From 45ae20fc12a3f351295b205ebd5639cad6302ffd Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Fri, 11 May 2018 12:27:50 -0700 Subject: [PATCH 1/9] Add generic flash script Based on the conversation for PR #406, we decided to go with a more generic script for general-purpose flashing instead of having individual (and therefore very similar) flash scripts for each board type. This script currently handles flashrom on Librem and X230 board types and introduces a new CONFIG_BOARD option that sets specific flashrom arguments based on the board. It also adds support to gui-init to call this flash script. --- boards/librem13v2/librem13v2.config | 1 + boards/librem15v3/librem15v3.config | 1 + boards/x230/x230.config | 1 + initrd/bin/flash.sh | 162 ++++++++++++++++++++++++++++ initrd/bin/gui-init | 6 ++ 5 files changed, 171 insertions(+) create mode 100755 initrd/bin/flash.sh diff --git a/boards/librem13v2/librem13v2.config b/boards/librem13v2/librem13v2.config index 616a9472..697c15de 100644 --- a/boards/librem13v2/librem13v2.config +++ b/boards/librem13v2/librem13v2.config @@ -34,3 +34,4 @@ export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_BOARD="librem" diff --git a/boards/librem15v3/librem15v3.config b/boards/librem15v3/librem15v3.config index a9a194be..d51a5247 100644 --- a/boards/librem15v3/librem15v3.config +++ b/boards/librem15v3/librem15v3.config @@ -34,3 +34,4 @@ export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 15v3 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOARD="librem" diff --git a/boards/x230/x230.config b/boards/x230/x230.config index e479f5a1..7572ea9d 100644 --- a/boards/x230/x230.config +++ b/boards/x230/x230.config @@ -28,6 +28,7 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOARD="x230" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh new file mode 100755 index 00000000..54749438 --- /dev/null +++ b/initrd/bin/flash.sh @@ -0,0 +1,162 @@ +#!/bin/sh +# +# based off of flashrom-x230 and usb-scan +# +set -e -o pipefail +. /etc/functions +. /etc/config + +case "$CONFIG_BOARD" in + "librem" ) + FLASHROM_OPTIONS='-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq' + ;; + "x230" ) + FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' + ;; + * ) + if [ -x /bin/whiptail ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Board Configured' \ + --msgbox "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." 16 60 + else + die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." + fi + ;; +esac + +if [ "$1" = "-c" ]; then + CLEAN=1 +else + CLEAN=0 +fi + +# Mount the USB boot device +if ! grep -q /media /proc/mounts ; then + mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + if [ $USB_FAILED -ne 0 ]; then + if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then + if [ -x /bin/whiptail ]; then + whiptail --title 'USB Drive Missing' \ + --msgbox "Insert the USB drive containing your ROM and press Enter to continue." 16 60 + else + echo "Insert the USB drive containing your ROM and press Enter to continue." + fi + USB_FAILED=0 + mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + fi + if [ $USB_FAILED -ne 0 ]; then + if [ -x /bin/whiptail ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ + --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 + else + die "ERROR: Unable to mount $CONFIG_USB_BOOT_DEV" + fi + fi + fi +fi + +get_menu_option() { + if [ -x /bin/whiptail ]; then + MENU_OPTIONS="" + n=0 + while read option + do + n=`expr $n + 1` + option=$(echo $option | tr " " "_") + MENU_OPTIONS="$MENU_OPTIONS $n ${option}" + done < /tmp/rom_menu.txt + + MENU_OPTIONS="$MENU_OPTIONS a abort" + whiptail --clear --title "Select your ROM" \ + --menu "Choose the ROM to flash [1-$n, a to abort]:" 20 120 8 \ + -- $MENU_OPTIONS \ + 2>/tmp/whiptail || die "Aborting flash attempt" + + option_index=$(cat /tmp/whiptail) + else + echo "+++ Select your ROM:" + n=0 + while read option + do + n=`expr $n + 1` + echo "$n. $option" + done < /tmp/rom_menu.txt + + read \ + -p "Choose the ROM to flash [1-$n, a to abort]: " \ + option_index + fi + + if [ "$option_index" = "a" ]; then + die "Aborting flash attempt" + fi + + option=`head -n $option_index /tmp/rom_menu.txt | tail -1` +} + +flash_rom() { + ROM=$1 + cp "$ROM" /tmp/${CONFIG_BOARD}.rom + sha256sum /tmp/${CONFIG_BOARD}.rom + if [ "$CLEAN" -eq 0 ]; then + preserve_rom /tmp/${CONFIG_BOARD}.rom \ + || die "$ROM: Config preservation failed" + fi + + flashrom $FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ + || die "$ROM: Flash