ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add CONFIG_BRAND_NAME and allow overriding in Makefile with BRAND_NAME

Browse Source 
Use CONFIG_BRAND_NAME to control the brand name displayed in the UI.
Override by setting BRAND_NAME when building, either in the Makefile or
on the command line.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
Jonathon Hall 2023-06-21 14:19:41 -04:00
parent 3c4a9fcf0d
commit c5183253a6
No known key found for this signature in database
GPG Key ID: 1E9C3CA91AE25114
7 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile
View File

@ -9,7 +9,10 @@ GIT_STATUS := $(shell \
fi) fi)
HEADS_GIT_VERSION := $(shell git describe --abbrev=7 --tags --dirty) HEADS_GIT_VERSION := $(shell git describe --abbrev=7 --tags --dirty)
CB_OUTPUT_BASENAME := heads-$(BOARD)-$(HEADS_GIT_VERSION) # Override BRAND_NAME to set the name displayed in the UI, filenames, versions, etc.
BRAND_NAME ?= Heads
CB_OUTPUT_BASENAME := $(shell echo $(BRAND_NAME) | tr A-Z a-z)-$(BOARD)-$(HEADS_GIT_VERSION)
CB_OUTPUT_FILE := $(CB_OUTPUT_BASENAME).rom CB_OUTPUT_FILE := $(CB_OUTPUT_BASENAME).rom
CB_OUTPUT_FILE_GPG_INJ := $(CB_OUTPUT_BASENAME)-gpg-injected.rom CB_OUTPUT_FILE_GPG_INJ := $(CB_OUTPUT_BASENAME)-gpg-injected.rom
CB_BOOTBLOCK_FILE := $(CB_OUTPUT_BASENAME).bootblock CB_BOOTBLOCK_FILE := $(CB_OUTPUT_BASENAME).bootblock
@ -177,6 +180,7 @@ FORCE:
define install_config = define install_config =
sed -e 's!@BOARD_BUILD_DIR@!$(board_build)!g' \ sed -e 's!@BOARD_BUILD_DIR@!$(board_build)!g' \
-e 's!@BLOB_DIR@!$(pwd)/blobs!g' \ -e 's!@BLOB_DIR@!$(pwd)/blobs!g' \
-e 's!@BRAND_NAME@!$(BRAND_NAME)!g' \
"$1" > "$2" "$1" > "$2"
endef endef
@ -632,6 +636,8 @@ $(initrd_tmp_dir)/etc/config: FORCE
>> $@ ; \ >> $@ ; \
echo export CONFIG_BOARD=$(BOARD) \ echo export CONFIG_BOARD=$(BOARD) \
>> $@ ; \ >> $@ ; \
echo export CONFIG_BRAND_NAME=$(BRAND_NAME) \
>> $@ ; \
) )
# Ensure that the initrd depends on all of the modules that produce # Ensure that the initrd depends on all of the modules that produce

2
config/linux-librem_common-6.1.8.config
View File

@ -1,4 +1,4 @@
CONFIG_LOCALVERSION="-PureBoot" CONFIG_LOCALVERSION="-@BRAND_NAME@"
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_KERNEL_XZ=y CONFIG_KERNEL_XZ=y
# CONFIG_CROSS_MEMORY_ATTACH is not set # CONFIG_CROSS_MEMORY_ATTACH is not set

2
config/linux-librem_common.config
View File

@ -1,4 +1,4 @@
CONFIG_LOCALVERSION="-heads" CONFIG_LOCALVERSION="-@BRAND_NAME@"
# CONFIG_LOCALVERSION_AUTO is not set # CONFIG_LOCALVERSION_AUTO is not set
CONFIG_KERNEL_XZ=y CONFIG_KERNEL_XZ=y
# CONFIG_SWAP is not set # CONFIG_SWAP is not set

