ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-15 06:52:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

config-gui.sh: Add quiet mode toggle, which turns off debug+tracing if enabled, and where enabling debug+tracing disables Quiet mode

Browse Source 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-12-15 20:41:08 -05:00
parent a54a4b8afa
commit 4354cd4c22
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
1 changed files with 490 additions and 462 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
initrd/bin/config-gui.sh
View File

@ -83,12 +83,17 @@ while true; do
'Z' " $(get_config_display_action "$CONFIG_DEBUG_OUTPUT") $CONFIG_BRAND_NAME debug and function tracing output"
)
# Quiet option always available
dynamic_config_options+=(
'Q' " $(get_config_display_action "$CONFIG_QUIET_MODE") $CONFIG_BRAND_NAME quiet mode"
)
[ "$CONFIG_FINALIZE_PLATFORM_LOCKING" = "y" ] && dynamic_config_options+=(
't' ' Deactivate Platform Locking to permit OS write access to firmware'
)
dynamic_config_options+=(
's' ' Save the current configuration to the running BIOS' \
's' ' Save the current configuration to the running BIOS'
'x' ' Return to Main Menu'
)
@ -102,31 +107,31 @@ while true; do
fi
case "$menu_choice" in
"t" )
"t")
unset CONFIG_FINALIZE_PLATFORM_LOCKING
replace_config /etc/config.user "CONFIG_FINALIZE_PLATFORM_LOCKING" "n"
combine_configs
. /tmp/config
;;
"x" )
"x")
exit 0
;;
"b" )
"b")
CURRENT_OPTION="$(load_config_value CONFIG_BOOT_DEV)"
if ! fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist.txt ; then
if ! fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" >/tmp/disklist.txt; then
whiptail_error --title 'ERROR: No bootable devices found' \
--msgbox " $ERROR\n\n" 0 80
exit 1
fi
# filter out extraneous options
> /tmp/boot_device_list.txt
for i in `cat /tmp/disklist.txt`; do
>/tmp/boot_device_list.txt
for i in $(cat /tmp/disklist.txt); do
# remove block device from list if numeric partitions exist, since not bootable
DEV_NUM_PARTITIONS=$((`ls -1 $i* | wc -l`-1))
DEV_NUM_PARTITIONS=$(($(ls -1 $i* | wc -l) - 1))
if [ ${DEV_NUM_PARTITIONS} -eq 0 ]; then
echo $i >> /tmp/boot_device_list.txt
echo $i >>/tmp/boot_device_list.txt
else
ls $i* | tail -${DEV_NUM_PARTITIONS} >> /tmp/boot_device_list.txt
ls $i* | tail -${DEV_NUM_PARTITIONS} >>/tmp/boot_device_list.txt
fi
done
file_selector "/tmp/boot_device_list.txt" \
@ -139,12 +144,12 @@ while true; do
fi
# unmount /boot if needed
if grep -q /boot /proc/mounts ; then
if grep -q /boot /proc/mounts; then
umount /boot 2>/dev/null
fi
# mount newly selected /boot device
if ! mount -o ro $SELECTED_FILE /boot 2>/tmp/error ; then
ERROR=`cat /tmp/error`
if ! mount -o ro $SELECTED_FILE /boot 2>/tmp/error; then
ERROR=$(cat /tmp/error)
whiptail_error --title 'ERROR: unable to mount /boot' \
--msgbox " $ERROR\n\n" 0 80
exit 1
@ -156,13 +161,13 @@ while true; do
whiptail --title 'Config change successful' \
--msgbox "The /boot device was successfully changed to $SELECTED_FILE" 0 80
;;
"s" )
"s")
read_rom /tmp/config-gui.rom
replace_rom_file /tmp/config-gui.rom "heads/initrd/etc/config.user" /etc/config.user
if (whiptail --title 'Update ROM?' \
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80) then
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 0 80); then
