mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-18 18:57:04 +00:00
3eb62eed1a
As part of the config gui we want to be able to have the system define new config options without them being lost if the user makes their own changes in CBFS. To allow that this change creates a function initiated in init that combines all /etc/config* files into /tmp/config. All existing scripts have been changed to source /tmp/config instead of /etc/config. The config-gui.sh script now uses /etc/config.user to hold user configuration options but the combine_configs function will allow that to expand as others want to split configuration out further. As it stands here are the current config files: /etc/config -- Compiled-in configuration options /etc/config.user -- User preferences that override /etc/config /tmp/config -- Running config referenced by the BIOS, combination of existing configs
65 lines
1.4 KiB
Bash
Executable File
65 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
# Sign a valid directory of kexec params
|
|
set -e -o pipefail
|
|
. /tmp/config
|
|
. /etc/functions
|
|
|
|
rollback="n"
|
|
update_counter="n"
|
|
while getopts "p:c:u" arg; do
|
|
case $arg in
|
|
p) paramsdir="$OPTARG" ;;
|
|
c) counter="$OPTARG"; rollback="y" ;;
|
|
u) update_counter="y"; rollback="y" ;;
|
|
esac
|
|
done
|
|
|
|
if [ -z "$paramsdir" ]; then
|
|
die "Usage: $0 -p /boot [ -u | -c counter ]"
|
|
fi
|
|
|
|
paramsdir="${paramsdir%%/}"
|
|
|
|
confirm_gpg_card
|
|
|
|
if [ "$rollback" = "y" ]; then
|
|
rollback_file="$paramsdir/kexec_rollback.txt"
|
|
|
|
if [ -n "$counter" ]; then
|
|
# use existing counter
|
|
read_tpm_counter $counter \
|
|
|| die "$paramsdir: Unable to read tpm counter '$counter'"
|
|
else
|
|
# increment counter
|
|
check_tpm_counter $rollback_file \
|
|
|| die "$paramsdir: Unable to find/create tpm counter"
|
|
counter="$TPM_COUNTER"
|
|
|
|
increment_tpm_counter $counter \
|
|
|| die "$paramsdir: Unable to increment tpm counter"
|
|
fi
|
|
|
|
sha256sum /tmp/counter-$counter > $rollback_file \
|
|
|| die "$paramsdir: Unable to create rollback file"
|
|
fi
|
|
|
|
param_files=`find $paramsdir/kexec*.txt`
|
|
if [ -z "$param_files" ]; then
|
|
die "$paramsdir: No kexec parameter files to sign"
|
|
fi
|
|
|
|
for tries in 1 2 3; do
|
|
if sha256sum $param_files | gpg \
|
|
--digest-algo SHA256 \
|
|
--detach-sign \
|
|
-a \
|
|
> $paramsdir/kexec.sig \
|
|
; then
|
|
# successful - update the validated params
|
|
check_config $paramsdir
|
|
exit 0
|
|
fi
|
|
done
|
|
|
|
die "$paramsdir: Unable to sign kexec hashes"
|