10
initrd/bin/config-gui.sh
View File

@ -43,7 +43,7 @@ while true; do
# Basic itself is always available (though RB will refuse to enable it) # Basic itself is always available (though RB will refuse to enable it)
dynamic_config_options+=( dynamic_config_options+=(
'P' " $(get_config_display_action "$CONFIG_BASIC") PureBoot Basic Mode" 'P' " $(get_config_display_action "$CONFIG_BASIC") $CONFIG_BRAND_NAME Basic Mode"
) )
# Blob jail is only offered if this is a configuration with the blobs in # Blob jail is only offered if this is a configuration with the blobs in
@ -266,7 +266,7 @@ while true; do
whiptail $BG_COLOR_ERROR --title 'Restricted Boot Active' \ whiptail $BG_COLOR_ERROR --title 'Restricted Boot Active' \
--msgbox "Disable Restricted Boot to enable Basic Mode." 0 80 --msgbox "Disable Restricted Boot to enable Basic Mode." 0 80
elif [ "$CONFIG_BASIC" != "y" ]; then elif [ "$CONFIG_BASIC" != "y" ]; then
if (whiptail --title 'Enable PureBoot Basic Mode?' \ if (whiptail --title "Enable $CONFIG_BRAND_NAME Basic Mode?" \
--yesno "This will remove all signature checking on the firmware --yesno "This will remove all signature checking on the firmware
\nand boot files, and disable use of the Librem Key. \nand boot files, and disable use of the Librem Key.
\n\nDo you want to proceed?" 0 80) then \n\nDo you want to proceed?" 0 80) then
@ -274,11 +274,11 @@ while true; do
set_user_config "CONFIG_BASIC" "y" set_user_config "CONFIG_BASIC" "y"
whiptail --title 'Config change successful' \ whiptail --title 'Config change successful' \
--msgbox "PureBoot Basic mode enabled;\nsave the config change and reboot for it to go into effect." 0 80 --msgbox "$CONFIG_BRAND_NAME Basic mode enabled;\nsave the config change and reboot for it to go into effect." 0 80
fi fi
else else
if (whiptail --title 'Disable PureBoot Basic Mode?' \ if (whiptail --title "Disable $CONFIG_BRAND_NAME Basic Mode?" \
--yesno "This will enable all signature checking on the firmware --yesno "This will enable all signature checking on the firmware
\nand boot files, and enable use of the Librem Key. \nand boot files, and enable use of the Librem Key.
\n\nDo you want to proceed?" 0 80) then \n\nDo you want to proceed?" 0 80) then
@ -286,7 +286,7 @@ while true; do
set_user_config "CONFIG_BASIC" "n" set_user_config "CONFIG_BASIC" "n"
whiptail --title 'Config change successful' \ whiptail --title 'Config change successful' \
--msgbox "PureBoot Basic mode has been disabled;\nsave the config change and reboot for it to go into effect." 0 80 --msgbox "$CONFIG_BRAND_NAME Basic mode has been disabled;\nsave the config change and reboot for it to go into effect." 0 80
fi fi
fi fi
;; ;;

12
initrd/bin/gui-init
View File

@ -2,7 +2,7 @@
# Boot from a local disk installation # Boot from a local disk installation
BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}} BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}}
MAIN_MENU_TITLE="${BOARD_NAME} | Heads Boot Menu" MAIN_MENU_TITLE="${BOARD_NAME} | $CONFIG_BRAND_NAME Boot Menu"
export BG_COLOR_MAIN_MENU="" export BG_COLOR_MAIN_MENU=""
. /etc/functions . /etc/functions
@ -94,7 +94,7 @@ verify_global_hashes()
# if files changed before package manager started, show stern warning # if files changed before package manager started, show stern warning
if [ -f "$TMP_PACKAGE_TRIGGER_PRE" ]; then if [ -f "$TMP_PACKAGE_TRIGGER_PRE" ]; then
PRE_CHANGED_FILES=$(grep '^CHANGED_FILES' $TMP_PACKAGE_TRIGGER_POST | cut -f 2 -d '=' | tr -d '"') PRE_CHANGED_FILES=$(grep '^CHANGED_FILES' $TMP_PACKAGE_TRIGGER_POST | cut -f 2 -d '=' | tr -d '"')
TEXT="The following files failed the verification process BEFORE package updates ran:\n${PRE_CHANGED_FILES}\n\nCompare against the files Heads has detected have changed:\n${CHANGED_FILES}\n\nThis could indicate a compromise!\n\nWould you like to update your checksums anyway?" TEXT="The following files failed the verification process BEFORE package updates ran:\n${PRE_CHANGED_FILES}\n\nCompare against the files $CONFIG_BRAND_NAME has detected have changed:\n${CHANGED_FILES}\n\nThis could indicate a compromise!\n\nWould you like to update your checksums anyway?"
# if files changed after package manager started, probably caused by package manager # if files changed after package manager started, probably caused by package manager
elif [ -f "$TMP_PACKAGE_TRIGGER_POST" ]; then elif [ -f "$TMP_PACKAGE_TRIGGER_POST" ]; then
@ -189,7 +189,7 @@ update_totp()
DEBUG "$(pcrs)" DEBUG "$(pcrs)"
whiptail $BG_COLOR_ERROR --title "ERROR: TOTP Generation Failed!" \ whiptail $BG_COLOR_ERROR --title "ERROR: TOTP Generation Failed!" \
--menu " ERROR: Heads couldn't generate the TOTP code.\n --menu " ERROR: $CONFIG_BRAND_NAME couldn't generate the TOTP code.\n
If you have just completed a Factory Reset, or just reflashed If you have just completed a Factory Reset, or just reflashed
your BIOS, you should generate a new HOTP/TOTP secret.\n your BIOS, you should generate a new HOTP/TOTP secret.\n
If this is the first time the system has booted, you should If this is the first time the system has booted, you should
@ -265,7 +265,7 @@ update_hotp()
if [[ "$CONFIG_TPM" = n && "$HOTP" = "Invalid code" ]]; then if [[ "$CONFIG_TPM" = n && "$HOTP" = "Invalid code" ]]; then
whiptail $BG_COLOR_ERROR --title "ERROR: HOTP Validation Failed!" \ whiptail $BG_COLOR_ERROR --title "ERROR: HOTP Validation Failed!" \
--menu "ERROR: Heads couldn't validate the HOTP code.\n\nIf you just reflashed your BIOS, you should generate a new TOTP/HOTP secret.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 0 80 4 \ --menu "ERROR: $CONFIG_BRAND_NAME couldn't validate the HOTP code.\n\nIf you just reflashed your BIOS, you should generate a new TOTP/HOTP secret.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 0 80 4 \
'g' ' Generate new TOTP/HOTP secret' \ 'g' ' Generate new TOTP/HOTP secret' \
'i' ' Ignore error and continue to main menu' \ 'i' ' Ignore error and continue to main menu' \
'x' ' Exit to recovery shell' \ 'x' ' Exit to recovery shell' \
@ -328,7 +328,7 @@ check_gpg_key()
return 1 # Already asked to skip to menu from a prior error return 1 # Already asked to skip to menu from a prior error
fi fi
whiptail $BG_COLOR_ERROR --title "ERROR: GPG keyring empty!" \ whiptail $BG_COLOR_ERROR --title "ERROR: GPG keyring empty!" \
--menu "ERROR: Heads couldn't find any GPG keys in your keyring.\n\nIf this is the first time the system has booted,\nyou should add a public GPG key to the BIOS now.\n\nIf you just reflashed a new BIOS, you'll need to add at least one\npublic key to the keyring.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 0 80 4 \ --menu "ERROR: $CONFIG_BRAND_NAME couldn't find any GPG keys in your keyring.\n\nIf this is the first time the system has booted,\nyou should add a public GPG key to the BIOS now.\n\nIf you just reflashed a new BIOS, you'll need to add at least one\npublic key to the keyring.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 0 80 4 \
'g' ' Add a GPG key to the running BIOS' \ 'g' ' Add a GPG key to the running BIOS' \
'F' ' OEM Factory Reset / Re-Ownership' \ 'F' ' OEM Factory Reset / Re-Ownership' \
'i' ' Ignore error and continue to main menu' \ 'i' ' Ignore error and continue to main menu' \
@ -401,7 +401,7 @@ show_main_menu()
show_options_menu() show_options_menu()
{ {
TRACE "Under /bin/gui-init:show_options_menu" TRACE "Under /bin/gui-init:show_options_menu"
whiptail $BG_COLOR_MAIN_MENU --title "HEADS Options" \ whiptail $BG_COLOR_MAIN_MENU --title "$CONFIG_BRAND_NAME Options" \
--menu "" 0 80 10 \ --menu "" 0 80 10 \
'b' ' Boot Options -->' \ 'b' ' Boot Options -->' \
't' ' TPM/TOTP/HOTP Options -->' \ 't' ' TPM/TOTP/HOTP Options -->' \

