ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-13 06:05:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

config-gui.sh: Add quiet mode toggle, which turns off debug+tracing if enabled, and where enabling debug+tracing disables Quiet mode

Browse Source 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-12-15 20:41:08 -05:00
parent a54a4b8afa
commit 4354cd4c22
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
1 changed files with 490 additions and 462 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
initrd/bin/config-gui.sh
View File

@ -83,12 +83,17 @@ while true; do
'Z' " $(get_config_display_action "$CONFIG_DEBUG_OUTPUT") $CONFIG_BRAND_NAME debug and function tracing output"
)
# Quiet option always available
dynamic_config_options+=(
'Q' " $(get_config_display_action "$CONFIG_QUIET_MODE") $CONFIG_BRAND_NAME quiet mode"
)
[ "$CONFIG_FINALIZE_PLATFORM_LOCKING" = "y" ] && dynamic_config_options+=(
't' ' Deactivate Platform Locking to permit OS write access to firmware'
)
dynamic_config_options+=(
's' ' Save the current configuration to the running BIOS' \
's' ' Save the current configuration to the running BIOS'
'x' ' Return to Main Menu'
)
@ -120,9 +125,9 @@ while true; do
fi
# filter out extraneous options
>/tmp/boot_device_list.txt
for i in `cat /tmp/disklist.txt`; do
for i in $(cat /tmp/disklist.txt); do
# remove block device from list if numeric partitions exist, since not bootable
DEV_NUM_PARTITIONS=$((`ls -1 $i* | wc -l`-1))
DEV_NUM_PARTITIONS=$(($(ls -1 $i* | wc -l) - 1))
if [ ${DEV_NUM_PARTITIONS} -eq 0 ]; then
echo $i >>/tmp/boot_device_list.txt
else
@ -144,7 +149,7 @@ while true; do
fi
# mount newly selected /boot device
if ! mount -o ro $SELECTED_FILE /boot 2>/tmp/error; then
ERROR=`cat /tmp/error`
ERROR=$(cat /tmp/error)
whiptail_error --title 'ERROR: unable to mount /boot' \
--msgbox " $ERROR\n\n" 0 80
exit 1
@ -162,7 +167,7 @@ while true; do
replace_rom_file /tmp/config-gui.rom "heads/initrd/etc/config.user" /etc/config.user
if (whiptail --title 'Update ROM?' \
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80) then
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80); then
/bin/flash.sh /tmp/config-gui.rom
whiptail --title 'BIOS Updated Successfully' \
--msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 0 80
@ -177,7 +182,7 @@ while true; do
--yesno "This will clear all GPG keys, clear boot signatures and checksums,
\nreset the /boot device, clear/reset the TPM (if present),
\nand reflash your BIOS with the cleaned configuration.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
read_rom /tmp/config-gui.rom
# clear local keyring
rm -rf /.gnupg/* || true
@ -189,7 +194,7 @@ while true; do
mount -o remount,ro /boot
# clear GPG keys and user settings
for i in `cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"`; do
for i in $(cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"); do
cbfs.sh -o /tmp/config-gui.rom -d $i
done
# flash cleared ROM
@ -211,9 +216,9 @@ while true; do
fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" >/tmp/disklist.txt
# filter out extraneous options
>/tmp/root_device_list.txt
for i in `cat /tmp/disklist.txt`; do
for i in $(cat /tmp/disklist.txt); do
# remove block device from list if numeric partitions exist, since not bootable
DEV_NUM_PARTITIONS=$((`ls -1 $i* | wc -l`-1))
DEV_NUM_PARTITIONS=$(($(ls -1 $i* | wc -l) - 1))
if [ ${DEV_NUM_PARTITIONS} -eq 0 ]; then
echo $i >>/tmp/root_device_list.txt
else
@ -274,7 +279,7 @@ while true; do
--yesno "This will enable checking root hashes each time you boot.
\nDepending on the directories you are checking, this might add
\na minute or more to the boot time.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_ROOT_CHECK_AT_BOOT" "y"
@ -282,7 +287,7 @@ while true; do
if [ ! -f ${ROOT_HASH_FILE} ]; then
if (whiptail --title 'Generate Root Hash File' \
--yesno "\nNo root hash file exists.
\nWould you like to create the initial hash file now?" 0 80) then
\nWould you like to create the initial hash file now?" 0 80); then
root-hashes-gui.sh -n
fi
fi
@ -294,7 +299,7 @@ while true; do
else
if (whiptail --title 'Disable Root Hash Check at Boot?' \
--yesno "This will disable checking root hashes each time you boot.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_ROOT_CHECK_AT_BOOT" "n"
@ -311,7 +316,7 @@ while true; do
if (whiptail --title "Enable $CONFIG_BRAND_NAME Basic Mode?" \
--yesno "This will remove all signature checking on the firmware
\nand boot files, and disable use of the Librem Key.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC" "y"
@ -323,7 +328,7 @@ while true; do
if (whiptail --title "Disable $CONFIG_BRAND_NAME Basic Mode?" \
--yesno "This will enable all signature checking on the firmware
\nand boot files, and enable use of the Librem Key.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC" "n"
@ -343,7 +348,7 @@ while true; do
\nRestricted boot can be disabled at any time. This resets TOTP/HOTP so it
\nis evident that Restricted Boot was disabled.
\n
\nDo you want to proceed?" 0 80) then
\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_RESTRICTED_BOOT" "y"
