Since it's not supposed to be shell safe, just display safe
inside double quotes, we can allow some more characters.
Also fix the escape character not being escaped.
busybox sha256sum will create a checksum file for uncommon file names
(e.g. /boot/foo"$\n"bar), but fail to verify that exact file.
https://bugs.busybox.net/show_bug.cgi?id=14226
Thus disallow all files in /boot/ with strange file names at the time of
signing for now. Verifying in the presence of new files with such file
names in /boot/ is no issue for the kexec_tree verification due to the
previously implemented escaping mechanism.
Attempt to fix the following issues:
1. unescaped file names may let an attacker display arbitrary
whiptail prompts --> escape, original code by @JonathonHall-Purism
2. whiptail itself allows escape characters such as \n
--> use an escape character not used by whiptail, i.e. #
3. performance issues caused by diff'ing too early -->
only generate a diff to display to the user, if an actual issue is
found
If the user selects "continue to main menu" from an error, do not show
any more error prompts until reaching the main menu.
We still try to initialize everything (GPG, TOTP, HOTP) so that the
main menu can still show TOTP/HOTP if GPG is not configured, etc., but
no more prompts are shown after selecting "continue to main menu".
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
A lot of echo_entry() is now common to elf/multiboot/xen kernels, just
branch for the type-specific logic.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
If a boot option doesn't refer to a valid file for the kernel/initrd,
ignore it. Such an option is never bootable, because we would fail to
find the kernel/initrd. This could happen if the path contained GRUB
variables, or specified a device that wasn't /boot, etc.
This is checked before expanding GRUB variables. It's unlikely that
any kernel/initrd path containing variables would end up working when
all variables expand to nothing (since we do not handle GRUB
variables).
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Some configs specify kernel/initrd paths relative to a device (often
found in a variable). Assume the device is the /boot partition and
ignore the device specification.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Extract exclusion for unpartitioned block device of partitioned media
to gui_functions, and exclude them even if kernel hasn't listed the
partitions yet. (Fixes flash/USB boot prompts incorrectly trying to
use the whole device for partitioned media the first time.)
Ignore block devices of size 0, like empty USB SD card readers.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
- Have Talos II supported by detecting correctly size of mtd chip (not internal: different flashrom output needs to be parsed for chip size)
- Read SPI content only once: 66% speedup (TOCTOU? Don't think so, nothing should happen in parallel when flashing insingle user mode)
- Have the main flash_progress loop not break, but break in flash_rom state subcases (otherwise, verifying step was breaking)
- Change "Initializing internal Flash Programmer" -> "Initializing Flash Programmer"
- Apply changes suggested by @SergiiDmytruk under https://github.com/osresearch/heads/pull/1230#issuecomment-1295332539 to reduce userland wasted time processing flashrom -V output
It specifies whitespace-separated list of console devices to run Heads
on in addition to the default one.
Example for board config:
export CONFIG_BOOT_EXTRA_TTYS="tty0 tty1"
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
EC signatures requires that the digest has the corresponding length. Removing the hardcoded sha2-256 hash function and adding support of sha2-384 and sha2-512 should allow using EC crypto.
- Take System Info changes from 06311ff068 (Thanks to @nestire)
- Move changes to seperate script under /bin/oem-system-info-xx30
- Add additional camera and wifi card IDs, add synaptic touchpad detection if kernel has module built in
Above changes squashed in this commit.
Since /etc/luks-functions are currently exporting passphrases tested good per cryptsetup to be reused in the code,
the logic calling both luks_reencrypt and luks_change_passphrase testing for non-empty luks_current_Disk_Recovery_Key_passphrase
was bogus.
This commit includes a new variable luks_new_Disk_Recovery_Key_desired which is set when reencryption is desired.
The 3 use cases (reencrypt+passphrase change, reencrypt no passphrase change and passphrase change alone now only test
for luks_new_Disk_Recovery_Key_desired and luks_new_Disk_Recovery_Key_passphrase_desired, nothing else.
network-init-reovery can be used to automatically set RTC clock to obtained NTP clock.
The script would fail if other devices devices previously registered on the network with the same MAC.
Consequently, maximized boards are detected here, and a full random MAC is generated and used instead of using hardcoded DE:AD:C0:FF:EE.
This continues to generate checksums and sign them per new GPG User PIN, but does not set a default boot option.
The user hitting Default Boot on reboot will go through having to setup a new boot default, which will ask him to setup a Disk Unlock Key if desired.
Otherwise, hitting Default Boot goes into asking the user for its Disk Recovery Key passphrase, and requires to manually setup a default boot option.
