ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-01-21 03:55:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
77d4be1dc6
heads/initrd/etc/ash_functions
Thierry Laurion 77d4be1dc6
TPM extend ops: Augment output of TPM1/TMP22 for filename and file content hash ops 
Debug logtrace, screenshots of non-debug will be added in PR #1758

TPM1:
[    4.815559] [U] hello world
[    5.099000] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[    5.122059] TRACE: Under init
[    5.165917] DEBUG: Applying panic_on_oom setting to sysctl
[    5.388757] TRACE: /bin/cbfs-init(5): main
[    5.516637] TRACE: /bin/cbfs-init(24): main
[    5.662271] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/pubring.kbx
[    5.732223] TRACE: /bin/tpmr(790): main
[    5.785372] DEBUG: TPM: Extending PCR[7] with hash 7ccf4f64044946cf4e5b0efe3d959f00562227ae
[    5.838082] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/pubring.kbx
[    6.081466] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/pubring.kbx
[    6.147455] TRACE: /bin/tpmr(790): main
[    6.196545] DEBUG: TPM: Extending PCR[7] with hash ee79223a3b9724ad1aab290a3785132805c79eae
[    6.251251] DEBUG: exec tpm extend -ix 7 -if /.gnupg/pubring.kbx
[    6.445119] TRACE: /bin/cbfs-init(24): main
[    6.585854] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/trustdb.gpg
[    6.659172] TRACE: /bin/tpmr(790): main
[    6.707564] DEBUG: TPM: Extending PCR[7] with hash 7236ea8e612c1435259a8a0f8e0a8f1f5dba7042
[    6.757645] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/trustdb.gpg
[    7.013547] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/trustdb.gpg
[    7.082863] TRACE: /bin/tpmr(790): main
[    7.131022] DEBUG: TPM: Extending PCR[7] with hash ca8898407cacd96d6f2de90ae90825351be81c62
[    7.183344] DEBUG: exec tpm extend -ix 7 -if /.gnupg/trustdb.gpg
[    7.413787] TRACE: /bin/key-init(6): main
[    8.718367] TRACE: Under /etc/ash_functions:combine_configs
[    8.803914] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[    9.045341] TRACE: /bin/setconsolefont.sh(6): main
[    9.096853] DEBUG: Board does not ship setfont, not checking console font
[    9.320494] TRACE: /bin/gui-init(641): main
[    9.356729] TRACE: Under /etc/ash_functions:enable_usb
[    9.445981] TRACE: /sbin/insmod(9): main
[    9.609464] TRACE: /sbin/insmod(53): main
[    9.660145] DEBUG: No module parameters, extending only with the module's content
[    9.791896] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-hcd.ko
[    9.860477] TRACE: /bin/tpmr(790): main
[    9.914849] DEBUG: TPM: Extending PCR[5] with hash bc9ff28a99e314cda69695ba34b26ed0d8b1e4ed
[    9.976867] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-hcd.ko
[   10.146966] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod
[   10.184086] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   10.276564] TRACE: /sbin/insmod(9): main
[   10.433503] TRACE: /sbin/insmod(53): main
[   10.486272] DEBUG: No module parameters, extending only with the module's content
[   10.620200] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/uhci-hcd.ko
[   10.698710] TRACE: /bin/tpmr(790): main
[   10.750637] DEBUG: TPM: Extending PCR[5] with hash bcb2f15c7eb52484072a76fc8a0d7399f6cf2189
[   10.808379] DEBUG: exec tpm extend -ix 5 -if /lib/modules/uhci-hcd.ko
[   10.996254] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod
[   11.026108] uhci_hcd: USB Universal Host Controller Interface driver
[   11.040703] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[   11.053129] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[   11.061568] uhci_hcd 0000:00:1d.0: detected 2 ports
[   11.070973] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00
[   11.089004] hub 1-0:1.0: USB hub found
[   11.097535] hub 1-0:1.0: 2 ports detected
[   11.114890] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[   11.123848] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[   11.134989] uhci_hcd 0000:00:1d.1: detected 2 ports
[   11.142404] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0
[   11.153338] hub 2-0:1.0: USB hub found
[   11.160572] hub 2-0:1.0: 2 ports detected
[   11.176481] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[   11.183898] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[   11.193509] uhci_hcd 0000:00:1d.2: detected 2 ports
[   11.201574] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0
[   11.211182] hub 3-0:1.0: USB hub found
[   11.219256] hub 3-0:1.0: 2 ports detected
[   11.314467] TRACE: /sbin/insmod(9): main
[   11.468430] TRACE: /sbin/insmod(53): main
[   11.521914] DEBUG: No module parameters, extending only with the module's content
[   11.656647] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-hcd.ko
[   11.726721] TRACE: /bin/tpmr(790): main
[   11.778253] DEBUG: TPM: Extending PCR[5] with hash f563e46fbbed46423a1e10219953233d310792f5
[   11.831718] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-hcd.ko
[   12.010752] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod
[   12.044192] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   12.136462] TRACE: /sbin/insmod(9): main