4
initrd/bin/gui-init-basic
View File

@ -2,7 +2,7 @@
# Boot from a local disk installation # Boot from a local disk installation
BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}} BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}}
MAIN_MENU_TITLE="${BOARD_NAME} | PureBoot Basic Boot Menu" MAIN_MENU_TITLE="${BOARD_NAME} | $CONFIG_BRAND_NAME Basic Boot Menu"
export BG_COLOR_MAIN_MENU="" export BG_COLOR_MAIN_MENU=""
. /etc/functions . /etc/functions
@ -103,7 +103,7 @@ show_main_menu()
show_options_menu() show_options_menu()
{ {
TRACE "Under /bin/gui-init:show_options_menu" TRACE "Under /bin/gui-init:show_options_menu"
whiptail $BG_COLOR_MAIN_MENU --title "PureBoot Basic Options" \ whiptail $BG_COLOR_MAIN_MENU --title "$CONFIG_BRAND_NAME Basic Options" \
--menu "" 0 80 10 \ --menu "" 0 80 10 \
'b' ' Boot Options -->' \ 'b' ' Boot Options -->' \
'c' ' Change configuration settings -->' \ 'c' ' Change configuration settings -->' \

2
modules/coreboot
View File

@ -75,7 +75,7 @@ EXTRA_FLAGS ?= -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-err
coreboot_configure := \ coreboot_configure := \
mkdir -p "$(build)/$(coreboot_dir)" \ mkdir -p "$(build)/$(coreboot_dir)" \
&& $(call install_config,$(pwd)/$(CONFIG_COREBOOT_CONFIG),$(build)/$(coreboot_dir)/.config) \ && $(call install_config,$(pwd)/$(CONFIG_COREBOOT_CONFIG),$(build)/$(coreboot_dir)/.config) \
&& echo 'CONFIG_LOCALVERSION="Heads-$(HEADS_GIT_VERSION)"' >> $(build)/$(coreboot_dir)/.config \ && echo 'CONFIG_LOCALVERSION="$(BRAND_NAME)-$(HEADS_GIT_VERSION)"' >> $(build)/$(coreboot_dir)/.config \
&& echo 'CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="$(BOARD)"' >> $(build)/$(coreboot_dir)/.config \ && echo 'CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="$(BOARD)"' >> $(build)/$(coreboot_dir)/.config \
&& $(MAKE) olddefconfig \ && $(MAKE) olddefconfig \
-C "$(build)/$(coreboot_base_dir)" \ -C "$(build)/$(coreboot_base_dir)" \