gui-init: add clean boot check

Add a check to determine if first boot after flashing a cleaned ROM, and prompt user to run the OEM Factory Reset if so Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2025-02-20 09:16:21 +00:00 · 2019-08-19 17:09:42 -05:00 · 2019-08-19 17:09:42 -05:00 · aab9004c53
commit aab9004c53
parent ba23fb7ac2
1 changed files with 34 additions and 2 deletions
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@ -102,11 +102,43 @@ update_totp()
  fi
 }

+clean_boot_check()
+{
+  # assume /boot mounted
+  if ! grep -q /boot /proc/mounts ; then
+    return
+  fi
+
+  # check for any kexec files in /boot
+  kexec_files=`find /boot -name kexec*.txt`
+  [ ! -z "$kexec_files" ] && return
+  
+  #check for GPG key in keyring
+  GPG_KEY_COUNT=`gpg -k 2>/dev/null | wc -l`
+  [ $GPG_KEY_COUNT -ne 0 ] && return
+
+   # check for USB security token
+  if ! gpg --card-status > /dev/null ; then
+   return
+  fi
+
+  # OS is installed, no kexec files present, no GPG keys in keyring, security token present
+  # prompt user to run OEM factory reset
+  oem-factory-reset \
+    "Clean Boot Detected - Perform OEM Factory Reset?" "$CONFIG_WARNING_BG_COLOR"
+}
+
 # enable USB to load modules for external kb
 enable_usb

-# ensure /boot is sane and mount it
-mount_boot
+if detect_boot_device ; then
+  # /boot device with installed OS found
+  clean_boot_check
+else
+  # can't determine /boot device or no OS installed, 
+  # so fall back to interactive selection
+  mount_boot
+fi

 last_half=X
 while true; do