The point of this change is to provide a failsafe (failunsafe?) mode for
less technically-savvy users who will ultimately be using Heads by
default on Librem laptops.
There are some scenarios where an end user might forget to update hashes
in /boot after an initrd change or might have some other hash mismatch.
Currently that user would then be stuck in a recovery console in Heads
not knowing what to do within that limited shell environment to fix the
situation.
This change adds a 'force' mode to kexec-select-boot that goes straight
into a boot menu and bypasses the hash checks so the user could more
easily get back into their system to attempt to repair it. It adds
appropriate warnings about why this is a risky option and moves it down
toward the bottom of the menu. The goal would be to just have this be an
emergency option our support could guide a user to if they ended up in
this situation.
"export" statements included or declared in a Makefile proves literally
(with no escape) passed to the shell, which may result in shell envvars
containing literal double quote if SHELL is set as bash, and they further
becomes statements containing `\"` when printed with command export.
This behavior could be observed by the makefile inlined at the end.
This commit adds a regexp to sed to remove those `\"`.
export QUOTE="QUOTE"
SHELL := /bin/bash
.SHELLFLAGS := -o pipefail -c
export-quote:
export|grep QUOTE
This modifies the segment at 0x0 so that it contains enough of a fake
Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can
correctly locate its trampoline code.
Since custom Xen is no longer required, we can remove the module,
the patches and all of the references to it in the board definition
files.
The modules file had a few errors that prevented slang from being built.
First the src/elfobjs file needed to be created before make started.
Second it needed to be configured without external png, pcre and onig
libraries it doesn't need for this application.
Guarded linuxboot specific init entries
Removed Makefile entries into separate file (conflicts with srcing /etc/config)
Added CONFIG_BOOT_LOCAL/_REMOTE to control interface setup
Fixed CONFIG_TPM usage
if "CONFIG_TPM=y" is not present in the config file, functionalities
needing TPM could be disabled, while leaving other functionalities intact.
This will make Heads a more general-usage bootloader payload atop coreboot.
In particular I added a GUI menu to instruct the user if there is no
TOTP code registered (as is the case upon first flash) and also added
better handling of the case the user selects 'default boot' when there
is no default boot set yet. Apart from that where there were text-only
menus left in gui-init I've replaced them with GUI menus.
When selecting the boot menu option (m) in the gui-init you call out to
kexec-select-boot. To better maintain the graphical menu experience,
I've added a -g option to kexec-select-boot that, when set, will use a
graphical whiptail menu for the most common menu selection modes.
This is a modified version of the generic-init script that uses whiptail
to generate a graphical menu. I changed two of the options so that the
user can refresh the menu to get an updated TOTP code if needed.
The whiptail binary will allow us to create GUI menus from bash scripts.
It is included in the newt library, which depends on slang. To enable,
the board configuration file should add CONFIG_SLANG=y and CONFIG_NEWT=y
USB smart card readers are most full speed devices, and there is no
"rate-matching hubs" beneath the root hub on older (e.g. GM45) plat-
forms, which has companion OHCI or UHCI controllers and needs cor-
responding drivers to communicate with card readers directly plugged
into the motherboard, otherwise a discrete USB hub should be inserted
between the motherboard and the reader.
This time I make inserting linux modules for OHCI and UHCI controllable
with option CONFIG_LINUX_USB_COMPANION_CONTROLLER.
A linux config for x200 is added as an example.
Tested on my x200s and elitebook revolve 810g1.
if "CONFIG_TPM=y" is not present in the config file, functionalities
needing TPM could be disabled, while leaving other functionalities intact.
This will make Heads a more general-usage bootloader payload atop coreboot.