Commit Graph

42 Commits

Author SHA1 Message Date
Thierry Laurion
40c34453df
all scripts: replace TRACE manual strings with dynamic tracing by bash debug
Exception: scripts sourcing/calls within etc/ash_functions continues to use old TRACE functions until we switch to bash completely getting rid of ash.
This would mean getting rid of legacy boards (flash + legacy boards which do not have enough space for bash in flash boards) once and for all.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-02-01 15:48:27 -05:00
Jonathon Hall
905d40bd9b
initrd/bin/flash-gui.sh: Show error if find fails due to I/O error
'find' may fail if I/O errors occur (medium faulty or removed,
filesystem corruption, etc.)  Show a message if this occurs rather than
just dying and returning to the main menu.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 15:15:24 -05:00
Jonathon Hall
40e96c7dae
initrd/bin/flash-gui.sh: Show message if plain ROM is unreadable
If the user selects a plain ROM, but that file can't be read, show a
message and exit rather than dying.  Copy the ROM to RAM before doing
anything with it in case the media fails later.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 15:15:24 -05:00
Jonathon Hall
7e57ce181b
initrd/bin/flash-gui.sh: Fix indentation
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-09 15:15:24 -05:00
Jonathon Hall
6873df60c1
Remove CONFIG_BRAND_UPDATE_PKG_EXT, use zip everywhere
Nitrokey is going to switch from npf to zip per discussion.  Remove
this config.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-16 08:58:38 -05:00
Thierry Laurion
56d38e112c
Talos-2 fixes to comply with hashing file standard. Bypass flash-gui.sh prompt when talos-2 ato validate hashes against hashes provided under tgz through flash.sh validation (still offer zip and tgz, which tgz might change to zip later but only tgz offered through builds)
Attempt to address https://github.com/linuxboot/heads/pull/1526#issuecomment-1811185197

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-16 08:44:39 -05:00
Jonathon Hall
7b2b95cb94
flash-gui.sh: Show .rom or .tgz in UI, not both
talos-2 (only) uses .tgz instead of .rom for updates.  Currently, both
are treated as alternatives to a ZIP-format update archive with
SHA-256 integrity check, extend that to the prompts to reduce clutter.

Reflow the "You will need ... your BIOS image" prompt to fit on
fbwhiptail.

The .tgz format could be better integrated with the ZIP updates, but
this needs more work specific to talos-2.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 17:17:07 -05:00
Jonathon Hall
5bd50652a0
flash-gui.sh: Extend NPF archive format to ZIP, improve workflow
Allow configuring the ZIP-format update file extension with
CONFIG_BRAND_UPDATE_PKG_EXT in board config.  Default is 'zip'.

Create update package in the default Makefile target.  Delete
create_npf.sh.

Do not require /tmp/verified_rom in the update file package's
sha256sum.txt (but allow it for backward compatibility).

Show the integrity error if unzip fails instead of dying (which returns
to main menu with no explanation, error is left on recovery console).
This is the most likely way corruption would be detected as ZIP has
CRCs.  The sha256sum is still present for more robust detection.

Don't require the ROM to be the first file in sha256sum.txt since it
raises complexity of adding more files to the update archive in the
future.  Instead require that the package contains exactly one file
matching '*.rom'.

Restore confirmation prompt for the update-package flow, at some point
this was lost.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-11-13 16:42:05 -05:00
Thierry Laurion
c0cf446034
flash-gui.sh: add proper checks and cleanup in case of npf rom archive 2023-10-31 09:47:47 -04:00
Thierry Laurion
eb1032a55d
flash-gui.sh: Add SHA256SUM and rom name in non npf rom prompt for manual hash verification 2023-10-31 09:34:29 -04:00
tlaurion
2c3987f9a3
Merge pull request #1485 from Nitrokey/nx-nitropad
add Nitropad NV41/NS50 TPM2 boards (2nd)
2023-09-06 10:15:17 -04:00
Jonathon Hall
003bec4fd4
initrd/bin/flash-gui.sh: Exit instead of errant return
Return is not valid outside of a function - exit instead.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-09-05 15:57:13 -04:00
Markus Meissner
fabddb4f7a
flash-gui.sh: add .npf handling; add create-npf.sh 2023-09-05 17:13:56 +02:00
Jonathon Hall
e0c03be341
Change '16 60'-sized whiptail prompts to '0 80'
Some prompts were missed when changing to 0 80 the first time around,
and some new ones were added thinking that size was intentional.

