From fbe39745b49123ab5ef8f72dd99e8e6262a3052a Mon Sep 17 00:00:00 2001
From: Martin Kepplinger <martink@posteo.de>
Date: Fri, 24 May 2019 11:23:28 +0200
Subject: [PATCH 1/4] gui-init: add Power Off to the Main Boot Menu

Add a main boot menu entry to power off. This enables users to
only verify the firmware integrity using OTP, and do nothing more.

After having left the device out of sight, one might want to do
a quick sanity check only.

Since we already have a script to safely power down, we make use of
it now.
---
 initrd/bin/gui-init | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 7a07bbea..6d8370e0 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -175,6 +175,7 @@ while true; do
       --menu "$date\nTOTP: $TOTP | HOTP: $HOTP" 20 90 10 \
       'y' ' Default boot' \
       'a' ' Advanced Settings -->' \
+      'P' ' Power Off' \
       'x' ' Exit to recovery shell' \
       2>/tmp/whiptail || recovery "GUI menu failed"
 
@@ -330,6 +331,10 @@ while true; do
     continue
   fi
 
+  if [ "$totp_confirm" = "P" ]; then
+    poweroff
+  fi
+
   if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
     # Try to boot the default
     mount_boot

From 0dc8d9f82e494090b6f9e545ac388ba52488e348 Mon Sep 17 00:00:00 2001
From: Martin Kepplinger <martink@posteo.de>
Date: Fri, 24 May 2019 23:25:22 +0200
Subject: [PATCH 2/4] gui-init: move Exit to Shell menu entry under Advanced
 Settings

Exiting the GUI to a shell is not expected to be part of our users'
everyday workflow, and thus this menu entry doesn't have to be on
the main page.
---
 initrd/bin/gui-init | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 6d8370e0..242da844 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -176,7 +176,6 @@ while true; do
       'y' ' Default boot' \
       'a' ' Advanced Settings -->' \
       'P' ' Power Off' \
-      'x' ' Exit to recovery shell' \
       2>/tmp/whiptail || recovery "GUI menu failed"
 
     totp_confirm=$(cat /tmp/whiptail)
@@ -191,6 +190,7 @@ while true; do
       'c' ' Change configuration settings -->' \
       'f' ' Flash/Update the BIOS -->' \
       'G' ' GPG Options -->' \
+      'x' ' Exit to recovery shell' \
       'r' ' <-- Return to main menu' \
       2>/tmp/whiptail || recovery "GUI menu failed"
 

From e203de9669fc595b7f9f27e9dfdf1e7421c476b9 Mon Sep 17 00:00:00 2001
From: Martin Kepplinger <martink@posteo.de>
Date: Sat, 25 May 2019 10:22:59 +0200
Subject: [PATCH 3/4] gui-init: rename Advanced Settings to Settings

Since there are no other settings to choose from, there don't have to
be "advanced" ones.
---
 initrd/bin/gui-init | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 242da844..e408b02e 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -174,7 +174,7 @@ while true; do
     whiptail $MAIN_MENU_BG_COLOR --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \
       --menu "$date\nTOTP: $TOTP | HOTP: $HOTP" 20 90 10 \
       'y' ' Default boot' \
-      'a' ' Advanced Settings -->' \
+      'a' ' Settings -->' \
       'P' ' Power Off' \
       2>/tmp/whiptail || recovery "GUI menu failed"
 
@@ -182,8 +182,8 @@ while true; do
   fi
 
   if [ "$totp_confirm" = "a" ]; then
-    whiptail --clear --title "Advanced Settings" \
-      --menu "Configure Advanced Settings" 20 90 10 \
+    whiptail --clear --title "Settings" \
+      --menu "Configure Settings" 20 90 10 \
       'o' ' Other Boot Options -->' \
       't' ' TPM/TOTP/HOTP Options -->' \
       's' ' Update checksums and sign all files in /boot' \

From 186895d414957011dc279b5a3c6f2150cc2c70b1 Mon Sep 17 00:00:00 2001
From: Martin Kepplinger <martink@posteo.de>
Date: Sun, 26 May 2019 19:00:41 +0200
Subject: [PATCH 4/4] gui-init: move Refresh TOTP/HOTP to the Main Boot Menu

also, rename the current menu entry to being smaller and simpler.

Closes #574
---
 initrd/bin/gui-init | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index e408b02e..8c441965 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -174,6 +174,7 @@ while true; do
     whiptail $MAIN_MENU_BG_COLOR --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \
       --menu "$date\nTOTP: $TOTP | HOTP: $HOTP" 20 90 10 \
       'y' ' Default boot' \
+      'r' ' Refresh TOTP/HOTP' \
       'a' ' Settings -->' \
       'P' ' Power Off' \
       2>/tmp/whiptail || recovery "GUI menu failed"
@@ -214,7 +215,6 @@ while true; do
       --menu "Select An Option" 20 90 10 \
       'g' ' Generate new TOTP/HOTP secret' \
       'p' ' Reset the TPM' \
-      'r' ' TOTP/HOTP does not match, refresh code' \
       'n' ' TOTP/HOTP does not match after refresh, troubleshoot' \
       'r' ' <-- Return to main menu' \
       2>/tmp/whiptail || recovery "GUI menu failed"