mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 07:06:42 +00:00
Rename CONFIG_PUREBOOT_BASIC to CONFIG_BASIC
Remove brand name from this configuration variable. For backward compatibility, update config.user in init if the branded variable is present. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
parent
1bf8331ffb
commit
3c4a9fcf0d
@ -33,7 +33,7 @@ while true; do
|
|||||||
dynamic_config_options=()
|
dynamic_config_options=()
|
||||||
|
|
||||||
# Options that don't apply to basic mode
|
# Options that don't apply to basic mode
|
||||||
[ "$CONFIG_PUREBOOT_BASIC" != "y" ] && dynamic_config_options+=(
|
[ "$CONFIG_BASIC" != "y" ] && dynamic_config_options+=(
|
||||||
'r' ' Clear GPG key(s) and reset all user settings'
|
'r' ' Clear GPG key(s) and reset all user settings'
|
||||||
'R' ' Change the root device for hashing'
|
'R' ' Change the root device for hashing'
|
||||||
'D' ' Change the root directories to hash'
|
'D' ' Change the root directories to hash'
|
||||||
@ -43,7 +43,7 @@ while true; do
|
|||||||
|
|
||||||
# Basic itself is always available (though RB will refuse to enable it)
|
# Basic itself is always available (though RB will refuse to enable it)
|
||||||
dynamic_config_options+=(
|
dynamic_config_options+=(
|
||||||
'P' " $(get_config_display_action "$CONFIG_PUREBOOT_BASIC") PureBoot Basic Mode"
|
'P' " $(get_config_display_action "$CONFIG_BASIC") PureBoot Basic Mode"
|
||||||
)
|
)
|
||||||
|
|
||||||
# Blob jail is only offered if this is a configuration with the blobs in
|
# Blob jail is only offered if this is a configuration with the blobs in
|
||||||
@ -53,7 +53,7 @@ while true; do
|
|||||||
)
|
)
|
||||||
|
|
||||||
# Basic-only options for automatic boot
|
# Basic-only options for automatic boot
|
||||||
[ "$CONFIG_PUREBOOT_BASIC" = "y" ] && dynamic_config_options+=(
|
[ "$CONFIG_BASIC" = "y" ] && dynamic_config_options+=(
|
||||||
'A' " $(get_inverted_config_display_action "$CONFIG_BASIC_NO_AUTOMATIC_DEFAULT") automatic default boot"
|
'A' " $(get_inverted_config_display_action "$CONFIG_BASIC_NO_AUTOMATIC_DEFAULT") automatic default boot"
|
||||||
'U' " $(get_config_display_action "$CONFIG_BASIC_USB_AUTOBOOT") USB automatic boot"
|
'U' " $(get_config_display_action "$CONFIG_BASIC_USB_AUTOBOOT") USB automatic boot"
|
||||||
)
|
)
|
||||||
@ -265,13 +265,13 @@ while true; do
|
|||||||
if [ "$CONFIG_RESTRICTED_BOOT" = "y" ]; then
|
if [ "$CONFIG_RESTRICTED_BOOT" = "y" ]; then
|
||||||
whiptail $BG_COLOR_ERROR --title 'Restricted Boot Active' \
|
whiptail $BG_COLOR_ERROR --title 'Restricted Boot Active' \
|
||||||
--msgbox "Disable Restricted Boot to enable Basic Mode." 0 80
|
--msgbox "Disable Restricted Boot to enable Basic Mode." 0 80
|
||||||
elif [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then
|
elif [ "$CONFIG_BASIC" != "y" ]; then
|
||||||
if (whiptail --title 'Enable PureBoot Basic Mode?' \
|
if (whiptail --title 'Enable PureBoot Basic Mode?' \
|
||||||
--yesno "This will remove all signature checking on the firmware
|
--yesno "This will remove all signature checking on the firmware
|
||||||
\nand boot files, and disable use of the Librem Key.
|
\nand boot files, and disable use of the Librem Key.
|
||||||
\n\nDo you want to proceed?" 0 80) then
|
\n\nDo you want to proceed?" 0 80) then
|
||||||
|
|
||||||
set_user_config "CONFIG_PUREBOOT_BASIC" "y"
|
set_user_config "CONFIG_BASIC" "y"
|
||||||
|
|
||||||
whiptail --title 'Config change successful' \
|
whiptail --title 'Config change successful' \
|
||||||
--msgbox "PureBoot Basic mode enabled;\nsave the config change and reboot for it to go into effect." 0 80
|
--msgbox "PureBoot Basic mode enabled;\nsave the config change and reboot for it to go into effect." 0 80
|
||||||
@ -283,7 +283,7 @@ while true; do
|
|||||||
\nand boot files, and enable use of the Librem Key.
|
\nand boot files, and enable use of the Librem Key.