/bin/flash.sh /tmp/config-gui.rom
whiptail --title 'BIOS Updated Successfully' \
--msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 0 80
@ -171,13 +176,13 @@ while true; do
exit 0
fi
;;
"r" )
"r")
# prompt for confirmation
if (whiptail_warning --title 'Reset Configuration?' \
--yesno "This will clear all GPG keys, clear boot signatures and checksums,
\nreset the /boot device, clear/reset the TPM (if present),
\nand reflash your BIOS with the cleaned configuration.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
read_rom /tmp/config-gui.rom
# clear local keyring
rm -rf /.gnupg/* || true
@ -189,7 +194,7 @@ while true; do
mount -o remount,ro /boot
# clear GPG keys and user settings
for i in `cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"`; do
for i in $(cbfs.sh -o /tmp/config-gui.rom -l | grep -e "heads/"); do
cbfs.sh -o /tmp/config-gui.rom -d $i
done
# flash cleared ROM
@ -206,18 +211,18 @@ while true; do
exit 0
fi
;;
"R" )
"R")
CURRENT_OPTION="$(load_config_value CONFIG_ROOT_DEV)"
fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist.txt
fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" >/tmp/disklist.txt
# filter out extraneous options
> /tmp/root_device_list.txt
for i in `cat /tmp/disklist.txt`; do
>/tmp/root_device_list.txt
for i in $(cat /tmp/disklist.txt); do
# remove block device from list if numeric partitions exist, since not bootable
DEV_NUM_PARTITIONS=$((`ls -1 $i* | wc -l`-1))
DEV_NUM_PARTITIONS=$(($(ls -1 $i* | wc -l) - 1))
if [ ${DEV_NUM_PARTITIONS} -eq 0 ]; then
echo $i >> /tmp/root_device_list.txt
echo $i >>/tmp/root_device_list.txt
else
ls $i* | tail -${DEV_NUM_PARTITIONS} >> /tmp/root_device_list.txt
ls $i* | tail -${DEV_NUM_PARTITIONS} >>/tmp/root_device_list.txt
fi
done
file_selector "/tmp/root_device_list.txt" \
@ -235,7 +240,7 @@ while true; do
whiptail --title 'Config change successful' \
--msgbox "The root device was successfully changed to $SELECTED_FILE" 0 80
;;
"D" )
"D")
CURRENT_OPTION="$(load_config_value CONFIG_ROOT_DIRLIST)"
# Separate from prior prompt history on the terminal with two blanks
@ -252,7 +257,7 @@ while true; do
NEW_CONFIG_ROOT_DIRLIST=$(echo $NEW_CONFIG_ROOT_DIRLIST | sed -e 's/^\///;s/ \// /g')
#check if list empty
if [ -z "$NEW_CONFIG_ROOT_DIRLIST" ] ; then
if [ -z "$NEW_CONFIG_ROOT_DIRLIST" ]; then
whiptail --title 'Config change canceled' \
--msgbox "Root device directory change canceled by user" 0 80
break
@ -264,7 +269,7 @@ while true; do
whiptail --title 'Config change successful' \
--msgbox "The root directories to hash was successfully changed to:\n$NEW_CONFIG_ROOT_DIRLIST" 0 80
;;
"B" )
"B")
if [ "$CONFIG_ROOT_CHECK_AT_BOOT" != "y" ]; then
# Root device and directories must be set to enable this
if [ -z "$CONFIG_ROOT_DEV" ] || [ -z "$CONFIG_ROOT_DIRLIST" ]; then
@ -274,7 +279,7 @@ while true; do
--yesno "This will enable checking root hashes each time you boot.
\nDepending on the directories you are checking, this might add
\na minute or more to the boot time.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_ROOT_CHECK_AT_BOOT" "y"
@ -282,7 +287,7 @@ while true; do
if [ ! -f ${ROOT_HASH_FILE} ]; then
if (whiptail --title 'Generate Root Hash File' \
--yesno "\nNo root hash file exists.