failed" +} + +# create ROM menu options +ls -1r /media/*.rom 2>/dev/null > /tmp/rom_menu.txt || true +if [ `cat /tmp/rom_menu.txt | wc -l` -gt 0 ]; then + option_confirm="" + while [ -z "$option" ] + do + get_menu_option + done + + if [ -n "$option" ]; then + MOUNTED_ROM=$option + ROM=${option:7} # remove /media/ to get device relative path + + if [ -x /bin/whiptail ]; then + if (whiptail --title 'Flash ROM?' \ + --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then + flash_rom $MOUNTED_ROM + whiptail --title 'ROM Flashed Successfully' \ + --msgbox "$ROM flashed successfully. Press Enter to reboot" 16 60 + /bin/reboot + else + exit 0 + fi + else + echo "+++ Flash ROM $ROM?" + read \ + -n 1 \ + -p "This will replace your old ROM with $ROM, Do you want to proceed? [y/N] " \ + do_flash + echo + if [ "$do_flash" != "y" \ + -a "$do_flash" != "Y" ]; then + exit 0 + fi + + flash_rom $MOUNTED_ROM + echo "$ROM flashed successfuly. Press Enter to reboot" + read + /bin/reboot + fi + + die "Something failed in ROM flash" + fi +else + if [ -x /bin/whiptail ]; then + whiptail --title 'No ROMs found' \ + --msgbox "No ROMs found on USB disk" 16 60 + else + echo "No ROMs found on USB disk. Press Enter to continue" + read + fi +fi + +exit 0 diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 12269f7c..7bc63a92 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -148,6 +148,7 @@ while true; do 'g' ' Generate new TOTP secret' \ 'p' ' Reset the TPM' \ 's' ' Update checksums and sign all files in /boot' \ + 'f' ' Flash the BIOS with a new ROM' \ 'r' ' <-- Return to main menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -245,6 +246,11 @@ while true; do continue fi + if [ "$totp_confirm" = "f" ]; then + flash.sh + continue + fi + if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then # Try to boot the default mount_boot From 89b008a0424544609c9e7ca98a42063bc49ad4c3 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Fri, 11 May 2018 12:32:04 -0700 Subject: [PATCH 2/9] Use explicit path for flash.sh --- initrd/bin/gui-init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 7bc63a92..9fe9a728 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -247,7 +247,7 @@ while true; do fi if [ "$totp_confirm" = "f" ]; then - flash.sh + /bin/flash.sh continue fi From 3c88bc5d86fef0dd988d3ac1f0fff767db56b410 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Fri, 11 May 2018 14:08:31 -0700 Subject: [PATCH 3/9] Split flash GUI into separate script To keep the flash logic simpler the GUI logic has been split into a flash-gui.sh program so flash.sh behaves closer to the original flashrom scripts it was based from. I've also removed the previous flashrom scripts and incorporated their options into flash.sh. Finally I set CONFIG_BOARD via the Makefile instead of setting a duplicate option in each board's config. --- Makefile | 5 +- boards/librem13v2/librem13v2.config | 1 - boards/librem15v3/librem15v3.config | 1 - boards/x230/x230.config | 1 - initrd/bin/flash-gui.sh | 126 ++++++++++++++++++++ initrd/bin/flash.sh | 147 +++--------------------- initrd/bin/flashrom-kgpe-d16-openbmc.sh | 16 --- initrd/bin/flashrom-kgpe-d16.sh | 31 ----- initrd/bin/flashrom-x230.sh | 33 ------ initrd/bin/gui-init | 2 +- 10 files changed, 150 insertions(+), 213 deletions(-) create mode 100755 initrd/bin/flash-gui.sh delete mode 100755 initrd/bin/flashrom-kgpe-d16-openbmc.sh delete mode 100755 initrd/bin/flashrom-kgpe-d16.sh delete mode 100755 initrd/bin/flashrom-x230.sh diff --git a/Makefile b/Makefile index 2441f1ba..f59ad726 100644 --- a/Makefile +++ b/Makefile @@ -389,6 +389,7 @@ bin_modules-$(CONFIG_FLASHTOOLS) += flashtools bin_modules-$(CONFIG_NEWT) += newt bin_modules-$(CONFIG_CAIRO) += cairo bin_modules-$(CONFIG_FBWHIPTAIL) += fbwhiptail +bin_modules-$(CONFIG_NITROKEY) += nitrokey-hotp-verification $(foreach m, $(bin_modules-y), \ $(call map,initrd_bin_add,$(call bins,$m)) \ @@ -496,11 +497,13 @@ $(initrd_tmp_dir)/etc/config: FORCE -e 's/\\\"//g' \ > $@ \ ) - $(call do,HASH,$(GIT_HASH) $(GIT_STATUS), \ + $(call do,HASH,$(GIT_HASH) $(GIT_STATUS) $(BOARD), \ echo export GIT_HASH=\'$(GIT_HASH)\' \ >> $@ ; \ echo export GIT_STATUS=$(GIT_STATUS) \ >> $@ ; \ + echo export CONFIG_BOARD=$(BOARD) \ + >> $@ ; \ ) # Ensure that the initrd depends on all of the modules that produce diff --git a/boards/librem13v2/librem13v2.config b/boards/librem13v2/librem13v2.config index 697c15de..616a9472 100644 --- a/boards/librem13v2/librem13v2.config +++ b/boards/librem13v2/librem13v2.config @@ -34,4 +34,3 @@ export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" -export CONFIG_BOARD="librem" diff --git a/boards/librem15v3/librem15v3.config b/boards/librem15v3/librem15v3.config index d51a5247..a9a194be 100644 --- a/boards/librem15v3/librem15v3.config +++ b/boards/librem15v3/librem15v3.config @@ -34,4 +34,3 @@ export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 15v3 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_BOARD="librem" diff --git a/boards/x230/x230.config b/boards/x230/x230.config index 7572ea9d..e479f5a1 100644 --- a/boards/x230/x230.config +++ b/boards/x230/x230.config @@ -28,7 +28,6 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_BOARD="x230" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh new file mode 100755 index 00000000..015742a7 --- /dev/null +++ b/initrd/bin/flash-gui.sh @@ -0,0 +1,126 @@ +#!/bin/sh +# +# based off of flashrom-x230 and usb-scan +# +set -e -o pipefail +. /etc/functions +. /etc/config + +# Mount the USB boot device +if ! grep -q /media /proc/mounts ; then + mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + if [ $USB_FAILED -ne 0 ]; then + if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then + if [ -x /bin/whiptail ]; then + whiptail --title 'USB Drive Missing' \ + --msgbox "Insert the USB drive containing your ROM and press Enter to continue." 16 60 + else + echo "Insert the USB drive containing your ROM and press Enter to continue." + fi + USB_FAILED=0 + mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + fi + if [ $USB_FAILED -ne 0 ]; then + if [ -x /bin/whiptail ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ + --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 + else + die "ERROR: Unable to mount $CONFIG_USB_BOOT_DEV" + fi + fi + fi +fi + +get_menu_option() { + if [ -x /bin/whiptail ]; then + MENU_OPTIONS="" + n=0 + while read option + do + n=`expr $n + 1` + option=$(echo $option | tr " " "_") + MENU_OPTIONS="$MENU_OPTIONS $n ${option}" + done < /tmp/rom_menu.txt + + MENU_OPTIONS="$MENU_OPTIONS a abort" + whiptail --clear --title "Select your ROM" \ + --menu "Choose the ROM to flash [1-$n, a to abort]:" 20 120 8 \ + -- $MENU_OPTIONS \ + 2>/tmp/whiptail || die "Aborting flash attempt" + + option_index=$(cat /tmp/whiptail) + else + echo "+++ Select your ROM:" + n=0 + while read option + do + n=`expr $n + 1` + echo "$n. $option" + done < /tmp/rom_menu.txt + + read \ + -p "Choose the ROM to flash [1-$n, a to abort]: " \ + option_index + fi + + if [ "$option_index" = "a" ]; then + die "Aborting flash attempt" + fi + + option=`head -n $option_index /tmp/rom_menu.txt | tail -1` +} + +# create ROM menu options +ls -1r /media/*.rom 2>/dev/null > /tmp/rom_menu.txt || true +if [ `cat /tmp/rom_menu.txt | wc -l` -gt 0 ]; then + option_confirm="" + while [ -z "$option" ] + do + get_menu_option + done + + if [ -n "$option" ]; then + MOUNTED_ROM=$option + ROM=${option:7} # remove /media/ to get device relative path + + if [ -x /bin/whiptail ]; then + if (whiptail --title 'Flash ROM?' \ + --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then + /bin/flash.sh $MOUNTED_ROM + whiptail --title 'ROM Flashed Successfully' \ + --msgbox "$ROM flashed successfully. Press Enter to reboot" 16 60 + /bin/reboot + else + exit 0 + fi + else + echo "+++ Flash ROM $ROM?" + read \ + -n 1 \ + -p "This will replace your old ROM with $ROM, Do you want to proceed? [y/N] " \ + do_flash + echo + if [ "$do_flash" != "y" \ + -a "$do_flash" != "Y" ]; then + exit 0 + fi + + /bin/flash.sh $MOUNTED_ROM + echo "$ROM flashed successfuly. Press Enter to reboot" + read + /bin/reboot + fi + + die "Something failed in ROM flash" + fi +else + if [ -x /bin/whiptail ]; then + whiptail --title 'No ROMs found' \ + --msgbox "No ROMs found on USB disk" 16 60 + else + echo "No ROMs found on USB disk. Press Enter to continue" + read + fi +fi + +exit 0 diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 54749438..0d2f5ba4 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -1,98 +1,29 @@ #!/bin/sh # -# based off of flashrom-x230 and usb-scan +# based off of flashrom-x230 # set -e -o pipefail . /etc/functions . /etc/config case "$CONFIG_BOARD" in - "librem" ) + librem* ) FLASHROM_OPTIONS='-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq' ;; "x230" ) FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' ;; + "kgpe-d16" ) + FLASHROM_OPTIONS='--force --noverify --programmer internal' + ;; + "kgpe-d16-openbmc" ) + FLASHROM_OPTIONS='--programmer="ast1100:spibus=2,cpu=reset" -c "S25FL128P......0"' + ;; * ) - if [ -x /bin/whiptail ]; then - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Board Configured' \ - --msgbox "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." 