#!/bin/sh # Boot from a local disk installation CONFIG_BOOT_GUI_MENU_NAME='Heads Boot Menu' . /etc/functions . /etc/config mount_boot() { # Mount local disk if it is not already mounted if ! grep -q /boot /proc/mounts ; then mount -o ro /boot \ || recovery "Unable to mount /boot" fi } last_half=X while true; do unset totp_confirm # update the TOTP code every thirty seconds date=`date "+%Y-%m-%d %H:%M:%S"` seconds=`date "+%s"` half=`expr \( $seconds % 60 \) / 30` if [ "$CONFIG_TPM" = n ]; then TOTP="NO TPM" elif [ "$half" != "$last_half" ]; then last_half=$half; TOTP=`unseal-totp` \ || recovery "TOTP code generation failed" fi whiptail --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \ --menu "$date\nTOTP code: $TOTP" 20 60 8 \ 'y' ' Default boot' \ 'n' ' TOTP does not match' \ 'r' ' Refresh TOTP code' \ 'm' ' Boot menu' \ 'u' ' USB boot' \ 'g' ' Generate new TOTP secret' \ 'x' ' Exit to recovery shell' \ 2>/tmp/whiptail || recovery "GUI menu failed" totp_confirm=$(cat /tmp/whiptail) if [ "$totp_confirm" = "x" ]; then recovery "User requested recovery shell" fi if [ "$totp_confirm" = "r" ]; then continue fi if [ "$totp_confirm" = "n" ]; then echo "" echo "To correct clock drift: 'date -s HH:MM:SS'" echo "and save it to the RTC: 'hwclock -w'" echo "then reboot and try again" echo "" recovery "TOTP mismatch" fi if [ "$totp_confirm" = "u" ]; then exec /bin/usb-init continue fi if [ "$totp_confirm" = "g" ]; then if (whiptail --title 'Generate new TOTP secret' \ --yesno "This will erase your old secret and replace it with a new one!\n\nDo you want to proceed?" 16 60) then echo "Scan the QR code to add the new TOTP secret" /bin/seal-totp echo "Hit Enter to return to the main menu" read else echo "Returning to the main menu" fi continue fi if [ "$totp_confirm" = "m" ]; then # Try to select a kernel from the menu mount_boot kexec-select-boot -m -b /boot -c "grub.cfg" continue fi if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then # Try to boot the default mount_boot kexec-select-boot -b /boot -c "grub.cfg" \ || recovery "Failed default boot" fi done recovery "Something failed during boot"