rework startup scripts to combine totp prompt with boot mode selection (issue #221)

initrd/bin/generic-init

@@ -4,22 +4,57 @@
 . /etc/functions
 . /etc/config
 
-# Confirm we have a good TOTP unseal
-if ! confirm_totp ; then
-	recovery 'Failed to unseal TOTP'
-fi
+mount_boot()
+{
+	# Mount local disk if it is not already mounted
+	if ! grep -q /boot /proc/mounts ; then
+		mount -o ro /boot \
+			|| recovery "Unable to mount /boot"
+	fi
+}
 
-if [ ! "$totp_confirm" = "y" ]; then
-	recovery "Failed to confirm validity of TOTP"
-fi
 
-# Mount local disk
-if ! grep -q /boot /proc/mounts ; then
-	mount -o ro "$CONFIG_BOOT_DEV" /boot \
-		|| recovery "$CONFIG_BOOT_DEV: Unable to mount /boot"
-fi
+# Confirm we have a good TOTP unseal and ask the user for next choice
+while true; do
+	echo "y) Default boot"
+	echo "n) TOTP does not match"
+	echo "r) Recovery boot"
+	echo "u) USB boot"
+	echo "m) Boot menu"
 
-# Attempt to pull verified config from device
-kexec-select-boot -b /boot -c "grub.cfg"
+	if ! confirm_totp "Boot mode"; then
+		recovery 'Failed to unseal TOTP'
+	fi
+
+	if [ "$totp_confirm" = "r" ]; then
+		recovery "User requested recovery shell"
+	fi
+
+	if [ "$totp_confim" = "n" ]; then
+		echo ""
+		echo "To correct clock drift: 'date -s HH:MM:SS'"
+		echo "and save it to the RTC: 'hwclock -w'"
+		echo "then reboot and try again"
+		echo ""
+		recovery "TOTP mismatch"
+	fi
+
+	if [ "$totp_confirm" = "u" ]; then
+		exec /bin/usb-init
+	fi
+
+	if [ "$totp_confirm" = "m" ]; then
+		# Try to select a kernel from the menu
+		mount_boot
+		kexec-select-boot -m -b /boot -c "grub.cfg"
+	fi
+
+	if [ "$totp_confirm" = "y" -o "$totp_confirm" != " " ]; then
+		# Try to boot the default
+		mount_boot
+		kexec-select-boot -b /boot -c "grub.cfg"
+	fi
+
+done
 
 recovery "Something failed during boot"

initrd/bin/kexec-select-boot

@@ -11,7 +11,7 @@ unique="n"
 valid_hash="n"
 valid_global_hash="n"
 valid_rollback="n"
-while getopts "b:d:p:a:r:c:ui" arg; do
+while getopts "b:d:p:a:r:c:uim" arg; do
 	case $arg in
 		b) bootdir="$OPTARG" ;;
 		d) paramsdev="$OPTARG" ;;
@@ -20,6 +20,7 @@ while getopts "b:d:p:a:r:c:ui" arg; do
 		r) remove="$OPTARG" ;;
 		c) config="$OPTARG" ;;
 		u) unique="y" ;;
+		m) show_menu="y" ;;
 		i) valid_hash="y"; valid_rollback="y" ;;
 	esac
 done

initrd/bin/usb-init

@@ -4,17 +4,8 @@
 . /etc/functions
 . /etc/config
 
-# Confirm we have a good TOTP unseal
-if ! confirm_totp ; then
-	recovery 'Failed to unseal TOTP'
-fi
-
 # Extend PCR4 as soon as possible
 tpm extend -ix 4 -ic usb
 
-if [ ! "$totp_confirm" = "y" ]; then
-	recovery "Failed to confirm validity of TOTP"
-fi
-
 usb-scan
 recovery "Something failed during USB boot"

initrd/etc/functions

@@ -31,7 +31,9 @@ pcrs() {
 
 confirm_totp()
 {
+	prompt="$1"
 	last_half=X
+	unset totp_confirm
 
 	while true; do
 
@@ -39,7 +41,9 @@ confirm_totp()
 		date=`date "+%Y-%m-%d %H:%M:%S"`
 		seconds=`date "+%s"`
 		half=`expr \( $seconds % 60 \) / 30`
-		if [ "$half" != "$last_half" ]; then
+		if [ "$CONFIG_TPM" = n ]; then
+			TOTP="NO TPM"
+		elif [ "$half" != "$last_half" ]; then
 			last_half=$half;
 			TOTP=`unseal-totp` \
 			|| recovery "TOTP code generation failed"
@@ -52,7 +56,7 @@ confirm_totp()
 			-t 1 \
 			-n 1 \
 			-s \
-			-p "Confirm TOTP with a 'y': " \
+			-p "$prompt" \
 			totp_confirm \
 		&& break
 

initrd/init

@@ -45,10 +45,11 @@ if [ ! -x "$CONFIG_BOOTSCRIPT" ]; then
 	exec /bin/ash
 fi
 
-# Give the user a second to enter a recovery shell
+# If the user has been holding down r, enter a recovery shell
+# otherwise immediately start the configured boot script.
+# We don't print a prompt, since this is a near instant timeout.
 read \
-	-t "1" \
-	-p "Press 'r' for recovery shell or 'u' for usb: " \
+	-t 0.1 \
 	-n 1 \
 	boot_option
 echo
@@ -61,15 +62,7 @@ if [ "$boot_option" = "r" ]; then
 	exec /bin/ash
 fi
 
-if [ "$boot_option" = "u" ]; then
-	echo '***** USB boot'
-	exec /bin/usb-init
-	# just in case...
-	tpm extend -ix 4 -ic recovery
-	exec /bin/ash
-fi
-
-echo '***** Normal boot'
+echo '***** Normal boot:' $CONFIG_BOOTSCRIPT
 exec "$CONFIG_BOOTSCRIPT"
 
 # We should never reach here, but just in case...