[   12.293409] TRACE: /sbin/insmod(53): main
[   12.345947] DEBUG: No module parameters, extending only with the module's content
[   12.481562] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ohci-pci.ko
[   12.547754] TRACE: /bin/tpmr(790): main
[   12.604827] DEBUG: TPM: Extending PCR[5] with hash a24699fdaac9976cc9447fd0cd444a469299ad2f
[   12.661256] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-pci.ko
[   12.847247] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod
[   12.870986] ohci-pci: OHCI PCI platform driver
[   12.959387] TRACE: /sbin/insmod(9): main
[   13.112275] TRACE: /sbin/insmod(53): main
[   13.163112] DEBUG: No module parameters, extending only with the module's content
[   13.291360] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/ehci-pci.ko
[   13.364853] TRACE: /bin/tpmr(790): main
[   13.438536] DEBUG: TPM: Extending PCR[5] with hash b80a90e11a01eba40bb7e566f3374d0aad326acb
[   13.505500] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-pci.ko
[   13.679865] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod
[   13.704539] ehci-pci: EHCI PCI platform driver
[   13.725570] ehci-pci 0000:00:1d.7: EHCI Host Controller
[   13.735562] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4
[   13.745092] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000
[   13.773286] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[   13.783544] hub 4-0:1.0: USB hub found
[   13.791110] hub 4-0:1.0: 6 ports detected
[   13.800844] hub 1-0:1.0: USB hub found
[   13.807808] hub 1-0:1.0: 2 ports detected
[   13.823094] hub 2-0:1.0: USB hub found
[   13.829910] hub 2-0:1.0: 2 ports detected
[   13.839182] hub 3-0:1.0: USB hub found
[   13.846231] hub 3-0:1.0: 2 ports detected
[   13.946297] TRACE: /sbin/insmod(9): main
[   14.099143] TRACE: /sbin/insmod(53): main
[   14.149765] DEBUG: No module parameters, extending only with the module's content
[   14.291413] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-hcd.ko
[   14.372815] TRACE: /bin/tpmr(790): main
[   14.426919] DEBUG: TPM: Extending PCR[5] with hash 1fc55e846b9d5c93e58c6c8b6f867e744fa694bc
[   14.482815] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-hcd.ko
[   14.670419] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod
[   14.783374] TRACE: /sbin/insmod(9): main
[   14.939364] TRACE: /sbin/insmod(53): main
[   14.995136] DEBUG: No module parameters, extending only with the module's content
[   15.135482] DEBUG: TPM: Will extend PCR[5] hash content of file /lib/modules/xhci-pci.ko
[   15.204263] TRACE: /bin/tpmr(790): main
[   15.255478] DEBUG: TPM: Extending PCR[5] with hash bbdd85242570aa438b908420a43b8d7042db8b4f
[   15.305598] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-pci.ko
[   15.480844] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod
[   15.512476] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   15.528230] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5
[   15.540456] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010
[   15.554225] hub 5-0:1.0: USB hub found
[   15.562061] hub 5-0:1.0: 4 ports detected
[   15.572058] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   15.589966] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6
[   15.598116] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed
[   15.606150] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM.
[   15.616354] hub 6-0:1.0: USB hub found
[   15.623767] hub 6-0:1.0: 4 ports detected
[   15.909854] usb 5-1: new high-speed USB device number 2 using xhci_hcd
[   16.193548] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[   16.345381] usb 5-3: new full-speed USB device number 3 using xhci_hcd
[   17.674973] TRACE: /etc/functions(715): detect_boot_device
[   17.718114] TRACE: /etc/functions(682): mount_possible_boot_device
[   17.759829] TRACE: /etc/functions(642): is_gpt_bios_grub
[   17.833271] TRACE: /dev/vda1 is partition 1 of vda
[   17.925490] TRACE: /etc/functions(619): find_lvm_vg_name
[   18.068352] TRACE: Try mounting /dev/vda1 as /boot
[   18.114444] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[   18.158648] TRACE: /bin/gui-init(319): clean_boot_check
[   18.247883] TRACE: /bin/gui-init(348): check_gpg_key
[   18.338052] TRACE: /bin/gui-init(185): update_totp
[   18.419286] TRACE: /bin/unseal-totp(8): main
[   18.511352] TRACE: /bin/tpmr(614): tpm1_unseal
[   18.624811] DEBUG: Running at_exit handlers
[   18.661992] TRACE: /bin/tpmr(390): cleanup_shred
[   18.692897]  !!! ERROR: Unable to unseal TOTP secret !!!
[   21.295284] TRACE: /bin/unseal-totp(8): main
[   21.386377] TRACE: /bin/tpmr(614): tpm1_unseal
[   21.496183] DEBUG: Running at_exit handlers
[   21.527060] TRACE: /bin/tpmr(390): cleanup_shred
[   21.558625]  !!! ERROR: Unable to unseal TOTP secret !!!
[   24.162881] TRACE: /bin/unseal-totp(8): main
[   24.249549] TRACE: /bin/tpmr(614): tpm1_unseal
[   24.362331] DEBUG: Running at_exit handlers
[   24.394154] TRACE: /bin/tpmr(390): cleanup_shred
[   24.427400]  !!! ERROR: Unable to unseal TOTP secret !!!
