Drop duplicate board-specific background color configs

Set and export currently-used defaults in gui-init, but still
allow for inidividual boards to override via config if desired.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

boards/librem_13v2/librem_13v2.config

@@ -36,6 +36,4 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
 export CONFIG_BOOT_KERNEL_REMOVE=""
 export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
 export CONFIG_BOARD_NAME="Librem 13 v2/v3"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="-p internal"

boards/librem_13v4/librem_13v4.config

@@ -36,6 +36,4 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
 export CONFIG_BOOT_KERNEL_REMOVE=""
 export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
 export CONFIG_BOARD_NAME="Librem 13 v4"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="-p internal"

boards/librem_15v3/librem_15v3.config

@@ -36,6 +36,4 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
 export CONFIG_BOOT_KERNEL_REMOVE=""
 export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
 export CONFIG_BOARD_NAME="Librem 15 v3"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="-p internal"

boards/librem_15v4/librem_15v4.config

@@ -36,6 +36,4 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
 export CONFIG_BOOT_KERNEL_REMOVE=""
 export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
 export CONFIG_BOARD_NAME="Librem 15 v4"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="-p internal"

boards/librem_l1um/librem_l1um.config

@@ -36,8 +36,6 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
 export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"
 export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
 export CONFIG_BOARD_NAME="Librem Server L1UM"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_AUTO_BOOT_TIMEOUT=5
 export CONFIG_FLASHROM_OPTIONS="-p internal"
 export CONFIG_USB_KEYBOARD=y

boards/librem_mini/librem_mini.config

@@ -36,7 +36,5 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on"
 export CONFIG_BOOT_KERNEL_REMOVE=""
 export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
 export CONFIG_BOARD_NAME="Librem Mini"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="-p internal"
 export CONFIG_USB_KEYBOARD=y

boards/t420/t420.config

@@ -34,6 +34,4 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="ThinkPad T420"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"

boards/t430/t430.config

@@ -47,8 +47,6 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="Thinkpad T430"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,

boards/x220/x220.config

@@ -34,6 +34,4 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="ThinkPad X220"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq --ifd --image bios"

boards/x230-hotp-verification/x230-hotp-verification.config

@@ -48,8 +48,6 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="Thinkpad X230"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,

boards/x230-nkstorecli/x230-nkstorecli.config

@@ -40,8 +40,6 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="Thinkpad X230-nkstorecli"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,

boards/x230/x230.config

@@ -44,8 +44,6 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
 export CONFIG_BOOT_KERNEL_REMOVE="quiet"
 export CONFIG_BOOT_DEV="/dev/sda1"
 export CONFIG_BOARD_NAME="Thinkpad X230"
-export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
-export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
 export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
 
 # This board has two SPI flash chips, an 8 MB that holds the IFD,

initrd/bin/config-gui.sh

@@ -59,7 +59,7 @@ while true; do
       # mount newly selected /boot device
       if ! mount -o ro $SELECTED_FILE /boot 2>/tmp/error ; then
         ERROR=`cat /tmp/error`
-        whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: unable to mount /boot' \
+        whiptail $BG_COLOR_ERROR --title 'ERROR: unable to mount /boot' \
           --msgbox "    $ERROR\n\n" 16 60
         exit 1
       fi
@@ -73,7 +73,7 @@ while true; do
     "s" )
       /bin/flash.sh -r /tmp/config-gui.rom
       if [ ! -s /tmp/config-gui.rom ]; then
-        whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \
+        whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \
           --msgbox "Unable to read BIOS" 16 60
         exit 1
       fi
@@ -103,7 +103,7 @@ while true; do
         # read current firmware
         /bin/flash.sh -r /tmp/config-gui.rom
         if [ ! -s /tmp/config-gui.rom ]; then
-          whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \
+          whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \
             --msgbox "Unable to read BIOS" 16 60
           exit 1
         fi