Replace '16 60' with '0 80' globally.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-30 14:21:11 -04:00
Kyle Rankin
79da79a5e4
Implement Restricted Boot Mode
Restricted Boot mode only allows booting from signed files, whether that
is signed kernels in /boot or signed ISOs on mounted USB disks. This
disables booting from abitrary USB disks as well as the forced "unsafe"
boot mode. This also disables the recovery console so you can't bypass
this mode simply by running kexec manually.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-21 13:26:45 -04:00
Thierry Laurion
8da5d5d723
Add dual support for real bash and busybox's bash(ash)
- modify bash to have it configured with -Os
2023-03-08 12:45:44 -05:00
Thierry Laurion
8259d3ca1e
Add TRACE function tracing function to output on console when enabled
- Add TRACE function tracing output under etc/functions, depending on CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT enabled in board configs
- Replace current DEBUG to TRACE calls in code, reserving DEBUG calls for more verbose debugging later on (output of variables etc)
- add 'export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y' in qemu-coreboot(fb)whiptail-tpm1(-hotp) boards to see it in action
2023-02-20 11:44:52 -05:00
Thierry Laurion
5bc2bc88e4
All scripts and functions: Add DEBUG calling trace on console when CONFIG_DEBUG_OUTPUT is exported in board config
-qemu-coreboot-*whiptail-tpm1(-hotp) boards have 'export CONFIG_DEBUG_OUTPUT=y' by default now
2023-02-18 21:52:44 -05:00
Thierry Laurion
81b4bb77de
whiptail: no more whiptail reseting console on call (--clear)
So we have console logs to troubleshoot errors and catch them correctly
2022-11-15 15:11:58 -05:00
Sergii Dmytruk
472ca6fb30
flash-gui.sh: accept tgz package for Talos boards
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-11-11 00:59:45 +02:00
Thierry Laurion
9bb6be8874
whiptail: fixate width to 80 characters and have height dynamic to all whiptail/fbwhiptail prompts 2022-11-09 11:51:27 -05:00
Thierry Laurion
59aafa5506 NEWT: fix whiptail line width for output that could wrap line content over multiple lines 2021-10-29 14:53:53 -04:00
Thierry Laurion
661b3b0e81 flash-gui: fix width of flash confirmation from 60 -> 90 chars as everywhere else
- Fix the flash prompt that was spreading filename over 2 lines (width 60 -> 90 as everywhere else)
2021-10-29 13:45:22 -04:00
Matt DeVillier
32716c8ce6 gui*: Improve consistency of background color use
Persist the background color (and error state) through
the main menu and all submenus. Use warning
background color for destructive operations, error color
for errors.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
95442dccd4 flash-gui: improve readability of ROM filename
Strip the path prefix from the ROM filename, and place on own
line to prevent truncation with long filenames / narrow screens.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
Matt DeVillier
d6ea02d7d5
flash-gui: Improve readability of prompts
Adjust text on GUI dialogs to prevent filenames from being truncated
and to improve clarity/readability.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-21 09:47:46 -05:00
Matt DeVillier
f7c4cae903
*gui.sh: move common ops to gui_functions
Move code duplicated across several GUI scripts into a common
gui_functions file and include/use that.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-10 17:37:07 -05:00
Matt DeVillier
1bd93d6679
Eliminate use of CONFIG_USB_BOOT_DEV
mount-usb switched to dynamic USB device detection a while back,
so eliminate instances of CONFIG_BOOT_USB_DEV, and derive the
mounted USB device from /etc/mtab in the one place where it's
actually needed (usb-scan). Clean up areas around calls to
mount-usb for clarity/readability.