@ -357,7 +362,7 @@ while true; do
\nupdates.
\nThis will also erase the TOTP/HOTP secret.
\nProceeding will automatically update the boot firmware and reboot!
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
# Wipe the TPM TOTP/HOTP secret before flashing. Otherwise, enabling
# Restricted Boot again might restore the firmware to an identical
@ -393,7 +398,7 @@ while true; do
if [ "$CONFIG_USE_BLOB_JAIL" != "y" ]; then
if (whiptail --title 'Enable Firmware Blob Jail?' \
--yesno "This will enable loading of firmware from flash on each boot
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_USE_BLOB_JAIL" "y"
@ -404,7 +409,7 @@ while true; do
else
if (whiptail --title 'Disable Firmware Blob Jail?' \
--yesno "This will disable loading of firmware from flash on each boot.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_USE_BLOB_JAIL" "n"
@ -450,7 +455,7 @@ while true; do
--yesno "You will need to select a default boot option.
\nIf the boot options are changed, such as for an OS update,
\nyou will be prompted to select a new default.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC_NO_AUTOMATIC_DEFAULT" "y"
@ -460,7 +465,7 @@ while true; do
else
if (whiptail --title 'Enable automatic default boot?' \
--yesno "The first boot option will be used automatically.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC_NO_AUTOMATIC_DEFAULT" "n"
@ -474,7 +479,7 @@ while true; do
if (whiptail --title 'Enable USB automatic boot?' \
--yesno "During boot, an attached bootable USB disk will be booted
\nby default instead of the installed operating system.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC_USB_AUTOBOOT" "y"
@ -484,7 +489,7 @@ while true; do
else
if (whiptail --title 'Disable USB automatic boot?' \
--yesno "USB disks will no longer be booted by default.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC_USB_AUTOBOOT" "n"
@ -497,7 +502,7 @@ while true; do
if [ "$CONFIG_AUTOMATIC_POWERON" != "y" ]; then
if (whiptail --title 'Enable automatic power-on?' \
--yesno "The system will boot automatically when power is applied.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_AUTOMATIC_POWERON" "y"
@ -507,7 +512,7 @@ while true; do
else
if (whiptail --title 'Disable automatic power-on?' \
--yesno "The system will stay off when power is applied.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_AUTOMATIC_POWERON" "n"
@ -527,7 +532,7 @@ while true; do
--yesno "USB keyboards will be usable in $CONFIG_BRAND_NAME.
\n\nEnabling USB keyboards could allow a compromised USB device to control
\n$CONFIG_BRAND_NAME.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_USER_USB_KEYBOARD" "y"
@ -538,7 +543,7 @@ while true; do
else
if (whiptail --title 'Disable USB Keyboard?' \
--yesno "Only the built-in keyboard will be usable in $CONFIG_BRAND_NAME.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_USER_USB_KEYBOARD" "n"
@ -550,19 +555,19 @@ while true; do
"Z")
if [ "$CONFIG_DEBUG_OUTPUT" != "y" ]; then
if (whiptail --title 'Enable Debugging and Tracing output?' \
--yesno "This will enable DEBUG and TRACE output from scripts.
\n\nDo you want to proceed?" 0 80) then
--yesno "This will enable DEBUG and TRACE output from scripts.\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_DEBUG_OUTPUT" "y"
set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "y"
#DEBUG+TRACE is incompatible with QUIET mode, turn it off
set_user_config "CONFIG_QUIET_MODE" "n"
whiptail --title 'Config change successful' \
--msgbox "Debugging and Tracing output enabled;\nsave the config change and reboot for it to go into effect." 0 80
fi
else
if (whiptail --title 'Disable Enable Debugging and Tracing output?' \
--yesno "This will disable DEBUG and TRACE output from scripts.
\n\nDo you want to proceed?" 0 80) then
--yesno "This will disable DEBUG and TRACE output from scripts.\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_DEBUG_OUTPUT" "n"
set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "n"
@ -571,7 +576,30 @@ while true; do
--msgbox "Debugging and Tracing output disabled;\nsave the config change and reboot for it to go into effect." 0 80
fi
fi
esac
;;
"Q")
#Quiet mode: turn off/on console technical output
if [ "$CONFIG_QUIET_MODE" != "y" ]; then
if (whiptail --title 'Enable Quiet mode?' \
--yesno "This will enable QUIET mode, which will turn off console technical output.\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_QUIET_MODE" "y"
#DEBUG+TRACE is incompatible with QUIET mode, turn it off
set_user_config "CONFIG_DEBUG_OUTPUT" "n"
set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "n"
whiptail --title 'Config change successful' \
--msgbox "Quiet mode enabled;\nsave the config change and reboot for it to go into effect." 0 80
fi
else
if (whiptail --title 'Disable Quiet mode?' \
--yesno "This will disable QUIET mode, which will turn on console technical output.\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_QUIET_MODE" "n"
whiptail --title 'Config change successful' \
--msgbox "Quiet mode disabled;\nsave the config change and reboot for it to go into effect." 0 80
fi
fi
;;
esac
done
exit 0