[   26.475340] DEBUG: CONFIG_TPM: y
[   26.521538] DEBUG: CONFIG_TPM2_TOOLS:
[   26.578490] DEBUG: Show PCRs
[   26.730805] DEBUG: PCR-00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.751488] PCR-01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.778571] PCR-02: C0 A9 54 C8 45 5C 78 49 80 EC 1C DB D8 E8 9B CC 65 11 58 BF
[   26.808771] PCR-03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.830508] PCR-04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.849538] PCR-05: 2C 3A 40 05 70 DB 21 89 4F CD C2 F8 D6 AE 40 DA 56 E1 B6 74
[   26.878951] PCR-06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.895421] PCR-07: 7A 8A 4C E6 BA B0 AA 26 22 B1 26 A2 F6 36 BD F3 86 23 50 B6

TPM2:
[    5.305235] [U] hello world
[    5.591175] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[    5.615802] TRACE: Under init
[    5.657823] DEBUG: Applying panic_on_oom setting to sysctl
[    5.831457] TRACE: /bin/tpmr(349): tpm2_startsession
[    6.567984] TRACE: /bin/cbfs-init(5): main
[    6.695758] TRACE: /bin/cbfs-init(24): main
[    6.811665] TRACE: /bin/tpmr(832): main
[    6.870411] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx
[    6.907262] TRACE: /bin/tpmr(234): tpm2_extend
[    6.983504] TRACE: /bin/tpmr(247): tpm2_extend
[    7.037543] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/pubring.kbx
[    7.192665] TRACE: /bin/tpmr(265): tpm2_extend
[    7.246318] DEBUG: TPM: Extended PCR[7] with hash 96ab5053e4630a040d55549ba73cff2178d401d763147776771f9774597b86a1
[    7.355327] TRACE: /bin/tpmr(832): main
[    7.409042] DEBUG: TPM: Extending PCR[7] with /.gnupg/pubring.kbx
[    7.446920] TRACE: /bin/tpmr(234): tpm2_extend
[    7.485782] TRACE: /bin/tpmr(252): tpm2_extend
[    7.540496] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/pubring.kbx
[    7.759033] TRACE: /bin/tpmr(265): tpm2_extend
[    7.811693] DEBUG: TPM: Extended PCR[7] with hash f196f9cae98362568d31638e7522eee5042286b2c18627b06b30a0275207872e
[    7.903033] TRACE: /bin/cbfs-init(24): main
[    8.026099] TRACE: /bin/tpmr(832): main
[    8.077074] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg
[    8.108061] TRACE: /bin/tpmr(234): tpm2_extend
[    8.180580] TRACE: /bin/tpmr(247): tpm2_extend
[    8.234748] DEBUG: TPM: Will extend PCR[7] with hash of string /.gnupg/trustdb.gpg
[    8.412522] TRACE: /bin/tpmr(265): tpm2_extend
[    8.469868] DEBUG: TPM: Extended PCR[7] with hash 53b843fe9bb52894d3a7d00197c776d56f3059f6a285124c7916724cd5013b0b
[    8.596316] TRACE: /bin/tpmr(832): main
[    8.655651] DEBUG: TPM: Extending PCR[7] with /.gnupg/trustdb.gpg
[    8.690508] TRACE: /bin/tpmr(234): tpm2_extend
[    8.723206] TRACE: /bin/tpmr(252): tpm2_extend
[    8.782554] DEBUG: TPM: Will extend PCR[7] with hash of file content /.gnupg/trustdb.gpg
[    8.999969] TRACE: /bin/tpmr(265): tpm2_extend
[    9.066744] DEBUG: TPM: Extended PCR[7] with hash abf745ef9f960af5d8b19a1acd4bc0a19da056f607b06cce6b920eab83cbbdec
[    9.215143] TRACE: /bin/key-init(6): main
[   10.661503] TRACE: Under /etc/ash_functions:combine_configs
[   10.749050] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[   10.998267] TRACE: /bin/setconsolefont.sh(6): main
[   11.059640] DEBUG: Board does not ship setfont, not checking console font
[   11.303012] TRACE: /bin/gui-init(641): main
[   11.334099] TRACE: Under /etc/ash_functions:enable_usb
[   11.421487] TRACE: /sbin/insmod(9): main
[   11.578754] TRACE: /sbin/insmod(53): main
[   11.630500] DEBUG: No module parameters, extending only with the module's content
[   11.741780] TRACE: /bin/tpmr(832): main
[   11.789365] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-hcd.ko
[   11.823496] TRACE: /bin/tpmr(234): tpm2_extend
[   11.862739] TRACE: /bin/tpmr(252): tpm2_extend
[   11.920404] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-hcd.ko
[   12.123507] TRACE: /bin/tpmr(265): tpm2_extend
[   12.175292] DEBUG: TPM: Extended PCR[5] with hash 40c5206f06702e45d8e6632632255258af433be0641c96f514ea75ac14523a30
[   12.234130] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod
[   12.278479] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[   12.371875] TRACE: /sbin/insmod(9): main
[   12.523874] TRACE: /sbin/insmod(53): main
[   12.578418] DEBUG: No module parameters, extending only with the module's content
