From 25b977d1e50fb320edf08cdd4ffd2fbb291e18c0 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Fri, 5 Jan 2024 16:45:48 -0500 Subject: [PATCH 1/2] initrd/bin/config-gui.sh: Allow configuring automatic boot Automatic boot can be configured in the configuration GUI. Options are disable, 1 second, 5 seconds, or 10 seconds. Signed-off-by: Jonathon Hall --- initrd/bin/config-gui.sh | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 49e59c89..24a940ba 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -54,9 +54,14 @@ while true; do 'J' " $(get_config_display_action "$CONFIG_USE_BLOB_JAIL") Firmware Blob Jail" ) + # Automatic boot + dynamic_config_options+=( + 'M' " Configure automatic boot" + ) + # Basic-only options for automatic boot [ "$CONFIG_BASIC" = "y" ] && dynamic_config_options+=( - 'A' " $(get_inverted_config_display_action "$CONFIG_BASIC_NO_AUTOMATIC_DEFAULT") automatic default boot" + 'A' " $(get_inverted_config_display_action "$CONFIG_BASIC_NO_AUTOMATIC_DEFAULT") automatic default boot option" 'U' " $(get_config_display_action "$CONFIG_BASIC_USB_AUTOBOOT") USB automatic boot" ) @@ -401,6 +406,37 @@ while true; do fi fi ;; + "M" ) + if [ -z "$CONFIG_AUTO_BOOT_TIMEOUT" ]; then + current_msg="Automatic boot is currently disabled." + elif [ "$CONFIG_AUTO_BOOT_TIMEOUT" = 1 ]; then + current_msg="Currently boots automatically after 1 second." + else + current_msg="Currently boots automatically after $CONFIG_AUTO_BOOT_TIMEOUT seconds." + fi + whiptail --title "Automatic Boot" \ + --menu "$CONFIG_BRAND_NAME can boot automatically. Select the amount of time to wait\nbefore booting.\n\n$current_msg" 0 80 10 \ + "0" "Don't boot automatically" \ + "1" "1 second" \ + "5" "5 seconds" \ + "10" "10 seconds" \ + "C" "Cancel" \ + 2>/tmp/whiptail + new_setting="$(cat /tmp/whiptail)" + if ! [ "$new_setting" = "C" ]; then + if [ "$new_setting" = "0" ]; then + new_setting= # Empty disables automatic boot + current_msg="$CONFIG_BRAND_NAME will not boot automatically." + elif [ "$new_setting" = "1" ]; then + current_msg="$CONFIG_BRAND_NAME will boot automatically after 1 second." + else + current_msg="$CONFIG_BRAND_NAME will boot automatically after $new_setting seconds." + fi + set_user_config "CONFIG_AUTO_BOOT_TIMEOUT" "$new_setting" + whiptail --title 'Config change successful' \ + --msgbox "$current_msg\nSave the config change and reboot for it to go into effect." 0 80 + fi + ;; "A" ) if [ "$CONFIG_BASIC_NO_AUTOMATIC_DEFAULT" != "y" ]; then if (whiptail --title 'Disable automatic default boot?' \ From a2ebf251e0780d6b92e2d87e30a958d892c4ca49 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 9 Jan 2024 14:33:23 -0500 Subject: [PATCH 2/2] hotp boards: enable autoboot after 5 seconds if reverse HOTP against USB Security Dongle is successful by default Signed-off-by: Thierry Laurion --- .../UNTESTED_p8z77-m_pro-tpm1-hotp-maximized.config | 1 + .../UNTESTED_t430-hotp-legacy/UNTESTED_t430-hotp-legacy.config | 1 + .../UNTESTED_t520-hotp-maximized.config | 1 + .../UNTESTED_t530-dgpu-hotp-maximized.config | 1 + .../UNTESTED_t530-hotp-maximized.config | 1 + .../UNTESTED_w530-dgpu-K1000m-hotp-maximized.config | 1 + .../UNTESTED_w530-dgpu-K2000m-hotp-maximized.config | 1 + .../qemu-coreboot-fbwhiptail-tpm1-hotp.config | 1 + .../qemu-coreboot-fbwhiptail-tpm2-hotp.config | 1 + .../qemu-coreboot-whiptail-tpm1-hotp.config | 1 + .../qemu-coreboot-whiptail-tpm2-hotp.config | 1 + boards/t420-hotp-maximized/t420-hotp-maximized.config | 1 + boards/t430-hotp-maximized/t430-hotp-maximized.config | 1 + boards/t440p-hotp-maximized/t440p-hotp-maximized.config | 1 + boards/w530-hotp-maximized/w530-hotp-maximized.config | 1 + boards/w541-hotp-maximized/w541-hotp-maximized.config | 1 + boards/x220-hotp-maximized/x220-hotp-maximized.config | 1 + boards/x230-hotp-legacy/x230-hotp-legacy.config | 1 + .../x230-hotp-maximized-fhd_edp.config | 1 + boards/x230-hotp-maximized/x230-hotp-maximized.config | 1 + .../x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config | 1 + boards/z220-cmt-hotp-maximized/z220-cmt-hotp-maximized.config | 1 + 22 files changed, 22 insertions(+) diff --git a/boards/UNTESTED_p8z77-m_pro-tpm1-hotp-maximized/UNTESTED_p8z77-m_pro-tpm1-hotp-maximized.config b/boards/UNTESTED_p8z77-m_pro-tpm1-hotp-maximized/UNTESTED_p8z77-m_pro-tpm1-hotp-maximized.config index a43fa33b..22267b98 100644 --- a/boards/UNTESTED_p8z77-m_pro-tpm1-hotp-maximized/UNTESTED_p8z77-m_pro-tpm1-hotp-maximized.config +++ b/boards/UNTESTED_p8z77-m_pro-tpm1-hotp-maximized/UNTESTED_p8z77-m_pro-tpm1-hotp-maximized.config @@ -2,5 +2,6 @@ include $(pwd)/boards/UNTESTED_p8z77-m_pro-tpm1-maximized/UNTESTED_p8z77-m_pro-tpm1-maximized.config CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_BOARD_NAME="P8Z77-M PRO-HOTP" diff --git a/boards/UNTESTED_t430-hotp-legacy/UNTESTED_t430-hotp-legacy.config b/boards/UNTESTED_t430-hotp-legacy/UNTESTED_t430-hotp-legacy.config index 00c4ecc6..1c7c527e 100644 --- a/boards/UNTESTED_t430-hotp-legacy/UNTESTED_t430-hotp-legacy.config +++ b/boards/UNTESTED_t430-hotp-legacy/UNTESTED_t430-hotp-legacy.config @@ -37,6 +37,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config b/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config index f9061c24..cd375294 100644 --- a/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config +++ b/boards/UNTESTED_t520-hotp-maximized/UNTESTED_t520-hotp-maximized.config @@ -38,6 +38,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config index 0eb5f2a2..2bee0e42 100644 --- a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config +++ b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config @@ -42,6 +42,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config index c44d6fe3..2a4cb5a4 100644 --- a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config +++ b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config @@ -42,6 +42,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config index b8add650..e008d6f5 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config @@ -42,6 +42,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config index 238fa8ef..b006a12c 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config @@ -42,6 +42,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index 677b7ac6..10bf16da 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -37,6 +37,7 @@ CONFIG_MBEDTLS=y CONFIG_DROPBEAR=y CONFIG_MSRTOOLS=y CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Uncomment only one of the following block #Required for graphical gui-init (FBWhiptail) diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index 2b622f43..1a91a32b 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -38,6 +38,7 @@ CONFIG_MBEDTLS=y CONFIG_DROPBEAR=y CONFIG_MSRTOOLS=y CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Uncomment only one of the following block #Required for graphical gui-init (FBWhiptail) diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index dc275271..8518aad8 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -37,6 +37,7 @@ CONFIG_MBEDTLS=y CONFIG_DROPBEAR=y CONFIG_MSRTOOLS=y CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Uncomment only one of the following block #Required for graphical gui-init (FBWhiptail) diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index 28930477..76124093 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -38,6 +38,7 @@ CONFIG_MBEDTLS=y CONFIG_DROPBEAR=y CONFIG_MSRTOOLS=y CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Uncomment only one of the following block #Required for graphical gui-init (FBWhiptail) diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index 12c8dac2..d248c8c3 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -42,6 +42,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 574dcfa8..0a09feb1 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -40,6 +40,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/t440p-hotp-maximized/t440p-hotp-maximized.config b/boards/t440p-hotp-maximized/t440p-hotp-maximized.config index 1d48c5cb..da0cd510 100644 --- a/boards/t440p-hotp-maximized/t440p-hotp-maximized.config +++ b/boards/t440p-hotp-maximized/t440p-hotp-maximized.config @@ -2,5 +2,6 @@ include $(pwd)/boards/t440p-maximized/t440p-maximized.config CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_BOARD_NAME="ThinkPad T440p-hotp-maximized" diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index 85ce7c90..76a6691a 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -42,6 +42,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/w541-hotp-maximized/w541-hotp-maximized.config b/boards/w541-hotp-maximized/w541-hotp-maximized.config index a73be700..204f1252 100644 --- a/boards/w541-hotp-maximized/w541-hotp-maximized.config +++ b/boards/w541-hotp-maximized/w541-hotp-maximized.config @@ -2,5 +2,6 @@ include $(pwd)/boards/w541-maximized/w541-maximized.config CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_BOARD_NAME="ThinkPad W541-hotp-maximized" diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index 95dae6fa..905da3c2 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -42,6 +42,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/x230-hotp-legacy/x230-hotp-legacy.config b/boards/x230-hotp-legacy/x230-hotp-legacy.config index ee9d2921..0398b542 100644 --- a/boards/x230-hotp-legacy/x230-hotp-legacy.config +++ b/boards/x230-hotp-legacy/x230-hotp-legacy.config @@ -37,6 +37,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index f6726e33..2f68545f 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -54,6 +54,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index 3bb4d842..040d9990 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -45,6 +45,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 13c06b05..167fb431 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -44,6 +44,7 @@ CONFIG_TPMTOTP=y #HOTP based remote attestation for supported USB Security dongle #With/Without TPM support CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 #Nitrokey Storage admin tool CONFIG_NKSTORECLI=n diff --git a/boards/z220-cmt-hotp-maximized/z220-cmt-hotp-maximized.config b/boards/z220-cmt-hotp-maximized/z220-cmt-hotp-maximized.config index a434f3fd..6155c83d 100644 --- a/boards/z220-cmt-hotp-maximized/z220-cmt-hotp-maximized.config +++ b/boards/z220-cmt-hotp-maximized/z220-cmt-hotp-maximized.config @@ -2,5 +2,6 @@ include $(pwd)/boards/z220-cmt-maximized/z220-cmt-maximized.config CONFIG_HOTPKEY=y +export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_BOARD_NAME="Hewlett-Packard Z220 Convertible Minitower (HOTP)" \ No newline at end of file