16 60 - else - die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." - fi + die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." ;; esac -if [ "$1" = "-c" ]; then - CLEAN=1 -else - CLEAN=0 -fi - -# Mount the USB boot device -if ! grep -q /media /proc/mounts ; then - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - if [ $USB_FAILED -ne 0 ]; then - if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then - if [ -x /bin/whiptail ]; then - whiptail --title 'USB Drive Missing' \ - --msgbox "Insert the USB drive containing your ROM and press Enter to continue." 16 60 - else - echo "Insert the USB drive containing your ROM and press Enter to continue." - fi - USB_FAILED=0 - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - fi - if [ $USB_FAILED -ne 0 ]; then - if [ -x /bin/whiptail ]; then - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ - --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 - else - die "ERROR: Unable to mount $CONFIG_USB_BOOT_DEV" - fi - fi - fi -fi - -get_menu_option() { - if [ -x /bin/whiptail ]; then - MENU_OPTIONS="" - n=0 - while read option - do - n=`expr $n + 1` - option=$(echo $option | tr " " "_") - MENU_OPTIONS="$MENU_OPTIONS $n ${option}" - done < /tmp/rom_menu.txt - - MENU_OPTIONS="$MENU_OPTIONS a abort" - whiptail --clear --title "Select your ROM" \ - --menu "Choose the ROM to flash [1-$n, a to abort]:" 20 120 8 \ - -- $MENU_OPTIONS \ - 2>/tmp/whiptail || die "Aborting flash attempt" - - option_index=$(cat /tmp/whiptail) - else - echo "+++ Select your ROM:" - n=0 - while read option - do - n=`expr $n + 1` - echo "$n. $option" - done < /tmp/rom_menu.txt - - read \ - -p "Choose the ROM to flash [1-$n, a to abort]: " \ - option_index - fi - - if [ "$option_index" = "a" ]; then - die "Aborting flash attempt" - fi - - option=`head -n $option_index /tmp/rom_menu.txt | tail -1` -} - flash_rom() { ROM=$1 cp "$ROM" /tmp/${CONFIG_BOARD}.rom @@ -106,57 +37,17 @@ flash_rom() { || die "$ROM: Flash failed" } -# create ROM menu options -ls -1r /media/*.rom 2>/dev/null > /tmp/rom_menu.txt || true -if [ `cat /tmp/rom_menu.txt | wc -l` -gt 0 ]; then - option_confirm="" - while [ -z "$option" ] - do - get_menu_option - done - - if [ -n "$option" ]; then - MOUNTED_ROM=$option - ROM=${option:7} # remove /media/ to get device relative path - - if [ -x /bin/whiptail ]; then - if (whiptail --title 'Flash ROM?' \ - --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then - flash_rom $MOUNTED_ROM - whiptail --title 'ROM Flashed Successfully' \ - --msgbox "$ROM flashed successfully. Press Enter to reboot" 16 60 - /bin/reboot - else - exit 0 - fi - else - echo "+++ Flash ROM $ROM?" - read \ - -n 1 \ - -p "This will replace your old ROM with $ROM, Do you want to proceed? [y/N] " \ - do_flash - echo - if [ "$do_flash" != "y" \ - -a "$do_flash" != "Y" ]; then - exit 0 - fi - - flash_rom $MOUNTED_ROM - echo "$ROM flashed successfuly. Press Enter to reboot" - read - /bin/reboot - fi - - die "Something failed in ROM flash" - fi +if [ "$1" = "-c" ]; then + CLEAN=1 + ROM="$2" else - if [ -x /bin/whiptail ]; then - whiptail --title 'No ROMs found' \ - --msgbox "No ROMs found on USB disk" 16 60 - else - echo "No ROMs found on USB disk. Press Enter to continue" - read - fi + CLEAN=0 + ROM="$1" fi +if [ ! -e "$ROM" ]; then + die "Usage: $0 [-c] " +fi + +flash_rom $ROM exit 0 diff --git a/initrd/bin/flashrom-kgpe-d16-openbmc.sh b/initrd/bin/flashrom-kgpe-d16-openbmc.sh deleted file mode 100755 index 138ce035..00000000 --- a/initrd/bin/flashrom-kgpe-d16-openbmc.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -. /etc/functions - -ROM="$1" -if [ -z "$1" ]; then - die "Usage: $0 /media/kgpe-d16-openbmc.rom" -fi - -cp "$ROM" /tmp/kgpe-d16-openbmc.rom -sha256sum /tmp/kgpe-d16-openbmc.rom - -flashrom --programmer="ast1100:spibus=2,cpu=reset" -c "S25FL128P......0" -w /tmp/kgpe-d16-openbmc.rom \ -|| die "$ROM: Flash failed" - -warn "Reboot and hopefully it works..." -exit 0 diff --git a/initrd/bin/flashrom-kgpe-d16.sh b/initrd/bin/flashrom-kgpe-d16.sh deleted file mode 100755 index 801c1b83..00000000 --- a/initrd/bin/flashrom-kgpe-d16.