[   12.697785] TRACE: /bin/tpmr(832): main
[   12.753607] DEBUG: TPM: Extending PCR[5] with /lib/modules/uhci-hcd.ko
[   12.786940] TRACE: /bin/tpmr(234): tpm2_extend
[   12.819199] TRACE: /bin/tpmr(252): tpm2_extend
[   12.879805] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/uhci-hcd.ko
[   13.088925] TRACE: /bin/tpmr(265): tpm2_extend
[   13.158660] DEBUG: TPM: Extended PCR[5] with hash 1877332107fb8737a5636da26d4db2c10ffe4d1db2bcbde30b47774cdf05e02f
[   13.223888] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod
[   13.253700] uhci_hcd: USB Universal Host Controller Interface driver
[   13.269580] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[   13.278675] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[   13.287280] uhci_hcd 0000:00:1d.0: detected 2 ports
[   13.296481] uhci_hcd 0000:00:1d.0: irq 16, io base 0x0000ff00
[   13.314557] hub 1-0:1.0: USB hub found
[   13.332614] hub 1-0:1.0: 2 ports detected
[   13.352400] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[   13.361016] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[   13.368653] uhci_hcd 0000:00:1d.1: detected 2 ports
[   13.376700] uhci_hcd 0000:00:1d.1: irq 17, io base 0x0000fee0
[   13.395046] hub 2-0:1.0: USB hub found
[   13.403107] hub 2-0:1.0: 2 ports detected
[   13.418573] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[   13.426975] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[   13.434733] uhci_hcd 0000:00:1d.2: detected 2 ports
[   13.442497] uhci_hcd 0000:00:1d.2: irq 18, io base 0x0000fec0
[   13.460237] hub 3-0:1.0: USB hub found
[   13.467466] hub 3-0:1.0: 2 ports detected
[   13.579102] TRACE: /sbin/insmod(9): main
[   13.730892] TRACE: /sbin/insmod(53): main
[   13.781345] DEBUG: No module parameters, extending only with the module's content
[   13.891152] TRACE: /bin/tpmr(832): main
[   13.954015] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-hcd.ko
[   13.995207] TRACE: /bin/tpmr(234): tpm2_extend
[   14.031074] TRACE: /bin/tpmr(252): tpm2_extend
[   14.095694] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-hcd.ko
[   14.315253] TRACE: /bin/tpmr(265): tpm2_extend
[   14.369608] DEBUG: TPM: Extended PCR[5] with hash 8a12ce4abfc87f11a023d4f1c26c225f5cffae248f9dad1fd30e78022996df02
[   14.425800] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod
[   14.455207] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[   14.548050] TRACE: /sbin/insmod(9): main
[   14.693175] TRACE: /sbin/insmod(53): main
[   14.742761] DEBUG: No module parameters, extending only with the module's content
[   14.855233] TRACE: /bin/tpmr(832): main
[   14.908035] DEBUG: TPM: Extending PCR[5] with /lib/modules/ohci-pci.ko
[   14.940321] TRACE: /bin/tpmr(234): tpm2_extend
[   14.970307] TRACE: /bin/tpmr(252): tpm2_extend
[   15.018421] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ohci-pci.ko
[   15.226408] TRACE: /bin/tpmr(265): tpm2_extend
[   15.279951] DEBUG: TPM: Extended PCR[5] with hash 2065ee6544d78a5d31e67983166a9b8cf60dbe61bf0ee99c39e92816cc3a98db
[   15.335930] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod
[   15.360537] ohci-pci: OHCI PCI platform driver
[   15.446600] TRACE: /sbin/insmod(9): main
[   15.597149] TRACE: /sbin/insmod(53): main
[   15.649850] DEBUG: No module parameters, extending only with the module's content
[   15.753738] TRACE: /bin/tpmr(832): main
[   15.809086] DEBUG: TPM: Extending PCR[5] with /lib/modules/ehci-pci.ko
[   15.847559] TRACE: /bin/tpmr(234): tpm2_extend
[   15.878030] TRACE: /bin/tpmr(252): tpm2_extend
[   15.930320] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/ehci-pci.ko
[   16.131948] TRACE: /bin/tpmr(265): tpm2_extend
[   16.190395] DEBUG: TPM: Extended PCR[5] with hash 116145df2c495dfd58354025799fe5bb9b4d8e078960e8d0d7ceda746e4f2d06
[   16.247675] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod
[   16.275465] ehci-pci: EHCI PCI platform driver
[   16.296704] ehci-pci 0000:00:1d.7: EHCI Host Controller
[   16.306151] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4
[   16.316293] ehci-pci 0000:00:1d.7: irq 19, io mem 0xfcf80000
[   16.340527] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[   16.357688] hub 4-0:1.0: USB hub found
[   16.365707] hub 4-0:1.0: 6 ports detected
[   16.376687] hub 1-0:1.0: USB hub found
