Commit Graph

391 Commits

Author SHA1 Message Date
Matt DeVillier
43b50788c6 config-gui: Show error if no disks found
Currently, if no disks on system, selection of a new /boot
device will silently fail and simply return the user to the
previous screen. Add an error dialog if no disks found.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
32716c8ce6 gui*: Improve consistency of background color use
Persist the background color (and error state) through
the main menu and all submenus. Use warning
background color for destructive operations, error color
for errors.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
a86debb257 gui-init: chain initial checks outside of main loop
Checking the keyring for a GPG and updating the TOTP/HTOP
status need only happen once at initial boot; the latter
can be updated at any later time from the main menu itself.
Having them repeated each loop of the main menu is unnecessary
(and often annoying). Likewise, the default auto boot can be
moved and the first_pass (and unused MAIN_MENU_OPTIONS)
variable dropped.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
463ec15522 gui-init: Handle menu processing internally
Now that all menu options are encapsulated in shell
functions, move menu handling from the main loop to
inside the menu/submenu function itself.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
1f27dea220 gui-init: refactor into functions
Break menus and menu items into functions where possible.
Improves readability of code / functional flow, and
makes future refactoring easier.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
e6d6594e67 gui-init: Add line breaks between functions for readability
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
5a52606ad5 gui-init: rename 'update_totp' to 'generate_totp_hotp'
Name better reflects function purpose, allows 'update_totp'
to be used to actually update the TOTP code.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
1def8f95b4
kexec-boot: Streamline cmdline remove filtering
Use sed one-liner vs 3 bash inline commands

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 13:40:24 -05:00
chri2
1245701694
fix bug with e.g. nosplash parameter in kernel command line
strings from $cmdremove should only be removed from $cmdline if they are enclosed by spaces of if they are at the beginning of $cmdline followed by a space or if they are at the end of $cmdline prepended by a space
2021-09-29 06:57:18 +00:00
elliotvirzi
0ed8a886ee
Display TOTP secret as text
Enable use of TOTP devices without a camera
2021-08-07 17:40:13 +00:00
tlaurion
2918bcdf48
Merge pull request #1014 from tlaurion/q41_fepitrebot_distro_signing_key
Adding qubes-test distro public key to test QubesOS ISOs
2021-07-29 12:42:38 -04:00
Thierry Laurion
19d064ff96
Adding qubes-test distro public key to test QubesOS ISOs from https://qubes.notset.fr/iso/. Fixes https://github.com/osresearch/heads/issues/1010 2021-07-26 10:21:36 -04:00
Thierry Laurion
57417e149a
init: remove double heads motd banner, keeping the one sent to tty0 which is both local and remote 2021-07-25 19:53:35 -04:00
tlaurion
883f4958f8
Merge pull request #876 from hardenedvault/cryptsetup-2.3
Upgrade to cryptsetup 2.3 and make cryptsetup1/cryptsetup2 optionals
2021-02-04 18:21:38 -05:00
Thierry Laurion
64b1712e78
oem-factory-reset: set default KEY_LENGTH to 3072 and change expectation management message to console (Fixes #919) 2020-12-10 10:33:02 -05:00
alex-nitrokey
e31d6dcb8e Default to 4096 bit for OEM factory reset 2020-11-24 12:48:41 +01:00
Matt DeVillier
055165d61a gui-init: add support for auto-booting default target
if CONFIG_AUTO_BOOT_TIMEOUT exists and is set, and if HOTP
validation was successful, then attempt to boot the default
target after CONFIG_AUTO_BOOT_TIMEOUT seconds if not interrupted
by key press

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-09 22:26:50 -05:00
Matt DeVillier
f445b29dbe kexec-sign-config: fix args to getopts
The -u arg does not take a parameter, so remove the trailing colon.

