mount-usb switched to dynamic USB device detection a while back,
so eliminate instances of CONFIG_BOOT_USB_DEV, and derive the
mounted USB device from /etc/mtab in the one place where it's
actually needed (usb-scan). Clean up areas around calls to
mount-usb for clarity/readability.
Addresses issue #673
Test: Build Librem 13v4, boot ISO file on USB
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Commit 6b5adcca moved the call to enable_usb from gui-init
to init and guarded it with CONFIG_USB_KEYBOARD, but it was
missed that this is needed for the clean boot check logic
when a librem key is used. Add the call back to gui-init
and guard it properly
Test: clean_boot_detect works properly on a librem 13v4
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Some (out of tree) servers require use of a USB keyboard, and need
the USB kernel modules loaded prior to checking for keypress to enter
a recovery console. Since loading the modules affects the value in PRC5
and can cause issues putting a LUKS key in TPM, guard the loading of the
USB modules with CONFIG_USB_KEYBOARD and remove the unguarded call from
gui-init.
This should resolve issues #603 and #674.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Not setting USB_FAILED when call to mount-usb succeeds results
in a spurious 'sh: 0 unknown operand' error printed to console.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Since the custom password is used to set the GPG admin
password as well as the TPM and GPG user passwords, an
8-character minimum is required. Inform the user of this,
and validate custom password length upon entry.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
If /boot isn't mounted, we can't read the HOTP counter, so no
point in reading from the TPM. This speeds up getting to the
main menu in the case of an inaccessible or non-existant /boot.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Update text on TOTP error prompt to provide better
guidance for users following the use of the OEM
factory reset function
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
If kexec-sign-config fails due to GPG key not present,
the double die() results in a kernel panic (and if it didn't,
/boot would be left mounted RW). Fix this by removing call to
die() and ensuring /boot remounted RO regardless checksum
update success or failure.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Normally we resort to default passwords for OEM reset, however we have a
use case where it would be convenient to set a custom password instead.
This patch adds a simple prompt (that defaults to the defaults if you
hit Enter) that enables someone using the OEM reset to enter a single
password that will replace the defaults (TPM, GPG Admin, GPG User).
If the user chooses to flash a "cleaned" ROM (not persisting settings
or GPG keys) then the signatures on /boot are no longer valid, so clear
them out. This allows for the OEM factory reset prompt to be shown on
the next boot.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Users may wish to temporarily boot an OS from a drive other than
their primary boot drive, without changing the default and saving
to ROM. Mounting /boot after changing the device selection
facilitates this by allowing the user to then choose an unsafe boot
from the newly-selected boot drive.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
when commit [928f003] config-gui: add 'Full Reset' option
was added, the bottom end of the save config option was
accidentally truncated; restore it to fix save config option
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Add a check to determine if first boot after flashing a cleaned
ROM, and prompt user to run the OEM Factory Reset if so
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Add an OEM Factory Reset menu option, which performs an
unattended reset and configuration of the device's TPM,
GPG security token, and boot device / boot selection.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Add oem-factory-reset script which performs an unattended
reset and configuration of the device's TPM, GPG security token,
and boot device / boot selection.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Add function to detect boot device. Start by checking
CONFIG_BOOT_DEV, then iterate thru all bootable partitions.
Check if partition is mountable, contains grub directory.
Update CONFIG_BOOT_DEV and mount on /boot if successful.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Initial card detection can sometimes fail, so prompt the user
to remove/reinsert their GPG card before retrying. Since
errexit is likely set, disable it prior to calling --card-status so
we can handle the error ourself, then re-set if necessary when done.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Next prompt will be to ensure GPG key is attached, which defaults
to Y, so default here as well for consistency
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Check that any files added to cbfs exist before attempting to
add them, so flashing doesn't fail after a reset.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Add Full Reset option to clear all GPG keys and user settings,
both from the local filesystem and running firmware, and
clear/reset the TPM
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
If the boot device is invalid or unabled to be mounted
and the user opts to select a new boot device, jump
directly to that menu option and avoid the additional
step of showing the config main menu.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Updating TOTP/HOTP is mainly necessary after a user updates
their firmware, and no need to force another reboot.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
use similar filtering logic as with USB drives to provide
the user a more sane list of boot device options. Show user
only valid bootable partitions, not block devices.
There's no point in showing /dev/nvme0 and /dev/nvme0n1 (eg)
when /dev/nvme0n1p[1..n] (eg) exist, as the former are not
valid boot devices.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Add optional parameter to bypass menu selection and
immediately select a menu option. This allows us to call
the 'Set Boot Device' option directly, saving the user
an unnecessary step.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Introduce option to remove any existing key(s) from firmware
and add a user-suppled key, before reflashing.
Move existing code for adding a new key to a separate function
so it can be reused for new feature without duplication.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
If CONFIG_BOOT_DEV isn't set or otherwise fails to mount,
we prompt the user to change the /boot device, but never
attempt to mount it to ensure it's sane, leading to
potential failures later in the config/boot process.
Ensure that CONFIG_BOOT_DEV is updated after the /boot device
is changed, and attempt to re-mount /boot after the change.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
If the user has changed the /boot config but not yet flashed,
it's reasonable for them to expect that flashing to add/update
a GPG key won't revert those changes.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
In order to streamline the initial setup, prompt user to
update checksums/sign /boot files after adding a key and
updating the firmware, in order to avoid an extra reboot.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Move the non-GUI component of update_checksums() to
/etc/functions so it can be reused outside of gui-init.
Add check that /boot/kexec_default_hashes.txt exists before parsing
it, since doesn't exist if there's no default boot target set yet.
Eliminates spurious error text and/or premature exit depending on
state of errexit.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
'Options' makes more sense than 'Settings' given the submenu's contents.
Tidy up Boot Options as well
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>