[   16.384573] hub 1-0:1.0: 2 ports detected
[   16.393986] hub 2-0:1.0: USB hub found
[   16.401424] hub 2-0:1.0: 2 ports detected
[   16.410387] hub 3-0:1.0: USB hub found
[   16.418087] hub 3-0:1.0: 2 ports detected
[   16.513839] TRACE: /sbin/insmod(9): main
[   16.670778] TRACE: /sbin/insmod(53): main
[   16.721953] DEBUG: No module parameters, extending only with the module's content
[   16.835964] TRACE: /bin/tpmr(832): main
[   16.888003] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-hcd.ko
[   16.919798] TRACE: /bin/tpmr(234): tpm2_extend
[   16.957470] TRACE: /bin/tpmr(252): tpm2_extend
[   17.013535] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-hcd.ko
[   17.225097] TRACE: /bin/tpmr(265): tpm2_extend
[   17.281099] DEBUG: TPM: Extended PCR[5] with hash 7f5a6bd0f7de6104e49374e1e5ce421e11795fcc4f53014ef9259d630d7876bc
[   17.337551] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod
[   17.448660] TRACE: /sbin/insmod(9): main
[   17.595458] TRACE: /sbin/insmod(53): main
[   17.653305] DEBUG: No module parameters, extending only with the module's content
[   17.763612] TRACE: /bin/tpmr(832): main
[   17.817350] DEBUG: TPM: Extending PCR[5] with /lib/modules/xhci-pci.ko
[   17.849196] TRACE: /bin/tpmr(234): tpm2_extend
[   17.879069] TRACE: /bin/tpmr(252): tpm2_extend
[   17.927859] DEBUG: TPM: Will extend PCR[5] with hash of file content /lib/modules/xhci-pci.ko
[   18.126778] TRACE: /bin/tpmr(265): tpm2_extend
[   18.188056] DEBUG: TPM: Extended PCR[5] with hash 5502fa8c101f7e509145b9826094f06dd0e225c2311a14edc9ae9c812518a250
[   18.247945] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod
[   18.286509] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   18.294553] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5
[   18.308276] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010
[   18.320288] hub 5-0:1.0: USB hub found
[   18.328425] hub 5-0:1.0: 4 ports detected
[   18.337635] xhci_hcd 0000:00:04.0: xHCI Host Controller
[   18.344430] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6
[   18.351769] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed
[   18.360900] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM.
[   18.371095] hub 6-0:1.0: USB hub found
[   18.378046] hub 6-0:1.0: 4 ports detected
[   18.673695] usb 5-1: new high-speed USB device number 2 using xhci_hcd
[   18.960744] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd
[   19.112485] usb 5-3: new full-speed USB device number 3 using xhci_hcd
[   20.433294] TRACE: /etc/functions(715): detect_boot_device
[   20.489580] TRACE: /etc/functions(682): mount_possible_boot_device
[   20.546126] TRACE: /etc/functions(642): is_gpt_bios_grub
[   20.653417] TRACE: /dev/vda1 is partition 1 of vda
[   20.777737] TRACE: /etc/functions(619): find_lvm_vg_name
[   20.946450] TRACE: Try mounting /dev/vda1 as /boot
[   20.997145] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[   21.053058] TRACE: /bin/gui-init(319): clean_boot_check
[   21.157752] TRACE: /bin/gui-init(348): check_gpg_key
[   21.260339] TRACE: /bin/gui-init(185): update_totp
[   21.376906] TRACE: /bin/unseal-totp(8): main
[   21.497372] TRACE: /bin/tpmr(569): tpm2_unseal
[   21.574501] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   22.212056] DEBUG: Running at_exit handlers
[   22.247818] TRACE: /bin/tpmr(374): cleanup_session
[   22.301292] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   22.423005]  !!! ERROR: Unable to unseal TOTP secret !!!
[   25.058227] TRACE: /bin/unseal-totp(8): main
[   25.205031] TRACE: /bin/tpmr(569): tpm2_unseal
[   25.284388] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   25.914243] DEBUG: Running at_exit handlers
[   25.947988] TRACE: /bin/tpmr(374): cleanup_session
[   26.001694] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   26.126464]  !!! ERROR: Unable to unseal TOTP secret !!!
[   28.766165] TRACE: /bin/unseal-totp(8): main
[   28.898452] TRACE: /bin/tpmr(569): tpm2_unseal
[   28.982708] DEBUG: tpm2_unseal: handle=0x81004d47 pcrl=0,1,2,3,4,7 file=/tmp/secret/totp.key pass=<empty>
[   29.609216] DEBUG: Running at_exit handlers
[   29.643372] TRACE: /bin/tpmr(374): cleanup_session
[   29.696741] DEBUG: Clean up session: /tmp/secret/unsealfile_policy.session
[   29.822748]  !!! ERROR: Unable to unseal TOTP secret !!!
