmp/config-gui.rom "heads/initrd/etc/config.user" /etc/config.user if (whiptail --title 'Update ROM?' \ --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80) then @@ -111,13 +113,7 @@ while true; do \nreset the /boot device, clear/reset the TPM (if present), \nand reflash your BIOS with the cleaned configuration. \n\nDo you want to proceed?" 0 80) then - # read current firmware - /bin/flash.sh -r /tmp/config-gui.rom - if [ ! -s /tmp/config-gui.rom ]; then - whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \ - --msgbox "Unable to read BIOS" 16 60 - exit 1 - fi + read_rom /tmp/config-gui.rom # clear local keyring rm /.gnupg/* | true # clear /boot signatures/checksums diff --git a/initrd/etc/functions b/initrd/etc/functions index 68a80ac5..fb8f90d9 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -267,6 +267,18 @@ check_config() { || die "Failed to copy kexec boot params to tmp" } +# Replace a file in a ROM (add it if the file does not exist) +replace_rom_file() { + ROM="$1" + ROM_FILE="$2" + NEW_FILE="$3" + + if (cbfs.sh -o "$ROM" -l | grep -q "$ROM_FILE") then + cbfs.sh -o "$ROM" -d "$ROM_FILE" + fi + cbfs.sh -o "$ROM" -a "$ROM_FILE" -f "$NEW_FILE" +} + replace_config() { TRACE "Under /etc/functions:replace_config" CONFIG_FILE=$1 @@ -284,6 +296,20 @@ replace_config() { rm -f ${CONFIG_FILE}.tmp } +# Set a config variable to a given value - replace it if it exists, or add it. +# If added, the variable will be exported. +set_config() { + CONFIG_FILE="$1" + CONFIG_OPTION="$2" + NEW_SETTING="$3" + + if grep -q "$CONFIG_OPTION" "$CONFIG_FILE"; then + replace_config "$CONFIG_FILE" "$CONFIG_OPTION" "$NEW_SETTING" + else + echo "export $CONFIG_OPTION=$NEW_SETTING" >>"$CONFIG_FILE" + fi +} + # Generate secret value using first 20 chars of ROM SHA256 hash secret_from_rom_hash() { local ROM_IMAGE="/tmp/coreboot-notpm.rom"