\nWould you like to create the initial hash file now?" 0 80) then
\nWould you like to create the initial hash file now?" 0 80); then
root-hashes-gui.sh -n
fi
fi
@ -294,7 +299,7 @@ while true; do
else
if (whiptail --title 'Disable Root Hash Check at Boot?' \
--yesno "This will disable checking root hashes each time you boot.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_ROOT_CHECK_AT_BOOT" "n"
@ -303,7 +308,7 @@ while true; do
fi
fi
;;
"P" )
"P")
if [ "$CONFIG_RESTRICTED_BOOT" = "y" ]; then
whiptail_error --title 'Restricted Boot Active' \
--msgbox "Disable Restricted Boot to enable Basic Mode." 0 80
@ -311,7 +316,7 @@ while true; do
if (whiptail --title "Enable $CONFIG_BRAND_NAME Basic Mode?" \
--yesno "This will remove all signature checking on the firmware
\nand boot files, and disable use of the Librem Key.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC" "y"
@ -323,7 +328,7 @@ while true; do
if (whiptail --title "Disable $CONFIG_BRAND_NAME Basic Mode?" \
--yesno "This will enable all signature checking on the firmware
\nand boot files, and enable use of the Librem Key.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC" "n"
@ -332,7 +337,7 @@ while true; do
fi
fi
;;
"L" )
"L")
if [ "$CONFIG_RESTRICTED_BOOT" != "y" ]; then
if (whiptail --title 'Enable Restricted Boot Mode?' \
--yesno "Restricted Boot allows booting:
@ -343,7 +348,7 @@ while true; do
\nRestricted boot can be disabled at any time. This resets TOTP/HOTP so it
\nis evident that Restricted Boot was disabled.
\n
\nDo you want to proceed?" 0 80) then
\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_RESTRICTED_BOOT" "y"
@ -357,7 +362,7 @@ while true; do
\nupdates.
\nThis will also erase the TOTP/HOTP secret.
\nProceeding will automatically update the boot firmware and reboot!
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
# Wipe the TPM TOTP/HOTP secret before flashing. Otherwise, enabling
# Restricted Boot again might restore the firmware to an identical
@ -389,11 +394,11 @@ while true; do
fi
fi
;;
"J" )
"J")
if [ "$CONFIG_USE_BLOB_JAIL" != "y" ]; then
if (whiptail --title 'Enable Firmware Blob Jail?' \
--yesno "This will enable loading of firmware from flash on each boot
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_USE_BLOB_JAIL" "y"
@ -404,7 +409,7 @@ while true; do
else
if (whiptail --title 'Disable Firmware Blob Jail?' \
--yesno "This will disable loading of firmware from flash on each boot.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_USE_BLOB_JAIL" "n"
@ -413,7 +418,7 @@ while true; do
fi
fi
;;
"M" )
"M")
if [ -z "$CONFIG_AUTO_BOOT_TIMEOUT" ]; then
current_msg="Automatic boot is currently disabled."
elif [ "$CONFIG_AUTO_BOOT_TIMEOUT" = 1 ]; then
@ -444,13 +449,13 @@ while true; do
--msgbox "$current_msg\nSave the config change and reboot for it to go into effect." 0 80
fi
;;
"A" )
"A")
if [ "$CONFIG_BASIC_NO_AUTOMATIC_DEFAULT" != "y" ]; then
if (whiptail --title 'Disable automatic default boot?' \
--yesno "You will need to select a default boot option.