[   31.890980] DEBUG: CONFIG_TPM: y
[   31.945147] DEBUG: CONFIG_TPM2_TOOLS: y
[   31.999643] DEBUG: Show PCRs
[   32.157607] DEBUG:   sha256:
[   32.190288] 0 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.221302] 1 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.251240] 2 : 0x9FC171D45D54BDD49D40E8438BCF15808427BA72B11EC2DF1ACE877CA0CF4F14
[   32.282127] 3 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.315382] 4 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.345767] 5 : 0xD76470232B7C3FD7D18D4DF3B77DACAFFDB876DBF3E84C996D74F7ECFA0FF60F
[   32.379099] 6 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.409630] 7 : 0x2E3147A8ADA1FEBEB2D32D7F50F25DC10F47D7CD48DF1D61A2D6BF958114A231
[   32.439780] 8 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.508514] 9 : 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.537395] 10: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.583510] 11: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.622661] 12: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.651831] 13: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.687298] 14: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.721766] 15: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.751345] 16: 0x0000000000000000000000000000000000000000000000000000000000000000
[   32.782919] 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.813071] 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.841994] 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.869358] 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.907215] 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.937346] 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[   32.967810] 23: 0x0000000000000000000000000000000000000000000000000000000000000000

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-06 17:15:53 -04:00

358 lines
12 KiB
Bash
Raw Blame History

#!/bin/sh
#
# Core shell functions that do not require bash. These functions are used with
# busybox ash on legacy-flash boards, and with bash on all other boards.
die() {
if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then
echo " !!! ERROR: $* !!!" | tee -a /tmp/debug.log /dev/kmsg > /dev/null;
else
echo >&2 "!!! ERROR: $* !!!";
fi
sleep 2;
exit 1;
}
warn() {
if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then
echo " *** WARNING: $* ***" | tee -a /tmp/debug.log /dev/kmsg > /dev/null;
else
echo >&2 " *** WARNING: $* ***";
fi
sleep 1;
}
DEBUG() {
if [ "$CONFIG_DEBUG_OUTPUT" = "y" ]; then
# fold -s -w 960 will wrap lines at 960 characters on the last space before the limit
echo "DEBUG: $*" | fold -s -w 960 | while read line; do
echo "$line" | tee -a /tmp/debug.log /dev/kmsg >/dev/null
done
fi
}
TRACE() {
if [ "$CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" = "y" ];then
echo "TRACE: $*" | tee -a /tmp/debug.log /dev/kmsg > /dev/null;
fi
}
# Write directly to the debug log (but not kmsg), never appears on console
LOG() {
echo "LOG: $*" >>/tmp/debug.log
}
fw_version() {
local FW_VER=$(dmesg | grep 'DMI' | grep -o 'BIOS.*' | cut -f2- -d ' ')
# chop off date, since will always be epoch w/timeless builds
echo "${FW_VER::-10}"
}
preserve_rom() {
TRACE "Under /etc/ash_functions:preserve_rom"
new_rom="$1"
old_files=`cbfs -t 50 -l 2>/dev/null | grep "^heads/"`
for old_file in `echo $old_files`; do
new_file=`cbfs.sh -o $1 -l | grep -x $old_file`
if [ -z "$new_file" ]; then
echo "+++ Adding $old_file to $1"
cbfs -t 50 -r $old_file >/tmp/rom.$$ \
|| die "Failed to read cbfs file from ROM"
cbfs.sh -o $1 -a $old_file -f /tmp/rom.$$ \
|| die "Failed to write cbfs file to new ROM file"
fi
done
}
confirm_gpg_card() {
TRACE "Under /etc/ash_functions:confirm_gpg_card"
#Skip prompts if we are currently using a known GPG key material Thumb drive backup and keys are unlocked pinentry
#TODO: probably export CONFIG_GPG_KEY_BACKUP_IN_USE but not under /etc/user.config?
#Toggle to come in next PR, but currently we don't have a way to toggle it back to n if config.user flashed back in rom
if [[ "$CONFIG_HAVE_GPG_KEY_BACKUP" == "y" && "$CONFIG_GPG_KEY_BACKUP_IN_USE" == "y" ]]; then
DEBUG "Using known GPG key material Thumb drive backup and keys are unlocked and useable through pinentry"
return
fi
if [ "$CONFIG_HAVE_GPG_KEY_BACKUP" == "y" ]; then
message="Please confirm that your GPG card is inserted(Y/n) or your GPG key material (b)backup thumbdrive is inserted [Y/n/b]: "
else
# Generic message if no known key material backup
message="Please confirm that your GPG card is inserted [Y/n]: "
fi
read \
-n 1 \
-p "$message" \
card_confirm
echo
if [ "$card_confirm" != "y" \
-a "$card_confirm" != "Y" \
