Talos-2 fixes to comply with hashing file standard. Bypass flash-gui.sh prompt when talos-2 ato validate hashes against hashes provided under tgz through flash.sh validation (still offer zip and tgz, which tgz might change to zip later but only tgz offered through builds)

Attempt to address https://github.com/linuxboot/heads/pull/1526#issuecomment-1811185197

Signed-off-by: Thierry Laurion <insurgo@riseup.net>

boards/talos-2/talos-2.config

@@ -64,6 +64,6 @@ $(board_build)/$(OUTPUT_PREFIX).tgz: \
 	rm -rf $(board_build)/pkg # cleanup in case directory exists
 	mkdir $(board_build)/pkg
 	cp $^ $(board_build)/pkg
-	cd $(board_build)/pkg && sha256sum * > hashes.txt
+	cd $(board_build)/pkg && sha256sum * > sha256sum.txt
 	cd $(board_build)/pkg && tar zcf $@ *
 	rm -r $(board_build)/pkg

initrd/bin/flash-gui.sh

@@ -63,7 +63,11 @@ while true; do
       --yesno "You will need to insert a USB drive containing your BIOS image (*.$UPDATE_PKG_EXT or\n*.$UPDATE_PLAIN_EXT).\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 0 80); then
       mount_usb
       if grep -q /media /proc/mounts; then
-        find /media ! -path '*/\.*' -type f \( -name "*.$UPDATE_PLAIN_EXT" -o -type f -name "*.$UPDATE_PKG_EXT" \) | sort >/tmp/filelist.txt
+        if [ "${CONFIG_BOARD%_*}" = talos-2 ]; then
+          find /media ! -path '*/\.*' -type f -name "*.$UPDATE_PLAIN_EXT" | sort >/tmp/filelist.txt
+        else
+          find /media ! -path '*/\.*' -type f \( -name "*.$UPDATE_PLAIN_EXT" -o -type f -name "*.$UPDATE_PKG_EXT" \) | sort >/tmp/filelist.txt
+        fi
         file_selector "/tmp/filelist.txt" "Choose the ROM to flash"
         if [ "$FILE" == "" ]; then
           exit 1
@@ -109,12 +113,19 @@ while true; do
           # Continue on using the verified ROM
           ROM="$PACKAGE_ROM"
         else
+          # talos-2 uses a .tgz file for its "plain" update, contains other parts as well, validated against hashes under flash.sh
+          # Skip prompt for hash validation for talos-2. Only method is through tgz or through bmc with individual parts
+          if [ "${CONFIG_BOARD%_*}" != talos-2 ]; then
           # a rom file was provided. exit if we shall not proceed
           ROM="$PKG_FILE"
           ROM_HASH=$(sha256sum "$ROM" | awk '{print $1}') || die "Failed to hash ROM file"
           if ! (whiptail $CONFIG_ERROR_BG_COLOR --title 'Flash ROM without integrity check?' \
             --yesno "You have provided a *.$UPDATE_PLAIN_EXT file. The integrity of the file can not be\nchecked automatically for this file type.\n\nROM: $ROM\nSHA256SUM: $ROM_HASH\n\nIf you do not know how to check the file integrity yourself,\nyou should use a *.$UPDATE_PKG_EXT file instead.\n\nIf the file is damaged, you will not be able to boot anymore.\nDo you want to proceed flashing without file integrity check?" 0 80); then
             exit 1
+            fi
+          else
+            #We are on talos-2, so we have a tgz file. We will pass it directly to flash.sh which will take care of it
+            ROM="$PKG_FILE"
           fi
         fi
 

initrd/bin/flash.sh

@@ -180,7 +180,7 @@ if [ "$READ" -eq 0 ] && [ "${ROM##*.}" = tgz ]; then
         mkdir /tmp/verified_rom
 
         tar -C /tmp/verified_rom -xf $ROM || die "Rom archive $ROM could not be extracted"
-        if ! (cd /tmp/verified_rom/ && sha256sum -cs hashes.txt); then
+    if ! (cd /tmp/verified_rom/ && sha256sum -cs sha256sum.txt); then
             die "Provided tgz image did not pass hash verification"
         fi