\nIf the boot options are changed, such as for an OS update,
\nyou will be prompted to select a new default.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC_NO_AUTOMATIC_DEFAULT" "y"
@ -460,7 +465,7 @@ while true; do
else
if (whiptail --title 'Enable automatic default boot?' \
--yesno "The first boot option will be used automatically.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC_NO_AUTOMATIC_DEFAULT" "n"
@ -469,12 +474,12 @@ while true; do
fi
fi
;;
"U" )
"U")
if [ "$CONFIG_BASIC_USB_AUTOBOOT" != "y" ]; then
if (whiptail --title 'Enable USB automatic boot?' \
--yesno "During boot, an attached bootable USB disk will be booted
\nby default instead of the installed operating system.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC_USB_AUTOBOOT" "y"
@ -484,7 +489,7 @@ while true; do
else
if (whiptail --title 'Disable USB automatic boot?' \
--yesno "USB disks will no longer be booted by default.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_BASIC_USB_AUTOBOOT" "n"
@ -493,11 +498,11 @@ while true; do
fi
fi
;;
"N" )
"N")
if [ "$CONFIG_AUTOMATIC_POWERON" != "y" ]; then
if (whiptail --title 'Enable automatic power-on?' \
--yesno "The system will boot automatically when power is applied.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_AUTOMATIC_POWERON" "y"
@ -507,7 +512,7 @@ while true; do
else
if (whiptail --title 'Disable automatic power-on?' \
--yesno "The system will stay off when power is applied.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_AUTOMATIC_POWERON" "n"
@ -521,13 +526,13 @@ while true; do
fi
fi
;;
"K" )
"K")
if [ "$CONFIG_USER_USB_KEYBOARD" != "y" ]; then
if (whiptail --title 'Enable USB Keyboard?' \
--yesno "USB keyboards will be usable in $CONFIG_BRAND_NAME.
\n\nEnabling USB keyboards could allow a compromised USB device to control
\n$CONFIG_BRAND_NAME.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_USER_USB_KEYBOARD" "y"
@ -538,7 +543,7 @@ while true; do
else
if (whiptail --title 'Disable USB Keyboard?' \
--yesno "Only the built-in keyboard will be usable in $CONFIG_BRAND_NAME.
\n\nDo you want to proceed?" 0 80) then
\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_USER_USB_KEYBOARD" "n"
@ -547,22 +552,22 @@ while true; do
fi
fi
;;
"Z" )
"Z")
if [ "$CONFIG_DEBUG_OUTPUT" != "y" ]; then
if (whiptail --title 'Enable Debugging and Tracing output?' \
--yesno "This will enable DEBUG and TRACE output from scripts.
\n\nDo you want to proceed?" 0 80) then
--yesno "This will enable DEBUG and TRACE output from scripts.\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_DEBUG_OUTPUT" "y"
set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "y"
#DEBUG+TRACE is incompatible with QUIET mode, turn it off
set_user_config "CONFIG_QUIET_MODE" "n"
whiptail --title 'Config change successful' \
--msgbox "Debugging and Tracing output enabled;\nsave the config change and reboot for it to go into effect." 0 80
fi
else
if (whiptail --title 'Disable Enable Debugging and Tracing output?' \
--yesno "This will disable DEBUG and TRACE output from scripts.
\n\nDo you want to proceed?" 0 80) then
--yesno "This will disable DEBUG and TRACE output from scripts.\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_DEBUG_OUTPUT" "n"
set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "n"
@ -571,7 +576,30 @@ while true; do
--msgbox "Debugging and Tracing output disabled;\nsave the config change and reboot for it to go into effect." 0 80
fi
fi
esac
;;
"Q")
#Quiet mode: turn off/on console technical output
if [ "$CONFIG_QUIET_MODE" != "y" ]; then
if (whiptail --title 'Enable Quiet mode?' \
--yesno "This will enable QUIET mode, which will turn off console technical output.\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_QUIET_MODE" "y"
#DEBUG+TRACE is incompatible with QUIET mode, turn it off
set_user_config "CONFIG_DEBUG_OUTPUT" "n"
set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "n"
whiptail --title 'Config change successful' \
--msgbox "Quiet mode enabled;\nsave the config change and reboot for it to go into effect." 0 80
fi
else
if (whiptail --title 'Disable Quiet mode?' \
--yesno "This will disable QUIET mode, which will turn on console technical output.\n\nDo you want to proceed?" 0 80); then
set_user_config "CONFIG_QUIET_MODE" "n"
whiptail --title 'Config change successful' \
--msgbox "Quiet mode disabled;\nsave the config change and reboot for it to go into effect." 0 80
fi
fi
;;
esac
done
exit 0