-a "$card_confirm" != "b" \
-a -n "$card_confirm" ] \
; then
die "gpg card not confirmed"
fi
# If user has known GPG key material Thumb drive backup and asked to use it
if [[ "$CONFIG_HAVE_GPG_KEY_BACKUP" == "y" && "$card_confirm" == "b" ]]; then
#Only mount and import GPG key material thumb drive backup once
if [ ! "$CONFIG_GPG_KEY_BACKUP_IN_USE" == "y" ]; then
CR_NONCE="/tmp/secret/cr_nonce"
CR_SIG="$CR_NONCE.sig"
#Wipe any previous CR_NONCE and CR_SIG
shred -n 10 -z -u "$CR_NONCE" "$CR_SIG" >/dev/null 2>&1 || true
#Prompt user for configured GPG Admin PIN that will be passed along to mount-usb and to import gpg subkeys
echo
gpg_admin_pin=""
while [ -z "$gpg_admin_pin" ]; do
#TODO: change all passphrase prompts in codebase to include -r to prevent backslash escapes
read -r -s -p "Please enter GPG Admin PIN needed to use the GPG backup thumb drive: " gpg_admin_pin
echo
done
#prompt user to select the proper encrypted partition, which should the first one on next prompt
warn "Please select encrypted LUKS on GPG key material backup thumb drive (not public labeled one)"
mount-usb --pass "$gpg_admin_pin" || die "Unable to mount USB with provided GPG Admin PIN"
echo "++++ Testing detach-sign operation and verifiying against fused public key in ROM"
gpg --pinentry-mode=loopback --passphrase-file <(echo -n "${gpg_admin_pin}") --import /media/subkeys.sec >/dev/null 2>&1 ||
die "Unable to import GPG private subkeys"
#Do a detach signature to ensure gpg material is usable and cache passphrase to sign /boot from caller functions
dd if=/dev/urandom of="$CR_NONCE" bs=20 count=1 >/dev/null 2>&1 ||
die "Unable to create $CR_NONCE to be detach-signed with GPG private signing subkey"
gpg --pinentry-mode=loopback --passphrase-file <(echo -n "${gpg_admin_pin}") --detach-sign "$CR_NONCE" >/dev/null 2>&1 ||
die "Unable to detach-sign $CR_NONCE with GPG private signing subkey using GPG Admin PIN"
#verify detached signature against public key in rom
gpg --verify "$CR_SIG" "$CR_NONCE" > /dev/null 2>&1 && \
echo "++++ Local GPG keyring can be used to sign/encrypt/authenticate in this boot session ++++" || \
die "Unable to verify $CR_SIG detached signature against public key in ROM"
#Wipe any previous CR_NONCE and CR_SIG
shred -n 10 -z -u "$CR_NONCE" "$CR_SIG" >/dev/null 2>&1 || true
#TODO: maybe just an export instead of setting /etc/user.config otherwise could be flashed in weird corner case situation
set_user_config "CONFIG_GPG_KEY_BACKUP_IN_USE" "y"
umount /media || die "Unable to unmount USB"
return
fi
fi
# setup the USB so we can reach the USB Security Dongle's smartcard
enable_usb
echo -e "\nVerifying presence of GPG card...\n"
# ensure we don't exit without retrying
errexit=$(set -o | grep errexit | awk '{print $2}')
set +e
gpg --card-status >/dev/null
if [ $? -ne 0 ]; then
# prompt for reinsertion and try a second time
read -n1 -r -p \
"Can't access GPG key; remove and reinsert, then press Enter to retry. " \
ignored
# restore prev errexit state
if [ "$errexit" = "on" ]; then
set -e
fi
# retry card status
gpg --card-status >/dev/null ||
die "gpg card read failed"
fi
# restore prev errexit state
if [ "$errexit" = "on" ]; then
set -e
fi
}
gpg_auth() {
if [[ "$CONFIG_HAVE_GPG_KEY_BACKUP" == "y" ]]; then
TRACE "Under /etc/ash_functions:gpg_auth"
# If we have a GPG key backup, we can use it to authenticate even if the card is lost
echo >&2 "!!!!! Please authenticate with OpenPGP smartcard/backup media to prove you are the owner of this machine !!!!!"
# Wipe any existing nonce and signature
shred -n 10 -z -u "$CR_NONCE" "$CR_SIG" 2>/dev/null || true
# In case of gpg_auth, we require confirmation of the card, so loop with confirm_gpg_card until we get it
false
while [ $? -ne 0 ]; do
# Call confirm_gpg_card in subshell to ensure GPG key material presence
( confirm_gpg_card )
done
# Perform a signing-based challenge-response,
# to authencate that the card plugged in holding
# the key to sign the list of boot files.
CR_NONCE="/tmp/secret/cr_nonce"
CR_SIG="$CR_NONCE.sig"
# Generate a random nonce
dd \
if=/dev/urandom \
of="$CR_NONCE" \
count=1 \
bs=20 \
2>/dev/null \
|| die "Unable to generate 20 random bytes"
# Sign the nonce
for tries in 1 2 3; do
if gpg --digest-algo SHA256 \
--detach-sign \
-o "$CR_SIG" \
"$CR_NONCE" > /dev/null 2>&1 \
&& gpg --verify "$CR_SIG" "$CR_NONCE" > /dev/null 2>&1 \
; then
shred -n 10 -z -u "$CR_NONCE" "$CR_SIG" 2>/dev/null || true
DEBUG "Under /etc/ash_functions:gpg_auth: success"
return 0
else
shred -n 10 -z -u "$CR_SIG" 2>/dev/null || true
if [ "$tries" -lt 3 ]; then
echo >&2 "!!!!! GPG authentication failed, please try again !!!!!"
