From e86123769b1fa095abc0d8cf5ecb585340780e47 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 10 Mar 2018 15:40:07 -0800 Subject: [PATCH 1/2] Moved network init to a separate bootscript Enabled recovery serial console (tested on kgpe-d16) Minor fix to kexec-boot to correct xen boot Remove busybox power utils --- boards/kgpe-d16.config | 20 +++++------ boards/qemu-linuxboot.config | 2 ++ config/busybox.config | 6 ++-- initrd/bin/kexec-boot | 7 ++-- initrd/bin/network-init-recovery | 29 +++++++++++++++ initrd/etc/functions | 4 +++ initrd/init | 61 ++++++++++++++++++-------------- 7 files changed, 85 insertions(+), 44 deletions(-) create mode 100755 initrd/bin/network-init-recovery diff --git a/boards/kgpe-d16.config b/boards/kgpe-d16.config index af2e6f31..3888aeec 100644 --- a/boards/kgpe-d16.config +++ b/boards/kgpe-d16.config @@ -18,15 +18,15 @@ CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -CONFIG_LINUX_PTY=y -CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOTSCRIPT=/bin/generic-init +#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery -CONFIG_BOOT_REQ_HASH=n -CONFIG_BOOT_REQ_ROLLBACK=n -CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 " -CONFIG_BOOT_KERNEL_REMOVE="" -CONFIG_BOOT_DEV="/dev/sda1" -CONFIG_USB_BOOT_DEV="/dev/sdb1" -CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" -CONFIG_BOOT_LOCAL=y +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 " +export CONFIG_BOOT_KERNEL_REMOVE="" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +#export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/qemu-linuxboot.config b/boards/qemu-linuxboot.config index 6c648b7b..639f9030 100644 --- a/boards/qemu-linuxboot.config +++ b/boards/qemu-linuxboot.config @@ -30,11 +30,13 @@ CONFIG_LINUX_ATA=y CONFIG_LINUX_AHCI=y export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOT_STATIC_IP=10.0.2.15 # You can ssh into the qemu instance by running # ssh -p 5555 root@localhost diff --git a/config/busybox.config b/config/busybox.config index ffef2bcf..cfc4c578 100644 --- a/config/busybox.config +++ b/config/busybox.config @@ -470,9 +470,9 @@ CONFIG_FEATURE_XARGS_SUPPORT_ARGS_FILE=y # CONFIG_BOOTCHARTD is not set # CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set # CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set -CONFIG_HALT=y -CONFIG_POWEROFF=y -CONFIG_REBOOT=y +# CONFIG_HALT is not set +# CONFIG_POWEROFF is not set +# CONFIG_REBOOT is not set # CONFIG_FEATURE_CALL_TELINIT is not set CONFIG_TELINIT_PATH="" # CONFIG_INIT is not set diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot index 9d554cec..7d7d8367 100755 --- a/initrd/bin/kexec-boot +++ b/initrd/bin/kexec-boot @@ -66,16 +66,15 @@ do firstval=`echo $line | cut -d\ -f2` restval=`echo $line | cut -d\ -f3-` if [ "$key" = "kernel" ]; then + fix_file_path if [ "$kexectype" = "xen" ]; then - # always overload xen and with custom arguments - kexeccmd="$kexeccmd -l $bootdir$firstval" + # always use xen with custom arguments + kexeccmd="$kexeccmd -l $filepath" kexeccmd="$kexeccmd --command-line \"no-real-mode reboot=no vga=current\"" elif [ "$kexectype" = "multiboot" ]; then - fix_file_path kexeccmd="$kexeccmd -l $filepath" kexeccmd="$kexeccmd --command-line \"$restval\"" else - fix_file_path kexeccmd="$kexeccmd -l $filepath" fi fi diff --git a/initrd/bin/network-init-recovery b/initrd/bin/network-init-recovery new file mode 100755 index 00000000..82a4a209 --- /dev/null +++ b/initrd/bin/network-init-recovery @@ -0,0 +1,29 @@ +#!