initrd/bin/gpg-gui.sh

@@ -85,7 +85,7 @@ gpg_post_gen_mgmt() {
       whiptail --title "The GPG Key Copied Successfully" \
         --msgbox "${GPG_GEN_KEY}.asc copied successfully." 16 60
     else
-      whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Copy Failed' \
+      whiptail $BG_COLOR_ERROR --title 'ERROR: Copy Failed' \
         --msgbox "Unable to copy ${GPG_GEN_KEY}.asc to /media" 16 60
     fi
     umount /media
@@ -94,7 +94,7 @@ gpg_post_gen_mgmt() {
       --yesno "Would you like to add the GPG public key you generated to the BIOS?\n\nThis makes it a trusted key used to sign files in /boot\n\n" 16 90) then
       /bin/flash.sh -r /tmp/gpg-gui.rom
       if [ ! -s /tmp/gpg-gui.rom ]; then
-        whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \
+        whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \
           --msgbox "Unable to read BIOS" 16 60
         exit 1
       fi
@@ -120,7 +120,7 @@ gpg_add_key_reflash() {
 
       /bin/flash.sh -r /tmp/gpg-gui.rom
       if [ ! -s /tmp/gpg-gui.rom ]; then
-        whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \
+        whiptail $BG_COLOR_ERROR --title 'ERROR: BIOS Read Failed!' \
           --msgbox "Unable to read BIOS" 16 60
         exit 1
       fi
@@ -214,7 +214,7 @@ while true; do
           whiptail --title "The GPG Key Copied Successfully" \
             --msgbox "public-key.asc copied successfully." 16 60
         else
-          whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Copy Failed' \
+          whiptail $BG_COLOR_ERROR --title 'ERROR: Copy Failed' \
             --msgbox "Unable to copy public-key.asc to /media" 16 60
         fi
         umount /media

initrd/bin/gui-init

@@ -3,6 +3,8 @@
 
 BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}} 
 MAIN_MENU_TITLE="${BOARD_NAME} | Heads Boot Menu"
+export BG_COLOR_WARNING="${CONFIG_WARNING_BG_COLOR:-"--background-gradient 0 0 0 150 125 0"}"
+export BG_COLOR_ERROR="${CONFIG_ERROR_BG_COLOR:-"--background-gradient 0 0 0 150 0 0"}"
 
 . /etc/functions
 . /tmp/config
@@ -14,7 +16,7 @@ mount_boot()
   while ! grep -q /boot /proc/mounts ; do
     # ensure default boot device is set
     if [ ! -e "$CONFIG_BOOT_DEV" ]; then
-      if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title "ERROR: $CONFIG_BOOT_DEV missing!" \
+      if (whiptail $BG_COLOR_ERROR --clear --title "ERROR: $CONFIG_BOOT_DEV missing!" \
           --yesno "The /boot device $CONFIG_BOOT_DEV could not be found!\n\nYou will need to configure the correct device for /boot.\n\nWould you like to configure the /boot device now?" 30 90) then
         config-gui.sh boot_device_select
       else
@@ -26,7 +28,7 @@ mount_boot()
     . /tmp/config
     mount -o ro $CONFIG_BOOT_DEV /boot 
     if [ $? -ne 0 ]; then
-      if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title 'ERROR: Cannot mount /boot' \
+      if (whiptail $BG_COLOR_ERROR --clear --title 'ERROR: Cannot mount /boot' \
       --yesno "The /boot partition at $CONFIG_BOOT_DEV could not be mounted!\n\nWould you like to configure the /boot device now?" 30 90) then
         config-gui.sh boot_device_select
       else
@@ -46,7 +48,7 @@ verify_global_hashes()
   if ( cd /boot && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ) then
     return 0
   elif [ ! -f $TMP_HASH_FILE ]; then
-    if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title 'ERROR: Missing Hash File!' \
+    if (whiptail $BG_COLOR_ERROR --clear --title 'ERROR: Missing Hash File!' \
       --yesno "The file containing hashes for /boot is missing!\n\nIf you are setting this system up for the first time, select Yes to update\nyour list of checksums.\n\nOtherwise this could indicate a compromise and you should select No to\nreturn to the main menu.\n\nWould you like to update your checksums now?" 30 90) then
       update_checksums
     fi
@@ -74,7 +76,7 @@ verify_global_hashes()
       TEXT="The following files failed the verification process:\n\n${CHANGED_FILES}\n\nThis could indicate a compromise!\n\nWould you like to update your checksums now?"
     fi
 
