mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-18 20:47:55 +00:00
Merge pull request #1583 from JonathonHall-Purism/laptops-optional-usb-keyboard
Allow laptops to include optional USB keyboard support
This commit is contained in:
tlaurion
GitHub
commit
cc918059c9
12
Makefile
12
Makefile
@ -72,6 +72,18 @@ CONFIG_HEADS ?= y
|
||||
# Unless otherwise specified, we are building bash to have non-interactive shell for scripts (arrays and bashisms)
|
||||
CONFIG_BASH ?= y
|
||||
|
||||
# USB keyboards can be ignored, optionally supported, or required.
|
||||
#
|
||||
# To optionally support USB keyboards, export CONFIG_SUPPORT_USB_KEYBOARD=y. To
|
||||
# default the setting to 'on', also export CONFIG_USER_USB_KEYBOARD=y.
|
||||
#
|
||||
# To require USB keyboard support (not user-configurable, for boards with no
|
||||
# built-in keyboard), export CONFIG_USB_KEYBOARD_REQUIRED=y.
|
||||
ifeq "$(CONFIG_USB_KEYBOARD_REQUIRED)" "y"
|
||||
# CONFIG_USB_KEYBOARD_REQUIRED implies CONFIG_SUPPORT_USB_KEYBOARD.
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
endif
|
||||
|
||||
# Determine arch part for a host triplet
|
||||
ifeq "$(CONFIG_TARGET_ARCH)" "x86"
|
||||
MUSL_ARCH := x86_64
|
||||
|
||||
@ -44,7 +44,7 @@ CONFIG_LINUX_E1000E=y
|
||||
export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
|
||||
|
||||
#Enable USB Keyboard support
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
#BOOT SCRIPT SELECTION
|
||||
|
||||
@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE=""
|
||||
export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem 11"
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
|
||||
@ -26,6 +26,7 @@ CONFIG_FBWHIPTAIL=y
|
||||
CONFIG_HOTPKEY=y
|
||||
|
||||
CONFIG_LINUX_USB=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
|
||||
@ -26,6 +26,7 @@ CONFIG_FBWHIPTAIL=y
|
||||
CONFIG_HOTPKEY=y
|
||||
|
||||
CONFIG_LINUX_USB=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
|
||||
@ -26,6 +26,7 @@ CONFIG_HOTPKEY=y
|
||||
CONFIG_LINUX_USB=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
export CONFIG_BOOT_REQ_HASH=n
|
||||
|
||||
@ -26,6 +26,7 @@ CONFIG_FBWHIPTAIL=y
|
||||
CONFIG_HOTPKEY=y
|
||||
|
||||
CONFIG_LINUX_USB=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
|
||||
@ -27,6 +27,7 @@ CONFIG_FBWHIPTAIL=y
|
||||
CONFIG_HOTPKEY=y
|
||||
|
||||
CONFIG_LINUX_USB=y
|
||||
export CONFIG_SUPPORT_USB_KEYBOARD=y
|
||||
|
||||
export CONFIG_TPM=y
|
||||
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
||||
|
||||
@ -37,7 +37,7 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem Server L1UM"
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
export CONFIG_ROOT_CHECK_AT_BOOT="n"
|
||||
|
||||
@ -41,7 +41,7 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem Server L1UM v2"
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
export CONFIG_ROOT_CHECK_AT_BOOT="n"
|
||||
|
||||
@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE=""
|
||||
export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem Mini"
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
|
||||
@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE=""
|
||||
export CONFIG_BOOT_DEV="/dev/nvme0n1p1"
|
||||
export CONFIG_BOARD_NAME="Librem Mini v2"
|
||||
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_AUTO_BOOT_TIMEOUT=5
|
||||
export CONFIG_ROOT_DEV="/dev/nvme0n1p2"
|
||||
export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr"
|
||||
|
||||
@ -37,7 +37,7 @@ CONFIG_DROPBEAR=y
|
||||
|
||||
# for OpenBMC VGA console
|
||||
export CONFIG_USE_AGETTY=y
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
export CONFIG_BOOT_EXTRA_TTYS="tty0"
|
||||
|
||||
export CONFIG_TPM=y
|
||||
|
||||
@ -18,7 +18,7 @@ CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
|
||||
#Additional hardware support
|
||||
CONFIG_LINUX_USB=y
|
||||
CONFIG_LINUX_E1000E=y
|
||||
export CONFIG_USB_KEYBOARD=y
|
||||
export CONFIG_USB_KEYBOARD_REQUIRED=y
|
||||
|
||||
CONFIG_CRYPTSETUP2=y
|
||||
CONFIG_FLASHROM=y
|
||||
|
||||
@ -70,6 +70,16 @@ while true; do
|
||||
'N' " $(get_config_display_action "$CONFIG_AUTOMATIC_POWERON") automatic power-on"
|
||||
)