|
||||||
\n\nDo you want to proceed?" 0 80) then
|
\n\nDo you want to proceed?" 0 80) then
|
||||||
|
|
||||||
set_user_config "CONFIG_PUREBOOT_BASIC" "n"
|
set_user_config "CONFIG_BASIC" "n"
|
||||||
|
|
||||||
whiptail --title 'Config change successful' \
|
whiptail --title 'Config change successful' \
|
||||||
--msgbox "PureBoot Basic mode has been disabled;\nsave the config change and reboot for it to go into effect." 0 80
|
--msgbox "PureBoot Basic mode has been disabled;\nsave the config change and reboot for it to go into effect." 0 80
|
||||||
|
@ -194,7 +194,7 @@ if [ "$CONFIG_TPM" = "y" ];then
|
|||||||
extparam=-r
|
extparam=-r
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then
|
if [ "$CONFIG_BASIC" != "y" ]; then
|
||||||
kexec-sign-config -p $paramsdir $extparam \
|
kexec-sign-config -p $paramsdir $extparam \
|
||||||
|| die "Failed to sign default config"
|
|| die "Failed to sign default config"
|
||||||
fi
|
fi
|
||||||
|
@ -257,7 +257,7 @@ default_select() {
|
|||||||
fi
|
fi
|
||||||
parse_option
|
parse_option
|
||||||
|
|
||||||
if [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then
|
if [ "$CONFIG_BASIC" != "y" ]; then
|
||||||
# Enforce that default option hashes are valid
|
# Enforce that default option hashes are valid
|
||||||
echo "+++ Checking verified default boot hash file "
|
echo "+++ Checking verified default boot hash file "
|
||||||
# Check the hashes of all the files
|
# Check the hashes of all the files
|
||||||
@ -321,7 +321,7 @@ user_select() {
|
|||||||
|
|
||||||
do_boot()
|
do_boot()
|
||||||
{
|
{
|
||||||
if [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then
|
if [ "$CONFIG_BASIC" != "y" ]; then
|
||||||
kexec-boot -b "$bootdir" -e "$option" -a "$add" -r "$remove" \
|
kexec-boot -b "$bootdir" -e "$option" -a "$add" -r "$remove" \
|
||||||
|| die "!!! Failed to boot w/ options: $option"
|
|| die "!!! Failed to boot w/ options: $option"
|
||||||
fi
|
fi
|
||||||
@ -354,7 +354,7 @@ do_boot()
|
|||||||
}
|
}
|
||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
if [ "$force_boot" = "y" -o "$CONFIG_PUREBOOT_BASIC" = "y" ]; then
|
if [ "$force_boot" = "y" -o "$CONFIG_BASIC" = "y" ]; then
|
||||||
check_config $paramsdir force
|
check_config $paramsdir force
|
||||||
else
|
else
|
||||||
check_config $paramsdir
|
check_config $paramsdir
|
||||||
@ -372,7 +372,7 @@ while true; do
|
|||||||
# even if hashes don't match
|
# even if hashes don't match
|
||||||
if [ "$force_boot" = "y" ]; then
|
if [ "$force_boot" = "y" ]; then
|
||||||
scan_options
|
scan_options
|
||||||
if [ "$CONFIG_PUREBOOT_BASIC" != "y" ]; then
|
if [ "$CONFIG_BASIC" != "y" ]; then
|
||||||
# Remove boot splash and make background red in the event of a forced boot
|
# Remove boot splash and make background red in the event of a forced boot
|
||||||
add="$add vt.default_red=0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff"
|
add="$add vt.default_red=0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff"
|
||||||
remove="$remove splash quiet"
|
remove="$remove splash quiet"
|
||||||
@ -393,7 +393,7 @@ while true; do
|
|||||||
scan_options
|
scan_options
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$CONFIG_TPM" = "y" -a "$CONFIG_PUREBOOT_BASIC" != "y" ]; then
|
if [ "$CONFIG_TPM" = "y" -a "$CONFIG_BASIC" != "y" ]; then
|
||||||
# Optionally enforce device file hashes
|
# Optionally enforce device file hashes
|
||||||
if [ -r "$TMP_HASH_FILE" ]; then
|
if [ -r "$TMP_HASH_FILE" ]; then
|
||||||
valid_global_hash="n"
|
valid_global_hash="n"
|
||||||
|
@ -266,7 +266,7 @@ check_config() {
|
|||||||
|| die 'Failed to empty kexec tmp dir'
|
|| die 'Failed to empty kexec tmp dir'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -r $1/kexec.sig -a "$CONFIG_PUREBOOT_BASIC" != "y" ]; then
|
if [ ! -r $1/kexec.sig -a "$CONFIG_BASIC" != "y" ]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -135,10 +135,14 @@ fi
|
|||||||
echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user
|
echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user
|
||||||
echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user
|
echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user
|
||||||
|
|
||||||
|
# CONFIG_BASIC was previously CONFIG_PUREBOOT_BASIC in the PureBoot distribution.
|
||||||
|
# Substitute it in config.user if present for backward compatibility.
|
||||||
|
sed -i -e 's/^export CONFIG_PUREBOOT_BASIC=/export CONFIG_BASIC=/g' /etc/config.user
|
||||||
|
|
||||||
combine_configs
|
combine_configs
|
||||||
. /tmp/config
|
. /tmp/config
|
||||||
|
|
||||||
if [ "$CONFIG_PUREBOOT_BASIC" = "y" ]; then
|
if [ "$CONFIG_BASIC" = "y" ]; then
|
||||||
echo -e "***** BASIC mode: tamper detection disabled\n" > /dev/tty0
|
echo -e "***** BASIC mode: tamper detection disabled\n" > /dev/tty0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -153,7 +157,7 @@ if [ ! -z "$CONFIG_BOOT_DEV" ]; then
|
|||||||
echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0"
|
echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$CONFIG_PUREBOOT_BASIC" = "y" ]; then
|
if [ "$CONFIG_BASIC" = "y" ]; then
|
||||||
CONFIG_BOOTSCRIPT=/bin/gui-init-basic
|
CONFIG_BOOTSCRIPT=/bin/gui-init-basic
|
||||||
export CONFIG_HOTPKEY=n
|
export CONFIG_HOTPKEY=n
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user