-    if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title 'ERROR: Boot Hash Mismatch' --yesno "$TEXT" 30 90) then
+    if (whiptail $BG_COLOR_ERROR --clear --title 'ERROR: Boot Hash Mismatch' --yesno "$TEXT" 30 90) then
       update_checksums
     fi
     return 1
@@ -129,7 +131,7 @@ clean_boot_check()
   # OS is installed, no kexec files present, no GPG keys in keyring, security token present
   # prompt user to run OEM factory reset
   oem-factory-reset \
-    "Clean Boot Detected - Perform OEM Factory Reset?" "$CONFIG_WARNING_BG_COLOR"
+    "Clean Boot Detected - Perform OEM Factory Reset?" "$BG_COLOR_WARNING"
 }
 
 if detect_boot_device ; then
@@ -156,7 +158,7 @@ while true; do
   # detect whether any GPG keys exist in the keyring, if not, initialize that first
   GPG_KEY_COUNT=`gpg -k 2>/dev/null | wc -l`
   if [ $GPG_KEY_COUNT -eq 0 ]; then
-    whiptail $CONFIG_ERROR_BG_COLOR --clear --title "ERROR: GPG keyring empty!" \
+    whiptail $BG_COLOR_ERROR --clear --title "ERROR: GPG keyring empty!" \
       --menu "ERROR: Heads couldn't find any GPG keys in your keyring.\n\nIf this is the first time the system has booted,\nyou should add a public GPG key to the BIOS now.\n\nIf you just reflashed a new BIOS, you'll need to add at least one\npublic key to the keyring.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 30 90 4 \
       'G' ' Add a GPG key to the running BIOS' \
       'i' ' Ignore error and continue to main menu' \
@@ -176,7 +178,7 @@ while true; do
       last_half=$half;
       TOTP=`unseal-totp`
       if [ $? -ne 0 ]; then
-        whiptail $CONFIG_ERROR_BG_COLOR --clear --title "ERROR: TOTP Generation Failed!" \
+        whiptail $BG_COLOR_ERROR --clear --title "ERROR: TOTP Generation Failed!" \
           --menu "    ERROR: Heads couldn't generate the TOTP code.\n
     If you have just completed a Factory Reset, or just reflashed
     your BIOS, you should generate a new HOTP/TOTP secret.\n
@@ -200,7 +202,7 @@ while true; do
       HOTP=`unseal-hotp`
       enable_usb
       if ! hotp_verification info ; then
-        whiptail $CONFIG_WARNING_BG_COLOR --clear \
+        whiptail $BG_COLOR_WARNING --clear \
 	--title "WARNING: Please Insert Your $HOTPKEY_BRANDING" \
 	--msgbox "Your $HOTPKEY_BRANDING was not detected.\n\nPlease insert your $HOTPKEY_BRANDING" 30 90
         fi
@@ -212,11 +214,11 @@ while true; do
         ;;
         4 )
           HOTP="Invalid code"
-          MAIN_MENU_BG_COLOR=$CONFIG_ERROR_BG_COLOR
+          MAIN_MENU_BG_COLOR=$BG_COLOR_ERROR
         ;;
         * )
           HOTP="Error checking code, Insert $HOTPKEY_BRANDING and retry"
-          MAIN_MENU_BG_COLOR=$CONFIG_WARNING_BG_COLOR
+          MAIN_MENU_BG_COLOR=$BG_COLOR_WARNING
         ;;
       esac
     else
@@ -285,7 +287,7 @@ while true; do
   fi
 
   if [ "$totp_confirm" = "n" ]; then
-    if (whiptail $CONFIG_WARNING_BG_COLOR --title "TOTP/HOTP code mismatched" \
+    if (whiptail $BG_COLOR_WARNING --title "TOTP/HOTP code mismatched" \
       --yesno "TOTP/HOTP code mismatches could indicate either TPM tampering or clock drift:\n\nTo correct clock drift: 'date -s HH:MM:SS'\nand save it to the RTC: 'hwclock -w'\nthen reboot and try again.\n\nWould you like to exit to a recovery console?" 30 90) then
       echo ""
       echo "To correct clock drift: 'date -s HH:MM:SS'"
@@ -359,7 +361,7 @@ while true; do
 
   if [ "$totp_confirm" = "i" ]; then
     # Run the menu selection in "force" mode, bypassing hash checks
-    if (whiptail $CONFIG_WARNING_BG_COLOR --title 'Unsafe Forced Boot Selected!' \
+    if (whiptail $BG_COLOR_WARNING --title 'Unsafe Forced Boot Selected!' \
         --yesno "WARNING: You have chosen to skip all tamper checks and boot anyway.\n\nThis is an unsafe option!\n\nDo you want to proceed?" 16 90) then
       mount_boot
       kexec-select-boot -m -b /boot -c "grub.cfg" -g -f

