Exception: scripts sourcing/calls within etc/ash_functions continues to use old TRACE functions until we switch to bash completely getting rid of ash.
This would mean getting rid of legacy boards (flash + legacy boards which do not have enough space for bash in flash boards) once and for all.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
'find' may fail if I/O errors occur (medium faulty or removed,
filesystem corruption, etc.) Show a message if this occurs rather than
just dying and returning to the main menu.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
If the user selects a plain ROM, but that file can't be read, show a
message and exit rather than dying. Copy the ROM to RAM before doing
anything with it in case the media fails later.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
talos-2 (only) uses .tgz instead of .rom for updates. Currently, both
are treated as alternatives to a ZIP-format update archive with
SHA-256 integrity check, extend that to the prompts to reduce clutter.
Reflow the "You will need ... your BIOS image" prompt to fit on
fbwhiptail.
The .tgz format could be better integrated with the ZIP updates, but
this needs more work specific to talos-2.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Allow configuring the ZIP-format update file extension with
CONFIG_BRAND_UPDATE_PKG_EXT in board config. Default is 'zip'.
Create update package in the default Makefile target. Delete
create_npf.sh.
Do not require /tmp/verified_rom in the update file package's
sha256sum.txt (but allow it for backward compatibility).
Show the integrity error if unzip fails instead of dying (which returns
to main menu with no explanation, error is left on recovery console).
This is the most likely way corruption would be detected as ZIP has
CRCs. The sha256sum is still present for more robust detection.
Don't require the ROM to be the first file in sha256sum.txt since it
raises complexity of adding more files to the update archive in the
future. Instead require that the package contains exactly one file
matching '*.rom'.
Restore confirmation prompt for the update-package flow, at some point
this was lost.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Some prompts were missed when changing to 0 80 the first time around,
and some new ones were added thinking that size was intentional.
Replace '16 60' with '0 80' globally.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Restricted Boot mode only allows booting from signed files, whether that
is signed kernels in /boot or signed ISOs on mounted USB disks. This
disables booting from abitrary USB disks as well as the forced "unsafe"
boot mode. This also disables the recovery console so you can't bypass
this mode simply by running kexec manually.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
- Add TRACE function tracing output under etc/functions, depending on CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT enabled in board configs
- Replace current DEBUG to TRACE calls in code, reserving DEBUG calls for more verbose debugging later on (output of variables etc)
- add 'export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y' in qemu-coreboot(fb)whiptail-tpm1(-hotp) boards to see it in action
Persist the background color (and error state) through
the main menu and all submenus. Use warning
background color for destructive operations, error color
for errors.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Strip the path prefix from the ROM filename, and place on own
line to prevent truncation with long filenames / narrow screens.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Adjust text on GUI dialogs to prevent filenames from being truncated
and to improve clarity/readability.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Move code duplicated across several GUI scripts into a common
gui_functions file and include/use that.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
mount-usb switched to dynamic USB device detection a while back,
so eliminate instances of CONFIG_BOOT_USB_DEV, and derive the
mounted USB device from /etc/mtab in the one place where it's
actually needed (usb-scan). Clean up areas around calls to
mount-usb for clarity/readability.
Addresses issue #673
Test: Build Librem 13v4, boot ISO file on USB
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Not setting USB_FAILED when call to mount-usb succeeds results
in a spurious 'sh: 0 unknown operand' error printed to console.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
If the user chooses to flash a "cleaned" ROM (not persisting settings
or GPG keys) then the signatures on /boot are no longer valid, so clear
them out. This allows for the OEM factory reset prompt to be shown on
the next boot.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Exclude dot folders from ROM search path, so that files in
.Trash (eg) aren't shown. Sort the remaining options.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Instead of relying on a hard-coded USB disk, it would be better if the
mount script attempted to dynamically detect available USB disks. This
modification to the USB mount script attempts to handle the common case
of a single USB disk but can also handle the case of multiple disks
where it will present the user with all available USB disks
It makes more logical sense for GPG functions to be split out into their
own menu instead of being part of the "Flash" menu. This creates a
gpg-gui.sh script and moves GPG options there while adding a few
additional features (like listing keys and initial smartcard key
generation support).
key-init makes sure trustdb is updated at run time and user and distro keys are ultimately trusted. Each time a file is signed, the related public key is showed without error on it's trustability.
flash-gui deals with gpg1 to gpg2 migration. If pubring.kbx is found, pubring.gpg is deleted from running rom dump.
.ash_history: add examples to generate keys and otrust in rom
flash-gui: export otrust and import it in rom
key-init: import otrust.txt if present to supress warning about user public key being untrusted
As part of the config gui we want to be able to have the system define
new config options without them being lost if the user makes their own
changes in CBFS. To allow that this change creates a function initiated
in init that combines all /etc/config* files into /tmp/config. All
existing scripts have been changed to source /tmp/config instead of
/etc/config. The config-gui.sh script now uses /etc/config.user to hold
user configuration options but the combine_configs function will allow
that to expand as others want to split configuration out further.
As it stands here are the current config files:
/etc/config -- Compiled-in configuration options
/etc/config.user -- User preferences that override /etc/config
/tmp/config -- Running config referenced by the BIOS, combination
of existing configs
In addition to being able to flash a ROM from the GUI, it would also be
useful for a user to be able to add a GPG key to their keyring using the
flashing tool. This change adds the ability for a user to edit both a
ROM located on a USB key and also edit the running BIOS by using
flashrom to make a local copy of the running BIOS, edit it, then reflash
it. This also supports the upcoming delete feature in CBFS for
circumstances where keyring files already exist within CBFS.
To keep the flash logic simpler the GUI logic has been split into a
flash-gui.sh program so flash.sh behaves closer to the original flashrom
scripts it was based from. I've also removed the previous flashrom
scripts and incorporated their options into flash.sh. Finally I set
CONFIG_BOARD via the Makefile instead of setting a duplicate option in
each board's config.