Fixes /boot hashes not being updated when update_checksums() is called.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-06 15:16:29 -05:00
HardenedVault
057cc3c377 [WIP] cross build json-c and cryptsetup 2020-10-28 15:28:05 +02:00
Matt DeVillier
e7faac20db oem-factory-reset: Allow use without an installed OS
If an installed OS is not detected, then skip setting the
default boot device or generating /boot checksums.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 18:01:42 -04:00
Matt DeVillier
1fc123df4a gui-init: improve handling of blank/missing disk
Check for presence of CONFIG_BOOT_DEV, and if missing or
unable to be mounted, present the user with a menu offering the
option to select another disk, boot from USB, continue to
main menu, or drop to a recovery shell.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 18:01:42 -04:00
Matt DeVillier
6a3bb5897a Drop duplicate board-specific background color configs
Set and export currently-used defaults in gui-init, but still
allow for inidividual boards to override via config if desired.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
Matt DeVillier
95442dccd4 flash-gui: improve readability of ROM filename
Strip the path prefix from the ROM filename, and place on own
line to prevent truncation with long filenames / narrow screens.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
Matt DeVillier
755e9787a7 gui-init: add board name, kernel version to System Info
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
Matt DeVillier
6df281813f Specify 'friendly' board name vs overriding CONFIG_BOOT_GUI_MENU_NAME
This will allow it to be used elsewhere within the UI.
Rename CONFIG_BOOT_GUI_MENU_NAME to better indicate use/function.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
Matt DeVillier
8b3b8cedb5 gui_init: use consistent notation for main menu
sed -i 's/default boot menu/main menu/g'

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
Matt DeVillier
998dc684f1 gpg_gui: use 'and' vs '+' in menu listings
Using words is more explicit and clear here rather than symbols.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
MrChromebox
85d7e29d18
Add new board: Purism Librem Server L1UM (#858)
* modules/coreboot: add option to use coreboot 4.11

Port patches from coreboot 4.8.1 to 4.11:
* 0000-measure-boot -> 0001
* 0010-cross-compiler-support

All other patches for coreboot 4.8.1 have either already been
integrated, or are for platforms which do not need to be migrated
to coreboot 4.11 (they will move to 4.12 or newer).

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add Broadwell-DE platform patch

Add a patch for FSP Broadwell-DE to make use of Heads' measured boot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add patch to read serial # from CBFS

Will be used by multiple Librem boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: add board support for Librem Server L1UM

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Librem Server L1UM: add new board

Add board config, coreboot config, kernel config files.
Add conditional purism-blobs dependency to coreboot-4.11 module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* flash.sh: add special handling for librem_l1um board

Add support for persisting PCIe config via PCHSTRP9 in flash descriptor.
This is needed to support multiple variants of the L1UM server which
use the same firmware but differ in PCIe lane configuration via the
PCH straps configuration in the flash descriptor.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add 'Use PRIxPTR to print uintptr_t' patch

Cherry-picked from upstream coreboot (post-4.11), fixes compilation issue.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add target to build board librem_l1um

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-18 14:48:25 -04:00
Tom Hiller
636e40456e
fix: update chesksums of filenames with spaces (#847)
Signed-off-by: Tom Hiller <thrilleratplay@gmail.com>
2020-10-18 14:46:57 -04:00
alex-nitrokey
7baeebe9bf Change hash files only if gpg card is present
Update_checksum was already changing files in /boot, befor checking for
gpg card. If no card is present, the user will end up in the recovery
next time instead of getting the same dialog again. Therefore, the
confirm_gpg_card should be checked before altering files.

The dead -u flag/$update_counter is used to mark the necessisty to
update the hash files now.
2020-10-15 17:05:12 +02:00
MrChromebox
0eb1f69216
functions/recovery: loop recovery shell when exited (#835)
Currently, exiting the recovery shell results in a kernel panic,
necessitating a hard reset / power cycle. As this is less than ideal,
drop the exec and add a loop to restart the shell.

Addresses issue #833

Tested under qemu-coreboot-fbwhiptail

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-09-16 17:46:22 -04:00
alex-nitrokey
c7085d89c3
Remove quotes to fix use of asterisk in command
Changing the default boot was failing because remove the old entries did
not work as `rm "/some/path/*.txt"` does not work as intended, e.g. the
asterisk is no catch-all.
2020-08-26 13:21:57 +02:00
MrChromebox
a075347351
kexec-parse-boot/bls: Strip boot dir from front of grub entries (#804)
Some grub configs/bls entries contain the full paths to the
kernel/initrd files, which the parsers currently fail to handle,
causing a failed boot without any useful error being presented to the user.

