Commit Graph

38 Commits

Author SHA1 Message Date
Matt DeVillier
6b5adcca6f
init: load usb modules for devices using USB keyboard
Some (out of tree) servers require use of a USB keyboard, and need
the USB kernel modules loaded prior to checking for keypress to enter
a recovery console. Since loading the modules affects the value in PRC5
and can cause issues putting a LUKS key in TPM, guard the loading of the
USB modules with CONFIG_USB_KEYBOARD and remove the unguarded call from
gui-init.

This should resolve issues #603 and #674.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 11:40:34 -06:00
Francis Lam
92e706bf1b init: fix invalid GPG_TTY variable
busyboy tty isn't working after the musl-cross-make change so
revert to known good value.
2020-01-25 20:45:03 -08:00
Matt DeVillier
6cfbc86618
initrd: don't mount efivars fs on non-linuxboot systems
it doesn't exist and produces a spurious error on Heads systems

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-06-25 10:07:10 -05:00
tlaurion
695993b593
Merge branch 'master' into gpg2 2019-02-08 13:29:02 -05:00
Jason Andryuk
ca3a5fd2eb
Set GPG_TTY before calling gpg in key-init
gpg2 needs GPG_TTY set to function properly.  We set it in /init so it
is inherited by all children.  The call to $(tty) must be after /dev and
(preferably) /dev/pts are mounted.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
2019-01-29 11:16:19 -05:00
Thierry Laurion
fb3e2066b8
GPG_TTY is forced to /dev/console under init. Ash console is never called; trying to get console tty from the tty returns "no console". NEEDs BETTER FIX. 2019-01-29 11:15:48 -05:00
Kyle Rankin
ab0f9dd32e
Move custom configs below recovery shell
For safety it would be better if we source any custom configs after the
recovery shell in init. That way we can recover from any config mistakes.
2018-12-06 16:34:47 -08:00
Kyle Rankin
64484206ed
Load cbfs before combining configs and building fstab 2018-12-06 16:27:36 -08:00
Kyle Rankin
3eb62eed1a
Use global /tmp/config that combines multiple config files
As part of the config gui we want to be able to have the system define
new config options without them being lost if the user makes their own
changes in CBFS. To allow that this change creates a function initiated
in init that combines all /etc/config* files into /tmp/config. All
existing scripts have been changed to source /tmp/config instead of
/etc/config. The config-gui.sh script now uses /etc/config.user to hold
user configuration options but the combine_configs function will allow
that to expand as others want to split configuration out further.

As it stands here are the current config files:

/etc/config -- Compiled-in configuration options
/etc/config.user -- User preferences that override /etc/config
/tmp/config -- Running config referenced by the BIOS, combination
               of existing configs
2018-12-06 15:24:28 -08:00
Francis Lam
c0f3a4bb79
Read and measure an EFI file into initrd during init 2018-04-29 19:58:44 -07:00
Francis Lam
37feebdc76
Read and measure CBFS files into initrd during init 2018-04-20 09:29:57 -07:00
Francis Lam
e86123769b
Moved network init to a separate bootscript
Enabled recovery serial console (tested on kgpe-d16)
Minor fix to kexec-boot to correct xen boot
Remove busybox power utils
2018-03-10 15:40:07 -08:00
persmule
43ba7a777d fix the broken if syntax 2018-02-24 14:49:10 +08:00
Kyle Rankin
c35f385cf7
Make eth0 init condition on module, remove early bin/ash
To avoid unnecessary errors, only load the eth0 network if the e1000
module exists. Also remove /bin/ash so CONFIG_BOOTSCRIPT works.
2018-02-14 11:50:21 -08:00
Trammell hudson
15a07b3fce
enable qemu networking and ssh key login (#312) 2018-02-09 13:42:52 -05:00
Trammell hudson
bac7576979
enable efivarfs if it is available 2018-02-08 16:49:49 -05:00
Trammell hudson
4150454e1c
add normal directories to path for chroot calls 2018-02-02 15:50:17 -05:00
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server.
This development branch builds a NERF firmware for the Dell R630
server.  It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
2017-09-20 10:29:14 -04:00
Trammell Hudson
b550a7f967
rework startup scripts to combine totp prompt with boot mode selection (issue #221) 2017-07-18 13:44:02 -04:00
Trammell Hudson
86f3e9f5dc
add /boot and /media to /etc/fstab on startup (issue #220) 2017-07-17 12:22:48 -04:00
Francis Lam
efd662c63a
adds a USB boot option with basic parsing to kexec
Supports booting from USB media using either the root device or
a signed ISO as the boot device.  Boot options are parsed with
quick/dirty shell scripts to infer kexec params.

Closes #195 and begins to address #196
2017-04-29 13:40:34 -04:00
Trammell Hudson
7f600072ad
pass -ic option to tpm extend (issue #198) 2017-04-23 16:12:08 -04:00
Trammell Hudson
353a0efe6f
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110)
This adds support for seamless booting of Qubes with a TPM disk key,
as well as signing of qubes files in /boot with a Yubikey.

The signed hashes also includes a TPM counter, which is incremented
when new hashes are signed.  This prevents rollback attacks against
the /boot filesystem.

The TPMTOTP value is presented to the user at the time of entering
the disk encryption keys.  Hitting enter will generate a new code.

The LUKS headers are included in the TPM sealing of the disk
encryption keys.
2017-04-12 06:57:58 -04:00
Trammell Hudson
1744612df6
mount only takes one filesystem 2017-04-10 13:11:19 -04:00
Trammell Hudson
4c982856a3
add /etc/fstab and /etc/mtab to initrd image 2017-04-10 12:59:24 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6) 2017-04-01 23:02:00 -04:00
Trammell Hudson
d06ba0a851
reset $boot_option between loops 2017-04-01 22:25:16 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
This addresses multiple issues:

* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
cfd549097f
disable dhcp, since there are no networking modules loaded 2017-03-30 17:21:22 -04:00
Trammell Hudson
8589370708
Flash writing from userspace works (issue #17).
Reduce the size of flashrom by commenting out most flash chips,
boards and programmers.

Wrapper script to make it easier to rewrite the ROM on the x230
using the flashrom layout.

Keep the entire 12 MB ROM for flashing.
2017-03-30 17:12:22 -04:00
Trammell Hudson
b0d2d4b5ba
run dhcp automatically on boot 2017-03-27 18:03:09 -04:00
Trammell Hudson
f39dfd321d
enable dhcp and add helper script for lease setup 2017-03-27 15:56:10 -04:00
Trammell Hudson
9311428082
add /sbin paths 2016-10-26 15:11:12 -04:00
Trammell Hudson
9a85bc22d9
use the new tpmtotp shell scripts 2016-09-09 17:24:52 -04:00
Trammell Hudson
8a32fb4ac3
warn if there is no totp file 2016-08-14 16:00:34 -04:00
Trammell Hudson
b3786d256a
tpmtotp and qrencode deps 2016-07-31 22:39:07 -04:00
Trammell Hudson
2471e15109
cleanup initrd, improve population of lib directories, remove some extra drivers, add notes on /dev 2016-07-28 00:08:33 -04:00
Trammell Hudson
a6d9902a2d
started on automated build process 2016-07-25 10:08:53 -04:00