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -. /etc/functions - -if [ "$1" = "-c" ]; then - CLEAN=1 - ROM="$2" -else - CLEAN=0 - ROM="$1" -fi - -if [ ! -e "$ROM" ]; then - die "Usage: $0 [-c] /media/kgpe-d16.rom" -fi - -cp "$ROM" /tmp/kgpe-d16.rom -sha256sum /tmp/kgpe-d16.rom -if [ "$CLEAN" -eq 0 ]; then - preserve_rom /tmp/kgpe-d16.rom \ - || die "$ROM: Config preservation failed" -fi - -flashrom \ - --force \ - --noverify \ - --programmer internal \ - -w /tmp/kgpe-d16.rom \ -|| die "$ROM: Flash failed" - -warn "Reboot and hopefully it works..." -exit 0 diff --git a/initrd/bin/flashrom-x230.sh b/initrd/bin/flashrom-x230.sh deleted file mode 100755 index 81150aab..00000000 --- a/initrd/bin/flashrom-x230.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -. /etc/functions - -if [ "$1" = "-c" ]; then - CLEAN=1 - ROM="$2" -else - CLEAN=0 - ROM="$1" -fi - -if [ ! -e "$ROM" ]; then - die "Usage: $0 [-c] /media/x230.rom" -fi - -cp "$ROM" /tmp/x230.rom -sha256sum /tmp/x230.rom -if [ "$CLEAN" -eq 0 ]; then - preserve_rom /tmp/x230.rom \ - || die "$ROM: Config preservation failed" -fi - -flashrom \ - --force \ - --noverify-all \ - --programmer internal \ - --ifd \ - --image bios \ - -w /tmp/x230.rom \ -|| die "$ROM: Flash failed" - -warn "Reboot and hopefully it works..." -exit 0 diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 9fe9a728..81c8f663 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -247,7 +247,7 @@ while true; do fi if [ "$totp_confirm" = "f" ]; then - /bin/flash.sh + flash-gui.sh continue fi From b276e355d912e59100f37fa8f015401b48f33fab Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Fri, 11 May 2018 14:23:48 -0700 Subject: [PATCH 4/9] Re-add the flashrom script for kgpe-d16-openbmc --- initrd/bin/flash.sh | 3 --- initrd/bin/flashrom-kgpe-d16-openbmc.sh | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100755 initrd/bin/flashrom-kgpe-d16-openbmc.sh diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 0d2f5ba4..bb563016 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -16,9 +16,6 @@ case "$CONFIG_BOARD" in "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' ;; - "kgpe-d16-openbmc" ) - FLASHROM_OPTIONS='--programmer="ast1100:spibus=2,cpu=reset" -c "S25FL128P......0"' - ;; * ) die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." ;; diff --git a/initrd/bin/flashrom-kgpe-d16-openbmc.sh b/initrd/bin/flashrom-kgpe-d16-openbmc.sh new file mode 100755 index 00000000..138ce035 --- /dev/null +++ b/initrd/bin/flashrom-kgpe-d16-openbmc.sh @@ -0,0 +1,16 @@ +#!/bin/sh +. /etc/functions + +ROM="$1" +if [ -z "$1" ]; then + die "Usage: $0 /media/kgpe-d16-openbmc.rom" +fi + +cp "$ROM" /tmp/kgpe-d16-openbmc.rom +sha256sum /tmp/kgpe-d16-openbmc.rom + +flashrom --programmer="ast1100:spibus=2,cpu=reset" -c "S25FL128P......0" -w /tmp/kgpe-d16-openbmc.rom \ +|| die "$ROM: Flash failed" + +warn "Reboot and hopefully it works..." +exit 0 From a9bf4eb8740a6eb3cf6d17cb9d531259a7c6b70d Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Tue, 15 May 2018 16:24:24 -0700 Subject: [PATCH 5/9] Add read mode to flash.sh If we want to modify a running BIOS we will need the ability to pull down the current BIOS, modify it, and then reflash. This change adds a read option to flash.sh and pulls down three versions of the BIOS and only exists successfully if all three match. --- initrd/bin/flash.sh | 42 ++++++++++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index bb563016..ccc861b1 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -23,27 +23,49 @@ esac flash_rom() { ROM=$1 - cp "$ROM" /tmp/${CONFIG_BOARD}.rom - sha256sum /tmp/${CONFIG_BOARD}.rom - if [ "$CLEAN" -eq 0 ]; then - preserve_rom /tmp/${CONFIG_BOARD}.rom \ - || die "$ROM: Config preservation failed" - fi + if [ "$READ" -eq 1 ]; then + flashrom $FLASHROM_OPTIONS -r "${ROM}.1" \ + || die "$ROM: Read failed" + flashrom $FLASHROM_OPTIONS -r "${ROM}.2" \ + || die "$ROM: Read failed" + flashrom $FLASHROM_OPTIONS -r "${ROM}.3" \ + || die "$ROM: Read failed" + if [ `sha256sum ${ROM}.[123] | cut -f1 -d ' ' | uniq | wc -l` -eq 1 ]; then + mv ${ROM}.1 $ROM + rm ${ROM}.