To fix this, strip the bootdir prefix from the menu entries when parsing,
should it exist.

Test: build/boot Librem 13v2 w/F32 and bls entries containing absolute paths.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-24 16:42:33 -04:00
tlaurion
ae9fb74759
Merge pull request #763 from Nitrokey/storage-factoryreset
Delete AES keys of Nitrokey Storage after reset
2020-08-06 16:14:01 -04:00
tlaurion
3aa919ade9
Merge pull request #791 from MrChromebox/gui_boot_tweaks
GUI / Boot Device Tweaks
2020-08-06 16:13:21 -04:00
alex-nitrokey
872a4b0488 Merge remote-tracking branch 'upstream/master' into storage-factoryreset 2020-08-05 11:49:18 +02:00
alex-nitrokey
a224c43026 Add PID for Storage 2020-08-05 11:49:06 +02:00
Alexander Paetzelt
c725f869e2
Merge branch 'master' into gpgexport-factoryreset 2020-08-05 10:49:04 +02:00
Matt DeVillier
0b970b745e
config-gui: clean up boot device selection
When a new /boot device is selected, wait until after
successfully mounting the newly-selected device before
updating CONFIG_BOOT_DEV.

Also, don't assume /boot already mounted, as this can cause
a false failure and prevent mounting of the newly-selected device.

Lastly, tidy up the error output in case mounting /boot fails.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-03 18:49:26 -05:00
Matt DeVillier
0afa599491
Fix eval of DEV_NUM_PARTITIONS
Using 'let' in these scripts fails when evaluating to zero
for some reason, so replace with '$(())' which works as intended.

Test: Boot device selection menu shown properly when
new/unpartitioned drive installed.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-03 18:48:58 -05:00
Matt DeVillier
244de9de94
gui-init: remove double-prompt for checksum update
Not need to prompt the user twice for the same action

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-03 18:48:38 -05:00
Matt DeVillier
5d641ee5b1
gui-init: Guard TPM reset function with CONFIG_TPM
Attempting to reset the TPM when once isn't present causes a kernel
panic, so let's not allow users to do that.

Test: verify 'No TPM Detected' shown on Librem Mini when Reset TPM
option selected from menu.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-30 14:47:01 -05:00
tlaurion
3c551cc249
Merge pull request #784 from MrChromebox/default_boot_fixes
Fix OEM factory reset and setting of default boot with F32
2020-07-30 15:42:08 -04:00
tlaurion
624faa1a9d
Merge pull request #778 from MrChromebox/usb_gui_tweaks
USB / GUI Tweaks
2020-07-30 13:54:25 -04:00
tlaurion
b9f487aa36
Merge pull request #779 from MrChromebox/pwd_fix
Encapsulate changes to working directory inside subshells
2020-07-30 13:54:15 -04:00
Matt DeVillier
97143953e8
Fix check for valid boot options
-r will always succeed since the file will be generated regardless
of number of boot entries found. Use -s instead to check for zero
file size.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-29 00:24:11 -05:00
Matt DeVillier
4c64ca631a
oem-factory-reset: Fix index used for default boot option
Since we sort the boot options prior to selecting the new default entry,
we need to use the index of the entry in the list prior to being sorted,
vs always setting it as 1. This fixes setting/booting of the default
OS target where the list entries are changed when calling sort.

Test: perform OEM factory reset with Fedora 32 installed, verify
default boot succeeds followng reset.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-29 00:24:01 -05:00
Matt DeVillier
009c10465a
oem-factory-reset: Parse BLS format grub files
The same grub parsing logic used in kexec-select-boot should
be used here as well, so copy it over.

Test: oem-factory-reset succeeds with Fedora 32 installed.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-29 00:23:50 -05:00
Matt DeVillier
a89d5a2780
seal-hotp: Fix HOTP key identification
With current implementation, Librem Keys with VID 0x316d are
not identified properly; correct the if/else logic to resolve.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-24 12:45:44 -05:00
tlaurion
7ea13ee000
Merge pull request #761 from Nitrokey/hotp-neutral
Fix branding issue with HOTP USB Security Dongles
2020-07-23 15:05:13 -04:00