initrd/bin/kexec-select-boot

@@ -59,7 +59,7 @@ verify_global_hashes()
 	else
 		if [ "$gui_menu" = "y" ]; then
 			CHANGED_FILES=$(grep -v 'OK$' /tmp/hash_output | cut -f1 -d ':')
-			whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Boot Hash Mismatch' \
+			whiptail $BG_COLOR_ERROR --title 'ERROR: Boot Hash Mismatch' \
 				--msgbox "The following files failed the verification process:\n${CHANGED_FILES}\nExiting to a recovery shell" 16 60
 		fi
 		die "$TMP_HASH_FILE: boot hash mismatch"
@@ -222,7 +222,7 @@ default_select() {
 	option=`head -n $default_index $TMP_MENU_FILE | tail -1`
 	if [ "$option" != "$expectedoption" ]; then
 		if [ "$gui_menu" = "y" ]; then
-			whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Boot Entry Has Changed' \
+			whiptail $BG_COLOR_ERROR --title 'ERROR: Boot Entry Has Changed' \
 				--msgbox "The list of boot entries has changed\n\nPlease set a new default" 16 60
 		fi
 		warn "!!! Boot entry has changed - please set a new default"
@@ -239,7 +239,7 @@ default_select() {
 	else
 		if [ "$gui_menu" = "y" ]; then
 			CHANGED_FILES=$(grep -v 'OK$' /tmp/hash_output | cut -f1 -d ':')
-			whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Default Boot Hash Mismatch' \
+			whiptail $BG_COLOR_ERROR --title 'ERROR: Default Boot Hash Mismatch' \
 				--msgbox "The following files failed the verification process:\n${CHANGED_FILES}\nExiting to a recovery shell" 16 60
 		fi
 		die "!!! $TMP_DEFAULT_HASH_FILE: default boot hash mismatch"

initrd/bin/mount-usb

@@ -34,7 +34,7 @@ if [ -z `cat /tmp/usb_block_devices` ]; then
   stat -c %N /sys/block/sd* 2>/dev/null | grep usb | cut -f1 -d ' ' | sed "s/[']//g;s|/sys/block|/dev|" > /tmp/usb_block_devices
   if [ -z `cat /tmp/usb_block_devices` ]; then
     if [ -x /bin/whiptail ]; then
-      whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: USB Drive Missing' \
+      whiptail $BG_COLOR_ERROR --title 'ERROR: USB Drive Missing' \
         --msgbox "USB Drive Missing! Aborting mount attempt.\n\nPress Enter to continue." 16 60
     else
       echo "!!! ERROR: USB Drive Missing! Aborting mount. Press Enter to continue."

initrd/bin/oem-factory-reset

@@ -48,7 +48,7 @@ whiptail_error()
     if [ "$msg" = "" ]; then
         die "whiptail error: An error msg is required"
     fi
-    whiptail --msgbox "${msg}\n\n" $WIDTH $HEIGHT $CONFIG_ERROR_BG_COLOR --title "Error"
+    whiptail --msgbox "${msg}\n\n" $WIDTH $HEIGHT $BG_COLOR_ERROR --title "Error"
 }
 
 whiptail_error_die() 

initrd/etc/gui_functions

@@ -14,7 +14,7 @@ mount_usb()
       --msgbox "Insert your USB drive and press Enter to continue." 16 60
     mount-usb && USB_FAILED=0 || ( [ $? -eq 5 ] && exit 1 || USB_FAILED=1 )
     if [ $USB_FAILED -ne 0 ]; then
-      whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \
+      whiptail $BG_COLOR_ERROR --title 'ERROR: Mounting /media Failed' \
         --msgbox "Unable to mount USB device" 16 60
       exit 1
     fi
@@ -64,7 +64,7 @@ file_selector()
       FILE=$option
     fi
   else
-    whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Files Found' \
+    whiptail $BG_COLOR_ERROR --title 'ERROR: No Files Found' \
       --msgbox "No Files found matching the pattern. Aborting." 16 60
     exit 1
   fi