Addresses issue #673

Test: Build Librem 13v4, boot ISO file on USB

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 22:32:08 -06:00
Matt DeVillier
132dcb2344
flash-gui: set unset variable USB_FAILED
Not setting USB_FAILED when call to mount-usb succeeds results
in a spurious 'sh: 0 unknown operand' error printed to console.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-01-29 13:58:29 -06:00
Matt DeVillier
c14c09b602
flash-gui: clear boot signatures after flashing a cleaned ROM
If the user chooses to flash a "cleaned" ROM (not persisting settings
or GPG keys) then the signatures on /boot are no longer valid, so clear
them out. This allows for the OEM factory reset prompt to be shown on
the next boot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:17:35 -06:00
Matt DeVillier
3306dbb66d
flash-gui: clean up ROM list
Exclude dot folders from ROM search path, so that files in
.Trash (eg) aren't shown. Sort the remaining options.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-06-25 10:00:54 -05:00
Kyle Rankin
553cf0958b
Add dynamic USB device detection
Instead of relying on a hard-coded USB disk, it would be better if the
mount script attempted to dynamically detect available USB disks. This
modification to the USB mount script attempts to handle the common case
of a single USB disk but can also handle the case of multiple disks
where it will present the user with all available USB disks
2019-04-19 14:11:45 -07:00
Kyle Rankin
cfddb4ed2e
Add GPG GUI
It makes more logical sense for GPG functions to be split out into their
own menu instead of being part of the "Flash" menu. This creates a
gpg-gui.sh script and moves GPG options there while adding a few
additional features (like listing keys and initial smartcard key
generation support).
2019-02-19 06:48:08 -08:00
tlaurion
695993b593
Merge branch 'master' into gpg2 2019-02-08 13:29:02 -05:00
Thierry Laurion
005a19eeda
properly deal with trusting keys to supress UX confusion about trusted keys
key-init makes sure trustdb is updated at run time and user and distro keys are ultimately trusted. Each time a file is signed, the related public key is showed without error on it's trustability.
flash-gui deals with gpg1 to gpg2 migration. If pubring.kbx is found, pubring.gpg is deleted from running rom dump.
2019-02-08 12:38:38 -05:00
Thierry Laurion
5eee5aa296
GPG2 required changes for key and trustdb generation and inclusion in rom
.ash_history: add examples to generate keys and otrust in rom
flash-gui: export otrust and import it in rom
key-init: import otrust.txt if present to supress warning about user public key being untrusted
2019-01-29 11:18:11 -05:00
Thierry Laurion
6335ece902
gpg2 pubring extension change from gpg to kbx 2019-01-26 11:51:56 -05:00
Kyle Rankin
3eb62eed1a
Use global /tmp/config that combines multiple config files
As part of the config gui we want to be able to have the system define
new config options without them being lost if the user makes their own
changes in CBFS. To allow that this change creates a function initiated
in init that combines all /etc/config* files into /tmp/config. All
existing scripts have been changed to source /tmp/config instead of
/etc/config. The config-gui.sh script now uses /etc/config.user to hold
user configuration options but the combine_configs function will allow
that to expand as others want to split configuration out further.

As it stands here are the current config files:

/etc/config -- Compiled-in configuration options
/etc/config.user -- User preferences that override /etc/config
/tmp/config -- Running config referenced by the BIOS, combination
               of existing configs
2018-12-06 15:24:28 -08:00
Kyle Rankin
8d50b6a1ab
Add option to flash cleaned ROM to GUI 2018-05-28 11:38:04 -07:00
Kyle Rankin
8dc2f8602f
Add trivial word-wrapping for long output line 2018-05-23 16:14:44 -07:00
Kyle Rankin
258420d75d
Add BIOS ROM editing features to flash GUI
In addition to being able to flash a ROM from the GUI, it would also be
useful for a user to be able to add a GPG key to their keyring using the
flashing tool. This change adds the ability for a user to edit both a
ROM located on a USB key and also edit the running BIOS by using
flashrom to make a local copy of the running BIOS, edit it, then reflash
it. This also supports the upcoming delete feature in CBFS for
circumstances where keyring files already exist within CBFS.
2018-05-17 15:31:23 -07:00
Kyle Rankin
3c88bc5d86
Split flash GUI into separate script
To keep the flash logic simpler the GUI logic has been split into a
flash-gui.sh program so flash.sh behaves closer to the original flashrom
scripts it was based from. I've also removed the previous flashrom
scripts and incorporated their options into flash.sh. Finally I set
CONFIG_BOARD via the Makefile instead of setting a duplicate option in
each board's config.
2018-05-11 14:08:31 -07:00