Rename CONFIG_PUREBOOT_BASIC to CONFIG_BASIC

Remove brand name from this configuration variable.  For backward
compatibility, update config.user in init if the branded variable is
present.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
Jonathon Hall 2023-06-21 14:36:28 -04:00
parent 1bf8331ffb
commit 3c4a9fcf0d
No known key found for this signature in database
GPG Key ID: 1E9C3CA91AE25114
5 changed files with 19 additions and 15 deletions

View File

@ -33,7 +33,7 @@ while true; do
dynamic_config_options=() dynamic_config_options=()
# Options that don't apply to basic mode # Options that don't apply to basic mode
[ "$CONFIG_PUREBOOT_BASIC" != "y" ] && dynamic_config_options+=( [ "$CONFIG_BASIC" != "y" ] && dynamic_config_options+=(
'r' ' Clear GPG key(s) and reset all user settings' 'r' ' Clear GPG key(s) and reset all user settings'
'R' ' Change the root device for hashing' 'R' ' Change the root device for hashing'
'D' ' Change the root directories to hash' 'D' ' Change the root directories to hash'
@ -43,7 +43,7 @@ while true; do
# Basic itself is always available (though RB will refuse to enable it) # Basic itself is always available (though RB will refuse to enable it)
dynamic_config_options+=( dynamic_config_options+=(
'P' " $(get_config_display_action "$CONFIG_PUREBOOT_BASIC") PureBoot Basic Mode" 'P' " $(get_config_display_action "$CONFIG_BASIC") PureBoot Basic Mode"
) )
# Blob jail is only offered if this is a configuration with the blobs in # Blob jail is only offered if this is a configuration with the blobs in
@ -53,7 +53,7 @@ while true; do
) )
# Basic-only options for automatic boot # Basic-only options for automatic boot
[ "$CONFIG_PUREBOOT_BASIC" = "y" ] && dynamic_config_options+=( [ "$CONFIG_BASIC" = "y" ] && dynamic_config_options+=(
'A' " $(get_inverted_config_display_action "$CONFIG_BASIC_NO_AUTOMATIC_DEFAULT") automatic default boot" 'A' " $(get_inverted_config_display_action "$CONFIG_BASIC_NO_AUTOMATIC_DEFAULT") automatic default boot"
'U' " $(get_config_display_action "$CONFIG_BASIC_USB_AUTOBOOT") USB automatic boot" 'U' " $(get_config_display_action "$CONFIG_BASIC_USB_AUTOBOOT") USB automatic boot"
) )
@ -265,13 +265,13 @@ while true; do
if [ "$CONFIG_RESTRICTED_BOOT" = "y" ]; then if [ "$CONFIG_RESTRICTED_BOOT" = "y" ]; then
whiptail $BG_COLOR_ERROR --title 'Restricted Boot Active' \ whiptail $BG_COLOR_ERROR --title 'Restricted Boot Active' \
--msgbox "Disable Restricted Boot to enable Basic Mode." 0 80 --msgbox "Disable Restricted Boot to enable Basic Mode." 0 80
elif [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then elif [ "$CONFIG_BASIC" != "y" ]; then
if (whiptail --title 'Enable PureBoot Basic Mode?' \ if (whiptail --title 'Enable PureBoot Basic Mode?' \
--yesno "This will remove all signature checking on the firmware --yesno "This will remove all signature checking on the firmware
\nand boot files, and disable use of the Librem Key. \nand boot files, and disable use of the Librem Key.
\n\nDo you want to proceed?" 0 80) then \n\nDo you want to proceed?" 0 80) then
set_user_config "CONFIG_PUREBOOT_BASIC" "y" set_user_config "CONFIG_BASIC" "y"
whiptail --title 'Config change successful' \ whiptail --title 'Config change successful' \
--msgbox "PureBoot Basic mode enabled;\nsave the config change and reboot for it to go into effect." 0 80 --msgbox "PureBoot Basic mode enabled;\nsave the config change and reboot for it to go into effect." 0 80
@ -283,7 +283,7 @@ while true; do
\nand boot files, and enable use of the Librem Key. \nand boot files, and enable use of the Librem Key.
\n\nDo you want to proceed?" 0 80) then \n\nDo you want to proceed?" 0 80) then
set_user_config "CONFIG_PUREBOOT_BASIC" "n" set_user_config "CONFIG_BASIC" "n"
whiptail --title 'Config change successful' \ whiptail --title 'Config change successful' \
--msgbox "PureBoot Basic mode has been disabled;\nsave the config change and reboot for it to go into effect." 0 80 --msgbox "PureBoot Basic mode has been disabled;\nsave the config change and reboot for it to go into effect." 0 80

