Commit Graph

28 Commits

Author SHA1 Message Date
Thierry Laurion
2c55338be5
Wip: now supports both backup and copy to card and gpg_auth when backup exists. Might want to discuss that implementation. Some functions needed to be moved from functions to ash_functions so that gpg_auth can be called from recovery function. That might need to be discussed as well, recovery could be moved from ash_functions to functions instead.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:48 -04:00
Thierry Laurion
f6eed42208
Add external/usb disk encryption (adds exfatprogs and e2fsprogs)
prepare_thumb_drive: default to creating 10% LUKS container on usb drive, prompts for passphrase is not provided and scan drives if no --device specified

NOTE: qemu usb_thumb drive of 128 mb are not big enough so that 10% of it (12mb) can be used to create thumb drive.

Adds:
- e2fsprogs to support ext4 filesystem creation through mke2fs
- add /etc/mke2fs.conf so that mke2fs knows how to handle ext2/ext3/ext4
- removes mke2fs support from busybox
- bump busybox to latest version which adds cpu accelerated hash functions (not needed per se here)
- Adds exfatprogs to have mkfs.exfat and fsck.exfat
- Adds prepare_thumb_drive /etc/luks-functions to be able to prepare a thumb drive with percentage of drive assigned to LUKS, rest to exfat
- Modify most board configs to test space requirements failing
- Talos2 linux config: add staging Exfat support
- Make e2fsprogs and exfatprogs included by default unless explicitely deactivate in board configs
- Change cryptsetup calls : luksOpen to open and luksClose to close to addresss review
- etc/luks_functions: cleanup

GOAL here is to have secure thumb drive creation which Heads will be able to use to backup/restore/use generated GPG key material in the future (next PR)
2023-08-28 16:23:48 -04:00
Jonathon Hall
e0c03be341
Change '16 60'-sized whiptail prompts to '0 80'
Some prompts were missed when changing to 0 80 the first time around,
and some new ones were added thinking that size was intentional.

Replace '16 60' with '0 80' globally.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-30 14:21:11 -04:00
Jonathon Hall
606c29f0ec
Extract enable_usb_storage() from mount-usb
enable_usb_storage() inserts usb-storage.ko if not already loaded, then
waits for USB storage devices to appear.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-21 13:26:44 -04:00
Jonathon Hall
f1708bf3a7
mount-usb: Fix word splitting in test for USB devices
For partitioned media or when more than one device is present, this
fixes a benign script error that ash had apparently ignored.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-12 09:12:10 -04:00
Thierry Laurion
8da5d5d723
Add dual support for real bash and busybox's bash(ash)
- modify bash to have it configured with -Os
2023-03-08 12:45:44 -05:00
Thierry Laurion
8259d3ca1e
Add TRACE function tracing function to output on console when enabled
- Add TRACE function tracing output under etc/functions, depending on CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT enabled in board configs
- Replace current DEBUG to TRACE calls in code, reserving DEBUG calls for more verbose debugging later on (output of variables etc)
- add 'export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y' in qemu-coreboot(fb)whiptail-tpm1(-hotp) boards to see it in action
2023-02-20 11:44:52 -05:00
Thierry Laurion
5bc2bc88e4
All scripts and functions: Add DEBUG calling trace on console when CONFIG_DEBUG_OUTPUT is exported in board config
-qemu-coreboot-*whiptail-tpm1(-hotp) boards have 'export CONFIG_DEBUG_OUTPUT=y' by default now
2023-02-18 21:52:44 -05:00
Thierry Laurion
81b4bb77de
whiptail: no more whiptail reseting console on call (--clear)
So we have console logs to troubleshoot errors and catch them correctly
2022-11-15 15:11:58 -05:00
Thierry Laurion
9bb6be8874
whiptail: fixate width to 80 characters and have height dynamic to all whiptail/fbwhiptail prompts 2022-11-09 11:51:27 -05:00
Jonathon Hall
a8a843ecc8
mount-usb: Improve reliability with partitioned disks
Extract exclusion for unpartitioned block device of partitioned media
to gui_functions, and exclude them even if kernel hasn't listed the
partitions yet.  (Fixes flash/USB boot prompts incorrectly trying to
use the whole device for partitioned media the first time.)