/bin/ash + +# bring up the ethernet; maybe should do DHCP? +ifconfig lo 127.0.0.1 + +if [ -f /lib/modules/e1000.ko ]; then + insmod /lib/modules/e1000.ko +fi + +if [ -f /lib/modules/e1000e.ko ]; then + insmod /lib/modules/e1000e.ko +fi + +if [ -e /sys/class/net/eth0 ]; then + # Setup static IP + if [ ! -z "$CONFIG_BOOT_STATIC_IP" ]; then + ifconfig eth0 $CONFIG_BOOT_STATIC_IP + fi + # TODO: setup DHCP if available + ifconfig eth0 > /dev/ttyprintk + + # Setup the ssh server, allow root logins and log to stderr + if [ ! -d /etc/dropbear ]; then + mkdir /etc/dropbear + fi + dropbear -B -R 2>/dev/ttyprintk + + ifconfig eth0 | head -1 > /dev/tty0 +fi diff --git a/initrd/etc/functions b/initrd/etc/functions index 5301c99a..88b928d1 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -25,6 +25,10 @@ recovery() { exec /bin/ash } +pause_recovery() { + read -p 'Hit enter to proceed to recovery shell:' + recovery $* +} pcrs() { head -7 /sys/class/tpm/tpm0/pcrs diff --git a/initrd/init b/initrd/init index 2fb29561..527188f9 100755 --- a/initrd/init +++ b/initrd/init @@ -26,22 +26,6 @@ if [ ! -r /dev/ptmx ]; then ln -s /dev/pts/ptmx /dev/ptmx fi -# bring up the ethernet; maybe should do DHCP? -ifconfig lo 127.0.0.1 - -if [ -f /lib/modules/e1000.ko ]; then - insmod /lib/modules/e1000.ko - ifconfig eth0 10.0.2.15 # qemu - ifconfig eth0 > /dev/ttyprintk - -# Setup the ssh server, allow root logins and log to stderr - if [ ! -d /etc/dropbear ]; then - mkdir /etc/dropbear - fi - dropbear -B -R 2>/dev/ttyprintk - ifconfig eth0 | head -1 > /dev/tty0 -fi - # Recovery shells will erase anything from here mkdir -p /tmp/secret @@ -67,11 +51,12 @@ if [ ! -z "$CONFIG_USB_BOOT_DEV" ]; then echo >> /etc/fstab "$CONFIG_USB_BOOT_DEV /media auto defaults,ro 0 0" fi -if [ ! -x "$CONFIG_BOOTSCRIPT" ]; then - recovery 'Boot script missing? Entering recovery shell' - # just in case... - tpm extend -ix 4 -ic recovery - exec /bin/ash +# Setup recovery serial shell +if [ ! -z "$CONFIG_BOOT_RECOVERY_SERIAL" ]; then + stty -F "$CONFIG_BOOT_RECOVERY_SERIAL" 115200 + pause_recovery 'Console recovery shell' \ + < "$CONFIG_BOOT_RECOVERY_SERIAL" \ + > "$CONFIG_BOOT_RECOVERY_SERIAL" 2>&1 & fi # If the user has been holding down r, enter a recovery shell @@ -87,15 +72,37 @@ if [ "$boot_option" = "r" ]; then # Start an interactive shell recovery 'User requested recovery shell' # just in case... - tpm extend -ix 4 -ic recovery + if [ "$CONFIG_TPM" = y ]; then + tpm extend -ix 4 -ic recovery + fi exec /bin/ash + exit fi -echo '***** Normal boot:' $CONFIG_BOOTSCRIPT -exec "$CONFIG_BOOTSCRIPT" +if [ ! -x "$CONFIG_BOOTSCRIPT" -a ! -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then + recovery 'Boot script missing? Entering recovery shell' +else + if [ -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then + echo '***** Network Boot:' $CONFIG_BOOTSCRIPT_NETWORK + $CONFIG_BOOTSCRIPT_NETWORK + echo '***** Network Boot Completed:' $CONFIG_BOOTSCRIPT_NETWORK + # not blocking + fi + + if [ -x "$CONFIG_BOOTSCRIPT" ]; then + echo '***** Normal boot:' $CONFIG_BOOTSCRIPT + exec "$CONFIG_BOOTSCRIPT" + + # We should never reach here, but just in case... + recovery 'Boot script failure? Entering recovery shell' + else + # wait for boot via network to occur + pause_recovery 'Override network boot. Entering recovery shell' + fi +fi -# We should never reach here, but just in case... -recovery 'Boot script failure? Entering recovery shell' # belts and suspenders, just in case... -tpm extend -ix 4 -ic recovery +if [ "$CONFIG_TPM" = y ]; then + tpm extend -ix 4 -ic recovery +fi exec /bin/ash From dabb1815164568453a0f9458f577283fb025efad Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 10 Mar 2018 18:12:52 -0800 Subject: [PATCH 2/2] Temporarily add flashrom back to x230 config Until scripts are changed to use flashtool --- boards/x230.config | 1 + 1 file changed, 1 insertion(+) diff --git a/boards/x230.config b/boards/x230.config index ab499425..9c78fa43 100644 --- a/boards/x230.config +++ b/boards/x230.config @@ -4,6 +4,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-x230.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y CONFIG_GPG=y CONFIG_KEXEC=y