diff --git a/boards/librem13v2/librem13v2.config b/boards/librem13v2/librem13v2.config index 616a9472..697c15de 100644 --- a/boards/librem13v2/librem13v2.config +++ b/boards/librem13v2/librem13v2.config @@ -34,3 +34,4 @@ export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_BOARD="librem" diff --git a/boards/librem15v3/librem15v3.config b/boards/librem15v3/librem15v3.config index a9a194be..d51a5247 100644 --- a/boards/librem15v3/librem15v3.config +++ b/boards/librem15v3/librem15v3.config @@ -34,3 +34,4 @@ export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 15v3 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOARD="librem" diff --git a/boards/x230/x230.config b/boards/x230/x230.config index e479f5a1..7572ea9d 100644 --- a/boards/x230/x230.config +++ b/boards/x230/x230.config @@ -28,6 +28,7 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOARD="x230" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh new file mode 100755 index 00000000..54749438 --- /dev/null +++ b/initrd/bin/flash.sh @@ -0,0 +1,162 @@ +#!/bin/sh +# +# based off of flashrom-x230 and usb-scan +# +set -e -o pipefail +. /etc/functions +. /etc/config + +case "$CONFIG_BOARD" in + "librem" ) + FLASHROM_OPTIONS='-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq' + ;; + "x230" ) + FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' + ;; + * ) + if [ -x /bin/whiptail ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Board Configured' \ + --msgbox "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." 16 60 + else + die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." + fi + ;; +esac + +if [ "$1" = "-c" ]; then + CLEAN=1 +else + CLEAN=0 +fi + +# Mount the USB boot device +if ! grep -q /media /proc/mounts ; then + mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + if [ $USB_FAILED -ne 0 ]; then + if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then + if [ -x /bin/whiptail ]; then + whiptail --title 'USB Drive Missing' \ + --msgbox "Insert the USB drive containing your ROM and press Enter to continue." 16 60 + else + echo "Insert the USB drive containing your ROM and press Enter to continue." + fi + USB_FAILED=0 + mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + fi + if [ $USB_FAILED -ne 0 ]; then + if [ -x /bin/whiptail ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ + --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 + else + die "ERROR: Unable to mount $CONFIG_USB_BOOT_DEV" + fi + fi + fi +fi + +get_menu_option() { + if [ -x /bin/whiptail ]; then + MENU_OPTIONS="" + n=0 + while read option + do + n=`expr $n + 1` + option=$(echo $option | tr " " "_") + MENU_OPTIONS="$MENU_OPTIONS $n ${option}" + done < /tmp/rom_menu.txt + + MENU_OPTIONS="$MENU_OPTIONS a abort" + whiptail --clear --title "Select your ROM" \ + --menu "Choose the ROM to flash [1-$n, a to abort]:" 20 120 8 \ + -- $MENU_OPTIONS \ + 2>/tmp/whiptail || die "Aborting flash attempt" + + option_index=$(cat /tmp/whiptail) + else + echo "+++ Select your ROM:" + n=0 + while read option + do + n=`expr $n + 1` + echo "$n. $option" + done < /tmp/rom_menu.txt + + read \ + -p "Choose the ROM to flash [1-$n, a to abort]: " \ + option_index + fi + + if [ "$option_index" = "a" ]; then + die "Aborting flash attempt" + fi + + option=`head -n $option_index /tmp/rom_menu.txt | tail -1` +} + +flash_rom() { + ROM=$1 + cp "$ROM" /tmp/${CONFIG_BOARD}.rom + sha256sum /tmp/${CONFIG_BOARD}.rom + if [ "$CLEAN" -eq 0 ]; then + preserve_rom /tmp/${CONFIG_BOARD}.rom \ + || die "$ROM: Config preservation failed" + fi + + flashrom $FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ + || die "$ROM: Flash failed" +} + +# create ROM menu options +ls -1r /media/*.rom 2>/dev/null > /tmp/rom_menu.txt || true +if [ `cat /tmp/rom_menu.txt | wc -l` -gt 0 ]; then + option_confirm="" + while [ -z "$option" ] + do + get_menu_option + done + + if [ -n "$option" ]; then + MOUNTED_ROM=$option + ROM=${option:7} # remove /media/ to get device relative path + + if [ -x /bin/whiptail ]; then + if (whiptail --title 'Flash ROM?' \ + --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then + flash_rom $MOUNTED_ROM + whiptail --title 'ROM Flashed Successfully' \ + --msgbox "$ROM flashed successfully. Press Enter to reboot" 16 60 + /bin/reboot + else + exit 0 + fi + else + echo "+++ Flash ROM $ROM?" + read \ + -n 1 \ + -p "This will replace your old ROM with $ROM, Do you want to proceed? [y/N] " \ + do_flash + echo + if [ "$do_flash" != "y" \ + -a "$do_flash" != "Y" ]; then + exit 0 + fi + + flash_rom $MOUNTED_ROM + echo "$ROM flashed successfuly. Press Enter to reboot" + read + /bin/reboot + fi + + die "Something failed in ROM flash" + fi +else + if [ -x /bin/whiptail ]; then + whiptail --title 'No ROMs found' \ + --msgbox "No ROMs found on USB disk" 16 60 + else + echo "No ROMs found on USB disk. Press Enter to continue" + read + fi +fi + +exit 0 diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 12269f7c..7bc63a92 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -148,6 +148,7 @@ while true; do 'g' ' Generate new TOTP secret' \ 'p' ' Reset the TPM' \ 's' ' Update checksums and sign all files in /boot' \ + 'f' ' Flash the BIOS with a new ROM' \ 'r' ' <-- Return to main menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -245,6 +246,11 @@ while true; do continue fi + if [ "$totp_confirm" = "f" ]; then + flash.sh + continue + fi + if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then # Try to boot the default mount_boot