Ignore block devices of size 0, like empty USB SD card readers.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-11-03 18:22:03 -04:00
Matt DeVillier
32716c8ce6 gui*: Improve consistency of background color use
Persist the background color (and error state) through
the main menu and all submenus. Use warning
background color for destructive operations, error color
for errors.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 14:42:15 -04:00
Matt DeVillier
6a3bb5897a Drop duplicate board-specific background color configs
Set and export currently-used defaults in gui-init, but still
allow for inidividual boards to override via config if desired.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
tlaurion
624faa1a9d
Merge pull request #778 from MrChromebox/usb_gui_tweaks
USB / GUI Tweaks
2020-07-30 13:54:25 -04:00
Matt DeVillier
ba4fcefcea
usb-scan/mount: Improve USB handling
Currently, /media is mounted once per boot, which causes issues
if a user need to change USB sticks, or unknowning performs an
operation that mounts /media and then needs to access a different
USB stick later (eg, updating the firmware).

To mitigate this, always unmount /media if mounted before scanning
for USB devices, so the user can choose the correct device at the
time of its use.

Additionally, add a unique exit code for user abort so we're not
treating it the same as a failure, and use it to prevent unnecessary
GUI prompts when cancelling selection of a USB device.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-21 09:46:59 -05:00
tlaurion
d5262f11d4
Merge pull request #759 from Nitrokey/usb_label
Add partition Label to list of mount-usb
2020-07-18 22:33:03 -04:00
alex-nitrokey
84b2f9b540
Re-arrange the order of label and device 2020-06-30 09:28:35 +02:00
alex-nitrokey
20b07dd1b3
swap label and device and minor formatting change 2020-06-25 09:46:11 +02:00
alex-nitrokey
6d29ab71f9
dd partition Label to menu list 2020-06-24 09:44:50 +02:00
Matt DeVillier
8d6f47fb4d
mount-usb: suppress error output from calls to stat
If no USB storage devices inserted, stat will output
unnecessary error text to console

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-05-04 11:41:21 -05:00
Matt DeVillier
a2d50a10f7
mount-usb: replace fixed timeout with drive detection
Rather than wait a fixed 5s for the usb storage kernel modules
to load, and the user to insert a drive, check for new USB drives
inserted every 1s with a 5s timeout.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-05-04 11:41:20 -05:00
Kyle Rankin
76a068935d
Bugfixes to mount-usb
This change fixes some edge cases where a single usb disk was inserted
with multiple partitions on it, among others.
2019-04-16 12:55:00 -07:00
Kyle Rankin
152689d5d5
Detect USB disk dynamically
Currently Heads relies on a hard-coded config value to determine which
USB disk to mount. This can be problematic when trying to distribute a
pre-built version of Heads that can work on multiple disk
configurations. I've modified the USB mounting script so that it
attempts to detect all USB boot disks present on the system, pick sane
defaults, and prompt the user when there are multiple choices.

I've also removed the USB configuration option from config-gui.sh as
this config option is no longer used.
2019-04-15 15:05:03 -07:00
persmule
baa30a2026 Add OHCI and UHCI drivers to initrd.
USB smart card readers are most full speed devices, and there is no
"rate-matching hubs" beneath the root hub on older (e.g. GM45) plat-
forms, which has companion OHCI or UHCI controllers and needs cor-
responding drivers to communicate with card readers directly plugged
into the motherboard, otherwise a discrete USB hub should be inserted
between the motherboard and the reader.

This time I make inserting linux modules for OHCI and UHCI controllable
with option CONFIG_LINUX_USB_COMPANION_CONTROLLER.

A linux config for x200 is added as an example.

Tested on my x200s and elitebook revolve 810g1.
2018-02-15 22:59:22 +08:00
Trammell Hudson
22282da905
default to mounting USB device on /media 2017-07-17 12:24:15 -04:00
Trammell Hudson
350a3564b1
move usb-storage into a kernel module (issue #160) 2017-04-05 19:20:53 -04:00
Trammell Hudson
3dcc3d4b49
load the xhci USB3 modules as well 2017-04-03 17:09:54 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6) 2017-04-01 23:02:00 -04:00