|
||||
|
||||
# Boards with built-in keyboards can support optional USB keyboards as well.
|
||||
# Export CONFIG_SUPPORT_USB_KEYBOARD=y to enable optional support.
|
||||
# Boards that do not have a built-in keyboard export
|
||||
# CONFIG_USB_KEYBOARD_REQUIRED=y; this hides the config option and ensures
|
||||
# USB keyboard support always loads.
|
||||
[ "$CONFIG_SUPPORT_USB_KEYBOARD" = y ] && [ "$CONFIG_USB_KEYBOARD_REQUIRED" != y ] \
|
||||
&& dynamic_config_options+=(
|
||||
'K' " $(get_config_display_action "$CONFIG_USER_USB_KEYBOARD") USB keyboard"
|
||||
)
|
||||
|
||||
# Debugging option always available
|
||||
dynamic_config_options+=(
|
||||
'Z' " $(get_config_display_action "$CONFIG_DEBUG_OUTPUT") $CONFIG_BRAND_NAME debug and function tracing output"
|
||||
@ -514,6 +524,32 @@ while true; do
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
"K" )
|
||||
if [ "$CONFIG_USER_USB_KEYBOARD" != "y" ]; then
|
||||
if (whiptail --title 'Enable USB Keyboard?' \
|
||||
--yesno "USB keyboards will be usable in $CONFIG_BRAND_NAME.
|
||||
\n\nEnabling USB keyboards could allow a compromised USB device to control
|
||||
\n$CONFIG_BRAND_NAME.
|
||||
\n\nDo you want to proceed?" 0 80) then
|
||||
|
||||
set_user_config "CONFIG_USER_USB_KEYBOARD" "y"
|
||||
|
||||
whiptail --title 'Config change successful' \
|
||||
--msgbox "USB Keyboard support has been enabled;\nsave the config change and reboot for it to go into effect." 0 80
|
||||
|
||||
fi
|
||||
else
|
||||
if (whiptail --title 'Disable USB Keyboard?' \
|
||||
--yesno "Only the built-in keyboard will be usable in $CONFIG_BRAND_NAME.
|
||||
\n\nDo you want to proceed?" 0 80) then
|
||||
|
||||
set_user_config "CONFIG_USER_USB_KEYBOARD" "n"
|
||||
|
||||
whiptail --title 'Config change successful' \
|
||||
--msgbox "USB Keyboard support has been disabled;\nsave the config change and reboot for it to go into effect." 0 80
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
"Z" )
|
||||
if [ "$CONFIG_DEBUG_OUTPUT" != "y" ]; then
|
||||
if (whiptail --title 'Enable Debugging and Tracing output?' \
|
||||
|
||||
@ -139,7 +139,7 @@ tpmr pcrread -a 2 "$pcrf"
|
||||
tpmr pcrread -a 3 "$pcrf"
|
||||
# Note that PCR 4 needs to be set with the "normal-boot" path value, read it from event log.
|
||||
tpmr calcfuturepcr 4 >>"$pcrf"
|
||||
if [ "$CONFIG_USB_KEYBOARD" = "y" -o -r /lib/modules/libata.ko -o -x /bin/hotp_verification ]; then
|
||||
if [ "$CONFIG_USER_USB_KEYBOARD" = "y" -o -r /lib/modules/libata.ko -o -x /bin/hotp_verification ]; then
|
||||
DEBUG "Sealing LUKS TPM Disk Unlock Key with PCR5 involvement (additional kernel modules are loaded per board config)..."
|
||||
# Here, we take pcr 5 into consideration if modules are expected to be measured+loaded
|
||||
tpmr pcrread -a 5 "$pcrf"
|
||||
|
||||
@ -350,7 +350,13 @@ enable_usb()
|
||||
sleep 2
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_USB_KEYBOARD" = y ]; then
|
||||
# For resiliency, test CONFIG_USB_KEYBOARD_REQUIRED explicitly rather
|
||||
# than having it imply CONFIG_USER_USB_KEYBOARD at build time.
|
||||
# Otherwise, if a user got CONFIG_USER_USB_KEYBOARD=n in their
|
||||
# config.user by mistake (say, by copying config.user from a laptop to a
|
||||
# desktop/server), they could lock themselves out, only recoverable by
|
||||
# hardware flash.
|
||||
if [ "$CONFIG_USB_KEYBOARD_REQUIRED" = y ] || [ "$CONFIG_USER_USB_KEYBOARD" = y ]; then
|
||||
if ! lsmod | grep -q usbhid; then
|
||||
insmod /lib/modules/usbhid.ko \
|
||||
|| die "usbhid: module load failed"
|
||||
|
||||
@ -150,7 +150,7 @@ if [ ! -z "$CONFIG_BOOT_RECOVERY_SERIAL" ]; then
|
||||
fi
|
||||
|
||||
# load USB modules for boards using a USB keyboard
|
||||
if [ "$CONFIG_USB_KEYBOARD" = "y" ]; then
|
||||
if [ "$CONFIG_USB_KEYBOARD_REQUIRED" = y ] || [ "$CONFIG_USER_USB_KEYBOARD" = "y" ]; then
|
||||
enable_usb
|
||||
fi
|
||||
|
||||
|
||||
@ -123,7 +123,7 @@ linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/xhci-pci.ko
|
||||
linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/storage/usb-storage.ko
|
||||
|
||||
#USB modules when a USB keyboard is defined in board config
|
||||
linux_modules-$(CONFIG_USB_KEYBOARD) += drivers/hid/usbhid/usbhid.ko
|
||||
linux_modules-$(CONFIG_SUPPORT_USB_KEYBOARD) += drivers/hid/usbhid/usbhid.ko
|
||||
|
||||
# NVMe driver for winterfell and other servers
|
||||
linux_modules-$(CONFIG_LINUX_NVME) += drivers/nvme/host/nvme.ko
|
||||
|
||||
Loading…
Reference in New Issue
Block a user