ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-20 01:06:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add menu for TOTP updates, provide sample board config to use gui-init

Browse Source
This commit is contained in:
Kyle Rankin 2018-02-21 15:58:54 -08:00
parent 140064bbf8
commit 57405b0d28
No known key found for this signature in database
GPG Key ID: 555577116BFA74B9
2 changed files with 49 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
boards/librem13v2.config Normal file
View File

@ -0,0 +1,29 @@
# Configuration for a librem13v2
CONFIG_LINUX_CONFIG=config/linux-librem13v2.config
CONFIG_COREBOOT=y
CONFIG_CRYPTSETUP=y
CONFIG_FLASHROM=y
CONFIG_GPG=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_NEWT=y
CONFIG_PCIUTILS=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_SLANG=y
CONFIG_TPMTOTP=y
CONFIG_LINUX_USB=y
CONFIG_BOOTSCRIPT=/bin/gui-init
CONFIG_BOOT_REQ_HASH=n
CONFIG_BOOT_REQ_ROLLBACK=n
CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
CONFIG_BOOT_KERNEL_REMOVE="quiet"
CONFIG_BOOT_DEV="/dev/sda1"
CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu"
CONFIG_USB_BOOT_DEV="/dev/sdb1"

25
initrd/bin/gui-init
View File

@ -1,6 +1,8 @@
#!/bin/sh
# Boot from a local disk installation
CONFIG_BOOT_GUI_MENU_NAME='Heads Boot Menu'
. /etc/functions
. /etc/config
@ -14,9 +16,8 @@ mount_boot()
}
# Confirm we have a good TOTP unseal and ask the user for next choice
last_half=X
while true; do
last_half=X
unset totp_confirm
# update the TOTP code every thirty seconds
date=`date "+%Y-%m-%d %H:%M:%S"`
@ -30,15 +31,16 @@ while true; do
|| recovery "TOTP code generation failed"
fi
whiptail --clear --title 'Heads Boot Menu' \
whiptail --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \
--menu "$date\nTOTP code: $TOTP" 20 60 8 \
'y' ' Default boot' \
'n' ' TOTP does not match' \
'r' ' Refresh TOTP code' \
'm' ' Boot menu'\
'm' ' Boot menu' \
'u' ' USB boot' \
'g' ' Generate new TOTP secret' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail
2>/tmp/whiptail || recovery "GUI menu failed"
totp_confirm=$(cat /tmp/whiptail)
@ -64,6 +66,19 @@ while true; do
continue
fi
if [ "$totp_confirm" = "g" ]; then
if (whiptail --title 'Generate new TOTP secret' \
--yesno "This will erase your old secret and replace it with a new one!\n\nDo you want to proceed?" 16 60) then
echo "Scan the QR code to add the new TOTP secret"
/bin/seal-totp
echo "Hit Enter to return to the main menu"
read
else
echo "Returning to the main menu"
fi
continue
fi
if [ "$totp_confirm" = "m" ]; then
# Try to select a kernel from the menu
mount_boot