continue
else
die "GPG authentication failed, please reboot and try again"
fi
fi
done
return 1
fi
}
recovery() {
TRACE "Under /etc/ash_functions:recovery"
echo >&2 "!!!!! $*"
# Remove any temporary secret files that might be hanging around
# but recreate the directory so that new tools can use it.
#safe to always be true. Otherwise "set -e" would make it exit here
shred -n 10 -z -u /tmp/secret/* 2> /dev/null || true
rm -rf /tmp/secret
mkdir -p /tmp/secret
# ensure /tmp/config exists for recovery scripts that depend on it
touch /tmp/config
. /tmp/config
DEBUG "Board $CONFIG_BOARD - version $(fw_version)"
if [ "$CONFIG_TPM" = "y" ]; then
TRACE_FUNC
echo "TPM: Extending PCR[4] to prevent any further secret unsealing"
tpmr extend -ix 4 -ic recovery
fi
if [ "$CONFIG_RESTRICTED_BOOT" = y ]; then
echo >&2 "Restricted Boot enabled, recovery console disabled, rebooting in 5 seconds"
sleep 5
/bin/reboot
fi
while [ true ]
do
#Going to recovery shell should be authenticated if supported
gpg_auth
echo >&2 "!!!!! Starting recovery shell"
sleep 1
if [ -x /bin/setsid ]; then
/bin/setsid -c /bin/sh
else
/bin/sh
fi
done
}
pause_recovery() {
TRACE "Under /etc/ash_functions:pause_recovery"
read -p $'!!! Hit enter to proceed to recovery shell !!!\n'
recovery $*
}
combine_configs() {
TRACE "Under /etc/ash_functions:combine_configs"
cat /etc/config* > /tmp/config
}
replace_config() {
TRACE "Under /etc/functions:replace_config"
CONFIG_FILE=$1
CONFIG_OPTION=$2
NEW_SETTING=$3
touch $CONFIG_FILE
# first pull out the existing option from the global config and place in a tmp file
awk "gsub(\"^export ${CONFIG_OPTION}=.*\",\"export ${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config >${CONFIG_FILE}.tmp
awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config >>${CONFIG_FILE}.tmp
# then copy any remaining settings from the existing config file, minus the option you changed
grep -v "^export ${CONFIG_OPTION}=" ${CONFIG_FILE} | grep -v "^${CONFIG_OPTION}=" >>${CONFIG_FILE}.tmp || true
sort ${CONFIG_FILE}.tmp | uniq >${CONFIG_FILE}
rm -f ${CONFIG_FILE}.tmp
}
# Set a config variable in a specific file to a given value - replace it if it
# exists, or add it. If added, the variable will be exported.
set_config() {
CONFIG_FILE="$1"
CONFIG_OPTION="$2"
NEW_SETTING="$3"
if grep -q "$CONFIG_OPTION" "$CONFIG_FILE"; then
replace_config "$CONFIG_FILE" "$CONFIG_OPTION" "$NEW_SETTING"
else
echo "export $CONFIG_OPTION=\"$NEW_SETTING\"" >>"$CONFIG_FILE"
fi
}
# Set a value in config.user, re-combine configs, and update configs in the
# environment.
set_user_config() {
CONFIG_OPTION="$1"
NEW_SETTING="$2"
set_config /etc/config.user "$CONFIG_OPTION" "$NEW_SETTING"
combine_configs
. /tmp/config
}
# Load a config value to a variable, defaulting to empty. Does not fail if the
# config is not set (since it would expand to empty by default).
load_config_value() {
local config_name="$1"
if grep -q "$config_name=" /tmp/config; then
grep "$config_name=" /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'
fi
}
enable_usb()
{
TRACE "Under /etc/ash_functions:enable_usb"
#insmod ehci_hcd prior of uhdc_hcd and ohci_hcd to suppress dmesg warning
insmod /lib/modules/ehci-hcd.ko || die "ehci_hcd: module load failed"
if [ "$CONFIG_LINUX_USB_COMPANION_CONTROLLER" = y ]; then
insmod /lib/modules/uhci-hcd.ko || die "uhci_hcd: module load failed"
insmod /lib/modules/ohci-hcd.ko || die "ohci_hcd: module load failed"
insmod /lib/modules/ohci-pci.ko || die "ohci_pci: module load failed"
fi
insmod /lib/modules/ehci-pci.ko || die "ehci_pci: module load failed"
insmod /lib/modules/xhci-hcd.ko || die "xhci_hcd: module load failed"
insmod /lib/modules/xhci-pci.ko || die "xhci_pci: module load failed"
sleep 2
# For resiliency, test CONFIG_USB_KEYBOARD_REQUIRED explicitly rather
# than having it imply CONFIG_USER_USB_KEYBOARD at build time.
# Otherwise, if a user got CONFIG_USER_USB_KEYBOARD=n in their
# config.user by mistake (say, by copying config.user from a laptop to a
# desktop/server), they could lock themselves out, only recoverable by
# hardware flash.
if [ "$CONFIG_USB_KEYBOARD_REQUIRED" = y ] || [ "$CONFIG_USER_USB_KEYBOARD" = y ]; then
insmod /lib/modules/usbhid.ko || die "usbhid: module load failed"
fi
}
Reference in New Issue View Git Blame Copy Permalink