View File

@ -194,7 +194,7 @@ if [ "$CONFIG_TPM" = "y" ];then
extparam=-r extparam=-r
fi fi
fi fi
if [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then if [ "$CONFIG_BASIC" != "y" ]; then
kexec-sign-config -p $paramsdir $extparam \ kexec-sign-config -p $paramsdir $extparam \
|| die "Failed to sign default config" || die "Failed to sign default config"
fi fi

View File

@ -257,7 +257,7 @@ default_select() {
fi fi
parse_option parse_option
if [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then if [ "$CONFIG_BASIC" != "y" ]; then
# Enforce that default option hashes are valid # Enforce that default option hashes are valid
echo "+++ Checking verified default boot hash file " echo "+++ Checking verified default boot hash file "
# Check the hashes of all the files # Check the hashes of all the files
@ -321,7 +321,7 @@ user_select() {
do_boot() do_boot()
{ {
if [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then if [ "$CONFIG_BASIC" != "y" ]; then
kexec-boot -b "$bootdir" -e "$option" -a "$add" -r "$remove" \ kexec-boot -b "$bootdir" -e "$option" -a "$add" -r "$remove" \
|| die "!!! Failed to boot w/ options: $option" || die "!!! Failed to boot w/ options: $option"
fi fi
@ -354,7 +354,7 @@ do_boot()
} }
while true; do while true; do
if [ "$force_boot" = "y" -o "$CONFIG_PUREBOOT_BASIC" = "y" ]; then if [ "$force_boot" = "y" -o "$CONFIG_BASIC" = "y" ]; then
check_config $paramsdir force check_config $paramsdir force
else else
check_config $paramsdir check_config $paramsdir
@ -372,7 +372,7 @@ while true; do
# even if hashes don't match # even if hashes don't match
if [ "$force_boot" = "y" ]; then if [ "$force_boot" = "y" ]; then
scan_options scan_options
if [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then if [ "$CONFIG_BASIC" != "y" ]; then
# Remove boot splash and make background red in the event of a forced boot # Remove boot splash and make background red in the event of a forced boot
add="$add vt.default_red=0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff" add="$add vt.default_red=0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff"
remove="$remove splash quiet" remove="$remove splash quiet"
@ -393,7 +393,7 @@ while true; do
scan_options scan_options
fi fi
if [ "$CONFIG_TPM" = "y" -a "$CONFIG_PUREBOOT_BASIC" != "y" ]; then if [ "$CONFIG_TPM" = "y" -a "$CONFIG_BASIC" != "y" ]; then
# Optionally enforce device file hashes # Optionally enforce device file hashes
if [ -r "$TMP_HASH_FILE" ]; then if [ -r "$TMP_HASH_FILE" ]; then
valid_global_hash="n" valid_global_hash="n"

View File

@ -266,7 +266,7 @@ check_config() {
|| die 'Failed to empty kexec tmp dir' || die 'Failed to empty kexec tmp dir'
fi fi
if [ ! -r $1/kexec.sig -a "$CONFIG_PUREBOOT_BASIC" != "y" ]; then if [ ! -r $1/kexec.sig -a "$CONFIG_BASIC" != "y" ]; then
return return
fi fi

View File

@ -135,10 +135,14 @@ fi
echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user
echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user
# CONFIG_BASIC was previously CONFIG_PUREBOOT_BASIC in the PureBoot distribution.
# Substitute it in config.user if present for backward compatibility.
sed -i -e 's/^export CONFIG_PUREBOOT_BASIC=/export CONFIG_BASIC=/g' /etc/config.user
combine_configs combine_configs
. /tmp/config . /tmp/config
if [ "$CONFIG_PUREBOOT_BASIC" = "y" ]; then if [ "$CONFIG_BASIC" = "y" ]; then
echo -e "***** BASIC mode: tamper detection disabled\n" > /dev/tty0 echo -e "***** BASIC mode: tamper detection disabled\n" > /dev/tty0
fi fi
@ -153,7 +157,7 @@ if [ ! -z "$CONFIG_BOOT_DEV" ]; then
echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0" echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0"
fi fi
if [ "$CONFIG_PUREBOOT_BASIC" = "y" ]; then if [ "$CONFIG_BASIC" = "y" ]; then
CONFIG_BOOTSCRIPT=/bin/gui-init-basic CONFIG_BOOTSCRIPT=/bin/gui-init-basic
export CONFIG_HOTPKEY=n export CONFIG_HOTPKEY=n
fi fi