[23] + else + die "$ROM: Read inconsistent" + fi + else + cp "$ROM" /tmp/${CONFIG_BOARD}.rom + sha256sum /tmp/${CONFIG_BOARD}.rom + if [ "$CLEAN" -eq 0 ]; then + preserve_rom /tmp/${CONFIG_BOARD}.rom \ + || die "$ROM: Config preservation failed" + fi - flashrom $FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ - || die "$ROM: Flash failed" + flashrom $FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ + || die "$ROM: Flash failed" + fi } -if [ "$1" = "-c" ]; then +if [ "$1" == "-c" ]; then CLEAN=1 + READ=0 ROM="$2" +elif [ "$1" == "-r" ]; then + CLEAN=0 + READ=1 + ROM="$2" + touch $ROM else CLEAN=0 + READ=0 ROM="$1" fi if [ ! -e "$ROM" ]; then - die "Usage: $0 [-c] " + die "Usage: $0 [-c|-r] " fi flash_rom $ROM From 258420d75db66c0eb92e3fdcf8a948fd562e2a24 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 17 May 2018 15:31:23 -0700 Subject: [PATCH 6/9] Add BIOS ROM editing features to flash GUI In addition to being able to flash a ROM from the GUI, it would also be useful for a user to be able to add a GPG key to their keyring using the flashing tool. This change adds the ability for a user to edit both a ROM located on a USB key and also edit the running BIOS by using flashrom to make a local copy of the running BIOS, edit it, then reflash it. This also supports the upcoming delete feature in CBFS for circumstances where keyring files already exist within CBFS. --- initrd/bin/flash-gui.sh | 292 ++++++++++++++++++++++++++-------------- initrd/bin/gui-init | 2 +- 2 files changed, 191 insertions(+), 103 deletions(-) diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh index 015742a7..a39a372a 100755 --- a/initrd/bin/flash-gui.sh +++ b/initrd/bin/flash-gui.sh @@ -1,126 +1,214 @@ #!/bin/sh # -# based off of flashrom-x230 and usb-scan -# set -e -o pipefail . /etc/functions . /etc/config +mount_usb(){ # Mount the USB boot device -if ! grep -q /media /proc/mounts ; then - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - if [ $USB_FAILED -ne 0 ]; then - if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then - if [ -x /bin/whiptail ]; then - whiptail --title 'USB Drive Missing' \ - --msgbox "Insert the USB drive containing your ROM and press Enter to continue." 16 60 - else - echo "Insert the USB drive containing your ROM and press Enter to continue." - fi - USB_FAILED=0 - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - fi + if ! grep -q /media /proc/mounts ; then + mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 if [ $USB_FAILED -ne 0 ]; then - if [ -x /bin/whiptail ]; then + if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then + whiptail --title 'USB Drive Missing' \ + --msgbox "Insert your USB drive and press Enter to continue." 16 60 USB_FAILED=0 + mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + fi + if [ $USB_FAILED -ne 0 ]; then whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 - else - die "ERROR: Unable to mount $CONFIG_USB_BOOT_DEV" fi fi fi -fi - -get_menu_option() { - if [ -x /bin/whiptail ]; then - MENU_OPTIONS="" - n=0 - while read option - do - n=`expr $n + 1` - option=$(echo $option | tr " " "_") - MENU_OPTIONS="$MENU_OPTIONS $n ${option}" - done < /tmp/rom_menu.txt - - MENU_OPTIONS="$MENU_OPTIONS a abort" - whiptail --clear --title "Select your ROM" \ - --menu "Choose the ROM to flash [1-$n, a to abort]:" 20 120 8 \ - -- $MENU_OPTIONS \ - 2>/tmp/whiptail || die "Aborting flash attempt" - - option_index=$(cat /tmp/whiptail) - else - echo "+++ Select your ROM:" - n=0 - while read option - do - n=`expr $n + 1` - echo "$n. $option" - done < /tmp/rom_menu.txt - - read \ - -p "Choose the ROM to flash [1-$n, a to abort]: " \ - option_index - fi - - if [ "$option_index" = "a" ]; then - die "Aborting flash attempt" - fi - - option=`head -n $option_index /tmp/rom_menu.txt | tail -1` } -# create ROM menu options -ls -1r /media/*.rom 2>/dev/null > /tmp/rom_menu.txt || true -if [ `cat /tmp/rom_menu.txt | wc -l` -gt 0 ]; then - option_confirm="" - while [ -z "$option" ] - do - get_menu_option - done +file_selector() { + FILE="" + FILE_LIST=$1 + MENU_MSG=${2:-"Choose the file"} +# create file menu options + if [ `cat "$FILE_LIST" | wc -l` -gt 0 ]; then + option="" + while [ -z "$option" ] + do + MENU_OPTIONS="" + n=0 + while read option + do + n=`expr $n + 1` + option=$(echo $option | tr " " "_") + MENU_OPTIONS="$MENU_OPTIONS $n ${option}" + done < $FILE_LIST - if [ -n "$option" ]; then - MOUNTED_ROM=$option - ROM=${option:7} # remove /media/ to get device relative path + MENU_OPTIONS="$MENU_OPTIONS a Abort" + whiptail --clear --title "Select your File" \ + --menu "${MENU_MSG} [1-$n, a to abort]:" 20 120 8 \ + -- $MENU_OPTIONS \ + 2>/tmp/whiptail || die "Aborting" - if [ -x /bin/whiptail ]; then - if (whiptail --title 'Flash ROM?' \ - --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then - /bin/flash.sh $MOUNTED_ROM - whiptail --title 'ROM Flashed Successfully' \ - --msgbox "$ROM flashed successfully. Press Enter to reboot" 16 60 - /bin/reboot - else - exit 0 - fi - else - echo "+++ Flash ROM $ROM?" - read \ - -n 1 \ - -p "This will replace your old ROM with $ROM, Do you want to proceed? [y/N] " \ - do_flash - echo - if [ "$do_flash" != "y" \ - -a "$do_flash" != "Y" ]; then - exit 0 + option_index=$(cat /tmp/whiptail) + + if [ "$option_index" = "a" ]; then + option="a" + return fi - /bin/flash.sh $MOUNTED_ROM - echo "$ROM flashed successfuly. Press Enter to reboot" - read - /bin/reboot + option=`head -n $option_index $FILE_LIST | tail -1` + if [ "$option" == "a" ]; then + return + fi + done + if [ -n "$option" ]; then + FILE=$option fi - - die "Something failed in ROM flash" - fi -else - if [ -x /bin/whiptail ]; then - whiptail --title 'No ROMs found' \ - --msgbox "No ROMs found on USB disk" 16 60 else - echo "No ROMs found on USB disk. Press Enter to continue" - read + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Files Found' \ + --msgbox "No Files found matching the pattern. Aborting." 16 60 + exit 1 fi -fi +} +while true; do + unset menu_choice + whiptail --clear --title "BIOS Management Menu" \ + --menu 'Select the BIOS function to perform' 20 90 10 \ + 'f' ' Flash the BIOS with a new ROM' \ + 'a' ' Add GPG key to BIOS image' \ + 'r' ' Add GPG key to running BIOS' \ + 'x' ' Exit' \ + 2>/tmp/whiptail || recovery "GUI menu failed" + + menu_choice=$(cat /tmp/whiptail) + + case "$menu_choice" in + "x" ) + exit 0 + ;; + "f" ) + if (whiptail --title 'Flash the BIOS with a new ROM' \ + --yesno "This requires you insert a USB drive containing:\n* Your BIOS image (*.rom)\n\nAfter you select this file, this program will reflash your BIOS\n\nDo you want to proceed?" 16 90) then + mount_usb + if grep -q /media /proc/mounts ; then + find /media -name '*.rom' > /tmp/filelist.txt + file_selector "/tmp/filelist.txt" "Choose the ROM to flash" + if [ "$FILE" == "" ]; then + return + else + ROM=$FILE + fi + + if (whiptail --title 'Flash ROM?' \ + --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then + /bin/flash.sh $ROM + whiptail --title 'ROM Flashed Successfully' \ + --msgbox "$ROM flashed successfully. Press Enter to reboot" 16 60 + umount /media + /bin/reboot + else + exit + fi + fi + fi + ;; + "a" ) + if (whiptail --title 'ROM and GPG public key required' \ + --yesno "This requires you insert a USB drive containing:\n* Your GPG public key (*.key or *.asc)\n* Your BIOS image (*.rom)\n\nAfter you select these files, this program will reflash your BIOS\n\nDo you want to proceed?" 16 90) then + mount_usb + if grep -q /media /proc/mounts ; then + find /media -name '*.key' > /tmp/filelist.txt + find /media -name '*.asc' >> /tmp/filelist.txt + file_selector "/tmp/filelist.txt" "Choose your GPG public key" + if [ "$FILE" == "" ]; then + return + else + PUBKEY=$FILE + fi + + find /media -name '*.rom' > /tmp/filelist.txt + file_selector "/tmp/filelist.txt" "Choose the ROM to load your key onto" + if [ "$FILE" == "" ]; then + return + else + ROM=$FILE + fi + + cat $PUBKEY | gpg --import + cp $ROM /tmp/gpg-gui.rom + if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg") then + cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg" + fi + cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg + + if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then + cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg" + fi + cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg + + if (whiptail --title 'Flash ROM?' \ + --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then + /bin/flash.sh /tmp/gpg-gui.rom + whiptail --title 'ROM Flashed Successfully' \ + --msgbox "$ROM flashed successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot after you reboot.\n\nPress Enter to reboot" 16 60 + umount /media + /bin/reboot + else + exit 0 + fi + fi + fi + ;; + "r" ) + if (whiptail --title 'GPG public key required' \ + --yesno "Flashing the running BIOS requires you insert a USB drive containing:\n* Your GPG public key (*.key or *.asc)\n\nAfter you select this file, this program will copy and reflash your BIOS\n\nDo you want to proceed?" 16 90) then + mount_usb + if grep -q /media /proc/mounts ; then + find /media -name '*.key' > /tmp/filelist.txt + find /media -name '*.asc' >> /tmp/filelist.txt + file_selector "/tmp/filelist.txt" "Choose your GPG public key" + PUBKEY=$FILE + + /bin/flash.sh -r /tmp/gpg-gui.rom + if [ ! -s /tmp/gpg-gui.rom ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \ + --msgbox "Unable to read BIOS" 16 60 + exit 1 + fi + + cat $PUBKEY | gpg --import + if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg") then + cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg" + fi + cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg + + if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then + cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg" + fi + cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg + + if (whiptail --title 'Update ROM?' \ + --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then + /bin/flash.sh /tmp/gpg-gui.rom + whiptail --title 'BIOS Updated Successfully' \ + --msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot after you reboot.\n\nPress Enter to reboot" 16 60 + umount /media + /bin/reboot + else + exit 0 + fi + fi + fi + ;; + "g" ) + confirm_gpg_card + echo "********************************************************************************" + echo "*" + echo "* INSTRUCTIONS:" + echo "* Type 'admin' and then 'generate' and follow the prompts to generate a GPG key." + echo "*" + echo "********************************************************************************" + gpg --card-edit + ;; + esac + +done exit 0 diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 81c8f663..4577dd63 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -148,7 +148,7 @@ while true; do 'g' ' Generate new TOTP secret' \ 'p' ' Reset the TPM' \ 's' ' Update checksums and sign all files in /boot' \ - 'f' ' Flash the BIOS with a new ROM' \ + 'f' ' Flash/Update the BIOS -->' \ 'r' ' <-- Return to main menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" From cfa6c3a37415315d5e86bb710955965210672ce4 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Fri, 18 May 2018 14:04:00 -0700 Subject: [PATCH 7/9] Make x230 board option a glob to match x230-flash option --- initrd/bin/flash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index ccc861b1..4b70ac8a 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -10,7 +10,7 @@ case "$CONFIG_BOARD" in librem* ) FLASHROM_OPTIONS='-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq' ;; - "x230" ) + x230* ) FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' ;; "kgpe-d16" ) From 8dc2f8602f353fe67f2bd4ee0e21a521f249c62a Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Wed, 23 May 2018 16:14:44 -0700 Subject: [PATCH 8/9] Add trivial word-wrapping for long output line --- initrd/bin/flash-gui.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh index a39a372a..b7929c4f 100755 --- a/initrd/bin/flash-gui.sh +++ b/initrd/bin/flash-gui.sh @@ -148,7 +148,7 @@ while true; do --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then /bin/flash.sh /tmp/gpg-gui.rom whiptail --title 'ROM Flashed Successfully' \ - --msgbox "$ROM flashed successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot after you reboot.\n\nPress Enter to reboot" 16 60 + --msgbox "$ROM flashed successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 16 60 umount /media /bin/reboot else @@ -189,7 +189,7 @@ while true; do --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then /bin/flash.sh /tmp/gpg-gui.rom whiptail --title 'BIOS Updated Successfully' \ - --msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot after you reboot.\n\nPress Enter to reboot" 16 60 + --msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 16 60 umount /media /bin/reboot else From 8d50b6a1aba0cf28cb8e4de5222ae628805abf8d Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Mon, 28 May 2018 11:38:04 -0700 Subject: [PATCH 9/9] Add option to flash cleaned ROM to GUI --- initrd/bin/flash-gui.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh index b7929c4f..191d977b 100755 --- a/initrd/bin/flash-gui.sh +++ b/initrd/bin/flash-gui.sh @@ -73,6 +73,7 @@ while true; do whiptail --clear --title "BIOS Management Menu" \ --menu 'Select the BIOS function to perform' 20 90 10 \ 'f' ' Flash the BIOS with a new ROM' \ + 'c' ' Flash the BIOS with a new cleaned ROM' \ 'a' ' Add GPG key to BIOS image' \ 'r' ' Add GPG key to running BIOS' \ 'x' ' Exit' \ @@ -84,7 +85,7 @@ while true; do "x" ) exit 0 ;; - "f" ) + f|c ) if (whiptail --title 'Flash the BIOS with a new ROM' \ --yesno "This requires you insert a USB drive containing:\n* Your BIOS image (*.rom)\n\nAfter you select this file, this program will reflash your BIOS\n\nDo you want to proceed?" 16 90) then mount_usb @@ -99,7 +100,11 @@ while true; do if (whiptail --title 'Flash ROM?' \ --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then - /bin/flash.sh $ROM + if [ "$menu_choice" == "c" ]; then + /bin/flash.sh -c $ROM + else + /bin/flash.sh $ROM + fi whiptail --title 'ROM Flashed Successfully' \ --msgbox "$ROM flashed successfully. Press Enter to reboot" 16 60 umount /media